Merge pull request #3994 from vramik/KEYCLOAK-4534

KEYCLOAK-4534 ClientInitiatedAccountLinkTest fails with auth-server-w…

testsuite/integration-arquillian/servers/pom.xml

@@ -35,8 +35,8 @@
         <!--app container versions-->        
         <wildfly9.version>9.0.2.Final</wildfly9.version>
         <wildfly8.version>8.2.1.Final</wildfly8.version>
-        <eap.version>7.0.0.ER6-redhat-1</eap.version>
+        <eap.version>7.0.5.GA-redhat-2</eap.version>
-        <eap6.version>7.5.6.Final-redhat-2</eap6.version>
+        <eap6.version>7.5.14.Final-redhat-2</eap6.version>
         <jboss.as.version>7.1.1.Final</jboss.as.version>
         <tomcat7.version>7.0.68</tomcat7.version>
         <tomcat8.version>8.0.32</tomcat8.version>

testsuite/integration-arquillian/test-apps/servlets/src/main/java/org/keycloak/testsuite/adapter/servlet/ClientInitiatedAccountLinkServlet.java

@@ -21,6 +21,7 @@ import org.keycloak.common.util.Base64Url;
 import org.keycloak.common.util.KeycloakUriBuilder;
 import org.keycloak.representations.AccessToken;
 
+import javax.servlet.annotation.WebServlet;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -36,6 +37,7 @@ import java.util.UUID;
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
+@WebServlet("/client-linking")
 public class ClientInitiatedAccountLinkServlet extends HttpServlet {
     @Override
     protected void doGet(HttpServletRequest request, HttpServletResponse resp) throws ServletException, IOException {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractClientInitiatedAccountLinkTest.java

@@ -14,9 +14,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.keycloak.testsuite.broker;
+package org.keycloak.testsuite.adapter.servlet;
 
-import org.apache.http.client.utils.URIBuilder;
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.arquillian.container.test.api.OperateOnDeployment;
 import org.jboss.arquillian.graphene.page.Page;
@@ -25,7 +24,6 @@ import org.jboss.shrinkwrap.api.spec.WebArchive;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
-import org.keycloak.OAuth2Constants;
 import org.keycloak.admin.client.resource.ClientResource;
 import org.keycloak.admin.client.resource.RealmResource;
 import org.keycloak.common.util.Base64Url;
@@ -39,23 +37,18 @@ import org.keycloak.representations.idm.IdentityProviderRepresentation;
 import org.keycloak.representations.idm.RealmRepresentation;
 import org.keycloak.representations.idm.RoleRepresentation;
 import org.keycloak.representations.idm.UserRepresentation;
-import org.keycloak.testsuite.AbstractKeycloakTest;
+import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
-import org.keycloak.testsuite.adapter.page.AppServerContextRoot;
-import org.keycloak.testsuite.adapter.servlet.ClientInitiatedAccountLinkServlet;
 import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
-import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+import org.keycloak.testsuite.broker.BrokerTestTools;
-import org.keycloak.testsuite.federation.PassThroughFederatedUserStorageProvider;
 import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
-import org.keycloak.testsuite.pages.AccountFederatedIdentityPage;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.pages.UpdateAccountInformationPage;
-import org.keycloak.testsuite.util.AdapterServletDeployment;
 import org.keycloak.testsuite.util.OAuthClient;
+import org.keycloak.testsuite.util.WaitUtils;
 import org.keycloak.util.JsonSerialization;
 
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import java.net.URL;
 import java.util.LinkedList;
@@ -64,7 +57,6 @@ import java.util.UUID;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import static org.junit.Assert.assertTrue;
 import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT;
 import static org.keycloak.models.AccountRoles.MANAGE_ACCOUNT_LINKS;
 import static org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID;
@@ -74,8 +66,7 @@ import static org.keycloak.testsuite.admin.ApiUtil.createUserAndResetPasswordWit
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
  * @version $Revision: 1 $
  */
-@AppServerContainer("auth-server-undertow")
+public abstract class AbstractClientInitiatedAccountLinkTest extends AbstractServletsAdapterTest {
-public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
     public static final String CHILD_IDP = "child";
     public static final String PARENT_IDP = "parent-idp";
     public static final String PARENT_USERNAME = "parent";
@@ -84,18 +75,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
     protected UpdateAccountInformationPage profilePage;
 
     @Page
-    protected LoginPage loginPage;
+    private LoginPage loginPage;
-
-    @Page
-    protected AppServerContextRoot appServerContextRootPage;
-
-    @ArquillianResource
-    protected OAuthClient oauth;
-
-
-    public boolean isRelative() {
-        return testContext.isRelativeAdapterTest();
-    }
 
     public static class ClientApp extends AbstractPageWithInjectedUrl {
 
@@ -113,15 +93,14 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
     }
 
     @Page
-    protected ClientApp appPage;
+    private ClientApp appPage;
 
     @Override
-    protected boolean isImportAfterEachMethod() {
+    public void beforeAuthTest() {
-        return true;
     }
-
+    
     @Override
-    public void addTestRealms(List<RealmRepresentation> testRealms) {
+    public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
         RealmRepresentation realm = new RealmRepresentation();
         realm.setRealm(CHILD_IDP);
         realm.setEnabled(true);
@@ -151,13 +130,12 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
         testRealms.add(realm);
 
     }
-
+    
-    @Deployment(name = "client-linking")
+    @Deployment(name = ClientApp.DEPLOYMENT_NAME)
-    public static WebArchive customerPortal() {
+    protected static WebArchive accountLink() {
-        return AdapterServletDeployment.oidcDeployment("client-linking", "/account-link-test", ClientInitiatedAccountLinkServlet.class);
+        return servletDeployment(ClientApp.DEPLOYMENT_NAME, ClientInitiatedAccountLinkServlet.class, ServletTestUtils.class);
     }
-
+    
-
     @Before
     public void addIdpUser() {
         RealmResource realm = adminClient.realms().realm(PARENT_IDP);
@@ -201,7 +179,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
         BrokerTestTools.createKcOidcBroker(adminClient, CHILD_IDP, PARENT_IDP, suiteContext);
     }
 
-    //@Test
+//    @Test
     public void testUi() throws Exception {
         Thread.sleep(1000000000);
 
@@ -232,7 +210,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
         // test not logged in
 
-        driver.navigate().to(linkUrl);
+        navigateTo(linkUrl);
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         loginPage.login("child", "password");
 
@@ -242,7 +220,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
         // now log in
 
-        driver.navigate().to( appPage.getInjectedUrl() + "/hello");
+        navigateTo( appPage.getInjectedUrl() + "/hello");
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         loginPage.login("child", "password");
         Assert.assertTrue(driver.getCurrentUrl().startsWith(appPage.getInjectedUrl() + "/hello"));
@@ -250,7 +228,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
         // now test CSRF with bad hash.
 
-        driver.navigate().to(linkUrl);
+        navigateTo(linkUrl);
 
         Assert.assertTrue(driver.getPageSource().contains("We're sorry..."));
 
@@ -271,7 +249,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
         roles.add(userRole);
         clientResource.getScopeMappings().realmLevel().add(roles);
 
-        driver.navigate().to( appPage.getInjectedUrl() + "/hello");
+        navigateTo( appPage.getInjectedUrl() + "/hello");
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         loginPage.login("child", "password");
         Assert.assertTrue(driver.getCurrentUrl().startsWith(appPage.getInjectedUrl() + "/hello"));
@@ -285,7 +263,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
                 .queryParam("provider", PARENT_IDP).build().toString();
 
 
-        driver.navigate().to(clientLinkUrl);
+        navigateTo(clientLinkUrl);
 
         Assert.assertTrue(driver.getCurrentUrl().contains("error=not_allowed"));
 
@@ -301,7 +279,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
         roles.add(manageLinks);
         clientResource.getScopeMappings().clientLevel(accountId).add(roles);
 
-        driver.navigate().to(clientLinkUrl);
+        navigateTo(clientLinkUrl);
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         loginPage.login("child", "password");
         Assert.assertTrue(loginPage.isCurrent(PARENT_IDP));
@@ -321,7 +299,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
         logoutAll();
 
-        driver.navigate().to(clientLinkUrl);
+        navigateTo(clientLinkUrl);
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         loginPage.login("child", "password");
 
@@ -339,7 +317,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
         roles.add(manageAccount);
         clientResource.getScopeMappings().clientLevel(accountId).add(roles);
 
-        driver.navigate().to(clientLinkUrl);
+        navigateTo(clientLinkUrl);
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         loginPage.login("child", "password");
         Assert.assertTrue(loginPage.isCurrent(PARENT_IDP));
@@ -359,7 +337,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
         logoutAll();
 
-        driver.navigate().to(clientLinkUrl);
+        navigateTo(clientLinkUrl);
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         loginPage.login("child", "password");
 
@@ -397,7 +375,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
         String linkUrl = linkBuilder.clone()
                 .queryParam("realm", CHILD_IDP)
                 .queryParam("provider", PARENT_IDP).build().toString();
-        driver.navigate().to(linkUrl);
+        navigateTo(linkUrl);
         Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
         Assert.assertTrue(driver.getPageSource().contains(PARENT_IDP));
         loginPage.login("child", "password");
@@ -416,7 +394,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
         Assert.assertNotNull(firstToken);
 
 
-        driver.navigate().to(linkUrl);
+        navigateTo(linkUrl);
         Assert.assertTrue(driver.getPageSource().contains("Account Linked"));
         String nextToken = getToken(response, httpClient);
         Assert.assertNotNull(nextToken);
@@ -440,7 +418,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
     }
 
     private String getToken(OAuthClient.AccessTokenResponse response, Client httpClient) throws Exception {
-        String idpToken =  httpClient.target(oauth.AUTH_SERVER_ROOT)
+        String idpToken =  httpClient.target(OAuthClient.AUTH_SERVER_ROOT)
                 .path("realms")
                 .path("child/broker")
                 .path(PARENT_IDP)
@@ -454,9 +432,9 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
     public void logoutAll() {
         String logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder()).build(CHILD_IDP).toString();
-        driver.navigate().to(logoutUri);
+        navigateTo(logoutUri);
         logoutUri = OIDCLoginProtocolService.logoutUrl(authServerPage.createUriBuilder()).build(PARENT_IDP).toString();
-        driver.navigate().to(logoutUri);
+        navigateTo(logoutUri);
     }
 
     @Test
@@ -475,7 +453,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
             String linkUrl = linkBuilder.clone()
                     .queryParam("realm", CHILD_IDP)
                     .queryParam("provider", PARENT_IDP).build().toString();
-            driver.navigate().to(linkUrl);
+            navigateTo(linkUrl);
             Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
 
             // should not be on login page.  This is what we are testing
@@ -501,7 +479,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
             System.out.println("testing link-only attack");
 
-            driver.navigate().to(linkUrl);
+            navigateTo(linkUrl);
             Assert.assertTrue(loginPage.isCurrent(CHILD_IDP));
 
             System.out.println("login page uri is: " + driver.getCurrentUrl());
@@ -537,7 +515,7 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
             System.out.println("hack uri: " + uri);
 
-            driver.navigate().to(uri);
+            navigateTo(uri);
 
             Assert.assertTrue(driver.getPageSource().contains("Could not send authentication request to identity provider."));
 
@@ -554,5 +532,11 @@ public class ClientInitiatedAccountLinkTest extends AbstractKeycloakTest {
 
     }
 
+    private void navigateTo(String uri) {
+        driver.navigate().to(uri);
+        WaitUtils.waitForPageToLoad(driver);
+    }
+
+    
 
 }

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/undertow/servlet/UndertowClientInitiatedAccountLinkTest.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter.undertow.servlet;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+
+/**
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+@AppServerContainer("auth-server-undertow")
+public class UndertowClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
+
+}

testsuite/integration-arquillian/tests/other/adapters/jboss/eap/src/test/java/org/keycloak/testsuite/adapter/EAPClientInitiatedAccountLinkTest.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+
+/**
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+@AppServerContainer("app-server-eap")
+public class EAPClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
+
+}

testsuite/integration-arquillian/tests/other/adapters/jboss/eap6/src/test/java/org/keycloak/testsuite/adapter/EAP6ClientInitiatedAccountLinkTest.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+
+/**
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+@AppServerContainer("app-server-eap6")
+public class EAP6ClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
+
+}

testsuite/integration-arquillian/tests/other/adapters/jboss/wildfly/src/test/java/org/keycloak/testsuite/adapter/WildflyClientInitiatedAccountLinkTest.java

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.adapter;
+
+import org.keycloak.testsuite.adapter.servlet.AbstractClientInitiatedAccountLinkTest;
+import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
+
+/**
+ *
+ * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
+ */
+@AppServerContainer("app-server-wildfly")
+public class WildflyClientInitiatedAccountLinkTest extends AbstractClientInitiatedAccountLinkTest {
+
+}