KEYCLOAK-8174 Admin console test for the "Client Scopes" tab of the client

This commit is contained in:
mposolda 2018-08-28 19:09:50 +02:00 committed by Marek Posolda
parent 5ae126b10e
commit befee75917
6 changed files with 547 additions and 0 deletions

View file

@ -0,0 +1,39 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.console.page.clients.clientscopes;
import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.testsuite.console.page.clients.Client;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientScopesEvaluate extends Client {
@Page
private ClientScopesEvaluateForm form;
@Override
public String getUriFragment() {
return super.getUriFragment() + "/client-scopes/evaluate-scopes";
}
public ClientScopesEvaluateForm form() {
return form;
}
}

View file

@ -0,0 +1,157 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.console.page.clients.clientscopes;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.keycloak.testsuite.console.page.fragment.DataTable;
import org.keycloak.testsuite.page.Form;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientScopesEvaluateForm extends Form {
@FindBy(id = "scopeParam")
private WebElement scopeParamInput;
@FindBy(id = "available")
protected Select availableClientScopesSelect;
@FindBy(id = "assigned")
protected Select assignedClientScopesSelect;
@FindBy(id = "effective")
protected Select effectiveClientScopesSelect;
@FindBy(css = "button[ng-click*='addAppliedClientScope']")
protected WebElement addAppliedClientScopesButton;
@FindBy(css = "button[ng-click*='deleteAppliedClientScope']")
protected WebElement deleteAppliedClientScopesButton;
@FindBy(css = "button[data-ng-click*='sendEvaluationRequest']")
protected WebElement evaluateButton;
// Bottom part of the page (stuff shown after "Evaluate" button clicked)
@FindBy(css = "li[data-ng-click*='showTab(1)']")
protected WebElement showProtocolMappersLink;
@FindBy(css = "li[data-ng-click*='showTab(2)']")
protected WebElement showRolesLink;
@FindBy(css = "li[data-ng-click*='showTab(3)']")
protected WebElement showTokenLink;
@FindBy(css = "table[data-ng-show*='protocolMappersShown']")
protected DataTable protocolMappersTable;
@FindBy(id = "available-realm-roles")
protected Select notGrantedRealmRolesSelect;
@FindBy(id = "realm-composite")
protected Select grantedRealmRolesSelect;
@FindBy(tagName = "textarea")
private WebElement accessTokenTextArea;
public Set<String> getAvailableClientScopes() {
return ClientScopesSetupForm.getSelectValues(availableClientScopesSelect);
}
public Set<String> getAssignedClientScopes() {
return ClientScopesSetupForm.getSelectValues(assignedClientScopesSelect);
}
public Set<String> getEffectiveClientScopes() {
return ClientScopesSetupForm.getSelectValues(effectiveClientScopesSelect);
}
public void setAssignedClientScopes(Collection<String> scopes) {
ClientScopesSetupForm.removeRedundantScopes(assignedClientScopesSelect, deleteAppliedClientScopesButton, scopes);
ClientScopesSetupForm.addMissingScopes(availableClientScopesSelect, addAppliedClientScopesButton, scopes);
}
public void selectUser(String username) {
// TODO: Should be probably better way how to work with the "ui-select2" component
driver.findElement(By.id("select2-chosen-1")).click();
driver.findElement(By.className("select2-input")).sendKeys(username);
driver.findElement(By.className("select2-result-label")).click();
}
public void evaluate() {
evaluateButton.click();
WaitUtils.waitForPageToLoad();
}
public void showProtocolMappers() {
showProtocolMappersLink.click();
WaitUtils.waitForPageToLoad();
}
public void showRoles() {
showRolesLink.click();
WaitUtils.waitForPageToLoad();
}
public void showToken() {
showTokenLink.click();
WaitUtils.waitForPageToLoad();
}
// Bottom part of the page (stuff shown after "Evaluate" button clicked)
public Set<String> getEffectiveProtocolMapperNames() {
List<WebElement> rows = protocolMappersTable.rows();
Set<String> names = rows.stream().map((WebElement row) -> {
return row.findElement(By.xpath("td[1]")).getText();
}).collect(Collectors.toSet());
return names;
}
public Set<String> getGrantedRealmRoles() {
return ClientScopesSetupForm.getSelectValues(grantedRealmRolesSelect);
}
public Set<String> getNotGrantedRealmRoles() {
return ClientScopesSetupForm.getSelectValues(notGrantedRealmRolesSelect);
}
public String getAccessToken() {
return accessTokenTextArea.getText();
}
}

View file

@ -0,0 +1,39 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.console.page.clients.clientscopes;
import org.jboss.arquillian.graphene.page.Page;
import org.keycloak.testsuite.console.page.clients.Client;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientScopesSetup extends Client {
@Page
private ClientScopesSetupForm form;
@Override
public String getUriFragment() {
return super.getUriFragment() + "/client-scopes/setup-scopes";
}
public ClientScopesSetupForm form() {
return form;
}
}

View file

@ -0,0 +1,139 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.console.page.clients.clientscopes;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.keycloak.testsuite.page.Form;
import org.openqa.selenium.WebElement;
import org.openqa.selenium.support.FindBy;
import org.openqa.selenium.support.ui.Select;
import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientScopesSetupForm extends Form {
@FindBy(id = "available")
protected Select availableDefaultClientScopesSelect;
@FindBy(id = "assigned")
protected Select defaultClientScopesSelect;
@FindBy(id = "available-opt")
protected Select availableOptionalClientScopesSelect;
@FindBy(id = "assigned-opt")
protected Select optionalClientScopesSelect;
@FindBy(css = "button[ng-click*='addDefaultClientScope']")
protected WebElement addSelectedDefaultClientScopesButton;
@FindBy(css = "button[ng-click*='addOptionalClientScope']")
protected WebElement addSelectedOptionalClientScopesButton;
@FindBy(css = "button[ng-click*='deleteDefaultClientScope']")
protected WebElement removeSelectedDefaultClientScopesButton;
@FindBy(css = "button[ng-click*='deleteOptionalClientScope']")
protected WebElement removeSelectedOptionalClientScopesButton;
public Set<String> getAvailableDefaultClientScopes() {
return getSelectValues(availableDefaultClientScopesSelect);
}
public Set<String> getDefaultClientScopes() {
return getSelectValues(defaultClientScopesSelect);
}
public Set<String> getAvailableOptionalClientScopes() {
return getSelectValues(availableOptionalClientScopesSelect);
}
public Set<String> getOptionalClientScopes() {
return getSelectValues(optionalClientScopesSelect);
}
public void setDefaultClientScopes(Collection<String> scopes) {
removeRedundantScopes(defaultClientScopesSelect, removeSelectedDefaultClientScopesButton, scopes);
addMissingScopes(availableDefaultClientScopesSelect, addSelectedDefaultClientScopesButton, scopes);
}
public void setOptionalClientScopes(Collection<String> scopes) {
removeRedundantScopes(optionalClientScopesSelect, removeSelectedOptionalClientScopesButton, scopes);
addMissingScopes(availableOptionalClientScopesSelect, addSelectedOptionalClientScopesButton, scopes);
}
// Static helper methods
static Set<String> getSelectValues(Select select) {
Set<String> roles = new HashSet<>();
for (WebElement option : select.getOptions()) {
roles.add(option.getText());
}
return roles;
}
static void removeRedundantScopes(Select select, WebElement button, Collection<String> scopes) {
boolean someRemoved = false;
select.deselectAll();
for (String scope : getSelectValues(select)) {
if (scopes == null // if scopes not provided, remove all
|| !scopes.contains(scope)) { // if scopes provided, remove only the redundant
select.selectByVisibleText(scope);
someRemoved = true;
}
}
if (someRemoved) {
waitUntilElement(button).is().enabled();
button.click();
}
}
static void addMissingScopes(Select select, WebElement button, Collection<String> scopes) {
select.deselectAll();
if (scopes != null) { // if scopes not provided, don't add any
boolean someAdded = false;
for (String scope : getSelectValues(select)) {
if (scopes.contains(scope)) { // if scopes provided, add only the missing
select.selectByVisibleText(scope);
someAdded = true;
}
}
if (someAdded) {
waitUntilElement(button).is().enabled();
button.click();
}
}
}
}

View file

@ -0,0 +1,172 @@
/*
* Copyright 2017 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.console.clients;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.console.page.clients.clientscopes.ClientScopesEvaluate;
import org.keycloak.testsuite.console.page.clients.clientscopes.ClientScopesEvaluateForm;
import org.keycloak.testsuite.console.page.clients.clientscopes.ClientScopesSetup;
import org.keycloak.testsuite.console.page.clients.clientscopes.ClientScopesSetupForm;
import org.keycloak.util.JsonSerialization;
import org.keycloak.util.TokenUtil;
import static org.junit.Assert.assertNotNull;
import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
/**
* Test for the "Client Scopes" tab of client (Binding between "Client" and "Client Scopes")
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class ClientClientScopesTest extends AbstractClientTest {
private ClientRepresentation newClient;
private ClientRepresentation found;
@Page
private ClientScopesSetup clientScopesSetupPage;
@Page
private ClientScopesEvaluate clientScopesEvaluatePage;
@Before
public void before() {
newClient = createClientRep(TEST_CLIENT_ID, OIDC);
newClient.setFullScopeAllowed(false);
testRealmResource().clients().create(newClient).close();
found = findClientByClientId(TEST_CLIENT_ID);
assertNotNull("Client " + TEST_CLIENT_ID + " was not found.", found);
clientScopesSetupPage.setId(found.getId());
clientScopesSetupPage.navigateTo();
}
@Test
public void testSetupClientScopes() {
ClientScopesSetupForm setupForm = clientScopesSetupPage.form();
// Test the initial state
Assert.assertNames(setupForm.getAvailableDefaultClientScopes());
Assert.assertNames(setupForm.getDefaultClientScopes(), "email", "profile");
Assert.assertNames(setupForm.getAvailableOptionalClientScopes());
Assert.assertNames(setupForm.getOptionalClientScopes(), "address", "phone", "offline_access");
// Remove 'profile' as default client scope and assert
setupForm.setDefaultClientScopes(Collections.singletonList("email"));
Assert.assertNames(setupForm.getAvailableDefaultClientScopes(), "profile");
Assert.assertNames(setupForm.getDefaultClientScopes(), "email");
Assert.assertNames(setupForm.getAvailableOptionalClientScopes(), "profile");
Assert.assertNames(setupForm.getOptionalClientScopes(), "address", "phone", "offline_access");
// Add 'profile' as optional client scope and assert
setupForm.setOptionalClientScopes(Arrays.asList("profile", "address", "phone", "offline_access"));
Assert.assertNames(setupForm.getAvailableDefaultClientScopes());
Assert.assertNames(setupForm.getDefaultClientScopes(), "email");
Assert.assertNames(setupForm.getAvailableOptionalClientScopes());
Assert.assertNames(setupForm.getOptionalClientScopes(), "profile", "address", "phone", "offline_access");
// Retrieve client through adminClient
found = findClientByClientId(TEST_CLIENT_ID);
Assert.assertNames(found.getDefaultClientScopes(), "email", "role_list"); // SAML client scope 'role_list' is included too in the rep
Assert.assertNames(found.getOptionalClientScopes(), "profile", "address", "phone", "offline_access");
// Revert and check things successfully reverted
setupForm.setOptionalClientScopes(Arrays.asList("address", "phone", "offline_access"));
Assert.assertNames(setupForm.getAvailableDefaultClientScopes(), "profile");
setupForm.setDefaultClientScopes(Arrays.asList("profile", "email"));
Assert.assertNames(setupForm.getAvailableDefaultClientScopes());
Assert.assertNames(setupForm.getDefaultClientScopes(), "email", "profile");
Assert.assertNames(setupForm.getAvailableOptionalClientScopes());
Assert.assertNames(setupForm.getOptionalClientScopes(), "address", "phone", "offline_access");
}
@Test
public void testEvaluateClientScopes() throws IOException {
clientScopesEvaluatePage.setId(found.getId());
clientScopesEvaluatePage.navigateTo();
ClientScopesEvaluateForm evaluateForm = clientScopesEvaluatePage.form();
// Check the defaults
Assert.assertNames(evaluateForm.getAvailableClientScopes(), "address", "phone", "offline_access");
Assert.assertNames(evaluateForm.getAssignedClientScopes());
Assert.assertNames(evaluateForm.getEffectiveClientScopes(), "profile", "email");
// Add some optional scopes to the evaluation
evaluateForm.setAssignedClientScopes(Arrays.asList("address", "phone"));
Assert.assertNames(evaluateForm.getAvailableClientScopes(), "offline_access");
Assert.assertNames(evaluateForm.getAssignedClientScopes(), "address", "phone");
Assert.assertNames(evaluateForm.getEffectiveClientScopes(), "address", "phone", "profile", "email");
// Remove optional 'phone' scope from the evaluation
evaluateForm.setAssignedClientScopes(Arrays.asList("address", "offline_access"));
Assert.assertNames(evaluateForm.getAvailableClientScopes(), "phone");
Assert.assertNames(evaluateForm.getAssignedClientScopes(), "address", "offline_access");
Assert.assertNames(evaluateForm.getEffectiveClientScopes(), "address", "offline_access", "profile", "email");
// Select some user
evaluateForm.selectUser("test");
// Submit
evaluateForm.evaluate();
// Test protocolMappers of 'address' , 'profile' and 'email' scopes are included
Set<String> protocolMappers = evaluateForm.getEffectiveProtocolMapperNames();
Assert.assertTrue(protocolMappers.contains("address"));
Assert.assertTrue(protocolMappers.contains("email"));
Assert.assertTrue(protocolMappers.contains("email verified"));
Assert.assertTrue(protocolMappers.contains("username"));
Assert.assertTrue(protocolMappers.contains("full name"));
Assert.assertFalse(protocolMappers.contains("phone"));
// Test roles
evaluateForm.showRoles();
Assert.assertNames(evaluateForm.getGrantedRealmRoles(), "offline_access");
Assert.assertNames(evaluateForm.getNotGrantedRealmRoles(), "uma_authorization");
// Test access token
evaluateForm.showToken();
String accessTokenStr = evaluateForm.getAccessToken();
AccessToken token = JsonSerialization.readValue(accessTokenStr, AccessToken.class);
String scopeParam = token.getScope();
Assert.assertTrue(TokenUtil.isOIDCRequest(scopeParam));
Assert.assertTrue(TokenUtil.hasScope(scopeParam, "address"));
Assert.assertTrue(TokenUtil.hasScope(scopeParam, "profile"));
Assert.assertTrue(TokenUtil.hasScope(scopeParam, "email"));
Assert.assertFalse(TokenUtil.hasScope(scopeParam, "phone"));
}
}

View file

@ -38,6 +38,7 @@ import static org.junit.Assert.*;
import static org.keycloak.testsuite.auth.page.login.Login.OIDC; import static org.keycloak.testsuite.auth.page.login.Login.OIDC;
/** /**
* Test for the "Scope" tab of client (Client role mappings)
* *
* @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a> * @author <a href="mailto:vramik@redhat.com">Vlastislav Ramik</a>
*/ */