Refactor organization tests
Closes #30338 Signed-off-by: Martin Kanis <mkanis@redhat.com>
This commit is contained in:
parent
89f83e9788
commit
dc109381e1
7 changed files with 187 additions and 459 deletions
|
@ -69,7 +69,7 @@ public class OrganizationAccountTest extends AbstractOrganizationTest {
|
||||||
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
||||||
assertBrokerRegistration(organization, bc.getUserEmail());
|
assertBrokerRegistration(organization, bc.getUserEmail());
|
||||||
// reset password to obtain a token and access the account api
|
// reset password to obtain a token and access the account api
|
||||||
UserRepresentation user = ApiUtil.findUserByUsername(realmsResouce().realm(bc.consumerRealmName()), bc.getUserLogin());
|
UserRepresentation user = testRealm().users().searchByEmail(bc.getUserEmail(), true).get(0);
|
||||||
ApiUtil.resetUserPassword(realmsResouce().realm(bc.consumerRealmName()).users().get(user.getId()), bc.getUserPassword(), false);
|
ApiUtil.resetUserPassword(realmsResouce().realm(bc.consumerRealmName()).users().get(user.getId()), bc.getUserPassword(), false);
|
||||||
|
|
||||||
LinkedAccountRepresentation link = findLinkedAccount(bc.getIDPAlias());
|
LinkedAccountRepresentation link = findLinkedAccount(bc.getIDPAlias());
|
||||||
|
|
|
@ -22,6 +22,7 @@ import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertFalse;
|
import static org.junit.Assert.assertFalse;
|
||||||
import static org.junit.Assert.assertNotNull;
|
import static org.junit.Assert.assertNotNull;
|
||||||
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -183,29 +184,31 @@ public abstract class AbstractOrganizationTest extends AbstractAdminTest {
|
||||||
|
|
||||||
protected void assertBrokerRegistration(OrganizationResource organization, String email) {
|
protected void assertBrokerRegistration(OrganizationResource organization, String email) {
|
||||||
// login with email only
|
// login with email only
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage(email, true, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
loginPage.loginUsername(email);
|
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
loginOrgIdp(email, email, true, true);
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
assertIsMember(email, organization);
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
}
|
||||||
|
|
||||||
|
protected void loginOrgIdp(String username, String email, boolean firstTimeLogin, boolean redirectToApp) {
|
||||||
// login to the organization identity provider and run the configured first broker login flow
|
// login to the organization identity provider and run the configured first broker login flow
|
||||||
loginPage.login(email, bc.getUserPassword());
|
loginPage.login(username, bc.getUserPassword());
|
||||||
|
|
||||||
|
if (firstTimeLogin) {
|
||||||
waitForPage(driver, "update account information", false);
|
waitForPage(driver, "update account information", false);
|
||||||
updateAccountInformationPage.assertCurrent();
|
updateAccountInformationPage.assertCurrent();
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
Assert.assertTrue("We must be on correct realm right now",
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
||||||
log.debug("Updating info on updateAccount page");
|
log.debug("Updating info on updateAccount page");
|
||||||
assertFalse(driver.getPageSource().contains("kc.org"));
|
assertFalse(driver.getPageSource().contains("kc.org"));
|
||||||
updateAccountInformationPage.updateAccountInformation(bc.getUserLogin(), email, "Firstname", "Lastname");
|
updateAccountInformationPage.updateAccountInformation(username, email, "Firstname", "Lastname");
|
||||||
assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE));
|
}
|
||||||
|
|
||||||
assertIsMember(email, organization);
|
if (redirectToApp) {
|
||||||
|
appPage.assertCurrent();
|
||||||
|
assertThat(appPage.getRequestType(), is(AppPage.RequestType.AUTH_RESPONSE));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void assertIsMember(String userEmail, OrganizationResource organization) {
|
protected void assertIsMember(String userEmail, OrganizationResource organization) {
|
||||||
|
@ -245,4 +248,38 @@ public abstract class AbstractOrganizationTest extends AbstractAdminTest {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected void openIdentityFirstLoginPage(String username, boolean autoIDPRedirect, IdentityProviderRepresentation idp, boolean isVisible, boolean clickIdp) {
|
||||||
|
oauth.clientId("broker-app");
|
||||||
|
loginPage.open(bc.consumerRealmName());
|
||||||
|
log.debug("Logging in");
|
||||||
|
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
||||||
|
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
||||||
|
Assert.assertTrue(loginPage.isRegisterLinkPresent());
|
||||||
|
if (idp != null) {
|
||||||
|
if (isVisible) {
|
||||||
|
Assert.assertTrue(loginPage.isSocialButtonPresent(idp.getAlias()));
|
||||||
|
} else {
|
||||||
|
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
loginPage.loginUsername(username);
|
||||||
|
|
||||||
|
if (clickIdp) {
|
||||||
|
assertTrue(loginPage.isPasswordInputPresent());
|
||||||
|
assertTrue(loginPage.isUsernameInputPresent());
|
||||||
|
loginPage.clickSocial(idp.getAlias());
|
||||||
|
}
|
||||||
|
|
||||||
|
waitForPage(driver, "sign in to", true);
|
||||||
|
|
||||||
|
// user automatically redirected to the organization identity provider
|
||||||
|
if (autoIDPRedirect) {
|
||||||
|
Assert.assertTrue("Driver should be on the provider realm page right now",
|
||||||
|
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
||||||
|
} else {
|
||||||
|
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
||||||
|
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,13 +19,15 @@ package org.keycloak.testsuite.organization.admin;
|
||||||
|
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
|
import static org.hamcrest.Matchers.empty;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertTrue;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.Arrays;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
import java.util.function.Predicate;
|
||||||
|
|
||||||
import jakarta.mail.MessagingException;
|
import jakarta.mail.MessagingException;
|
||||||
import jakarta.mail.internet.MimeMessage;
|
import jakarta.mail.internet.MimeMessage;
|
||||||
|
@ -77,15 +79,7 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testInviteExistingUser() throws IOException, MessagingException {
|
public void testInviteExistingUser() throws IOException, MessagingException {
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = createUser("invited", "invited@myemail.com");
|
||||||
.username("invited")
|
|
||||||
.email("invited@myemail.com")
|
|
||||||
.password("password")
|
|
||||||
.enabled(true)
|
|
||||||
.build();
|
|
||||||
try (Response response = testRealm().users().create(user)) {
|
|
||||||
user.setId(ApiUtil.getCreatedId(response));
|
|
||||||
}
|
|
||||||
|
|
||||||
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
||||||
|
|
||||||
|
@ -96,15 +90,7 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testInviteExistingUserWithEmail() throws IOException, MessagingException {
|
public void testInviteExistingUserWithEmail() throws IOException, MessagingException {
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = createUser("invitedWithMatchingEmail", "invitedWithMatchingEmail@myemail.com");
|
||||||
.username("invitedWithMatchingEmail")
|
|
||||||
.email("invitedWithMatchingEmail@myemail.com")
|
|
||||||
.password("password")
|
|
||||||
.enabled(true)
|
|
||||||
.build();
|
|
||||||
try (Response response = testRealm().users().create(user)) {
|
|
||||||
user.setId(ApiUtil.getCreatedId(response));
|
|
||||||
}
|
|
||||||
|
|
||||||
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
||||||
|
|
||||||
|
@ -115,34 +101,17 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testInviteNewUserRegistration() throws IOException, MessagingException {
|
public void testInviteNewUserRegistration() throws IOException, MessagingException {
|
||||||
UserRepresentation user = UserBuilder.create()
|
String email = "inviteduser@email";
|
||||||
.username("invitedUser")
|
String firstName = "Homer";
|
||||||
.email("inviteduser@email")
|
String lastName = "Simpson";
|
||||||
.enabled(true)
|
|
||||||
.build();
|
|
||||||
// User isn't created when we send the invite
|
|
||||||
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
|
||||||
organization.members().inviteUser(user.getEmail(), null, null).close();
|
|
||||||
|
|
||||||
MimeMessage message = greenMail.getLastReceivedMessage();
|
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
||||||
Assert.assertNotNull(message);
|
organization.members().inviteUser(email, firstName, lastName).close();
|
||||||
Assert.assertEquals("Invitation to join the " + organizationName + " organization", message.getSubject());
|
|
||||||
EmailBody body = MailUtils.getBody(message);
|
registerUser(organization, email);
|
||||||
String link = MailUtils.getLink(body.getHtml());
|
|
||||||
String text = body.getHtml();
|
List<UserRepresentation> users = testRealm().users().searchByEmail(email, true);
|
||||||
assertTrue(text.contains("<p>You were invited to join the " + organizationName + " organization. Click the link below to join. </p>"));
|
assertThat(users, Matchers.not(empty()));
|
||||||
assertTrue(text.contains("<a href=\"" + link + "\" rel=\"nofollow\">Link to join the organization</a></p>"));
|
|
||||||
assertTrue(text.contains("Link to join the organization"));
|
|
||||||
assertTrue(text.contains("<p>If you dont want to join the organization, just ignore this message.</p>"));
|
|
||||||
String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null);
|
|
||||||
Assert.assertNotNull(orgToken);
|
|
||||||
driver.navigate().to(link.trim());
|
|
||||||
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
|
|
||||||
registerPage.assertCurrent(organizationName);
|
|
||||||
registerPage.register("firstName", "lastName", user.getEmail(),
|
|
||||||
user.getUsername(), "password", "password", null, false, null);
|
|
||||||
List<UserRepresentation> users = testRealm().users().searchByEmail(user.getEmail(), true);
|
|
||||||
Assert.assertFalse(users.isEmpty());
|
|
||||||
// user is a member
|
// user is a member
|
||||||
Assert.assertNotNull(organization.members().member(users.get(0).getId()).toRepresentation());
|
Assert.assertNotNull(organization.members().member(users.get(0).getId()).toRepresentation());
|
||||||
getCleanup().addCleanup(() -> testRealm().users().get(users.get(0).getId()).remove());
|
getCleanup().addCleanup(() -> testRealm().users().get(users.get(0).getId()).remove());
|
||||||
|
@ -153,18 +122,14 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testFailRegistrationNotEnabledWhenInvitingNewUser() throws IOException, MessagingException {
|
public void testFailRegistrationNotEnabledWhenInvitingNewUser() {
|
||||||
UserRepresentation user = UserBuilder.create()
|
String email = "inviteduser@email";
|
||||||
.username("invitedUser")
|
|
||||||
.email("inviteduser@email")
|
|
||||||
.enabled(true)
|
|
||||||
.build();
|
|
||||||
// User isn't created when we send the invite
|
|
||||||
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
||||||
RealmRepresentation realm = testRealm().toRepresentation();
|
RealmRepresentation realm = testRealm().toRepresentation();
|
||||||
realm.setRegistrationAllowed(false);
|
realm.setRegistrationAllowed(false);
|
||||||
testRealm().update(realm);
|
testRealm().update(realm);
|
||||||
try (Response response = organization.members().inviteUser(user.getEmail(), null, null)) {
|
try (Response response = organization.members().inviteUser(email, null, null)) {
|
||||||
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
|
assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
|
||||||
assertEquals("Realm does not allow self-registration", response.readEntity(ErrorRepresentation.class).getErrorMessage());
|
assertEquals("Realm does not allow self-registration", response.readEntity(ErrorRepresentation.class).getErrorMessage());
|
||||||
} finally {
|
} finally {
|
||||||
|
@ -174,75 +139,87 @@ public class OrganizationInvitationLinkTest extends AbstractOrganizationTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testEmailDoesNotChangeOnRegistration() throws IOException {
|
public void testEmailDoesNotChangeOnRegistration() throws IOException, MessagingException {
|
||||||
|
String email = "inviteduser@email";
|
||||||
|
|
||||||
|
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
||||||
|
organization.members().inviteUser(email, null, null).close();
|
||||||
|
|
||||||
|
registerUser(organization, "invalid@email.com");
|
||||||
|
|
||||||
|
assertThat(driver.getPageSource(), Matchers.containsString("Email does not match the invitation"));
|
||||||
|
assertThat(testRealm().users().searchByEmail(email, true), Matchers.empty());
|
||||||
|
}
|
||||||
|
|
||||||
|
private UserRepresentation createUser(String invitedWithMatchingEmail, String mail) {
|
||||||
UserRepresentation user = UserBuilder.create()
|
UserRepresentation user = UserBuilder.create()
|
||||||
.username("invitedUser")
|
.username(invitedWithMatchingEmail)
|
||||||
.email("inviteduser@email")
|
.email(mail)
|
||||||
|
.password("password")
|
||||||
.enabled(true)
|
.enabled(true)
|
||||||
.build();
|
.build();
|
||||||
// User isn't created when we send the invite
|
try (Response response = testRealm().users().create(user)) {
|
||||||
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
user.setId(ApiUtil.getCreatedId(response));
|
||||||
organization.members().inviteUser(user.getEmail(), null, null).close();
|
}
|
||||||
|
return user;
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getInvitationLinkFromEmail(String ...parameters) throws MessagingException, IOException {
|
||||||
MimeMessage message = greenMail.getLastReceivedMessage();
|
MimeMessage message = greenMail.getLastReceivedMessage();
|
||||||
Assert.assertNotNull(message);
|
Assert.assertNotNull(message);
|
||||||
|
Assert.assertEquals("Invitation to join the " + organizationName + " organization", message.getSubject());
|
||||||
|
|
||||||
EmailBody body = MailUtils.getBody(message);
|
EmailBody body = MailUtils.getBody(message);
|
||||||
String link = MailUtils.getLink(body.getHtml());
|
String text = body.getHtml();
|
||||||
|
String link = MailUtils.getLink(body.getHtml()).trim();
|
||||||
|
|
||||||
|
if (Arrays.stream(parameters).noneMatch(Predicate.isEqual(null)) && parameters.length == 2) {
|
||||||
|
assertThat(text, Matchers.containsString("Hi, " + parameters[0] + " " + parameters[1] + "."));
|
||||||
|
}
|
||||||
|
|
||||||
|
assertThat(text, Matchers.containsString(("You were invited to join the " + organizationName + " organization. Click the link below to join. </p>")));
|
||||||
|
assertThat(text, Matchers.containsString(("<a href=\"" + link + "\" rel=\"nofollow\">Link to join the organization</a></p>")));
|
||||||
|
assertThat(text, Matchers.containsString(("Link to join the organization")));
|
||||||
|
assertThat(text, Matchers.containsString(("<p>If you dont want to join the organization, just ignore this message.</p>")));
|
||||||
|
|
||||||
String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null);
|
String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null);
|
||||||
Assert.assertNotNull(orgToken);
|
Assert.assertNotNull(orgToken);
|
||||||
driver.navigate().to(link.trim());
|
|
||||||
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
|
return link;
|
||||||
registerPage.assertCurrent(organizationName);
|
|
||||||
registerPage.register("firstName", "lastName", "invalid@email.com",
|
|
||||||
user.getUsername(), "password", "password", null, false, null);
|
|
||||||
Assert.assertTrue(driver.getPageSource().contains("Email does not match the invitation"));
|
|
||||||
List<UserRepresentation> users = testRealm().users().searchByEmail(user.getEmail(), true);
|
|
||||||
Assert.assertTrue(users.isEmpty());
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testLinkExpired() throws IOException {
|
public void testLinkExpired() throws IOException, MessagingException {
|
||||||
UserRepresentation user = UserBuilder.create()
|
String email = "inviteduser@email";
|
||||||
.username("invitedUser")
|
|
||||||
.email("inviteduser@email")
|
|
||||||
.enabled(true)
|
|
||||||
.build();
|
|
||||||
// User isn't created when we send the invite
|
|
||||||
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
OrganizationResource organization = testRealm().organizations().get(createOrganization().getId());
|
||||||
organization.members().inviteUser(user.getEmail(), "Homer", "Simpson").close();
|
organization.members().inviteUser(email, "Homer", "Simpson").close();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
setTimeOffset((int) TimeUnit.DAYS.toSeconds(1));
|
setTimeOffset((int) TimeUnit.DAYS.toSeconds(1));
|
||||||
MimeMessage message = greenMail.getLastReceivedMessage();
|
|
||||||
Assert.assertNotNull(message);
|
registerUser(organization, email);
|
||||||
EmailBody body = MailUtils.getBody(message);
|
|
||||||
String link = MailUtils.getLink(body.getHtml());
|
assertThat(driver.getPageSource(), Matchers.containsString("The provided token is not valid or has expired."));
|
||||||
String orgToken = UriUtils.parseQueryParameters(link, false).values().stream().map(strings -> strings.get(0)).findFirst().orElse(null);
|
assertThat(testRealm().users().searchByEmail(email, true), Matchers.empty());
|
||||||
Assert.assertNotNull(orgToken);
|
|
||||||
driver.navigate().to(link.trim());
|
|
||||||
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
|
|
||||||
registerPage.assertCurrent(organizationName);
|
|
||||||
driver.manage().timeouts().pageLoadTimeout(1, TimeUnit.DAYS);
|
|
||||||
registerPage.register("firstName", "lastName", "invalid@email.com",
|
|
||||||
user.getUsername(), "password", "password", null, false, null);
|
|
||||||
Assert.assertTrue(driver.getPageSource().contains("The provided token is not valid or has expired."));
|
|
||||||
List<UserRepresentation> users = testRealm().users().searchByEmail(user.getEmail(), true);
|
|
||||||
Assert.assertTrue(users.isEmpty());
|
|
||||||
} finally {
|
} finally {
|
||||||
resetTimeOffset();
|
resetTimeOffset();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private void acceptInvitation(OrganizationResource organization, UserRepresentation user) throws MessagingException, IOException {
|
private void registerUser(OrganizationResource organization, String email) throws MessagingException, IOException {
|
||||||
MimeMessage message = greenMail.getLastReceivedMessage();
|
String link = getInvitationLinkFromEmail();
|
||||||
Assert.assertNotNull(message);
|
driver.navigate().to(link);
|
||||||
Assert.assertEquals("Invitation to join the " + organizationName + " organization", message.getSubject());
|
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> email.equals(actual.getEmail())));
|
||||||
EmailBody body = MailUtils.getBody(message);
|
registerPage.assertCurrent(organizationName);
|
||||||
if (user.getFirstName() != null && user.getLastName() != null) {
|
driver.manage().timeouts().pageLoadTimeout(1, TimeUnit.DAYS);
|
||||||
assertThat(body.getText(), Matchers.containsString("Hi, " + user.getFirstName() + " " + user.getLastName() + "."));
|
registerPage.register("firstName", "lastName", email,
|
||||||
|
"invitedUser", "password", "password", null, false, null);
|
||||||
}
|
}
|
||||||
String link = MailUtils.getLink(body.getHtml());
|
|
||||||
driver.navigate().to(link.trim());
|
private void acceptInvitation(OrganizationResource organization, UserRepresentation user) throws MessagingException, IOException {
|
||||||
|
String link = getInvitationLinkFromEmail(user.getFirstName(), user.getLastName());
|
||||||
|
driver.navigate().to(link);
|
||||||
// not yet a member
|
// not yet a member
|
||||||
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
|
Assert.assertFalse(organization.members().getAll().stream().anyMatch(actual -> user.getId().equals(actual.getId())));
|
||||||
// confirm the intent of membership
|
// confirm the intent of membership
|
||||||
|
|
|
@ -42,7 +42,6 @@ import jakarta.ws.rs.NotFoundException;
|
||||||
import jakarta.ws.rs.core.Response;
|
import jakarta.ws.rs.core.Response;
|
||||||
import jakarta.ws.rs.core.Response.Status;
|
import jakarta.ws.rs.core.Response.Status;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.LinkedList;
|
|
||||||
import java.util.stream.IntStream;
|
import java.util.stream.IntStream;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.admin.client.resource.OrganizationResource;
|
import org.keycloak.admin.client.resource.OrganizationResource;
|
||||||
|
@ -429,13 +428,8 @@ public class OrganizationTest extends AbstractOrganizationTest {
|
||||||
realmsResouce().create(realmRep);
|
realmsResouce().create(realmRep);
|
||||||
realmRes = realmsResouce().realm(realmRep.getRealm());
|
realmRes = realmsResouce().realm(realmRep.getRealm());
|
||||||
realmRes.toRepresentation();
|
realmRes.toRepresentation();
|
||||||
OrganizationRepresentation org = new OrganizationRepresentation();
|
|
||||||
org.setName("test-org");
|
createOrganization(realmRes, "test-org", "test.org");
|
||||||
org.addDomain(new OrganizationDomainRepresentation("test.org"));
|
|
||||||
org.setEnabled(true);
|
|
||||||
try (Response response = realmRes.organizations().create(org)) {
|
|
||||||
assertEquals(Status.CREATED.getStatusCode(), response.getStatus());
|
|
||||||
}
|
|
||||||
|
|
||||||
List<OrganizationRepresentation> orgs = realmRes.organizations().getAll();
|
List<OrganizationRepresentation> orgs = realmRes.organizations().getAll();
|
||||||
assertThat(orgs, hasSize(1));
|
assertThat(orgs, hasSize(1));
|
||||||
|
|
|
@ -17,11 +17,9 @@
|
||||||
|
|
||||||
package org.keycloak.testsuite.organization.broker;
|
package org.keycloak.testsuite.organization.broker;
|
||||||
|
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertNull;
|
import static org.junit.Assert.assertNull;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertThat;
|
||||||
import static org.junit.Assert.fail;
|
import static org.junit.Assert.fail;
|
||||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
||||||
|
|
||||||
|
@ -29,6 +27,7 @@ import java.util.List;
|
||||||
|
|
||||||
import jakarta.ws.rs.BadRequestException;
|
import jakarta.ws.rs.BadRequestException;
|
||||||
import jakarta.ws.rs.NotFoundException;
|
import jakarta.ws.rs.NotFoundException;
|
||||||
|
import org.hamcrest.Matchers;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.keycloak.admin.client.resource.OrganizationIdentityProviderResource;
|
import org.keycloak.admin.client.resource.OrganizationIdentityProviderResource;
|
||||||
import org.keycloak.admin.client.resource.OrganizationMemberResource;
|
import org.keycloak.admin.client.resource.OrganizationMemberResource;
|
||||||
|
@ -47,7 +46,6 @@ import org.keycloak.representations.idm.OrganizationRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.testsuite.Assert;
|
import org.keycloak.testsuite.Assert;
|
||||||
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
|
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
|
||||||
import org.keycloak.testsuite.pages.AppPage;
|
|
||||||
import org.keycloak.testsuite.util.UserBuilder;
|
import org.keycloak.testsuite.util.UserBuilder;
|
||||||
|
|
||||||
public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganizationTest {
|
public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganizationTest {
|
||||||
|
@ -65,17 +63,7 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
idp.getConfig().put(IdentityProviderModel.LOGIN_HINT, "true");
|
idp.getConfig().put(IdentityProviderModel.LOGIN_HINT, "true");
|
||||||
testRealm().identityProviders().get(bc.getIDPAlias()).update(idp);
|
testRealm().identityProviders().get(bc.getIDPAlias()).update(idp);
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage(bc.getUserEmail(), true, null, false,false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
loginPage.loginUsername(bc.getUserEmail());
|
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
// check if the username is automatically filled
|
// check if the username is automatically filled
|
||||||
Assert.assertEquals(bc.getUserEmail(), loginPage.getUsername());
|
Assert.assertEquals(bc.getUserEmail(), loginPage.getUsername());
|
||||||
}
|
}
|
||||||
|
@ -83,16 +71,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultAuthenticationIfUserDoesNotExistAndNoOrgMatch() {
|
public void testDefaultAuthenticationIfUserDoesNotExistAndNoOrgMatch() {
|
||||||
testRealm().organizations().get(createOrganization().getId());
|
testRealm().organizations().get(createOrganization().getId());
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
// login with email only
|
||||||
loginPage.open(bc.consumerRealmName());
|
openIdentityFirstLoginPage("user@noorg.org", false, null, false, false);
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
loginPage.loginUsername("user@noorg.org");
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
// check if the login page is shown
|
// check if the login page is shown
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
||||||
|
@ -104,18 +86,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
|
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
|
||||||
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
||||||
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
loginPage.loginUsername("user@neworg.org");
|
|
||||||
|
|
||||||
// should stay at the identity-first login page
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
// registration link shown
|
// registration link shown
|
||||||
Assert.assertTrue(loginPage.isRegisterLinkPresent());
|
Assert.assertTrue(loginPage.isRegisterLinkPresent());
|
||||||
|
@ -131,19 +104,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
idpRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
idpRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
||||||
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
||||||
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertTrue(loginPage.isRegisterLinkPresent());
|
|
||||||
loginPage.loginUsername("user@neworg.org");
|
|
||||||
|
|
||||||
// should stay at the identity-first login page
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
Assert.assertEquals("Your email domain matches the neworg organization but you don't have an account yet.", loginPage.getError());
|
Assert.assertEquals("Your email domain matches the neworg organization but you don't have an account yet.", loginPage.getError());
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
||||||
|
@ -159,19 +122,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
|
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
|
||||||
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
||||||
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertTrue(loginPage.isRegisterLinkPresent());
|
|
||||||
loginPage.loginUsername("user@neworg.org");
|
|
||||||
|
|
||||||
// should stay at the identity-first login page
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
Assert.assertFalse(driver.getPageSource().contains("Your email domain matches the neworg organization but you don't have an account yet."));
|
Assert.assertFalse(driver.getPageSource().contains("Your email domain matches the neworg organization but you don't have an account yet."));
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
||||||
|
@ -201,23 +154,12 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
||||||
idp = organization.identityProviders().get(idp.getAlias()).toRepresentation();
|
idp = organization.identityProviders().get(idp.getAlias()).toRepresentation();
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage("external@user.org", false, idp, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
|
|
||||||
loginPage.loginUsername("external@user.org");
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
||||||
Assert.assertTrue(loginPage.isSocialButtonPresent(idp.getAlias()));
|
Assert.assertTrue(loginPage.isSocialButtonPresent(idp.getAlias()));
|
||||||
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.FALSE.toString());
|
idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.FALSE.toString());
|
||||||
testRealm().identityProviders().get(idp.getAlias()).update(idp);
|
testRealm().identityProviders().get(idp.getAlias()).update(idp);
|
||||||
driver.navigate().refresh();
|
driver.navigate().refresh();
|
||||||
|
@ -239,17 +181,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
|
IdentityProviderRepresentation idpRep = organization.identityProviders().getIdentityProviders().get(0);
|
||||||
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
idpRep.getConfig().remove(OrganizationModel.ORGANIZATION_DOMAIN_ATTRIBUTE);
|
||||||
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
testRealm().identityProviders().get(idpRep.getAlias()).update(idpRep);
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage("user@neworg.org", false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
loginPage.loginUsername("user@neworg.org");
|
|
||||||
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
||||||
Assert.assertTrue(loginPage.isRegisterLinkPresent());
|
Assert.assertTrue(loginPage.isRegisterLinkPresent());
|
||||||
|
@ -258,13 +192,8 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
@Test
|
@Test
|
||||||
public void testRealmLevelBrokersAvailableIfEmailDoesNotMatchOrganization() {
|
public void testRealmLevelBrokersAvailableIfEmailDoesNotMatchOrganization() {
|
||||||
testRealm().organizations().get(createOrganization().getId());
|
testRealm().organizations().get(createOrganization().getId());
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage("user", false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
loginPage.loginUsername("user");
|
|
||||||
|
|
||||||
// check if the login page is shown
|
// check if the login page is shown
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
|
@ -299,30 +228,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
IdentityProviderRepresentation brokerRep = broker.toRepresentation();
|
IdentityProviderRepresentation brokerRep = broker.toRepresentation();
|
||||||
brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
||||||
testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep);
|
testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep);
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage(bc.getUserEmail(), true, brokerRep, false, true);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
loginPage.loginUsername(bc.getUserEmail());
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
loginPage.clickSocial(bc.getIDPAlias());
|
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
loginOrgIdp(bc.getUserEmail(), bc.getUserEmail(),true, false);
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
|
|
||||||
// login to the organization identity provider and run the configured first broker login flow
|
|
||||||
loginPage.login(bc.getUserEmail(), bc.getUserPassword());
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
|
|
||||||
|
|
||||||
// account with the same email exists in the realm, execute account linking
|
// account with the same email exists in the realm, execute account linking
|
||||||
waitForPage(driver, "account already exists", false);
|
waitForPage(driver, "account already exists", false);
|
||||||
|
@ -349,30 +258,11 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
IdentityProviderRepresentation brokerRep = broker.toRepresentation();
|
IdentityProviderRepresentation brokerRep = broker.toRepresentation();
|
||||||
brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
brokerRep.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
||||||
testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep);
|
testRealm().identityProviders().get(brokerRep.getAlias()).update(brokerRep);
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage(bc.getUserEmail(), true, brokerRep, false, true);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
loginPage.loginUsername(bc.getUserEmail());
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
loginPage.clickSocial(bc.getIDPAlias());
|
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
|
|
||||||
// login to the organization identity provider and run the configured first broker login flow
|
// login to the organization identity provider and run the configured first broker login flow
|
||||||
loginPage.login(bc.getUserEmail(), bc.getUserPassword());
|
loginOrgIdp(bc.getUserEmail(), bc.getUserEmail(), true, false);
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
|
|
||||||
|
|
||||||
// account with the same email exists in the realm, execute account linking
|
// account with the same email exists in the realm, execute account linking
|
||||||
waitForPage(driver, "account already exists", false);
|
waitForPage(driver, "account already exists", false);
|
||||||
|
@ -395,15 +285,7 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout();
|
realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout();
|
||||||
realmsResouce().realm(bc.providerRealmName()).logoutAll();
|
realmsResouce().realm(bc.providerRealmName()).logoutAll();
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage(bc.getUserEmail(), true, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
loginPage.loginUsername(bc.getUserEmail());
|
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
|
|
||||||
// login to the organization identity provider and automatically redirects to the app as the account already exists
|
// login to the organization identity provider and automatically redirects to the app as the account already exists
|
||||||
loginPage.login(bc.getUserEmail(), bc.getUserPassword());
|
loginPage.login(bc.getUserEmail(), bc.getUserPassword());
|
||||||
|
@ -476,26 +358,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
||||||
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage(bc.getUserEmail(), true, idp, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
loginOrgIdp(bc.getUserEmail(), bc.getUserEmail(),true, true);
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
|
|
||||||
loginPage.loginUsername(bc.getUserEmail());
|
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login(bc.getUserEmail(), bc.getUserPassword());
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
|
|
||||||
appPage.assertCurrent();
|
|
||||||
assertIsMember(bc.getUserEmail(), organization);
|
assertIsMember(bc.getUserEmail(), organization);
|
||||||
UserRepresentation user = testRealm().users().search(bc.getUserEmail()).get(0);
|
UserRepresentation user = testRealm().users().search(bc.getUserEmail()).get(0);
|
||||||
List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity();
|
List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity();
|
||||||
|
@ -512,18 +378,8 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
idp.getConfig().put(OrganizationModel.BROKER_PUBLIC, Boolean.TRUE.toString());
|
||||||
testRealm().identityProviders().get(bc.getIDPAlias()).update(idp);
|
testRealm().identityProviders().get(bc.getIDPAlias()).update(idp);
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage(bc.getUserEmail(), false, idp, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(idp.getAlias()));
|
|
||||||
loginPage.loginUsername(bc.getUserEmail());
|
|
||||||
|
|
||||||
// user not automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
||||||
Assert.assertTrue(driver.getPageSource().contains("Your email domain matches the " + organizationName + " organization but you don't have an account yet."));
|
Assert.assertTrue(driver.getPageSource().contains("Your email domain matches the " + organizationName + " organization but you don't have an account yet."));
|
||||||
Assert.assertTrue(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
Assert.assertTrue(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
||||||
|
@ -547,34 +403,19 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
||||||
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
String email = "external@user.org";
|
String email = "external@user.org";
|
||||||
loginPage.loginUsername(email);
|
openIdentityFirstLoginPage(email, true, idp, false, true);
|
||||||
loginPage.clickSocial(idp.getAlias());
|
|
||||||
|
loginOrgIdp("external", email, true, true);
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login("external", "password");
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(email, email, "Firstname", "Lastname");
|
|
||||||
appPage.assertCurrent();
|
|
||||||
assertIsMember(email, organization);
|
assertIsMember(email, organization);
|
||||||
|
|
||||||
// make sure the federated identity matches the expected broker
|
// make sure the federated identity matches the expected broker
|
||||||
UserRepresentation user = testRealm().users().search(email).get(0);
|
UserRepresentation user = testRealm().users().searchByEmail(email, true).get(0);
|
||||||
List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity();
|
List<FederatedIdentityRepresentation> federatedIdentities = testRealm().users().get(user.getId()).getFederatedIdentity();
|
||||||
assertEquals(1, federatedIdentities.size());
|
assertEquals(1, federatedIdentities.size());
|
||||||
assertEquals(idp.getAlias(), federatedIdentities.get(0).getIdentityProvider());
|
assertEquals(idp.getAlias(), federatedIdentities.get(0).getIdentityProvider());
|
||||||
|
testRealm().users().get(user.getId()).remove();
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -598,28 +439,14 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
||||||
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
String email = "external@user.org";
|
String email = "external@user.org";
|
||||||
loginPage.loginUsername(email);
|
openIdentityFirstLoginPage(email, true, idp, false, true);
|
||||||
loginPage.clickSocial(idp.getAlias());
|
|
||||||
|
loginOrgIdp(email, email, true, false);
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login(email, "password");
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(email, email, "Firstname", "Lastname");
|
|
||||||
Assert.assertTrue(driver.getPageSource().contains("Email domain does not match any domain from the organization"));
|
Assert.assertTrue(driver.getPageSource().contains("Email domain does not match any domain from the organization"));
|
||||||
assertIsNotMember(email, organization);
|
assertIsNotMember(email, organization);
|
||||||
|
|
||||||
updateAccountInformationPage.updateAccountInformation("external@other.org", "external@other.org", "Firstname", "Lastname");
|
updateAccountInformationPage.updateAccountInformation("external@other.org", "external@other.org", "Firstname", "Lastname");
|
||||||
appPage.assertCurrent();
|
appPage.assertCurrent();
|
||||||
assertIsMember("external@other.org", organization);
|
assertIsMember("external@other.org", organization);
|
||||||
|
@ -645,27 +472,10 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
getCleanup().addCleanup(testRealm().identityProviders().get("second-idp")::remove);
|
||||||
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
organization.identityProviders().addIdentityProvider(idp.getAlias()).close();
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
String email = "external@user.org";
|
String email = "external@user.org";
|
||||||
loginPage.loginUsername(email);
|
openIdentityFirstLoginPage(email, true, idp, false, true);
|
||||||
loginPage.clickSocial(idp.getAlias());
|
|
||||||
|
|
||||||
// user automatically redirected to the organization identity provider
|
loginOrgIdp(email, "external@unknown.org", true, true);
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login(email, "password");
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation("external@unknown.org", "external@unknown.org", "Firstname", "Lastname");
|
|
||||||
appPage.assertCurrent();
|
|
||||||
assertIsMember("external@unknown.org", organization);
|
assertIsMember("external@unknown.org", organization);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -678,31 +488,13 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
// create a second broker without a domain set
|
// create a second broker without a domain set
|
||||||
testRealm().identityProviders().create(idp).close();
|
testRealm().identityProviders().create(idp).close();
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage("some@user.org", true, idp, true, true);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
loginPage.loginUsername("some@user.org");
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
loginPage.clickSocial(idp.getAlias());
|
|
||||||
|
|
||||||
waitForPage(driver, "sign in to", true);
|
loginOrgIdp("external", bc.getUserEmail(), true, true);
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login("external", "password");
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(bc.getUserEmail(), bc.getUserEmail(), "Firstname", "Lastname");
|
|
||||||
appPage.assertCurrent();
|
|
||||||
assertTrue(organization.members().getAll().isEmpty());
|
|
||||||
|
|
||||||
UserRepresentation user = testRealm().users().search(bc.getUserEmail()).get(0);
|
assertThat(organization.members().getAll(), Matchers.empty());
|
||||||
|
|
||||||
|
UserRepresentation user = testRealm().users().searchByEmail(bc.getUserEmail(), true).get(0);
|
||||||
testRealm().users().get(user.getId()).remove();
|
testRealm().users().get(user.getId()).remove();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -726,23 +518,9 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
realmsResouce().realm(bc.providerRealmName()).users().create(user).close();
|
realmsResouce().realm(bc.providerRealmName()).users().create(user).close();
|
||||||
|
|
||||||
// select the organization broker to authenticate
|
// select the organization broker to authenticate
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage("user@different.org", true, idpRep, false, true);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
loginPage.loginUsername("user@different.org");
|
|
||||||
loginPage.clickSocial(idpRep.getAlias());
|
|
||||||
|
|
||||||
// login through the organization broker
|
loginOrgIdp(user.getEmail(), user.getEmail(), true, true);
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login("user@different.org", "password");
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(user.getUsername(), user.getEmail(), "Firstname", "Lastname");
|
|
||||||
appPage.assertCurrent();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
@ -764,42 +542,17 @@ public abstract class AbstractBrokerSelfRegistrationTest extends AbstractOrganiz
|
||||||
.build();
|
.build();
|
||||||
realmsResouce().realm(bc.providerRealmName()).users().create(user).close();
|
realmsResouce().realm(bc.providerRealmName()).users().create(user).close();
|
||||||
|
|
||||||
// execute the identity-first login
|
openIdentityFirstLoginPage(user.getEmail(), true, idpRep, false, true);
|
||||||
oauth.clientId("broker-app");
|
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
loginPage.loginUsername(user.getEmail());
|
|
||||||
|
|
||||||
waitForPage(driver, "sign in to", true);
|
loginOrgIdp(user.getEmail(), user.getEmail(),true, true);
|
||||||
// select the organization broker to authenticate
|
|
||||||
assertTrue(loginPage.isPasswordInputPresent());
|
|
||||||
assertTrue(loginPage.isUsernameInputPresent());
|
|
||||||
loginPage.clickSocial(idpRep.getAlias());
|
|
||||||
|
|
||||||
// login through the organization broker
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login("user@different.org", "password");
|
|
||||||
waitForPage(driver, "update account information", false);
|
|
||||||
updateAccountInformationPage.assertCurrent();
|
|
||||||
Assert.assertTrue("We must be on correct realm right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
log.debug("Updating info on updateAccount page");
|
|
||||||
updateAccountInformationPage.updateAccountInformation(user.getUsername(), user.getEmail(), "Firstname", "Lastname");
|
|
||||||
assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE));
|
|
||||||
|
|
||||||
UserRepresentation account = getUserRepresentation(user.getEmail());
|
UserRepresentation account = getUserRepresentation(user.getEmail());
|
||||||
realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout();
|
realmsResouce().realm(bc.consumerRealmName()).users().get(account.getId()).logout();
|
||||||
realmsResouce().realm(bc.providerRealmName()).logoutAll();
|
realmsResouce().realm(bc.providerRealmName()).logoutAll();
|
||||||
|
|
||||||
// the flow now changed and the user should be automatically redirected to the origin broker
|
// the flow now changed and the user should be automatically redirected to the origin broker
|
||||||
loginPage.open(bc.consumerRealmName());
|
openIdentityFirstLoginPage(user.getEmail(), true, null, false, false);
|
||||||
waitForPage(driver, "sign in to", true);
|
loginOrgIdp(user.getEmail(), user.getEmail(),false, true);
|
||||||
loginPage.loginUsername(user.getEmail());
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
loginPage.login("user@different.org", "password");
|
|
||||||
appPage.assertCurrent();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -21,7 +21,6 @@ import static org.hamcrest.CoreMatchers.is;
|
||||||
import static org.hamcrest.MatcherAssert.assertThat;
|
import static org.hamcrest.MatcherAssert.assertThat;
|
||||||
import static org.junit.Assert.assertEquals;
|
import static org.junit.Assert.assertEquals;
|
||||||
import static org.junit.Assert.assertTrue;
|
import static org.junit.Assert.assertTrue;
|
||||||
import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
|
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
@ -46,7 +45,6 @@ import org.keycloak.representations.idm.OrganizationRepresentation;
|
||||||
import org.keycloak.representations.idm.PartialImportRepresentation;
|
import org.keycloak.representations.idm.PartialImportRepresentation;
|
||||||
import org.keycloak.representations.idm.RealmRepresentation;
|
import org.keycloak.representations.idm.RealmRepresentation;
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
import org.keycloak.representations.idm.UserRepresentation;
|
||||||
import org.keycloak.testsuite.Assert;
|
|
||||||
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
|
||||||
import org.keycloak.testsuite.client.resources.TestingExportImportResource;
|
import org.keycloak.testsuite.client.resources.TestingExportImportResource;
|
||||||
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
|
import org.keycloak.testsuite.organization.admin.AbstractOrganizationTest;
|
||||||
|
@ -94,14 +92,8 @@ public class OrganizationExportTest extends AbstractOrganizationTest {
|
||||||
|
|
||||||
expectedManagedMembers.computeIfAbsent(orgRep.getName(), s -> new ArrayList<>()).add(email);
|
expectedManagedMembers.computeIfAbsent(orgRep.getName(), s -> new ArrayList<>()).add(email);
|
||||||
|
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage(email, true, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
loginPage.loginUsername(email);
|
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
// login to the organization identity provider and run the configured first broker login flow
|
// login to the organization identity provider and run the configured first broker login flow
|
||||||
loginPage.login(email, bc.getUserPassword());
|
loginPage.login(email, bc.getUserPassword());
|
||||||
assertIsMember(email, organization);
|
assertIsMember(email, organization);
|
||||||
|
@ -127,15 +119,8 @@ public class OrganizationExportTest extends AbstractOrganizationTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
// make sure a managed user can authenticate through the broker associated with an org
|
// make sure a managed user can authenticate through the broker associated with an org
|
||||||
oauth.clientId("broker-app");
|
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
String email = expectedManagedMembers.values().stream().findAny().get().get(0);
|
String email = expectedManagedMembers.values().stream().findAny().get().get(0);
|
||||||
loginPage.loginUsername(email);
|
openIdentityFirstLoginPage(email, true, null, false, false);
|
||||||
// user automatically redirected to the organization identity provider
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the provider realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
|
|
||||||
// login to the organization identity provider and run the configured first broker login flow
|
// login to the organization identity provider and run the configured first broker login flow
|
||||||
loginPage.login(email, bc.getUserPassword());
|
loginPage.login(email, bc.getUserPassword());
|
||||||
assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE));
|
assertThat(appPage.getRequestType(),is(AppPage.RequestType.AUTH_RESPONSE));
|
||||||
|
|
|
@ -40,16 +40,8 @@ public class OrganizationMemberAuthenticationTest extends AbstractOrganizationTe
|
||||||
UserRepresentation member = addMember(organization, "contractor@contractor.org");
|
UserRepresentation member = addMember(organization, "contractor@contractor.org");
|
||||||
|
|
||||||
// first try to log in using only the email
|
// first try to log in using only the email
|
||||||
oauth.clientId("broker-app");
|
openIdentityFirstLoginPage(member.getEmail(), false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
Assert.assertFalse(loginPage.isSocialButtonPresent(bc.getIDPAlias()));
|
|
||||||
loginPage.loginUsername(member.getEmail());
|
|
||||||
|
|
||||||
// the email does not match an organization so redirect to the realm's default authentication mechanism
|
|
||||||
waitForPage(driver, "sign in to", true);
|
|
||||||
Assert.assertTrue("Driver should be on the consumer realm page right now",
|
|
||||||
driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
|
|
||||||
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
Assert.assertTrue(loginPage.isPasswordInputPresent());
|
||||||
Assert.assertEquals(member.getEmail(), loginPage.getUsername());
|
Assert.assertEquals(member.getEmail(), loginPage.getUsername());
|
||||||
// no idp should be shown because there is only a single idp that is bound to an organization
|
// no idp should be shown because there is only a single idp that is bound to an organization
|
||||||
|
@ -63,13 +55,8 @@ public class OrganizationMemberAuthenticationTest extends AbstractOrganizationTe
|
||||||
@Test
|
@Test
|
||||||
public void testTryLoginWithUsernameNotAnEmail() {
|
public void testTryLoginWithUsernameNotAnEmail() {
|
||||||
testRealm().organizations().get(createOrganization().getId());
|
testRealm().organizations().get(createOrganization().getId());
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage("user", false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
loginPage.loginUsername("user");
|
|
||||||
|
|
||||||
// check if the login page is shown
|
// check if the login page is shown
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
|
@ -79,13 +66,8 @@ public class OrganizationMemberAuthenticationTest extends AbstractOrganizationTe
|
||||||
@Test
|
@Test
|
||||||
public void testDefaultAuthenticationMechanismIfNotOrganizationMember() {
|
public void testDefaultAuthenticationMechanismIfNotOrganizationMember() {
|
||||||
testRealm().organizations().get(createOrganization().getId());
|
testRealm().organizations().get(createOrganization().getId());
|
||||||
oauth.clientId("broker-app");
|
|
||||||
|
|
||||||
// login with email only
|
openIdentityFirstLoginPage("user@noorg.org", false, null, false, false);
|
||||||
loginPage.open(bc.consumerRealmName());
|
|
||||||
log.debug("Logging in");
|
|
||||||
Assert.assertFalse(loginPage.isPasswordInputPresent());
|
|
||||||
loginPage.loginUsername("user@noorg.org");
|
|
||||||
|
|
||||||
// check if the login page is shown
|
// check if the login page is shown
|
||||||
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
Assert.assertTrue(loginPage.isUsernameInputPresent());
|
||||||
|
|
Loading…
Reference in a new issue