From 8f1938c28d56db1ea04d4a2bceef1e56ede1c9a8 Mon Sep 17 00:00:00 2001
From: vramik <vramik@redhat.com>
Date: Mon, 29 May 2017 14:38:32 +0200
Subject: [PATCH] KEYCLOAK-4481 Role based permission test

---
 .../rest/resource/TestCacheResource.java      |   7 +
 .../resources/TestingCacheResource.java       |   5 +
 .../ExportAuthorizationSettingsTest.java      | 187 ++++++++++++++++++
 3 files changed, 199 insertions(+)
 create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ExportAuthorizationSettingsTest.java

diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java
index be531aa28d..b6f0b81b45 100644
--- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java
+++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestCacheResource.java
@@ -20,6 +20,7 @@ package org.keycloak.testsuite.rest.resource;
 import java.util.Set;
 import java.util.stream.Collectors;
 
+import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
@@ -70,4 +71,10 @@ public class TestCacheResource {
         return cache.size();
     }
 
+    @GET
+    @Path("/clear")
+    @Consumes(MediaType.TEXT_PLAIN)
+    public void clear() {
+        cache.clear();
+    }
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java
index 946d0f54e8..4561c99308 100644
--- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java
+++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingCacheResource.java
@@ -19,6 +19,7 @@ package org.keycloak.testsuite.client.resources;
 
 import java.util.Set;
 
+import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
@@ -48,4 +49,8 @@ public interface TestingCacheResource {
     @Produces(MediaType.APPLICATION_JSON)
     int size();
 
+    @GET
+    @Path("/clear")
+    @Consumes(MediaType.TEXT_PLAIN)
+    void clear();
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ExportAuthorizationSettingsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ExportAuthorizationSettingsTest.java
new file mode 100644
index 0000000000..6f5e65ec95
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/ExportAuthorizationSettingsTest.java
@@ -0,0 +1,187 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.admin.client.authorization;
+
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.Status;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.keycloak.admin.client.resource.AuthorizationResource;
+import org.keycloak.admin.client.resource.ClientResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.authorization.PolicyRepresentation;
+import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceRepresentation;
+import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
+import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.util.ClientBuilder;
+
+/**
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlasta Ramik</a>
+ */
+public class ExportAuthorizationSettingsTest extends AbstractAuthorizationTest {
+
+    //KEYCLOAK-4341
+    @Test
+    public void testResourceBasedPermission() throws Exception {
+        String permissionName = "resource-based-permission";
+        
+        ClientResource clientResource = getClientResource();
+
+        enableAuthorizationServices();
+        AuthorizationResource authorizationResource = clientResource.authorization();
+
+        //get Default Resource
+        List<ResourceRepresentation> resources = authorizationResource.resources().findByName("Default Resource");
+        Assert.assertTrue(resources.size() == 1);
+        ResourceRepresentation resource = resources.get(0);
+       
+        //get Default Policy
+        PolicyRepresentation policy = authorizationResource.policies().findByName("Default Policy");
+        
+        //create Resource-based permission and add default policy/resource
+        ResourcePermissionRepresentation permission = new ResourcePermissionRepresentation();
+        permission.setName(permissionName);
+        permission.addPolicy(policy.getId());
+        permission.addResource(resource.getId());
+        Response create = authorizationResource.permissions().resource().create(permission);
+        try {
+            Assert.assertEquals(Status.CREATED, create.getStatusInfo());
+        } finally {
+            create.close();
+        }
+        
+        //export authorization settings
+        ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
+
+        //check exported settings contains both resources/applyPolicies
+        boolean found = false;
+        for (PolicyRepresentation p : exportSettings.getPolicies()) {
+            if (p.getName().equals(permissionName)) {
+                found = true;
+                Assert.assertEquals("[\"Default Resource\"]", p.getConfig().get("resources"));
+                Assert.assertEquals("[\"Default Policy\"]", p.getConfig().get("applyPolicies"));
+            }
+        }
+        Assert.assertTrue("Permission \"role-based-permission\" was not found.", found);
+    }
+    
+    //KEYCLOAK-4340
+    @Test
+    public void testRoleBasedPolicy() {
+        ClientResource clientResource = getClientResource();
+
+        enableAuthorizationServices();
+        AuthorizationResource authorizationResource = clientResource.authorization();
+        
+        ClientRepresentation account = testRealmResource().clients().findByClientId("account").get(0);
+        RoleRepresentation role = testRealmResource().clients().get(account.getId()).roles().get("view-profile").toRepresentation();
+        
+        PolicyRepresentation policy = new PolicyRepresentation();
+        policy.setName("role-based-policy");
+        policy.setType("role");
+        Map<String, String> config = new HashMap<>();
+        config.put("roles", "[{\"id\":\"" + role.getId() +"\"}]");
+        policy.setConfig(config);
+        Response create = authorizationResource.policies().create(policy);
+        try {
+            Assert.assertEquals(Status.CREATED, create.getStatusInfo());
+        } finally {
+            create.close();
+        }
+        
+        //this call was messing up with DB, see KEYCLOAK-4340
+        authorizationResource.exportSettings();
+        
+        //this call failed with NPE
+        authorizationResource.exportSettings();
+    }
+    
+    
+    //KEYCLOAK-4983
+    @Test
+    @Ignore
+    public void testRoleBasedPolicyWithMultipleRoles() {
+        ClientResource clientResource = getClientResource();
+
+        enableAuthorizationServices();
+        AuthorizationResource authorizationResource = clientResource.authorization();
+        
+        testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-1").defaultRoles("client-role").build()).close();
+        testRealmResource().clients().create(ClientBuilder.create().clientId("test-client-2").defaultRoles("client-role").build()).close();
+                
+        ClientRepresentation client1 = getClientByClientId("test-client-1");
+        ClientRepresentation client2 = getClientByClientId("test-client-2");
+        
+        RoleRepresentation role1 = testRealmResource().clients().get(client1.getId()).roles().get("client-role").toRepresentation();
+        RoleRepresentation role2 = testRealmResource().clients().get(client2.getId()).roles().get("client-role").toRepresentation();
+        
+        PolicyRepresentation policy = new PolicyRepresentation();
+        policy.setName("role-based-policy");
+        policy.setType("role");
+        Map<String, String> config = new HashMap<>();
+        config.put("roles", "[{\"id\":\"" + role1.getId() +"\"},{\"id\":\"" + role2.getId() +"\"}]");
+        policy.setConfig(config);
+        Response create = authorizationResource.policies().create(policy);
+        try {
+            Assert.assertEquals(Status.CREATED, create.getStatusInfo());
+        } finally {
+            create.close();
+        }
+        
+        //export authorization settings
+        ResourceServerRepresentation exportSettings = authorizationResource.exportSettings();
+        
+        //delete test-resource-server client
+        testRealmResource().clients().get(clientResource.toRepresentation().getId()).remove();
+        
+        //clear cache
+        testRealmResource().clearRealmCache();
+        //workaround for the fact that clearing realm cache doesn't clear authz cache
+        testingClient.testing("test").cache("authorization").clear();
+        
+        //create new client
+        ClientRepresentation client = ClientBuilder.create()
+                .clientId(RESOURCE_SERVER_CLIENT_ID)
+                .authorizationServicesEnabled(true)
+                .serviceAccountsEnabled(true)
+                .build();
+        testRealmResource().clients().create(client).close();
+        
+        //import exported settings
+        AuthorizationResource authorization = testRealmResource().clients().get(getClientByClientId(RESOURCE_SERVER_CLIENT_ID).getId()).authorization();
+        authorization.importSettings(exportSettings);
+        
+        //check imported settings - TODO
+        PolicyRepresentation result = authorization.policies().findByName("role-based-policy");
+        Map<String, String> config1 = result.getConfig();
+        ResourceServerRepresentation settings = authorization.getSettings();
+        System.out.println("");
+    }
+    
+    private ClientRepresentation getClientByClientId(String clientId) {
+        List<ClientRepresentation> findByClientId = testRealmResource().clients().findByClientId(clientId);
+        Assert.assertTrue(findByClientId.size() == 1);
+        return findByClientId.get(0);
+    }
+}
\ No newline at end of file