libre.sh/keycloak-scim
2
0
Fork 0
Code Issues 14 Pull requests Releases Packages Activity Actions 6

11198 added event information to consent granting and revocation via REST API (#11199)

Browse source
This commit is contained in:
Sebastian Schuster 2022-06-07 11:29:20 +02:00 committed by GitHub
parent e49e8335e0
commit a0c402b93a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 161 additions and 128 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
server-spi-private/src/main/java/org/keycloak/events/Details.java
View file

@ -55,6 +55,7 @@ public interface Details {
String UPDATED_REFRESH_TOKEN_ID = "updated_refresh_token_id";
String NODE_HOST = "node_host";
String REASON = "reason";
String GRANTED_CLIENT = "granted_client";
String REVOKED_CLIENT = "revoked_client";
String AUDIENCE = "audience";
String PERMISSION = "permission";

16
services/src/main/java/org/keycloak/services/resources/account/AccountRestService.java
View file

@ -123,6 +123,7 @@ public class AccountRestService {
this.event = event;
this.locale = session.getContext().resolveLocale(user);
this.version = version;
event.client(auth.getClient()).user(auth.getUser());
}
public void init() {
@ -201,7 +202,7 @@ public class AccountRestService {
public Response updateAccount(UserRepresentation rep) {
auth.require(AccountRoles.MANAGE_ACCOUNT);
event.event(EventType.UPDATE_PROFILE).client(auth.getClient()).user(auth.getUser()).detail(Details.CONTEXT, UserProfileContext.ACCOUNT.name());
event.event(EventType.UPDATE_PROFILE).detail(Details.CONTEXT, UserProfileContext.ACCOUNT.name());
UserProfileProvider profileProvider = session.getProvider(UserProfileProvider.class);
UserProfile profile = profileProvider.create(UserProfileContext.ACCOUNT, rep.toAttributes(), auth.getUser());
@ -350,14 +351,13 @@ public class AccountRestService {
event.event(EventType.REVOKE_GRANT);
ClientModel client = realm.getClientByClientId(clientId);
if (client == null) {
event.event(EventType.REVOKE_GRANT_ERROR);
String msg = String.format("No client with clientId: %s found.", clientId);
event.error(msg);
return ErrorResponse.error(msg, Response.Status.NOT_FOUND);
}
UserConsentManager.revokeConsentToClient(session, client, user);
event.success();
event.detail(Details.REVOKED_CLIENT, client.getClientId()).success();
return Response.noContent().build();
}
@ -375,6 +375,7 @@ public class AccountRestService {
@Produces(MediaType.APPLICATION_JSON)
public Response grantConsent(final @PathParam("clientId") String clientId,
final ConsentRepresentation consent) {
event.event(EventType.GRANT_CONSENT);
return upsert(clientId, consent);
}
@ -391,6 +392,7 @@ public class AccountRestService {
@Produces(MediaType.APPLICATION_JSON)
public Response updateConsent(final @PathParam("clientId") String clientId,
final ConsentRepresentation consent) {
event.event(EventType.UPDATE_CONSENT);
return upsert(clientId, consent);
}
@ -406,10 +408,8 @@ public class AccountRestService {
checkAccountApiEnabled();
auth.requireOneOf(AccountRoles.MANAGE_ACCOUNT, AccountRoles.MANAGE_CONSENT);
event.event(EventType.GRANT_CONSENT);
ClientModel client = realm.getClientByClientId(clientId);
if (client == null) {
event.event(EventType.GRANT_CONSENT_ERROR);
String msg = String.format("No client with clientId: %s found.", clientId);
event.error(msg);
return ErrorResponse.error(msg, Response.Status.NOT_FOUND);
@ -419,10 +419,14 @@ public class AccountRestService {
UserConsentModel grantedConsent = createConsent(client, consent);
if (session.users().getConsentByClient(realm, user.getId(), client.getId()) == null) {
session.users().addConsent(realm, user.getId(), grantedConsent);
event.event(EventType.GRANT_CONSENT);
} else {
session.users().updateConsent(realm, user.getId(), grantedConsent);
event.event(EventType.UPDATE_CONSENT);
}
event.success();
event.detail(Details.GRANTED_CLIENT,client.getClientId());
String scopeString = grantedConsent.getGrantedClientScopes().stream().map(cs->cs.getName()).collect(Collectors.joining(" "));
event.detail(Details.SCOPE, scopeString).success();
grantedConsent = session.users().getConsentByClient(realm, user.getId(), client.getId());
return Response.ok(modelToRepresentation(grantedConsent)).build();
} catch (IllegalArgumentException e) {

2
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractRestServiceTest.java
View file

@ -86,7 +86,7 @@ public abstract class AbstractRestServiceTest extends AbstractTestRealmKeycloakT
testRealm.getUsers().add(UserBuilder.create().username("view-account-access").role("account", "view-profile").password("password").build());
testRealm.getUsers().add(UserBuilder.create().username("view-applications-access").addRoles("user", "offline_access").role("account", "view-applications").role("account", "manage-consent").password("password").build());
testRealm.getUsers().add(UserBuilder.create().username("view-consent-access").role("account", "view-consent").password("password").build());
testRealm.getUsers().add(UserBuilder.create().username("manage-consent-access").role("account", "manage-consent").password("password").build());
testRealm.getUsers().add(UserBuilder.create().username("manage-consent-access").role("account", "manage-consent").role("account", "view-profile").password("password").build());
org.keycloak.representations.idm.ClientRepresentation inUseApp = ClientBuilder.create().clientId("in-use-client")
.id(KeycloakModelUtils.generateId())

270
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountRestServiceTest.java
View file

@ -1004,91 +1004,114 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
assertEquals(404, response.getStatus());
}
private ConsentRepresentation createRequestedConsent(List<ClientScopeRepresentation> scopes) {
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(scopes.stream().map((scope)-> {
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(scope.getId());
return consentScopeRepresentation;
}).collect(Collectors.toList()));
return requestedConsent;
}
@Test
public void createConsentForClient() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,2);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation.getCreatedDate() > 0);
assertTrue(consentRepresentation.getLastUpdatedDate() > 0);
assertEquals(1, consentRepresentation.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation.getGrantedScopes().get(0).getId());
assertEquals(2, consentRepresentation.getGrantedScopes().size());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(1).getId(), consentRepresentation.getGrantedScopes().get(1).getId());
events.poll();
String expectedScopeDetails = requestedScopes.stream().map(cs->cs.getName()).collect(Collectors.joining(" "));
events.expectAccount(EventType.GRANT_CONSENT)
.user(getUser().getId())
.detail(Details.GRANTED_CLIENT,appId)
.detail(Details.SCOPE,expectedScopeDetails)
.assertEvent();
events.assertEmpty();
//cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(tokenUtil.getToken())
.asResponse();
}
@Test
public void updateConsentForClient() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation.getCreatedDate() > 0);
assertTrue(consentRepresentation.getLastUpdatedDate() > 0);
assertEquals(1, consentRepresentation.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation.getGrantedScopes().get(0).getId());
clientScopeRepresentation = testRealm().clientScopes().findAll().get(1);
consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
requestedScopes = testRealm().clientScopes().findAll().subList(1,2);
requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation2 = SimpleHttp
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation2.getCreatedDate() > 0);
assertEquals(consentRepresentation.getCreatedDate(), consentRepresentation2.getCreatedDate());
assertTrue(consentRepresentation2.getLastUpdatedDate() > 0);
assertTrue(consentRepresentation2.getLastUpdatedDate() > consentRepresentation.getLastUpdatedDate());
assertEquals(1, consentRepresentation2.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation2.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation2.getGrantedScopes().get(0).getId());
events.poll();
events.poll();
events.expectAccount(EventType.UPDATE_CONSENT)
.user(getUser().getId())
.detail(Details.GRANTED_CLIENT,appId)
.detail(Details.SCOPE,requestedScopes.get(0).getName())
.assertEvent();
events.assertEmpty();
//Cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(tokenUtil.getToken())
.asResponse();
}
@Test
public void createConsentForNotExistingClient() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "not-existing";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(404, response.getStatus());
@ -1096,21 +1119,17 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForClientWithoutPermission() throws IOException {
TokenUtil token = new TokenUtil("view-consent-access", "password");
tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(403, response.getStatus());
@ -1118,89 +1137,102 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForClientWithPut() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation.getCreatedDate() > 0);
assertTrue(consentRepresentation.getLastUpdatedDate() > 0);
assertEquals(1, consentRepresentation.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation.getGrantedScopes().get(0).getId());
events.poll();
events.expectAccount(EventType.GRANT_CONSENT)
.user(getUser().getId())
.detail(Details.GRANTED_CLIENT,appId)
.detail(Details.SCOPE,requestedScopes.get(0).getName())
.assertEvent();
events.assertEmpty();
//Cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(tokenUtil.getToken())
.asResponse();
}
@Test
public void updateConsentForClientWithPut() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation.getCreatedDate() > 0);
assertTrue(consentRepresentation.getLastUpdatedDate() > 0);
assertEquals(1, consentRepresentation.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation.getGrantedScopes().get(0).getId());
clientScopeRepresentation = testRealm().clientScopes().findAll().get(1);
consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
requestedScopes = testRealm().clientScopes().findAll().subList(1,2);
requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation2 = SimpleHttp
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation2.getCreatedDate() > 0);
assertEquals(consentRepresentation.getCreatedDate(), consentRepresentation2.getCreatedDate());
assertTrue(consentRepresentation2.getLastUpdatedDate() > 0);
assertTrue(consentRepresentation2.getLastUpdatedDate() > consentRepresentation.getLastUpdatedDate());
assertEquals(1, consentRepresentation2.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation2.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation2.getGrantedScopes().get(0).getId());
events.poll();
events.poll();
events.expectAccount(EventType.UPDATE_CONSENT)
.user(getUser().getId())
.detail(Details.GRANTED_CLIENT,appId)
.detail(Details.SCOPE,requestedScopes.get(0).getName())
.assertEvent();
events.assertEmpty();
//Cleanup
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(tokenUtil.getToken())
.asResponse();
}
@Test
public void createConsentForNotExistingClientWithPut() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "not-existing";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(404, response.getStatus());
@ -1208,21 +1240,17 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void createConsentForClientWithoutPermissionWithPut() throws IOException {
TokenUtil token = new TokenUtil("view-consent-access", "password");
tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
SimpleHttp.Response response = SimpleHttp
.doPut(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(403, response.getStatus());
@ -1230,31 +1258,27 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getConsentForClient() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation1 = SimpleHttp
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation1.getCreatedDate() > 0);
assertTrue(consentRepresentation1.getLastUpdatedDate() > 0);
assertEquals(1, consentRepresentation1.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation1.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation1.getGrantedScopes().get(0).getId());
ConsentRepresentation consentRepresentation2 = SimpleHttp
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertEquals(consentRepresentation1.getLastUpdatedDate(), consentRepresentation2.getLastUpdatedDate());
assertEquals(consentRepresentation1.getCreatedDate(), consentRepresentation2.getCreatedDate());
@ -1263,98 +1287,102 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
@Test
public void getConsentForNotExistingClient() throws IOException {
TokenUtil token = new TokenUtil("view-consent-access", "password");
tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(404, response.getStatus());
}
@Test
public void getNotExistingConsentForClient() throws IOException {
TokenUtil token = new TokenUtil("view-consent-access", "password");
tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(204, response.getStatus());
}
@Test
public void getConsentWithoutPermission() throws IOException {
TokenUtil token = new TokenUtil("no-account-access", "password");
tokenUtil = new TokenUtil("no-account-access", "password");
String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp
.doGet(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(403, response.getStatus());
}
@Test
public void deleteConsentForClient() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
List<ClientScopeRepresentation> requestedScopes = testRealm().clientScopes().findAll().subList(0,1);
ConsentRepresentation requestedConsent = createRequestedConsent(requestedScopes);
ConsentRepresentation consentRepresentation = SimpleHttp
.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.json(requestedConsent)
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation.getCreatedDate() > 0);
assertTrue(consentRepresentation.getLastUpdatedDate() > 0);
assertEquals(1, consentRepresentation.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation.getGrantedScopes().get(0).getId());
assertEquals(requestedScopes.get(0).getId(), consentRepresentation.getGrantedScopes().get(0).getId());
SimpleHttp.Response response = SimpleHttp
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(204, response.getStatus());
events.poll();
events.poll();
events.expectAccount(EventType.REVOKE_GRANT)
.user(getUser().getId())
.detail(Details.REVOKED_CLIENT,appId)
.assertEvent();
events.assertEmpty();
response = SimpleHttp
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(204, response.getStatus());
}
@Test
public void deleteConsentForNotExistingClient() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
tokenUtil = new TokenUtil("manage-consent-access", "password");
String appId = "not-existing";
SimpleHttp.Response response = SimpleHttp
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(404, response.getStatus());
}
@Test
public void deleteConsentWithoutPermission() throws IOException {
TokenUtil token = new TokenUtil("view-consent-access", "password");
tokenUtil = new TokenUtil("view-consent-access", "password");
String appId = "security-admin-console";
SimpleHttp.Response response = SimpleHttp
.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(403, response.getStatus());
}
@ -1367,19 +1395,19 @@ public class AccountRestServiceTest extends AbstractRestServiceTest {
OAuthClient.AccessTokenResponse offlineTokenResponse = oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password");
assertNull(offlineTokenResponse.getErrorDescription());
TokenUtil token = new TokenUtil("view-applications-access", "password");
tokenUtil = new TokenUtil("view-applications-access", "password");
SimpleHttp.Response response = SimpleHttp
.doDelete(getAccountUrl("applications/offline-client/consent"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asResponse();
assertEquals(204, response.getStatus());
List<ClientRepresentation> applications = SimpleHttp
.doGet(getAccountUrl("applications"), httpClient)
.header("Accept", "application/json")
.auth(token.getToken())
.auth(tokenUtil.getToken())
.asJson(new TypeReference<List<ClientRepresentation>>() {
});
assertFalse(applications.isEmpty());