Refactor organization tests

Closes #30338

Signed-off-by: Martin Kanis <mkanis@redhat.com>
This commit is contained in:
Martin Kanis 2024-06-14 15:34:46 +02:00 committed by Pedro Igor
parent 89f83e9788
commit dc109381e1
7 changed files with 187 additions and 459 deletions

View file

@ -69,7 +69,7 @@ public class OrganizationAccountTest extends AbstractOrganizationTest {
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId()); OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
assertBrokerRegistration(organization, bc.getUserEmail()); assertBrokerRegistration(organization, bc.getUserEmail());
// reset password to obtain a token and access the account api // reset password to obtain a token and access the account api
UserRepresentation user = ApiUtil.findUserByUsername(realmsResouce().realm(bc.consumerRealmName()), bc.getUserLogin()); UserRepresentation user = testRealm().users().searchByEmail(bc.getUserEmail(), true).get(0);
ApiUtil.resetUserPassword(realmsResouce().realm(bc.consumerRealmName()).users().get(user.getId()), bc.getUserPassword(), false); ApiUtil.resetUserPassword(realmsResouce().realm(bc.consumerRealmName()).users().get(user.getId()), bc.getUserPassword(), false);
LinkedAccountRepresentation link = findLinkedAccount(bc.getIDPAlias()); LinkedAccountRepresentation link = findLinkedAccount(bc.getIDPAlias());

View file

@ -22,6 +22,7 @@ import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage; import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import java.util.List; import java.util.List;
@ -183,29 +184,31 @@ public abstract class AbstractOrganizationTest extends AbstractAdminTest {
protected void assertBrokerRegistration(OrganizationResource organization, String email) { protected void assertBrokerRegistration(OrganizationResource organization, String email) {
// login with email only // login with email only
oauth.clientId("broker-app"); openIdentityFirstLoginPage(email, true, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
loginPage.loginUsername(email);
// user automatically redirected to the organization identity provider loginOrgIdp(email, email, true, true);
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now", assertIsMember(email, organization);
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/")); }
protected void loginOrgIdp(String username, String email, boolean firstTimeLogin, boolean redirectToApp) {
// login to the organization identity provider and run the configured first broker login flow // login to the organization identity provider and run the configured first broker login flow
loginPage.login(email, bc.getUserPassword()); loginPage.login(username, bc.getUserPassword());
if (firstTimeLogin) {
waitForPage(driver, "update account information", false); waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent(); updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now", Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/")); driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page"); log.debug("Updating info on updateAccount page");
assertFalse(driver.getPageSource().contains("kc.org")); assertFalse(driver.getPageSource().contains("kc.org"));
updateAccountInformationPage.updateAccountInformation(bc.getUserLogin(), email, "Firstname", "Lastname"); updateAccountInformationPage.updateAccountInformation(username, email, "Firstname", "Lastname");
assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE)); }
assertIsMember(email, organization); if (redirectToApp) {
appPage.assertCurrent();
assertThat(appPage.getRequestType(), is(AppPage.RequestType.AUTH_RESPONSE));
}
} }
protected void assertIsMember(String userEmail, OrganizationResource organization) { protected void assertIsMember(String userEmail, OrganizationResource organization) {
@ -245,4 +248,38 @@ public abstract class AbstractOrganizationTest extends AbstractAdminTest {
} }
}; };
} }
protected void openIdentityFirstLoginPage(String username, boolean autoIDPRedirect, IdentityProviderRepresentation idp, boolean isVisible, boolean clickIdp) {
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
Assert.assertTrue(loginPage.isRegisterLinkPresent());
if (idp != null) {
if (isVisible) {
Assert.assertTrue(loginPage.isSocialButtonPresent(idp.getAlias()));
} else {
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
}
}
loginPage.loginUsername(username);
if (clickIdp) {
assertTrue(loginPage.isPasswordInputPresent());
assertTrue(loginPage.isUsernameInputPresent());
loginPage.clickSocial(idp.getAlias());
}
waitForPage(driver, "sign in to", true);
// user automatically redirected to the organization identity provider
if (autoIDPRedirect) {
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
} else {
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
}
}
} }

View file

@ -19,13 +19,15 @@ package org.keycloak.testsuite.organization.admin;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.empty;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import java.io.IOException; import java.io.IOException;
import java.util.Arrays;
import java.util.List; import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.function.Predicate;
import jakarta.mail.MessagingException; import jakarta.mail.MessagingException;
import jakarta.mail.internet.MimeMessage; import jakarta.mail.internet.MimeMessage;
@ -77,15 +79,7 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
@Test @Test
public void testInviteExistingUser() throws IOException, MessagingException { public void testInviteExistingUser() throws IOException, MessagingException {
UserRepresentation user = UserBuilder.create() UserRepresentation user = createUser("invited", "invited@myemail.com");
.username("invited")
.email("invited@myemail.com")
.password("password")
.enabled(true)
.build();
try (Response response = testRealm().users().create(user)) {
user.setId(ApiUtil.getCreatedId(response));
}
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId()); OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
@ -96,15 +90,7 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
@Test @Test
public void testInviteExistingUserWithEmail() throws IOException, MessagingException { public void testInviteExistingUserWithEmail() throws IOException, MessagingException {
UserRepresentation user = UserBuilder.create() UserRepresentation user = createUser("invitedWithMatchingEmail", "invitedWithMatchingEmail@myemail.com");
.username("invitedWithMatchingEmail")
.email("invitedWithMatchingEmail@myemail.com")
.password("password")
.enabled(true)
.build();
try (Response response = testRealm().users().create(user)) {
user.setId(ApiUtil.getCreatedId(response));
}
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId()); OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
@ -115,34 +101,17 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
@Test @Test
public void testInviteNewUserRegistration() throws IOException, MessagingException { public void testInviteNewUserRegistration() throws IOException, MessagingException {
UserRepresentation user = UserBuilder.create() String email = "inviteduser@email";
.username("invitedUser") String firstName = "Homer";
.email("inviteduser@email") String lastName = "Simpson";
.enabled(true)
.build();
// User isn't created when we send the invite
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
organization.members().inviteUser(user.getEmail(), null, null).close();
MimeMessage message = greenMail.getLastReceivedMessage(); OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
Assert.assertNotNull(message); organization.members().inviteUser(email, firstName, lastName).close();
Assert.assertEquals("Invitation to join the " + organizationName + " organization", message.getSubject());
EmailBody body = MailUtils.getBody(message); registerUser(organization, email);
String link = MailUtils.getLink(body.getHtml());
String text = body.getHtml(); List<UserRepresentation> users = testRealm().users().searchByEmail(email, true);
assertTrue(text.contains("<p>You were invited to join the " + organizationName + " organization. Click the link below to join. </p>")); assertThat(users, Matchers.not(empty()));
assertTrue(text.contains("<a href=\"" + link + "\" rel=\"nofollow\">Link to join the organization</a></p>"));
assertTrue(text.contains("Link to join the organization"));
assertTrue(text.contains("<p>If you dont want to join the organization, just ignore this message.</p>"));
String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null);
Assert.assertNotNull(orgToken);
driver.navigate().to(link.trim());
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
registerPage.assertCurrent(organizationName);
registerPage.register("firstName", "lastName", user.getEmail(),
user.getUsername(), "password", "password", null, false, null);
List<UserRepresentation> users = testRealm().users().searchByEmail(user.getEmail(), true);
Assert.assertFalse(users.isEmpty());
// user is a member // user is a member
Assert.assertNotNull(organization.members().member(users.get(0).getId()).toRepresentation()); Assert.assertNotNull(organization.members().member(users.get(0).getId()).toRepresentation());
getCleanup().addCleanup(() -> testRealm().users().get(users.get(0).getId()).remove()); getCleanup().addCleanup(() -> testRealm().users().get(users.get(0).getId()).remove());
@ -153,18 +122,14 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
} }
@Test @Test
public void testFailRegistrationNotEnabledWhenInvitingNewUser() throws IOException, MessagingException { public void testFailRegistrationNotEnabledWhenInvitingNewUser() {
UserRepresentation user = UserBuilder.create() String email = "inviteduser@email";
.username("invitedUser")
.email("inviteduser@email")
.enabled(true)
.build();
// User isn't created when we send the invite
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId()); OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
RealmRepresentation realm = testRealm().toRepresentation(); RealmRepresentation realm = testRealm().toRepresentation();
realm.setRegistrationAllowed(false); realm.setRegistrationAllowed(false);
testRealm().update(realm); testRealm().update(realm);
try (Response response = organization.members().inviteUser(user.getEmail(), null, null)) { try (Response response = organization.members().inviteUser(email, null, null)) {
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus()); assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
assertEquals("Realm does not allow self-registration", response.readEntity(ErrorRepresentation.class).getErrorMessage()); assertEquals("Realm does not allow self-registration", response.readEntity(ErrorRepresentation.class).getErrorMessage());
} finally { } finally {
@ -174,75 +139,87 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
} }
@Test @Test
public void testEmailDoesNotChangeOnRegistration() throws IOException { public void testEmailDoesNotChangeOnRegistration() throws IOException, MessagingException {
String email = "inviteduser@email";
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
organization.members().inviteUser(email, null, null).close();
registerUser(organization, "invalid@email.com");
assertThat(driver.getPageSource(), Matchers.containsString("Email does not match the invitation"));
assertThat(testRealm().users().searchByEmail(email, true), Matchers.empty());
}
private UserRepresentation createUser(String invitedWithMatchingEmail, String mail) {
UserRepresentation user = UserBuilder.create() UserRepresentation user = UserBuilder.create()
.username("invitedUser") .username(invitedWithMatchingEmail)
.email("inviteduser@email") .email(mail)
.password("password")
.enabled(true) .enabled(true)
.build(); .build();
// User isn't created when we send the invite try (Response response = testRealm().users().create(user)) {
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId()); user.setId(ApiUtil.getCreatedId(response));
organization.members().inviteUser(user.getEmail(), null, null).close(); }
return user;
}
private String getInvitationLinkFromEmail(String ...parameters) throws MessagingException, IOException {
MimeMessage message = greenMail.getLastReceivedMessage(); MimeMessage message = greenMail.getLastReceivedMessage();
Assert.assertNotNull(message); Assert.assertNotNull(message);
Assert.assertEquals("Invitation to join the " + organizationName + " organization", message.getSubject());
EmailBody body = MailUtils.getBody(message); EmailBody body = MailUtils.getBody(message);
String link = MailUtils.getLink(body.getHtml()); String text = body.getHtml();
String link = MailUtils.getLink(body.getHtml()).trim();
if (Arrays.stream(parameters).noneMatch(Predicate.isEqual(null)) && parameters.length == 2) {
assertThat(text, Matchers.containsString("Hi, " + parameters[0] + " " + parameters[1] + "."));
}
assertThat(text, Matchers.containsString(("You were invited to join the " + organizationName + " organization. Click the link below to join. </p>")));
assertThat(text, Matchers.containsString(("<a href=\"" + link + "\" rel=\"nofollow\">Link to join the organization</a></p>")));
assertThat(text, Matchers.containsString(("Link to join the organization")));
assertThat(text, Matchers.containsString(("<p>If you dont want to join the organization, just ignore this message.</p>")));
String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null); String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null);
Assert.assertNotNull(orgToken); Assert.assertNotNull(orgToken);
driver.navigate().to(link.trim());
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId()))); return link;
registerPage.assertCurrent(organizationName);
registerPage.register("firstName", "lastName", "invalid@email.com",
user.getUsername(), "password", "password", null, false, null);
Assert.assertTrue(driver.getPageSource().contains("Email does not match the invitation"));
List<UserRepresentation> users = testRealm().users().searchByEmail(user.getEmail(), true);
Assert.assertTrue(users.isEmpty());
} }
@Test @Test
public void testLinkExpired() throws IOException { public void testLinkExpired() throws IOException, MessagingException {
UserRepresentation user = UserBuilder.create() String email = "inviteduser@email";
.username("invitedUser")
.email("inviteduser@email")
.enabled(true)
.build();
// User isn't created when we send the invite
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId()); OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
organization.members().inviteUser(user.getEmail(), "Homer", "Simpson").close(); organization.members().inviteUser(email, "Homer", "Simpson").close();
try { try {
setTimeOffset((int) TimeUnit.DAYS.toSeconds(1)); setTimeOffset((int) TimeUnit.DAYS.toSeconds(1));
MimeMessage message = greenMail.getLastReceivedMessage();
Assert.assertNotNull(message); registerUser(organization, email);
EmailBody body = MailUtils.getBody(message);
String link = MailUtils.getLink(body.getHtml()); assertThat(driver.getPageSource(), Matchers.containsString("The provided token is not valid or has expired."));
String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null); assertThat(testRealm().users().searchByEmail(email, true), Matchers.empty());
Assert.assertNotNull(orgToken);
driver.navigate().to(link.trim());
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
registerPage.assertCurrent(organizationName);
driver.manage().timeouts().pageLoadTimeout(1, TimeUnit.DAYS);
registerPage.register("firstName", "lastName", "invalid@email.com",
user.getUsername(), "password", "password", null, false, null);
Assert.assertTrue(driver.getPageSource().contains("The provided token is not valid or has expired."));
List<UserRepresentation> users = testRealm().users().searchByEmail(user.getEmail(), true);
Assert.assertTrue(users.isEmpty());
} finally { } finally {
resetTimeOffset(); resetTimeOffset();
} }
} }
private void acceptInvitation(OrganizationResource organization, UserRepresentation user) throws MessagingException, IOException { private void registerUser(OrganizationResource organization, String email) throws MessagingException, IOException {
MimeMessage message = greenMail.getLastReceivedMessage(); String link = getInvitationLinkFromEmail();
Assert.assertNotNull(message); driver.navigate().to(link);
Assert.assertEquals("Invitation to join the " + organizationName + " organization", message.getSubject()); Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> email.equals(actual.getEmail())));
EmailBody body = MailUtils.getBody(message); registerPage.assertCurrent(organizationName);
if (user.getFirstName() != null && user.getLastName() != null) { driver.manage().timeouts().pageLoadTimeout(1, TimeUnit.DAYS);
assertThat(body.getText(), Matchers.containsString("Hi, " + user.getFirstName() + " " + user.getLastName() + ".")); registerPage.register("firstName", "lastName", email,
"invitedUser", "password", "password", null, false, null);
} }
String link = MailUtils.getLink(body.getHtml());
driver.navigate().to(link.trim()); private void acceptInvitation(OrganizationResource organization, UserRepresentation user) throws MessagingException, IOException {
String link = getInvitationLinkFromEmail(user.getFirstName(), user.getLastName());
driver.navigate().to(link);
// not yet a member // not yet a member
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId()))); Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
// confirm the intent of membership // confirm the intent of membership

View file

@ -42,7 +42,6 @@ import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.Response; import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.Response.Status; import jakarta.ws.rs.core.Response.Status;
import java.io.IOException; import java.io.IOException;
import java.util.LinkedList;
import java.util.stream.IntStream; import java.util.stream.IntStream;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationResource; import org.keycloak.admin.client.resource.OrganizationResource;
@ -429,13 +428,8 @@ public class OrganizationTest extends AbstractOrganizationTest {
realmsResouce().create(realmRep); realmsResouce().create(realmRep);
realmRes = realmsResouce().realm(realmRep.getRealm()); realmRes = realmsResouce().realm(realmRep.getRealm());
realmRes.toRepresentation(); realmRes.toRepresentation();
OrganizationRepresentation org = new OrganizationRepresentation();
org.setName("test-org"); createOrganization(realmRes, "test-org", "test.org");
org.addDomain(new OrganizationDomainRepresentation("test.org"));
org.setEnabled(true);
try (Response response = realmRes.organizations().create(org)) {
assertEquals(Status.CREATED.getStatusCode(), response.getStatus());
}
List<OrganizationRepresentation> orgs = realmRes.organizations().getAll(); List<OrganizationRepresentation> orgs = realmRes.organizations().getAll();
assertThat(orgs, hasSize(1)); assertThat(orgs, hasSize(1));

View file

@ -17,11 +17,9 @@
package org.keycloak.testsuite.organization.broker; package org.keycloak.testsuite.organization.broker;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNull; import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage; import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
@ -29,6 +27,7 @@ import java.util.List;
import jakarta.ws.rs.BadRequestException; import jakarta.ws.rs.BadRequestException;
import jakarta.ws.rs.NotFoundException; import jakarta.ws.rs.NotFoundException;
import org.hamcrest.Matchers;
import org.junit.Test; import org.junit.Test;
import org.keycloak.admin.client.resource.OrganizationIdentityProviderResource; import org.keycloak.admin.client.resource.OrganizationIdentityProviderResource;
import org.keycloak.admin.client.resource.OrganizationMemberResource; import org.keycloak.admin.client.resource.OrganizationMemberResource;
@ -47,7 +46,6 @@ import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert; import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.UserBuilder; import org.keycloak.testsuite.util.UserBuilder;
public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganizationTest { public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganizationTest {
@ -65,17 +63,7 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
idp.getConfig().put(IdentityProviderModel.LOGIN_HINT, "true"); idp.getConfig().put(IdentityProviderModel.LOGIN_HINT, "true");
testRealm().identityProviders().get(bc.getIDPAlias()).update(idp); testRealm().identityProviders().get(bc.getIDPAlias()).update(idp);
oauth.clientId("broker-app"); openIdentityFirstLoginPage(bc.getUserEmail(), true, null, false,false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
loginPage.loginUsername(bc.getUserEmail());
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
// check if the username is automatically filled // check if the username is automatically filled
Assert.assertEquals(bc.getUserEmail(), loginPage.getUsername()); Assert.assertEquals(bc.getUserEmail(), loginPage.getUsername());
} }
@ -83,16 +71,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
@Test @Test
public void testDefaultAuthenticationIfUserDoesNotExistAndNoOrgMatch() { public void testDefaultAuthenticationIfUserDoesNotExistAndNoOrgMatch() {
testRealm().organizations().get(createOrganization().getId()); testRealm().organizations().get(createOrganization().getId());
oauth.clientId("broker-app");
// login with email only // login with email only
loginPage.open(bc.consumerRealmName()); openIdentityFirstLoginPage("user@noorg.org", false, null, false, false);
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
loginPage.loginUsername("user@noorg.org");
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
// check if the login page is shown // check if the login page is shown
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());
Assert.assertTrue(loginPage.isPasswordInputPresent()); Assert.assertTrue(loginPage.isPasswordInputPresent());
@ -104,18 +86,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0); IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE); idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep); testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
loginPage.loginUsername("user@neworg.org");
// should stay at the identity-first login page
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());
// registration link shown // registration link shown
Assert.assertTrue(loginPage.isRegisterLinkPresent()); Assert.assertTrue(loginPage.isRegisterLinkPresent());
@ -131,19 +104,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
idpRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString()); idpRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE); idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep); testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertTrue(loginPage.isRegisterLinkPresent());
loginPage.loginUsername("user@neworg.org");
// should stay at the identity-first login page
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
Assert.assertEquals("Your email domain matches the neworg organization but you don't have an account yet.", loginPage.getError()); Assert.assertEquals("Your email domain matches the neworg organization but you don't have an account yet.", loginPage.getError());
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());
Assert.assertFalse(loginPage.isPasswordInputPresent()); Assert.assertFalse(loginPage.isPasswordInputPresent());
@ -159,19 +122,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0); IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE); idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep); testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertTrue(loginPage.isRegisterLinkPresent());
loginPage.loginUsername("user@neworg.org");
// should stay at the identity-first login page
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
Assert.assertFalse(driver.getPageSource().contains("Your email domain matches the neworg organization but you don't have an account yet.")); Assert.assertFalse(driver.getPageSource().contains("Your email domain matches the neworg organization but you don't have an account yet."));
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());
Assert.assertFalse(loginPage.isPasswordInputPresent()); Assert.assertFalse(loginPage.isPasswordInputPresent());
@ -201,23 +154,12 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
organization.identityProviders().addIdentityProvider(idp.getAlias()).close(); organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
idp = organization.identityProviders().get(idp.getAlias()).toRepresentation(); idp = organization.identityProviders().get(idp.getAlias()).toRepresentation();
oauth.clientId("broker-app"); openIdentityFirstLoginPage("external@user.org", false, idp, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
loginPage.loginUsername("external@user.org");
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
Assert.assertTrue(loginPage.isPasswordInputPresent()); Assert.assertTrue(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias())); Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
Assert.assertTrue(loginPage.isSocialButtonPresent(idp.getAlias())); Assert.assertTrue(loginPage.isSocialButtonPresent(idp.getAlias()));
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.FALSE.toString()); idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.FALSE.toString());
testRealm().identityProviders().get(idp.getAlias()).update(idp); testRealm().identityProviders().get(idp.getAlias()).update(idp);
driver.navigate().refresh(); driver.navigate().refresh();
@ -239,17 +181,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0); IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE); idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep); testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
loginPage.loginUsername("user@neworg.org");
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());
Assert.assertTrue(loginPage.isPasswordInputPresent()); Assert.assertTrue(loginPage.isPasswordInputPresent());
Assert.assertTrue(loginPage.isRegisterLinkPresent()); Assert.assertTrue(loginPage.isRegisterLinkPresent());
@ -258,13 +192,8 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
@Test @Test
public void testRealmLevelBrokersAvailableIfEmailDoesNotMatchOrganization() { public void testRealmLevelBrokersAvailableIfEmailDoesNotMatchOrganization() {
testRealm().organizations().get(createOrganization().getId()); testRealm().organizations().get(createOrganization().getId());
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage("user", false, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
loginPage.loginUsername("user");
// check if the login page is shown // check if the login page is shown
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());
@ -299,30 +228,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
IdentityProviderRepresentation brokerRep = broker.toRepresentation(); IdentityProviderRepresentation brokerRep = broker.toRepresentation();
brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString()); brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep); testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep);
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage(bc.getUserEmail(), true, brokerRep, false, true);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
loginPage.loginUsername(bc.getUserEmail());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
loginPage.clickSocial(bc.getIDPAlias());
// user automatically redirected to the organization identity provider loginOrgIdp(bc.getUserEmail(), bc.getUserEmail(),true, false);
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
// login to the organization identity provider and run the configured first broker login flow
loginPage.login(bc.getUserEmail(), bc.getUserPassword());
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
// account with the same email exists in the realm, execute account linking // account with the same email exists in the realm, execute account linking
waitForPage(driver, "account already exists", false); waitForPage(driver, "account already exists", false);
@ -349,30 +258,11 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
IdentityProviderRepresentation brokerRep = broker.toRepresentation(); IdentityProviderRepresentation brokerRep = broker.toRepresentation();
brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString()); brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep); testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep);
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage(bc.getUserEmail(), true, brokerRep, false, true);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
loginPage.loginUsername(bc.getUserEmail());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
loginPage.clickSocial(bc.getIDPAlias());
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
// login to the organization identity provider and run the configured first broker login flow // login to the organization identity provider and run the configured first broker login flow
loginPage.login(bc.getUserEmail(), bc.getUserPassword()); loginOrgIdp(bc.getUserEmail(), bc.getUserEmail(), true, false);
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
// account with the same email exists in the realm, execute account linking // account with the same email exists in the realm, execute account linking
waitForPage(driver, "account already exists", false); waitForPage(driver, "account already exists", false);
@ -395,15 +285,7 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout(); realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout();
realmsResouce().realm(bc.providerRealmName()).logoutAll(); realmsResouce().realm(bc.providerRealmName()).logoutAll();
// login with email only openIdentityFirstLoginPage(bc.getUserEmail(), true, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
loginPage.loginUsername(bc.getUserEmail());
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
// login to the organization identity provider and automatically redirects to the app as the account already exists // login to the organization identity provider and automatically redirects to the app as the account already exists
loginPage.login(bc.getUserEmail(), bc.getUserPassword()); loginPage.login(bc.getUserEmail(), bc.getUserPassword());
@ -476,26 +358,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove); getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
organization.identityProviders().addIdentityProvider(idp.getAlias()).close(); organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
oauth.clientId("broker-app"); openIdentityFirstLoginPage(bc.getUserEmail(), true, idp, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in"); loginOrgIdp(bc.getUserEmail(), bc.getUserEmail(),true, true);
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
loginPage.loginUsername(bc.getUserEmail());
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login(bc.getUserEmail(), bc.getUserPassword());
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
appPage.assertCurrent();
assertIsMember(bc.getUserEmail(), organization); assertIsMember(bc.getUserEmail(), organization);
UserRepresentation user = testRealm().users().search(bc.getUserEmail()).get(0); UserRepresentation user = testRealm().users().search(bc.getUserEmail()).get(0);
List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity(); List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity();
@ -512,18 +378,8 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString()); idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
testRealm().identityProviders().get(bc.getIDPAlias()).update(idp); testRealm().identityProviders().get(bc.getIDPAlias()).update(idp);
oauth.clientId("broker-app"); openIdentityFirstLoginPage(bc.getUserEmail(), false, idp, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
loginPage.loginUsername(bc.getUserEmail());
// user not automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
Assert.assertFalse(loginPage.isPasswordInputPresent()); Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertTrue(driver.getPageSource().contains("Your email domain matches the " + organizationName + " organization but you don't have an account yet.")); Assert.assertTrue(driver.getPageSource().contains("Your email domain matches the " + organizationName + " organization but you don't have an account yet."));
Assert.assertTrue(loginPage.isSocialButtonPresent(bc.getIDPAlias())); Assert.assertTrue(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
@ -547,34 +403,19 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove); getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
organization.identityProviders().addIdentityProvider(idp.getAlias()).close(); organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
String email = "external@user.org"; String email = "external@user.org";
loginPage.loginUsername(email); openIdentityFirstLoginPage(email, true, idp, false, true);
loginPage.clickSocial(idp.getAlias());
loginOrgIdp("external", email, true, true);
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login("external", "password");
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(email, email, "Firstname", "Lastname");
appPage.assertCurrent();
assertIsMember(email, organization); assertIsMember(email, organization);
// make sure the federated identity matches the expected broker // make sure the federated identity matches the expected broker
UserRepresentation user = testRealm().users().search(email).get(0); UserRepresentation user = testRealm().users().searchByEmail(email, true).get(0);
List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity(); List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity();
assertEquals(1, federatedIdentities.size()); assertEquals(1, federatedIdentities.size());
assertEquals(idp.getAlias(), federatedIdentities.get(0).getIdentityProvider()); assertEquals(idp.getAlias(), federatedIdentities.get(0).getIdentityProvider());
testRealm().users().get(user.getId()).remove();
} }
@Test @Test
@ -598,28 +439,14 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove); getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
organization.identityProviders().addIdentityProvider(idp.getAlias()).close(); organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
String email = "external@user.org"; String email = "external@user.org";
loginPage.loginUsername(email); openIdentityFirstLoginPage(email, true, idp, false, true);
loginPage.clickSocial(idp.getAlias());
loginOrgIdp(email, email, true, false);
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login(email, "password");
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(email, email, "Firstname", "Lastname");
Assert.assertTrue(driver.getPageSource().contains("Email domain does not match any domain from the organization")); Assert.assertTrue(driver.getPageSource().contains("Email domain does not match any domain from the organization"));
assertIsNotMember(email, organization); assertIsNotMember(email, organization);
updateAccountInformationPage.updateAccountInformation("external@other.org", "external@other.org", "Firstname", "Lastname"); updateAccountInformationPage.updateAccountInformation("external@other.org", "external@other.org", "Firstname", "Lastname");
appPage.assertCurrent(); appPage.assertCurrent();
assertIsMember("external@other.org", organization); assertIsMember("external@other.org", organization);
@ -645,27 +472,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove); getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
organization.identityProviders().addIdentityProvider(idp.getAlias()).close(); organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
String email = "external@user.org"; String email = "external@user.org";
loginPage.loginUsername(email); openIdentityFirstLoginPage(email, true, idp, false, true);
loginPage.clickSocial(idp.getAlias());
// user automatically redirected to the organization identity provider loginOrgIdp(email, "external@unknown.org", true, true);
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login(email, "password");
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation("external@unknown.org", "external@unknown.org", "Firstname", "Lastname");
appPage.assertCurrent();
assertIsMember("external@unknown.org", organization); assertIsMember("external@unknown.org", organization);
} }
@ -678,31 +488,13 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
// create a second broker without a domain set // create a second broker without a domain set
testRealm().identityProviders().create(idp).close(); testRealm().identityProviders().create(idp).close();
oauth.clientId("broker-app"); openIdentityFirstLoginPage("some@user.org", true, idp, true, true);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
loginPage.loginUsername("some@user.org");
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
loginPage.clickSocial(idp.getAlias());
waitForPage(driver, "sign in to", true); loginOrgIdp("external", bc.getUserEmail(), true, true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login("external", "password");
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
appPage.assertCurrent();
assertTrue(organization.members().getAll().isEmpty());
UserRepresentation user = testRealm().users().search(bc.getUserEmail()).get(0); assertThat(organization.members().getAll(), Matchers.empty());
UserRepresentation user = testRealm().users().searchByEmail(bc.getUserEmail(), true).get(0);
testRealm().users().get(user.getId()).remove(); testRealm().users().get(user.getId()).remove();
} }
@ -726,23 +518,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
realmsResouce().realm(bc.providerRealmName()).users().create(user).close(); realmsResouce().realm(bc.providerRealmName()).users().create(user).close();
// select the organization broker to authenticate // select the organization broker to authenticate
oauth.clientId("broker-app"); openIdentityFirstLoginPage("user@different.org", true, idpRep, false, true);
loginPage.open(bc.consumerRealmName());
loginPage.loginUsername("user@different.org");
loginPage.clickSocial(idpRep.getAlias());
// login through the organization broker loginOrgIdp(user.getEmail(), user.getEmail(), true, true);
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login("user@different.org", "password");
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(user.getUsername(), user.getEmail(), "Firstname", "Lastname");
appPage.assertCurrent();
} }
@Test @Test
@ -764,42 +542,17 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
.build(); .build();
realmsResouce().realm(bc.providerRealmName()).users().create(user).close(); realmsResouce().realm(bc.providerRealmName()).users().create(user).close();
// execute the identity-first login openIdentityFirstLoginPage(user.getEmail(), true, idpRep, false, true);
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
loginPage.loginUsername(user.getEmail());
waitForPage(driver, "sign in to", true); loginOrgIdp(user.getEmail(), user.getEmail(),true, true);
// select the organization broker to authenticate
assertTrue(loginPage.isPasswordInputPresent());
assertTrue(loginPage.isUsernameInputPresent());
loginPage.clickSocial(idpRep.getAlias());
// login through the organization broker
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login("user@different.org", "password");
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(user.getUsername(), user.getEmail(), "Firstname", "Lastname");
assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE));
UserRepresentation account = getUserRepresentation(user.getEmail()); UserRepresentation account = getUserRepresentation(user.getEmail());
realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout(); realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout();
realmsResouce().realm(bc.providerRealmName()).logoutAll(); realmsResouce().realm(bc.providerRealmName()).logoutAll();
// the flow now changed and the user should be automatically redirected to the origin broker // the flow now changed and the user should be automatically redirected to the origin broker
loginPage.open(bc.consumerRealmName()); openIdentityFirstLoginPage(user.getEmail(), true, null, false, false);
waitForPage(driver, "sign in to", true); loginOrgIdp(user.getEmail(), user.getEmail(),false, true);
loginPage.loginUsername(user.getEmail());
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
loginPage.login("user@different.org", "password");
appPage.assertCurrent();
} }
@Test @Test

View file

@ -21,7 +21,6 @@ import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.MatcherAssert.assertThat; import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
import java.io.File; import java.io.File;
import java.util.ArrayList; import java.util.ArrayList;
@ -46,7 +45,6 @@ import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.PartialImportRepresentation; import org.keycloak.representations.idm.PartialImportRepresentation;
import org.keycloak.representations.idm.RealmRepresentation; import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation; import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature; import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.client.resources.TestingExportImportResource; import org.keycloak.testsuite.client.resources.TestingExportImportResource;
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest; import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
@ -94,14 +92,8 @@ public class OrganizationExportTest extends AbstractOrganizationTest {
expectedManagedMembers.computeIfAbsent(orgRep.getName(), s -> new ArrayList<>()).add(email); expectedManagedMembers.computeIfAbsent(orgRep.getName(), s -> new ArrayList<>()).add(email);
oauth.clientId("broker-app"); openIdentityFirstLoginPage(email, true, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
loginPage.loginUsername(email);
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
// login to the organization identity provider and run the configured first broker login flow // login to the organization identity provider and run the configured first broker login flow
loginPage.login(email, bc.getUserPassword()); loginPage.login(email, bc.getUserPassword());
assertIsMember(email, organization); assertIsMember(email, organization);
@ -127,15 +119,8 @@ public class OrganizationExportTest extends AbstractOrganizationTest {
} }
// make sure a managed user can authenticate through the broker associated with an org // make sure a managed user can authenticate through the broker associated with an org
oauth.clientId("broker-app");
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
String email = expectedManagedMembers.values().stream().findAny().get().get(0); String email = expectedManagedMembers.values().stream().findAny().get().get(0);
loginPage.loginUsername(email); openIdentityFirstLoginPage(email, true, null, false, false);
// user automatically redirected to the organization identity provider
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
// login to the organization identity provider and run the configured first broker login flow // login to the organization identity provider and run the configured first broker login flow
loginPage.login(email, bc.getUserPassword()); loginPage.login(email, bc.getUserPassword());
assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE)); assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE));

View file

@ -40,16 +40,8 @@ public class OrganizationMemberAuthenticationTest extends AbstractOrganizationTe
UserRepresentation member = addMember(organization, "contractor@contractor.org"); UserRepresentation member = addMember(organization, "contractor@contractor.org");
// first try to log in using only the email // first try to log in using only the email
oauth.clientId("broker-app"); openIdentityFirstLoginPage(member.getEmail(), false, null, false, false);
loginPage.open(bc.consumerRealmName());
Assert.assertFalse(loginPage.isPasswordInputPresent());
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
loginPage.loginUsername(member.getEmail());
// the email does not match an organization so redirect to the realm's default authentication mechanism
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the consumer realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
Assert.assertTrue(loginPage.isPasswordInputPresent()); Assert.assertTrue(loginPage.isPasswordInputPresent());
Assert.assertEquals(member.getEmail(), loginPage.getUsername()); Assert.assertEquals(member.getEmail(), loginPage.getUsername());
// no idp should be shown because there is only a single idp that is bound to an organization // no idp should be shown because there is only a single idp that is bound to an organization
@ -63,13 +55,8 @@ public class OrganizationMemberAuthenticationTest extends AbstractOrganizationTe
@Test @Test
public void testTryLoginWithUsernameNotAnEmail() { public void testTryLoginWithUsernameNotAnEmail() {
testRealm().organizations().get(createOrganization().getId()); testRealm().organizations().get(createOrganization().getId());
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage("user", false, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
loginPage.loginUsername("user");
// check if the login page is shown // check if the login page is shown
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());
@ -79,13 +66,8 @@ public class OrganizationMemberAuthenticationTest extends AbstractOrganizationTe
@Test @Test
public void testDefaultAuthenticationMechanismIfNotOrganizationMember() { public void testDefaultAuthenticationMechanismIfNotOrganizationMember() {
testRealm().organizations().get(createOrganization().getId()); testRealm().organizations().get(createOrganization().getId());
oauth.clientId("broker-app");
// login with email only openIdentityFirstLoginPage("user@noorg.org", false, null, false, false);
loginPage.open(bc.consumerRealmName());
log.debug("Logging in");
Assert.assertFalse(loginPage.isPasswordInputPresent());
loginPage.loginUsername("user@noorg.org");
// check if the login page is shown // check if the login page is shown
Assert.assertTrue(loginPage.isUsernameInputPresent()); Assert.assertTrue(loginPage.isUsernameInputPresent());