Martin Bartoš
Pavel Drozd
parent
5ef8265b75
commit
e2514ea2e6
22 changed files with 191 additions and 23 deletions
|
|
@ -14,9 +14,12 @@
|
|||
|
||||
<properties>
|
||||
<selenium.version>4.1.0</selenium.version>
|
||||
<graphene.webdriver.version>3.0.0-alpha.2</graphene.webdriver.version>
|
||||
<htmlunit.driver.version>3.55.0</htmlunit.driver.version>
|
||||
<arquillian.drone.version>3.0.0-alpha.2</arquillian.drone.version>
|
||||
<graphene.webdriver.version>3.0.0-alpha.3</graphene.webdriver.version>
|
||||
<htmlunit.driver.version>3.58.0</htmlunit.driver.version>
|
||||
<arquillian.drone.version>3.0.0-alpha.4</arquillian.drone.version>
|
||||
<firefoxUserPreferences>${project.build.directory}/dependency/firefox-user-preferences.js
|
||||
</firefoxUserPreferences>
|
||||
<selenium.firefox.driver.version>4.1.2</selenium.firefox.driver.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
|
|
@ -71,4 +74,50 @@
|
|||
<scope>compile</scope>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<profiles>
|
||||
<profile>
|
||||
<id>firefox</id>
|
||||
<activation>
|
||||
<property>
|
||||
<name>browser</name>
|
||||
<value>firefox</value>
|
||||
</property>
|
||||
</activation>
|
||||
<dependencies>
|
||||
<dependency>
|
||||
<groupId>org.seleniumhq.selenium</groupId>
|
||||
<artifactId>selenium-firefox-driver</artifactId>
|
||||
<version>${selenium.firefox.driver.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
<build>
|
||||
<plugins>
|
||||
<plugin>
|
||||
<artifactId>maven-resources-plugin</artifactId>
|
||||
<executions>
|
||||
<execution>
|
||||
<id>copy-common-dependencies</id>
|
||||
<phase>generate-resources</phase>
|
||||
<goals>
|
||||
<goal>copy-resources</goal>
|
||||
</goals>
|
||||
<configuration>
|
||||
<outputDirectory>${project.build.directory}/dependency</outputDirectory>
|
||||
<resources>
|
||||
<resource>
|
||||
<directory>src/test/resources</directory>
|
||||
<includes>
|
||||
<include>firefox-user-preferences.js</include>
|
||||
</includes>
|
||||
</resource>
|
||||
</resources>
|
||||
</configuration>
|
||||
</execution>
|
||||
</executions>
|
||||
</plugin>
|
||||
</plugins>
|
||||
</build>
|
||||
</profile>
|
||||
</profiles>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -31,6 +31,7 @@ import org.openqa.selenium.support.ui.WebDriverWait;
|
|||
import java.time.Duration;
|
||||
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
/**
|
||||
* WebAuthnRegisterPage, which is displayed when WebAuthnRegister required action is triggered. It is useful with Chrome testing API.
|
||||
|
|
@ -72,6 +73,7 @@ public class WebAuthnRegisterPage extends AbstractPage {
|
|||
Alert promptDialog = driver.switchTo().alert();
|
||||
promptDialog.sendKeys(authenticatorLabel);
|
||||
promptDialog.accept();
|
||||
waitForPageToLoad();
|
||||
}
|
||||
|
||||
public boolean isRegisterAlertPresent() {
|
||||
|
|
|
|||
|
|
@ -55,19 +55,26 @@ import org.keycloak.testsuite.webauthn.updaters.AbstractWebAuthnRealmUpdater;
|
|||
import org.keycloak.testsuite.webauthn.updaters.PasswordLessRealmAttributeUpdater;
|
||||
import org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
import org.openqa.selenium.chrome.ChromeDriver;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
import org.openqa.selenium.virtualauthenticator.Credential;
|
||||
import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.security.spec.PKCS8EncodedKeySpec;
|
||||
import java.util.Base64;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
import static org.hamcrest.CoreMatchers.notNullValue;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer.REMOTE;
|
||||
import static org.keycloak.testsuite.util.BrowserDriverUtil.isDriverFirefox;
|
||||
import static org.keycloak.testsuite.util.BrowserDriverUtil.isDriverInstanceOf;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
/**
|
||||
|
|
@ -118,14 +125,18 @@ public abstract class AbstractWebAuthnVirtualTest extends AbstractTestRealmKeycl
|
|||
@Before
|
||||
@Override
|
||||
public void setUpVirtualAuthenticator() {
|
||||
this.virtualAuthenticatorManager = createDefaultVirtualManager(driver, getDefaultAuthenticatorOptions());
|
||||
if (!isDriverFirefox(driver)) {
|
||||
this.virtualAuthenticatorManager = createDefaultVirtualManager(driver, getDefaultAuthenticatorOptions());
|
||||
}
|
||||
clearEventQueue();
|
||||
}
|
||||
|
||||
@After
|
||||
@Override
|
||||
public void removeVirtualAuthenticator() {
|
||||
virtualAuthenticatorManager.removeAuthenticator();
|
||||
if (!isDriverFirefox(driver)) {
|
||||
virtualAuthenticatorManager.removeAuthenticator();
|
||||
}
|
||||
clearEventQueue();
|
||||
}
|
||||
|
||||
|
|
@ -163,6 +174,7 @@ public abstract class AbstractWebAuthnVirtualTest extends AbstractTestRealmKeycl
|
|||
return DefaultVirtualAuthOptions.DEFAULT.getOptions();
|
||||
}
|
||||
|
||||
// Warning: The virtual authenticator manager is not initialized for Firefox Browser !!
|
||||
public VirtualAuthenticatorManager getVirtualAuthManager() {
|
||||
return virtualAuthenticatorManager;
|
||||
}
|
||||
|
|
@ -228,6 +240,8 @@ public abstract class AbstractWebAuthnVirtualTest extends AbstractTestRealmKeycl
|
|||
events.clear();
|
||||
tryRegisterAuthenticator(authenticatorLabel);
|
||||
}
|
||||
|
||||
waitForPageToLoad();
|
||||
}
|
||||
|
||||
private void tryRegisterAuthenticator(String authenticatorLabel) {
|
||||
|
|
@ -241,7 +255,8 @@ public abstract class AbstractWebAuthnVirtualTest extends AbstractTestRealmKeycl
|
|||
* Manual testing with Google Chrome authenticators works as expected
|
||||
*/
|
||||
private void tryRegisterAuthenticator(String authenticatorLabel, int numberOfAllowedRetries) {
|
||||
final boolean hasResidentKey = Optional.ofNullable(getVirtualAuthManager().getCurrent())
|
||||
final boolean hasResidentKey = Optional.ofNullable(getVirtualAuthManager())
|
||||
.map(VirtualAuthenticatorManager::getCurrent)
|
||||
.map(KcVirtualAuthenticator::getOptions)
|
||||
.map(KcVirtualAuthenticator.Options::hasResidentKey)
|
||||
.orElse(false);
|
||||
|
|
@ -368,11 +383,33 @@ public abstract class AbstractWebAuthnVirtualTest extends AbstractTestRealmKeycl
|
|||
|
||||
protected void logout() {
|
||||
try {
|
||||
waitForPageToLoad();
|
||||
appPage.open();
|
||||
appPage.assertCurrent();
|
||||
appPage.logout();
|
||||
waitForPageToLoad();
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException("Cannot logout user", e);
|
||||
}
|
||||
}
|
||||
|
||||
protected String getExpectedMessageByDriver(Map<Class<? extends WebDriver>, String> values) {
|
||||
if (values == null || values.isEmpty()) return "";
|
||||
|
||||
return values.entrySet()
|
||||
.stream()
|
||||
.filter(Objects::nonNull)
|
||||
.filter(f -> isDriverInstanceOf(driver, f.getKey()))
|
||||
.findFirst()
|
||||
.map(Map.Entry::getValue)
|
||||
.orElse("");
|
||||
}
|
||||
|
||||
protected String getExpectedMessageByDriver(String firefoxMessage, String chromeMessage) {
|
||||
final Map<Class<? extends WebDriver>, String> map = new HashMap<>();
|
||||
map.put(FirefoxDriver.class, firefoxMessage);
|
||||
map.put(ChromeDriver.class, chromeMessage);
|
||||
|
||||
return getExpectedMessageByDriver(map);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -53,6 +53,7 @@ import static org.keycloak.common.Profile.Feature.WEB_AUTHN;
|
|||
import static org.keycloak.models.AuthenticationExecutionModel.Requirement.ALTERNATIVE;
|
||||
import static org.keycloak.models.AuthenticationExecutionModel.Requirement.REQUIRED;
|
||||
import static org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer.REMOTE;
|
||||
import static org.keycloak.testsuite.util.BrowserDriverUtil.isDriverFirefox;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
/**
|
||||
|
|
@ -80,13 +81,17 @@ public class AppInitiatedActionWebAuthnTest extends AbstractAppInitiatedActionTe
|
|||
@Before
|
||||
@Override
|
||||
public void setUpVirtualAuthenticator() {
|
||||
virtualManager = AbstractWebAuthnVirtualTest.createDefaultVirtualManager(driver, DefaultVirtualAuthOptions.DEFAULT.getOptions());
|
||||
if (!isDriverFirefox(driver)) {
|
||||
virtualManager = AbstractWebAuthnVirtualTest.createDefaultVirtualManager(driver, DefaultVirtualAuthOptions.DEFAULT.getOptions());
|
||||
}
|
||||
}
|
||||
|
||||
@After
|
||||
@Override
|
||||
public void removeVirtualAuthenticator() {
|
||||
virtualManager.removeAuthenticator();
|
||||
if (!isDriverFirefox(driver)) {
|
||||
virtualManager.removeAuthenticator();
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
@ -167,8 +172,6 @@ public class AppInitiatedActionWebAuthnTest extends AbstractAppInitiatedActionTe
|
|||
webAuthnRegisterPage.clickRegister();
|
||||
webAuthnRegisterPage.registerWebAuthnCredential("authenticator1");
|
||||
|
||||
waitForPageToLoad();
|
||||
|
||||
assertKcActionStatus(SUCCESS);
|
||||
|
||||
assertThat(getCredentialCount.get(), is(credentialsCount + 1));
|
||||
|
|
|
|||
|
|
@ -20,11 +20,13 @@ import org.hamcrest.Matchers;
|
|||
import org.jboss.arquillian.drone.api.annotation.Drone;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.util.SecondBrowser;
|
||||
import org.keycloak.testsuite.webauthn.authenticators.DefaultVirtualAuthOptions;
|
||||
import org.keycloak.testsuite.webauthn.authenticators.KcVirtualAuthenticator;
|
||||
import org.keycloak.testsuite.webauthn.authenticators.VirtualAuthenticatorManager;
|
||||
import org.openqa.selenium.WebDriver;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
|
|
@ -37,6 +39,7 @@ import static org.hamcrest.MatcherAssert.assertThat;
|
|||
*
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class VirtualAuthenticatorsManagerTest extends AbstractWebAuthnVirtualTest {
|
||||
|
||||
@Drone
|
||||
|
|
|
|||
|
|
@ -22,8 +22,10 @@ import org.keycloak.WebAuthnConstants;
|
|||
import org.keycloak.models.credential.WebAuthnCredentialModel;
|
||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
import java.io.Closeable;
|
||||
import java.io.IOException;
|
||||
|
|
@ -44,6 +46,7 @@ import static org.keycloak.testsuite.webauthn.utils.PropertyRequirement.YES;
|
|||
public class WebAuthnPropertyTest extends AbstractWebAuthnVirtualTest {
|
||||
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void residentKey() throws IOException {
|
||||
getVirtualAuthManager().useAuthenticator(DEFAULT_RESIDENT_KEY.getOptions());
|
||||
|
||||
|
|
@ -79,6 +82,7 @@ public class WebAuthnPropertyTest extends AbstractWebAuthnVirtualTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void timeout() throws IOException {
|
||||
final Integer TIMEOUT = 3; //seconds
|
||||
|
||||
|
|
@ -102,6 +106,7 @@ public class WebAuthnPropertyTest extends AbstractWebAuthnVirtualTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void changeAuthenticatorProperties() throws IOException {
|
||||
getVirtualAuthManager().useAuthenticator(DEFAULT_RESIDENT_KEY.getOptions());
|
||||
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ import java.io.IOException;
|
|||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.hasItem;
|
||||
import static org.hamcrest.CoreMatchers.is;
|
||||
|
|
@ -413,13 +414,16 @@ public class WebAuthnRegisterAndLoginTest extends AbstractWebAuthnVirtualTest {
|
|||
|
||||
final CredentialRepresentation credentialRep = userResource.credentials()
|
||||
.stream()
|
||||
.filter(Objects::nonNull)
|
||||
.filter(credential -> credentialType.equals(credential.getType()))
|
||||
.findFirst().orElse(null);
|
||||
.findFirst()
|
||||
.orElse(null);
|
||||
|
||||
assertThat(credentialRep, notNullValue());
|
||||
if (assertUserLabel != null) {
|
||||
assertThat(credentialRep.getUserLabel(), is(assertUserLabel));
|
||||
if (credentialRep != null) {
|
||||
if (assertUserLabel != null) {
|
||||
assertThat(credentialRep.getUserLabel(), is(assertUserLabel));
|
||||
}
|
||||
userResource.removeCredential(credentialRep.getId());
|
||||
}
|
||||
userResource.removeCredential(credentialRep.getId());
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -18,7 +18,9 @@
|
|||
package org.keycloak.testsuite.webauthn;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;
|
||||
|
||||
import java.util.List;
|
||||
|
|
@ -34,6 +36,7 @@ import static org.keycloak.testsuite.webauthn.authenticators.DefaultVirtualAuthO
|
|||
/**
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class WebAuthnTransportsTest extends AbstractWebAuthnVirtualTest {
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -50,6 +50,7 @@ import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;
|
|||
import static org.hamcrest.CoreMatchers.notNullValue;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.keycloak.models.AuthenticationExecutionModel.Requirement.REQUIRED;
|
||||
import static org.keycloak.testsuite.util.BrowserDriverUtil.isDriverFirefox;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
|
||||
|
|
@ -74,13 +75,17 @@ public abstract class AbstractWebAuthnAccountTest extends AbstractAuthTest imple
|
|||
@Override
|
||||
@Before
|
||||
public void setUpVirtualAuthenticator() {
|
||||
webAuthnManager = AbstractWebAuthnVirtualTest.createDefaultVirtualManager(driver, getDefaultOptions());
|
||||
if (!isDriverFirefox(driver)) {
|
||||
webAuthnManager = AbstractWebAuthnVirtualTest.createDefaultVirtualManager(driver, getDefaultOptions());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
@After
|
||||
public void removeVirtualAuthenticator() {
|
||||
webAuthnManager.removeAuthenticator();
|
||||
if (!isDriverFirefox(driver)) {
|
||||
webAuthnManager.removeAuthenticator();
|
||||
}
|
||||
}
|
||||
|
||||
@Before
|
||||
|
|
|
|||
|
|
@ -21,12 +21,14 @@ import org.hamcrest.Matchers;
|
|||
import org.jboss.arquillian.graphene.page.Page;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.representations.idm.RealmRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList;
|
||||
import org.keycloak.testsuite.webauthn.pages.WebAuthnErrorPage;
|
||||
import org.keycloak.testsuite.webauthn.pages.WebAuthnLoginPage;
|
||||
import org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
import java.io.IOException;
|
||||
|
||||
|
|
@ -43,6 +45,7 @@ public class WebAuthnErrorTest extends AbstractWebAuthnAccountTest {
|
|||
protected WebAuthnErrorPage webAuthnErrorPage;
|
||||
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void errorPageWithTimeout() throws IOException {
|
||||
final int timeoutSec = 3;
|
||||
final String authenticatorLabel = "authenticator";
|
||||
|
|
|
|||
|
|
@ -19,8 +19,10 @@ package org.keycloak.testsuite.webauthn.account;
|
|||
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.authenticators.DefaultVirtualAuthOptions;
|
||||
import org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;
|
||||
|
||||
import java.io.Closeable;
|
||||
|
|
@ -45,6 +47,7 @@ import static org.keycloak.testsuite.webauthn.authenticators.DefaultVirtualAuthO
|
|||
*
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class WebAuthnTransportLocaleTest extends AbstractWebAuthnAccountTest {
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -21,10 +21,12 @@ import com.webauthn4j.data.AttestationConveyancePreference;
|
|||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.models.credential.dto.WebAuthnCredentialData;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest;
|
||||
import org.keycloak.testsuite.webauthn.updaters.AbstractWebAuthnRealmUpdater;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnDataWrapper;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
import org.openqa.selenium.virtualauthenticator.Credential;
|
||||
|
||||
import java.io.IOException;
|
||||
|
|
@ -62,18 +64,21 @@ public class AttestationConveyanceRegisterTest extends AbstractWebAuthnVirtualTe
|
|||
|
||||
@Ignore("invalid cert path")
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void attestationConveyancePreferenceNone() {
|
||||
assertAttestationConveyance(true, AttestationConveyancePreference.NONE);
|
||||
}
|
||||
|
||||
@Ignore("invalid cert path")
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void attestationConveyancePreferenceIndirect() {
|
||||
assertAttestationConveyance(true, AttestationConveyancePreference.INDIRECT);
|
||||
}
|
||||
|
||||
@Ignore("invalid cert path")
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void attestationConveyancePreferenceDirect() {
|
||||
getVirtualAuthManager().useAuthenticator(DEFAULT.getOptions().setHasResidentKey(true).setIsUserConsenting(true).setHasUserVerification(true));
|
||||
assertAttestationConveyance(true, AttestationConveyancePreference.DIRECT);
|
||||
|
|
|
|||
|
|
@ -19,8 +19,10 @@ package org.keycloak.testsuite.webauthn.registration;
|
|||
import com.webauthn4j.data.AuthenticatorAttachment;
|
||||
import com.webauthn4j.data.UserVerificationRequirement;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
import java.io.Closeable;
|
||||
import java.io.IOException;
|
||||
|
|
@ -35,6 +37,7 @@ import static org.keycloak.testsuite.webauthn.authenticators.DefaultVirtualAuthO
|
|||
/**
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class AuthAttachmentRegisterTest extends AbstractWebAuthnVirtualTest {
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -68,24 +68,37 @@ public class PolicyJsInjectionTest extends AbstractWebAuthnVirtualTest {
|
|||
registerDefaultUser(false);
|
||||
|
||||
webAuthnErrorPage.assertCurrent();
|
||||
assertThat(webAuthnErrorPage.getError(), containsString("The relying party ID is not a registrable domain suffix of, nor equal to the current domain."));
|
||||
|
||||
final String expectedMessage = getExpectedMessageByDriver(
|
||||
"SecurityError: The operation is insecure.",
|
||||
"The relying party ID is not a registrable domain suffix of, nor equal to the current domain.");
|
||||
|
||||
assertThat(webAuthnErrorPage.getError(), containsString(expectedMessage));
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void attestationConveyancePreference() {
|
||||
final String expectedMessage = getExpectedMessageByDriver(
|
||||
"(value of 'attestation' member of PublicKeyCredentialCreationOptions) is not a valid value for enumeration AttestationConveyancePreference.",
|
||||
"The provided value 'required\"; window.location.href = \"http://www.keycloak.org\";\"' is not a valid enum value of type AttestationConveyancePreference.");
|
||||
|
||||
verifyInjection((updater) -> updater.setWebAuthnPolicyAttestationConveyancePreference(REDIRECT_SCRIPT),
|
||||
WebAuthnRealmData::getAttestationConveyancePreference,
|
||||
REDIRECT_SCRIPT,
|
||||
"Failed to read the 'attestation' property from 'PublicKeyCredentialCreationOptions': The provided value 'required\"; window.location.href = \"http://www.keycloak.org\";\"' is not a valid enum value of type AttestationConveyancePreference.");
|
||||
expectedMessage);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void authenticatorAttachment() {
|
||||
final String expectedMessage = getExpectedMessageByDriver(
|
||||
"(value of 'authenticatorAttachment' member of AuthenticatorSelectionCriteria) is not a valid value for enumeration AuthenticatorAttachment.",
|
||||
"The provided value 'required\"; window.location.href = \"http://www.keycloak.org\";\"' is not a valid enum value of type AuthenticatorAttachment.");
|
||||
|
||||
verifyInjection((updater) -> updater.setWebAuthnPolicyAuthenticatorAttachment(REDIRECT_SCRIPT),
|
||||
WebAuthnRealmData::getAuthenticatorAttachment,
|
||||
REDIRECT_SCRIPT,
|
||||
"Failed to read the 'authenticatorAttachment' property from 'AuthenticatorSelectionCriteria': The provided value 'required\"; window.location.href = \"http://www.keycloak.org\";\"' is not a valid enum value of type AuthenticatorAttachment.");
|
||||
expectedMessage);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -98,10 +111,14 @@ public class PolicyJsInjectionTest extends AbstractWebAuthnVirtualTest {
|
|||
|
||||
@Test
|
||||
public void userVerificationRequirement() {
|
||||
String expectedMessage = getExpectedMessageByDriver(
|
||||
"(value of 'userVerification' member of AuthenticatorSelectionCriteria) is not a valid value for enumeration UserVerificationRequirement.",
|
||||
"The provided value 'required\"; window.prompt('Injection'); \"<img id=\"image-inject\" src='none'/> ' is not a valid enum value of type UserVerificationRequirement.");
|
||||
|
||||
verifyInjection((updater) -> updater.setWebAuthnPolicyUserVerificationRequirement(PROMPT_SCRIPT),
|
||||
WebAuthnRealmData::getUserVerificationRequirement,
|
||||
PROMPT_SCRIPT,
|
||||
"Failed to read the 'userVerification' property from 'AuthenticatorSelectionCriteria': The provided value 'required\"; window.prompt('Injection'); \"<img id=\"image-inject\" src='none'/> ' is not a valid enum value of type UserVerificationRequirement.");
|
||||
expectedMessage);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -90,7 +90,10 @@ public class PubKeySignRegisterTest extends AbstractWebAuthnVirtualTest {
|
|||
|
||||
assertThat(webAuthnErrorPage.isCurrent(), is(!shouldSuccess));
|
||||
if (!shouldSuccess) {
|
||||
assertThat(webAuthnErrorPage.getError(), containsString("The operation either timed out or was not allowed"));
|
||||
final String expectedMessage = getExpectedMessageByDriver(
|
||||
"NotSupportedError: Operation is not supported",
|
||||
"The operation either timed out or was not allowed");
|
||||
assertThat(webAuthnErrorPage.getError(), containsString(expectedMessage));
|
||||
return;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -20,9 +20,11 @@ package org.keycloak.testsuite.webauthn.registration;
|
|||
import org.hamcrest.Matchers;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.testsuite.admin.ApiUtil;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest;
|
||||
import org.keycloak.testsuite.webauthn.utils.PropertyRequirement;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
import org.openqa.selenium.virtualauthenticator.Credential;
|
||||
|
||||
import java.io.Closeable;
|
||||
|
|
@ -40,6 +42,7 @@ import static org.keycloak.testsuite.webauthn.authenticators.DefaultVirtualAuthO
|
|||
/**
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class ResidentKeyRegisterTest extends AbstractWebAuthnVirtualTest {
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -20,9 +20,11 @@ package org.keycloak.testsuite.webauthn.registration;
|
|||
import com.webauthn4j.data.UserVerificationRequirement;
|
||||
import org.junit.Ignore;
|
||||
import org.junit.Test;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
import org.openqa.selenium.virtualauthenticator.VirtualAuthenticatorOptions;
|
||||
|
||||
import java.io.Closeable;
|
||||
|
|
@ -36,6 +38,7 @@ import static org.hamcrest.MatcherAssert.assertThat;
|
|||
/**
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class UserVerificationRegisterTest extends AbstractWebAuthnVirtualTest {
|
||||
|
||||
@Test
|
||||
|
|
|
|||
|
|
@ -31,11 +31,13 @@ import org.keycloak.events.Details;
|
|||
import org.keycloak.events.EventType;
|
||||
import org.keycloak.models.credential.dto.WebAuthnCredentialData;
|
||||
import org.keycloak.representations.idm.UserRepresentation;
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.pages.AppPage;
|
||||
import org.keycloak.testsuite.util.WaitUtils;
|
||||
import org.keycloak.testsuite.webauthn.AbstractWebAuthnVirtualTest;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnDataWrapper;
|
||||
import org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
import java.io.Closeable;
|
||||
import java.io.IOException;
|
||||
|
|
@ -50,6 +52,7 @@ import static org.hamcrest.CoreMatchers.is;
|
|||
import static org.hamcrest.CoreMatchers.notNullValue;
|
||||
import static org.hamcrest.CoreMatchers.nullValue;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.keycloak.testsuite.util.BrowserDriverUtil.isDriverFirefox;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.pause;
|
||||
import static org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad;
|
||||
|
||||
|
|
@ -84,6 +87,8 @@ public class WebAuthnOtherSettingsTest extends AbstractWebAuthnVirtualTest {
|
|||
.assertEvent();
|
||||
|
||||
final String credentialType = getCredentialType();
|
||||
// Soft token in Firefox does not increment counter
|
||||
long credentialCount = isDriverFirefox(driver) ? 0 : 1L;
|
||||
|
||||
getTestingClient().server(TEST_REALM_NAME).run(session -> {
|
||||
final WebAuthnDataWrapper dataWrapper = new WebAuthnDataWrapper(session, USERNAME, credentialType);
|
||||
|
|
@ -95,7 +100,7 @@ public class WebAuthnOtherSettingsTest extends AbstractWebAuthnVirtualTest {
|
|||
assertThat(data.getAaguid(), is(ALL_ZERO_AAGUID));
|
||||
assertThat(data.getAttestationStatement(), nullValue());
|
||||
assertThat(data.getCredentialPublicKey(), notNullValue());
|
||||
assertThat(data.getCounter(), is(1L));
|
||||
assertThat(data.getCounter(), is(credentialCount));
|
||||
assertThat(data.getAttestationStatementFormat(), is(AttestationConveyancePreference.NONE.getValue()));
|
||||
|
||||
final COSEKey pubKey = dataWrapper.getKey();
|
||||
|
|
@ -108,6 +113,7 @@ public class WebAuthnOtherSettingsTest extends AbstractWebAuthnVirtualTest {
|
|||
}
|
||||
|
||||
@Test
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public void timeout() throws IOException {
|
||||
final Integer TIMEOUT = 3; //seconds
|
||||
|
||||
|
|
|
|||
|
|
@ -17,11 +17,14 @@
|
|||
|
||||
package org.keycloak.testsuite.webauthn.registration.passwordless;
|
||||
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.registration.AuthAttachmentRegisterTest;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class PwdLessAuthAttachmentRegTest extends AuthAttachmentRegisterTest {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -17,11 +17,14 @@
|
|||
|
||||
package org.keycloak.testsuite.webauthn.registration.passwordless;
|
||||
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.registration.ResidentKeyRegisterTest;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class PwdLessResidentKeyRegTest extends ResidentKeyRegisterTest {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -17,11 +17,14 @@
|
|||
|
||||
package org.keycloak.testsuite.webauthn.registration.passwordless;
|
||||
|
||||
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
|
||||
import org.keycloak.testsuite.webauthn.registration.UserVerificationRegisterTest;
|
||||
import org.openqa.selenium.firefox.FirefoxDriver;
|
||||
|
||||
/**
|
||||
* @author <a href="mailto:mabartos@redhat.com">Martin Bartos</a>
|
||||
*/
|
||||
@IgnoreBrowserDriver(FirefoxDriver.class)
|
||||
public class PwdLessUserVerRegTest extends UserVerificationRegisterTest {
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
user_pref("security.webauth.webauthn_enable_softtoken", true);
|
||||
user_pref("security.webauth.webauthn_enable_usbtoken", false);
|
||||
Loading…
Reference in a new issue