From a09e78873e1d50cd967956f576aa3fcc01e3ffa8 Mon Sep 17 00:00:00 2001 From: Hynek Mlnarik Date: Tue, 29 Nov 2016 15:19:37 +0100 Subject: [PATCH] KEYCLOAK-3971 Tests for Unicode (ext Latin) usernames in SAML --- .../adapter/servlet/SendUsernameServlet.java | 8 +-- .../AbstractSAMLServletsAdapterTest.java | 53 ++++++++++++++++++- 2 files changed, 55 insertions(+), 6 deletions(-) diff --git a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java index aa29d0c075..f79d276ca5 100755 --- a/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java +++ b/testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/SendUsernameServlet.java @@ -64,7 +64,7 @@ public class SendUsernameServlet { return Response.status(Response.Status.FORBIDDEN).entity("Forbidden").build(); } - return Response.ok(getOutput(), MediaType.TEXT_PLAIN).build(); + return Response.ok(getOutput(), MediaType.TEXT_PLAIN_TYPE.withCharset("UTF-8")).build(); } @POST @@ -76,7 +76,7 @@ public class SendUsernameServlet { throw new RuntimeException("User: " + httpServletRequest.getUserPrincipal() + " do not have required role"); } - return Response.ok(getOutput(), MediaType.TEXT_HTML_TYPE).build(); + return Response.ok(getOutput(), MediaType.TEXT_HTML_TYPE.withCharset("UTF-8")).build(); } @GET @@ -84,7 +84,7 @@ public class SendUsernameServlet { public Response getSentPrincipal() throws IOException { System.out.println("In SendUsername Servlet getSentPrincipal()"); - return Response.ok(getAttributes(), MediaType.TEXT_HTML_TYPE).build(); + return Response.ok(getAttributes(), MediaType.TEXT_HTML_TYPE.withCharset("UTF-8")).build(); } @GET @@ -108,7 +108,7 @@ public class SendUsernameServlet { Integer statusCode = (Integer) httpServletRequest.getAttribute("javax.servlet.error.status_code"); System.out.println("In SendUsername Servlet errorPage() status code: " + statusCode); - return Response.ok(getErrorOutput(statusCode), MediaType.TEXT_HTML_TYPE).build(); + return Response.ok(getErrorOutput(statusCode), MediaType.TEXT_HTML_TYPE.withCharset("UTF-8")).build(); } @GET diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java index 6dd3ee36aa..d6d52f2835 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.java @@ -24,6 +24,7 @@ import org.junit.Assert; import org.junit.Test; import org.keycloak.admin.client.resource.ClientResource; import org.keycloak.admin.client.resource.ProtocolMappersResource; +import org.keycloak.admin.client.resource.RoleScopeResource; import org.keycloak.common.util.KeyUtils; import org.keycloak.common.util.PemUtils; import org.keycloak.keys.Attributes; @@ -35,6 +36,7 @@ import org.keycloak.protocol.saml.mappers.RoleListMapper; import org.keycloak.representations.idm.ClientRepresentation; import org.keycloak.representations.idm.ProtocolMapperRepresentation; import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.RoleRepresentation; import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.saml.BaseSAML2BindingBuilder; import org.keycloak.saml.SAML2ErrorResponseBuilder; @@ -68,6 +70,7 @@ import org.keycloak.testsuite.auth.page.login.Login; import org.keycloak.testsuite.auth.page.login.SAMLIDPInitiatedLogin; import org.keycloak.testsuite.page.AbstractPage; import org.keycloak.testsuite.util.IOUtil; +import org.keycloak.testsuite.util.UserBuilder; import org.openqa.selenium.By; import org.w3c.dom.Document; import org.xml.sax.SAXException; @@ -94,9 +97,13 @@ import java.security.PublicKey; import java.util.LinkedHashMap; import java.util.List; import java.util.Map; +import java.util.stream.Collectors; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.*; +import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD; +import static org.keycloak.testsuite.AbstractAuthTest.createUserRepresentation; +import static org.keycloak.testsuite.admin.ApiUtil.createUserAndResetPasswordWithAdminClient; import static org.keycloak.testsuite.auth.page.AuthRealm.SAMLSERVLETDEMO; import static org.keycloak.testsuite.util.IOUtil.loadRealm; import static org.keycloak.testsuite.util.IOUtil.loadXML; @@ -566,6 +573,48 @@ public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAd testSuccessfulAndUnauthorizedLogin(salesPostSigServletPage, testRealmSAMLPostLoginPage); } + @Test + // https://issues.jboss.org/browse/KEYCLOAK-3971 + public void salesPostSigTestUnicodeCharacters() { + final String username = "ěščřžýáíRoàåéèíñòøöùüßÅÄÖÜ"; + UserRepresentation user = UserBuilder + .edit(createUserRepresentation(username, "xyz@redhat.com", "ěščřžýáí", "RoàåéèíñòøöùüßÅÄÖÜ", true)) + .addPassword(PASSWORD) + .build(); + String userId = createUserAndResetPasswordWithAdminClient(testRealmResource(), user, PASSWORD); + final RoleScopeResource realmRoleRes = testRealmResource().users().get(userId).roles().realmLevel(); + List availableRoles = realmRoleRes.listAvailable(); + realmRoleRes.add(availableRoles.stream().filter(r -> r.getName().equalsIgnoreCase("manager")).collect(Collectors.toList())); + + UserRepresentation storedUser = testRealmResource().users().get(userId).toRepresentation(); + + assertThat(storedUser, notNullValue()); + assertThat("Database seems to be unable to store Unicode for username. Refer to KEYCLOAK-3439 and related issues.", storedUser.getUsername(), equalToIgnoringCase(username)); + + assertSuccessfulLogin(salesPostSigServletPage, user, testRealmSAMLPostLoginPage, "principal=" + storedUser.getUsername()); + } + + @Test + // https://issues.jboss.org/browse/KEYCLOAK-3971 + public void employeeSigTestUnicodeCharacters() { + final String username = "ěščřžýáíRoàåéèíñòøöùüßÅÄÖÜ"; + UserRepresentation user = UserBuilder + .edit(createUserRepresentation(username, "xyz@redhat.com", "ěščřžýáí", "RoàåéèíñòøöùüßÅÄÖÜ", true)) + .addPassword(PASSWORD) + .build(); + String userId = createUserAndResetPasswordWithAdminClient(testRealmResource(), user, PASSWORD); + final RoleScopeResource realmRoleRes = testRealmResource().users().get(userId).roles().realmLevel(); + List availableRoles = realmRoleRes.listAvailable(); + realmRoleRes.add(availableRoles.stream().filter(r -> r.getName().equalsIgnoreCase("manager")).collect(Collectors.toList())); + + UserRepresentation storedUser = testRealmResource().users().get(userId).toRepresentation(); + + assertThat(storedUser, notNullValue()); + assertThat("Database seems to be unable to store Unicode for username. Refer to KEYCLOAK-3439 and related issues.", storedUser.getUsername(), equalToIgnoringCase(username)); + + assertSuccessfulLogin(employeeSigServletPage, user, testRealmSAMLRedirectLoginPage, "principal=" + storedUser.getUsername()); + } + @Test public void salesPostSigEmailTest() { testSuccessfulAndUnauthorizedLogin(salesPostSigEmailServletPage, testRealmSAMLPostLoginPage, "principal=bburke@redhat.com");