From b0644ce18c02fb5daba06dbb25b4672fa3c28ed8 Mon Sep 17 00:00:00 2001
From: Vlasta Ramik <vramik@redhat.com>
Date: Thu, 5 Jan 2017 11:03:36 +0100
Subject: [PATCH] test for KEYCLOAK-4109 + fix
 AuthorizationDisabledInPreviewTest

---
 .../admin/ImpersonationDisabledTest.java      | 55 +++++++++++++++++++
 .../testsuite/admin/ImpersonationTest.java    |  8 +++
 .../AuthorizationDisabledInPreviewTest.java   |  3 +
 .../base/src/test/resources/arquillian.xml    |  1 +
 .../integration-arquillian/tests/pom.xml      | 37 +++++++++++++
 5 files changed, 104 insertions(+)
 create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationDisabledTest.java

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationDisabledTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationDisabledTest.java
new file mode 100644
index 0000000000..ef1c1c3cc8
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationDisabledTest.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.testsuite.admin;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import javax.ws.rs.ServerErrorException;
+import javax.ws.rs.core.Response;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+import org.junit.Assume;
+import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
+
+/**
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+public class ImpersonationDisabledTest extends AbstractAdminTest {
+
+    @BeforeClass
+    public static void enabled() {
+        Assume.assumeTrue("impersonation".equals(System.getProperty("feature.name")) 
+                && "disabled".equals(System.getProperty("feature.value")));
+    }
+
+    @Test
+    public void testImpersonationDisabled() {
+        String impersonatedUserId = adminClient.realm(TEST).users().search("test-user@localhost", 0, 1).get(0).getId();
+        
+        try {
+            adminClient.realms().realm("test").users().get(impersonatedUserId).impersonate();
+        } catch (ServerErrorException e) {
+            assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
+            return;
+        }
+        fail("Feature impersonation should be disabled.");
+    }
+
+}
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
index ca01045b96..26b1b16e64 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ImpersonationTest.java
@@ -47,6 +47,8 @@ import javax.ws.rs.core.Response;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
+import org.junit.Assume;
+import org.junit.BeforeClass;
 
 /**
  * Tests Undertow Adapter
@@ -80,6 +82,12 @@ public class ImpersonationTest extends AbstractKeycloakTest {
 
         testRealms.add(realm.build());
     }
+    
+    @BeforeClass
+    public static void enabled() {
+        Assume.assumeFalse("impersonation".equals(System.getProperty("feature.name")) 
+                && "disabled".equals(System.getProperty("feature.value")));
+    }
 
     @Test
     public void testImpersonateByMasterAdmin() {
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java
index 072aa5f630..8bb9bcb81e 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/client/authorization/AuthorizationDisabledInPreviewTest.java
@@ -26,6 +26,7 @@ import javax.ws.rs.ServerErrorException;
 import javax.ws.rs.core.Response;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
 
 /**
  * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -44,7 +45,9 @@ public class AuthorizationDisabledInPreviewTest extends AbstractClientTest {
             testRealmResource().clients().get(id).authorization().getSettings();
         } catch (ServerErrorException e) {
             assertEquals(Response.Status.NOT_IMPLEMENTED.getStatusCode(), e.getResponse().getStatus());
+            return;
         }
+        fail("Feature Authorization should be disabled.");
     }
 
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
index 8dc077d3ea..33f290f91b 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/arquillian.xml
@@ -68,6 +68,7 @@
                 ${adapter.test.props}
                 ${migration.import.properties}
                 ${auth.server.profile}
+                ${auth.server.feature}
             </property>
             <property name="javaVmArguments">
                 ${auth.server.memory.settings}
diff --git a/testsuite/integration-arquillian/tests/pom.xml b/testsuite/integration-arquillian/tests/pom.xml
index 9b669ae538..642087dfe6 100755
--- a/testsuite/integration-arquillian/tests/pom.xml
+++ b/testsuite/integration-arquillian/tests/pom.xml
@@ -64,6 +64,7 @@
         
         <auth.server.remote>false</auth.server.remote>
         <auth.server.profile/>
+        <auth.server.feature/>
     
         <adapter.test.props/>
         <migration.import.properties/>
@@ -165,6 +166,7 @@
                             <auth.server.adapter.impl.class>${auth.server.adapter.impl.class}</auth.server.adapter.impl.class>
                             
                             <auth.server.profile>${auth.server.profile}</auth.server.profile>
+                            <auth.server.feature>${auth.server.feature}</auth.server.feature>
                             
                             <frontend.console.output>${frontend.console.output}</frontend.console.output>
                             <backends.console.output>${backend.console.output}</backends.console.output>
@@ -263,6 +265,41 @@
             </properties>
         </profile>
 
+        <!--
+            profile that enables/disables specified feature, for more details see 
+            https://keycloak.gitbooks.io/server-installation-and-configuration/content/topics/profiles.html 
+        -->
+        <profile>
+            <id>auth-server-enable-disable-feature</id>
+            <properties>
+                <auth.server.feature>-Dkeycloak.profile.feature.${feature.name}=${feature.value}</auth.server.feature>
+            </properties>
+            <build>
+                <plugins>
+                    <plugin>
+                        <artifactId>maven-enforcer-plugin</artifactId>
+                        <executions>
+                            <execution>
+                                <goals>
+                                    <goal>enforce</goal>
+                                </goals>
+                                <configuration>
+                                    <rules>
+                                        <requireProperty>
+                                            <property>feature.name</property>
+                                        </requireProperty>
+                                        <requireProperty>
+                                            <property>feature.value</property>
+                                        </requireProperty>
+                                    </rules>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
+
         <profile>
             <id>auth-server-cluster</id>
             <properties>