Merge pull request #2765 from stianst/master
KEYCLOAK-2932 KEYCLOAK-2934
This commit is contained in:
Stian Thorgersen
commit
a206a6d16d
4 changed files with 44 additions and 48 deletions
|
|
@ -337,7 +337,7 @@ public class LoginTest extends TestRealmKeycloakTest {
|
||||||
try {
|
try {
|
||||||
// Setting offset to more than one day to force password update
|
// Setting offset to more than one day to force password update
|
||||||
// elapsedTime > timeToExpire
|
// elapsedTime > timeToExpire
|
||||||
Time.setOffset(86405);
|
setTimeOffset(86405);
|
||||||
|
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
|
|
||||||
|
|
@ -347,6 +347,8 @@ public class LoginTest extends TestRealmKeycloakTest {
|
||||||
|
|
||||||
updatePasswordPage.changePassword("updatedPassword", "updatedPassword");
|
updatePasswordPage.changePassword("updatedPassword", "updatedPassword");
|
||||||
|
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).detail(Details.USERNAME, "login-test").assertEvent();
|
events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).detail(Details.USERNAME, "login-test").assertEvent();
|
||||||
|
|
||||||
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
|
|
@ -359,8 +361,6 @@ public class LoginTest extends TestRealmKeycloakTest {
|
||||||
UserBuilder userBuilder = UserBuilder.edit(userRsc.toRepresentation())
|
UserBuilder userBuilder = UserBuilder.edit(userRsc.toRepresentation())
|
||||||
.password("password");
|
.password("password");
|
||||||
userRsc.update(userBuilder.build());
|
userRsc.update(userBuilder.build());
|
||||||
|
|
||||||
Time.setOffset(0);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -371,7 +371,7 @@ public class LoginTest extends TestRealmKeycloakTest {
|
||||||
try {
|
try {
|
||||||
// Setting offset to less than one day to avoid forced password update
|
// Setting offset to less than one day to avoid forced password update
|
||||||
// elapsedTime < timeToExpire
|
// elapsedTime < timeToExpire
|
||||||
Time.setOffset(86205);
|
setTimeOffset(86205);
|
||||||
|
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
|
|
||||||
|
|
@ -380,42 +380,38 @@ public class LoginTest extends TestRealmKeycloakTest {
|
||||||
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
|
||||||
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
|
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
|
||||||
|
|
||||||
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
|
setTimeOffset(0);
|
||||||
|
|
||||||
|
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
|
||||||
} finally {
|
} finally {
|
||||||
setPasswordPolicy(null);
|
setPasswordPolicy(null);
|
||||||
Time.setOffset(0);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void loginNoTimeoutWithLongWait() {
|
public void loginNoTimeoutWithLongWait() {
|
||||||
try {
|
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
|
|
||||||
Time.setOffset(1700);
|
setTimeOffset(1700);
|
||||||
|
|
||||||
loginPage.login("login-test", "password");
|
loginPage.login("login-test", "password");
|
||||||
|
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent().getSessionId();
|
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent().getSessionId();
|
||||||
} finally {
|
|
||||||
Time.setOffset(0);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void loginTimeout() {
|
public void loginTimeout() {
|
||||||
try {
|
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
|
|
||||||
Time.setOffset(1850);
|
setTimeOffset(1850);
|
||||||
|
|
||||||
loginPage.login("login-test", "password");
|
loginPage.login("login-test", "password");
|
||||||
|
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
events.expectLogin().clearDetails().detail(Details.CODE_ID, AssertEvents.isCodeId()).user((String) null).session((String) null).error("expired_code").assertEvent().getSessionId();
|
events.expectLogin().clearDetails().detail(Details.CODE_ID, AssertEvents.isCodeId()).user((String) null).session((String) null).error("expired_code").assertEvent().getSessionId();
|
||||||
} finally {
|
|
||||||
Time.setOffset(0);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
@ -485,9 +481,8 @@ public class LoginTest extends TestRealmKeycloakTest {
|
||||||
// KEYCLOAK-1037
|
// KEYCLOAK-1037
|
||||||
@Test
|
@Test
|
||||||
public void loginExpiredCode() {
|
public void loginExpiredCode() {
|
||||||
try {
|
|
||||||
loginPage.open();
|
loginPage.open();
|
||||||
Time.setOffset(5000);
|
setTimeOffset(5000);
|
||||||
testingClient.testing().removeExpired("test");
|
testingClient.testing().removeExpired("test");
|
||||||
|
|
||||||
loginPage.login("login@test.com", "password");
|
loginPage.login("login@test.com", "password");
|
||||||
|
|
@ -496,15 +491,12 @@ public class LoginTest extends TestRealmKeycloakTest {
|
||||||
loginPage.assertCurrent();
|
loginPage.assertCurrent();
|
||||||
|
|
||||||
//Assert.assertEquals("Login timeout. Please login again.", loginPage.getError());
|
//Assert.assertEquals("Login timeout. Please login again.", loginPage.getError());
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails()
|
events.expectLogin().user((String) null).session((String) null).error("expired_code").clearDetails()
|
||||||
.detail(Details.RESTART_AFTER_TIMEOUT, "true")
|
.detail(Details.RESTART_AFTER_TIMEOUT, "true")
|
||||||
.client((String) null)
|
.client((String) null)
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
|
|
||||||
} finally {
|
|
||||||
Time.setOffset(0);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -280,11 +280,13 @@ public class AccessTokenTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
|
||||||
|
|
||||||
Time.setOffset(2);
|
setTimeOffset(2);
|
||||||
|
|
||||||
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
|
||||||
Assert.assertEquals(400, response.getStatusCode());
|
Assert.assertEquals(400, response.getStatusCode());
|
||||||
|
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, null);
|
AssertEvents.ExpectedEvent expectedEvent = events.expectCodeToToken(codeId, null);
|
||||||
expectedEvent.error("invalid_code")
|
expectedEvent.error("invalid_code")
|
||||||
.removeDetail(Details.TOKEN_ID)
|
.removeDetail(Details.TOKEN_ID)
|
||||||
|
|
@ -296,8 +298,6 @@ public class AccessTokenTest extends AbstractKeycloakTest {
|
||||||
events.clear();
|
events.clear();
|
||||||
|
|
||||||
RealmManager.realm(adminClient.realm("test")).accessCodeLifeSpan(60);
|
RealmManager.realm(adminClient.realm("test")).accessCodeLifeSpan(60);
|
||||||
|
|
||||||
Time.setOffset(0);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
||||||
|
|
@ -365,9 +365,9 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAssertionExpired() throws Exception {
|
public void testAssertionExpired() throws Exception {
|
||||||
Time.setOffset(-1000);
|
|
||||||
String invalidJwt = getClient1SignedJWT();
|
String invalidJwt = getClient1SignedJWT();
|
||||||
Time.setOffset(0);
|
|
||||||
|
setTimeOffset(1000);
|
||||||
|
|
||||||
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
||||||
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
|
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
|
||||||
|
|
@ -377,14 +377,16 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
|
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
|
||||||
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
|
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
|
||||||
|
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
assertError(response, "client1", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
|
assertError(response, "client1", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testAssertionInvalidNotBefore() throws Exception {
|
public void testAssertionInvalidNotBefore() throws Exception {
|
||||||
Time.setOffset(1000);
|
|
||||||
String invalidJwt = getClient1SignedJWT();
|
String invalidJwt = getClient1SignedJWT();
|
||||||
Time.setOffset(0);
|
|
||||||
|
setTimeOffset(-1000);
|
||||||
|
|
||||||
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
List<NameValuePair> parameters = new LinkedList<NameValuePair>();
|
||||||
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
|
parameters.add(new BasicNameValuePair(OAuth2Constants.GRANT_TYPE, OAuth2Constants.CLIENT_CREDENTIALS));
|
||||||
|
|
@ -394,6 +396,8 @@ public class ClientAuthSignedJWTTest extends AbstractKeycloakTest {
|
||||||
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
|
HttpResponse resp = sendRequest(oauth.getServiceAccountUrl(), parameters);
|
||||||
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
|
OAuthClient.AccessTokenResponse response = new OAuthClient.AccessTokenResponse(resp);
|
||||||
|
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
assertError(response, "client1", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
|
assertError(response, "client1", "unauthorized_client", Errors.INVALID_CLIENT_CREDENTIALS);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -355,7 +355,7 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
|
||||||
new PasswordPolicy("forceExpiredPasswordChange(1)").toString());
|
new PasswordPolicy("forceExpiredPasswordChange(1)").toString());
|
||||||
|
|
||||||
try {
|
try {
|
||||||
Time.setOffset(60 * 60 * 48);
|
setTimeOffset(60 * 60 * 48);
|
||||||
|
|
||||||
oauth.clientId("resource-owner");
|
oauth.clientId("resource-owner");
|
||||||
|
|
||||||
|
|
@ -366,6 +366,8 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
|
||||||
assertEquals("invalid_grant", response.getError());
|
assertEquals("invalid_grant", response.getError());
|
||||||
assertEquals("Account is not fully set up", response.getErrorDescription());
|
assertEquals("Account is not fully set up", response.getErrorDescription());
|
||||||
|
|
||||||
|
setTimeOffset(0);
|
||||||
|
|
||||||
events.expectLogin()
|
events.expectLogin()
|
||||||
.client("resource-owner")
|
.client("resource-owner")
|
||||||
.session((String) null)
|
.session((String) null)
|
||||||
|
|
@ -374,8 +376,6 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
|
||||||
.user((String) null)
|
.user((String) null)
|
||||||
.assertEvent();
|
.assertEvent();
|
||||||
} finally {
|
} finally {
|
||||||
Time.setOffset(0);
|
|
||||||
|
|
||||||
RealmManager.realm(realmResource).passwordPolicy(new PasswordPolicy("").toString());
|
RealmManager.realm(realmResource).passwordPolicy(new PasswordPolicy("").toString());
|
||||||
UserManager.realm(realmResource).username("test-user@localhost")
|
UserManager.realm(realmResource).username("test-user@localhost")
|
||||||
.removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
|
.removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD.toString());
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue