libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

CookiesPathTest - old account console dependencies removed. Closes #19668

Browse source
This commit is contained in:
Lukas Hanusovsky 2023-04-27 11:28:30 +02:00 committed by Michal Hajas
parent 5e323ae173
commit c685366169
1 changed files with 57 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

85
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/cookies/CookiesPathTest.java
View file

@ -19,28 +19,25 @@ import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.models.AccountRoles;
import org.keycloak.models.AdminRoles;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ActionURIUtils;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.UserBuilder;
import org.openqa.selenium.Cookie;
import java.io.IOException;
import java.util.List;
import java.util.Arrays;
import java.util.Set;
import java.util.Calendar;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.Collections;
import java.util.stream.Collectors;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
@ -48,12 +45,12 @@ import static org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_HOST;
import org.junit.After;
import jakarta.ws.rs.core.Response;
/**
* @author <a href="mailto:mkanis@redhat.com">Martin Kanis</a>
*/
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true) // TODO remove this (KEYCLOAK-16228)
public class CookiesPathTest extends AbstractKeycloakTest {
@Page
protected LoginPage loginPage;
@ -70,8 +67,13 @@ public class CookiesPathTest extends AbstractKeycloakTest {
private static final List<String> KEYCLOAK_COOKIE_NAMES = Arrays.asList("KC_RESTART", "AUTH_SESSION_ID", "KEYCLOAK_IDENTITY", "KEYCLOAK_SESSION");
@After
public void closeHttpClient() throws IOException {
public void afterCookiesPathTest() throws IOException {
if (httpClient != null) httpClient.close();
// Setting back default oauth values
oauth.realm("test");
oauth.clientId("test-app");
oauth.redirectUri(oauth.APP_AUTH_ROOT);
}
@Test
@ -79,7 +81,7 @@ public class CookiesPathTest extends AbstractKeycloakTest {
// navigate to "/realms/foo/account" and them remove cookies in the browser for the current path
// first access to the path means there are no cookies being sent
// we are redirected to login page and Keycloak sets cookie's path to "/auth/realms/foo/"
URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account");
navigateToLoginPage("foo");
driver.manage().deleteAllCookies();
Assert.assertTrue("There shouldn't be any cookies sent!", driver.manage().getCookies().isEmpty());
@ -95,7 +97,7 @@ public class CookiesPathTest extends AbstractKeycloakTest {
.forEach(cookie -> Assert.assertThat(cookie.getPath(), Matchers.endsWith("/auth/realms/foo/")));
// now navigate to realm which name overlaps the first realm and delete cookies for that realm (foobar)
URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foobar/account");
navigateToLoginPage("foobar");
driver.manage().deleteAllCookies();
// cookies shouldn't be sent for the first access to /realms/foobar/account
@ -104,7 +106,7 @@ public class CookiesPathTest extends AbstractKeycloakTest {
Assert.assertTrue("There shouldn't be any cookies sent!", cookies.isEmpty());
// navigate to account and check if correct cookies were sent
URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foobar/account");
driver.navigate().to(oauth.getLoginFormUrl());
cookies = driver.manage().getCookies();
Assert.assertTrue("There should be cookies sent!", cookies.size() > 0);
@ -114,7 +116,8 @@ public class CookiesPathTest extends AbstractKeycloakTest {
.forEach(cookie -> Assert.assertThat(cookie.getPath(), Matchers.endsWith("/auth/realms/foobar/")));
// lets back to "/realms/foo/account" to test the cookies for "foo" realm are still there and haven't been (correctly) sent to "foobar"
URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account");
oauth.realm("foo");
driver.navigate().to(oauth.getLoginFormUrl());
cookies = driver.manage().getCookies();
Assert.assertTrue("There should be cookies sent!", cookies.size() > 0);
@ -125,7 +128,7 @@ public class CookiesPathTest extends AbstractKeycloakTest {
@Test
public void testMultipleCookies() throws IOException {
String requestURI = OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account";
setOAuthUri("foo");
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_YEAR, 1);
@ -136,12 +139,12 @@ public class CookiesPathTest extends AbstractKeycloakTest {
wrongCookie.setExpiryDate(calendar.getTime());
// obtain new cookies
CookieStore cookieStore = getCorrectCookies(requestURI);
CookieStore cookieStore = getCorrectCookies(oauth.getLoginFormUrl());
cookieStore.addCookie(wrongCookie);
Assert.assertThat(cookieStore.getCookies(), Matchers.hasSize(3));
login(requestURI, cookieStore);
login(oauth.getLoginFormUrl(), cookieStore);
// old cookie has been removed
// now we have AUTH_SESSION_ID, KEYCLOAK_IDENTITY, KEYCLOAK_SESSION
@ -165,7 +168,7 @@ public class CookiesPathTest extends AbstractKeycloakTest {
Cookie wrongCookie = new Cookie(AuthenticationSessionManager.AUTH_SESSION_ID, AUTH_SESSION_VALUE,
null, OLD_COOKIE_PATH, null, false, true);
URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account");
navigateToLoginPage("foo");
driver.manage().deleteAllCookies();
// add old cookie with wrong path
@ -173,8 +176,7 @@ public class CookiesPathTest extends AbstractKeycloakTest {
Set<Cookie> cookies = driver.manage().getCookies();
Assert.assertThat(cookies, Matchers.hasSize(1));
oauth.realm("foo").redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account").clientId("account").openLoginForm();
driver.navigate().refresh();
loginPage.login("foo", "password");
// old cookie has been removed and new cookies have been added
@ -195,7 +197,7 @@ public class CookiesPathTest extends AbstractKeycloakTest {
@Test
public void testOldCookieWithNodeInValue() throws IOException {
String requestURI = OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account";
setOAuthUri("foo");
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_YEAR, 1);
@ -206,12 +208,12 @@ public class CookiesPathTest extends AbstractKeycloakTest {
wrongCookie.setExpiryDate(calendar.getTime());
// obtain new cookies
CookieStore cookieStore = getCorrectCookies(requestURI);
CookieStore cookieStore = getCorrectCookies(oauth.getLoginFormUrl());
cookieStore.addCookie(wrongCookie);
Assert.assertThat(cookieStore.getCookies(), Matchers.hasSize(3));
login(requestURI, cookieStore);
login(oauth.getLoginFormUrl(), cookieStore);
// old cookie has been removed
// now we have AUTH_SESSION_ID, KEYCLOAK_IDENTITY, KEYCLOAK_SESSION, OAuth_Token_Request_State
@ -235,13 +237,11 @@ public class CookiesPathTest extends AbstractKeycloakTest {
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
RealmBuilder foo = RealmBuilder.create().name("foo");
foo.user(UserBuilder.create().username("foo").password("password").role("account", AdminRoles.ADMIN)
.role("account", AccountRoles.MANAGE_ACCOUNT).role("account", AccountRoles.VIEW_PROFILE).role("account", AccountRoles.MANAGE_ACCOUNT_LINKS));
foo.user(UserBuilder.create().username("foo").password("password"));
testRealms.add(foo.build());
RealmBuilder foobar = RealmBuilder.create().name("foobar");
foo.user(UserBuilder.create().username("foobar").password("password").role("account", AdminRoles.ADMIN)
.role("account", AccountRoles.MANAGE_ACCOUNT).role("account", AccountRoles.VIEW_PROFILE).role("account", AccountRoles.MANAGE_ACCOUNT_LINKS));
foo.user(UserBuilder.create().username("foobar").password("password"));
testRealms.add(foobar.build());
}
@ -319,4 +319,33 @@ public class CookiesPathTest extends AbstractKeycloakTest {
Assert.assertThat("Expected successful login.", response.getStatusLine().getStatusCode(), is(equalTo(200)));
}
}
private void navigateToLoginPage(String realm) {
setOAuthUri(realm);
driver.navigate().to(oauth.getLoginFormUrl());
}
private void setOAuthUri(String realm) {
createClientInRealm(realm);
oauth.realm(realm);
oauth.clientId("app");
oauth.redirectUri(oauth.AUTH_SERVER_ROOT + "/realms/" + realm + "/app/auth");
}
private void createClientInRealm(String realm) {
ClientRepresentation client = new ClientRepresentation();
client.setClientId("app");
client.setName("app");
client.setSecret("password");
client.setEnabled(true);
client.setDirectAccessGrantsEnabled(true);
client.setRedirectUris(Collections.singletonList(oauth.SERVER_ROOT + "/auth/*"));
client.setBaseUrl(oauth.SERVER_ROOT + "/auth/realms/" + realm + "/app");
OIDCAdvancedConfigWrapper.fromClientRepresentation(client).setPostLogoutRedirectUris(Collections.singletonList("+"));
Response response = adminClient.realm(realm).clients().create(client);
response.close();
}
}