libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions

[KEYCLOAK-7579] - Fixing test to use client scopes instead of old scope param required (#5259)

Browse source
This commit is contained in:
Pedro Igor 2018-06-12 15:44:03 -03:00 committed by GitHub
parent d897159560
commit dd93de75d9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 62 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

72
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
View file

@ -25,17 +25,27 @@ import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopesResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RealmsResource;
import org.keycloak.admin.client.resource.ResourcesResource;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.protocol.ProtocolMapperUtils;
import org.keycloak.protocol.oidc.mappers.UserClientRoleMappingMapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
@ -45,6 +55,7 @@ import org.keycloak.representations.idm.authorization.ResourceServerRepresentati
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.adapter.page.PhotozClientAuthzTestApp;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.DroneUtils;
@ -58,6 +69,7 @@ import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
@ -76,6 +88,8 @@ import static org.keycloak.testsuite.util.IOUtil.loadRealm;
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
import javax.ws.rs.core.Response;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
@ -359,7 +373,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
clientPage.createAlbum("Alice Family Album");
clientPage.viewAlbum("Alice Family Album", false);
UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
RealmResource realmResource = realmsResouce().realm(REALM_NAME);
UsersResource usersResource = realmResource.users();
List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
assertFalse(users.isEmpty());
@ -368,19 +383,16 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
UserResource userResource = usersResource.get(userRepresentation.getId());
ClientResource html5ClientApp = getClientResource("photoz-html5-client");
ClientRepresentation clientRepresentation = html5ClientApp.toRepresentation();
userResource.revokeConsent(html5ClientApp.toRepresentation().getClientId());
userResource.revokeConsent(clientRepresentation.getClientId());
ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
RoleResource roleResource = resourceServerClient.roles().get("manage-albums");
RoleRepresentation roleRepresentation = roleResource.toRepresentation();
roleResource.update(roleRepresentation);
setManageAlbumScopeRequired();
loginToClientPage("alice", "alice");
clientPage.viewAlbum("Alice Family Album", true);
loginToClientPage("alice", "alice", RESOURCE_SERVER_ID + "/manage-albums");
loginToClientPage("alice", "alice", "manage-albums");
clientPage.viewAlbum("Alice Family Album", false);
}
@ -407,6 +419,8 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
setManageAlbumScopeRequired();
manageAlbumRole.update(roleRepresentation);
loginToClientPage("alice", "alice");
@ -579,8 +593,9 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
}
});
}
//KEYCLOAK-3777
@Test
public void testEntitlementRequest() throws Exception {
ContainerAssume.assumeNotAuthServerUndertow();
@ -596,7 +611,6 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
assertTrue(pageSource.contains("album:view"));
assertTrue(pageSource.contains("album:delete"));
}
@Test
public void testResourceProtectedWithAnyScope() throws Exception {
loginToClientPage("alice", "alice");
@ -736,4 +750,42 @@ public abstract class AbstractPhotozExampleAdapterTest extends AbstractExampleAd
clientPage.login(username, password, scopes);
waitUntilElement(By.linkText("Sign Out")).is().clickable();
}
private void setManageAlbumScopeRequired() {
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName("manage-albums");
clientScope.setProtocol("openid-connect");
ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
mapper.setName("manage-albums");
mapper.setProtocol("openid-connect");
mapper.setProtocolMapper(UserClientRoleMappingMapper.PROVIDER_ID);
Map<String, String> config = new HashMap<>();
config.put("access.token.claim", "true");
config.put("id.token.claim", "true");
config.put("userinfo.token.claim", "true");
config.put(ProtocolMapperUtils.USER_MODEL_CLIENT_ROLE_MAPPING_CLIENT_ID, "photoz-restful-api");
mapper.setConfig(config);
clientScope.setProtocolMappers(Arrays.asList(mapper));
RealmResource realmResource = realmsResouce().realm(REALM_NAME);
ClientScopesResource clientScopes = realmResource.clientScopes();
Response resp = clientScopes.create(clientScope);
Assert.assertEquals(201, resp.getStatus());
resp.close();
String clientScopeId = ApiUtil.getCreatedId(resp);
ClientResource resourceServer = getClientResource(RESOURCE_SERVER_ID);
clientScopes.get(clientScopeId).getScopeMappings().clientLevel(resourceServer.toRepresentation().getId()).add(Arrays.asList(resourceServer.roles().get("manage-albums").toRepresentation()));
ClientResource html5ClientApp = getClientResource("photoz-html5-client");
html5ClientApp.addOptionalClientScope(clientScopeId);
html5ClientApp.getScopeMappings().realmLevel().add(Arrays.asList(realmResource.roles().get("user").toRepresentation(), realmResource.roles().get("admin").toRepresentation()));
ClientRepresentation clientRep = html5ClientApp.toRepresentation();
clientRep.setFullScopeAllowed(false);
html5ClientApp.update(clientRep);
}
}