[KEYCLOAK-6376] Switching to arquillian end2end tests

2019-07-02 06:32:23 +02:00 · 2019-07-02 06:32:23 +02:00 · f18c8b9da5
commit f18c8b9da5
parent eed4449f8d
3 changed files with 44 additions and 169 deletions
--- a/services/pom.xml
+++ b/services/pom.xml
@ -171,12 +171,6 @@
            <artifactId>hamcrest-all</artifactId>
            <scope>test</scope>
        </dependency>
-        <dependency>
-            <groupId>org.mockito</groupId>
-            <artifactId>mockito-all</artifactId>
-            <version>${mockito.version}</version>
-            <scope>test</scope>
-        </dependency>
        <dependency>
            <groupId>com.icegreen</groupId>
            <artifactId>greenmail</artifactId>
--- a/services/src/test/java/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticatorTest.java
+++ b/services/src/test/java/org/keycloak/authentication/authenticators/browser/ConditionalOtpFormAuthenticatorTest.java
@ -1,155 +0,0 @@
-package org.keycloak.authentication.authenticators.browser;
-
-import org.jboss.resteasy.spi.HttpRequest;
-import org.junit.Before;
-import org.junit.Test;
-import org.keycloak.authentication.AuthenticationFlowContext;
-import org.keycloak.forms.login.LoginFormsProvider;
-import org.keycloak.models.*;
-import org.keycloak.storage.adapter.AbstractUserAdapter;
-import org.mockito.Mock;
-import org.mockito.MockitoAnnotations;
-import org.mockito.stubbing.Answer;
-
-import javax.ws.rs.core.HttpHeaders;
-import java.util.*;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertTrue;
-import static org.keycloak.authentication.authenticators.browser.ConditionalOtpFormAuthenticator.DEFAULT_OTP_OUTCOME;
-import static org.keycloak.authentication.authenticators.browser.ConditionalOtpFormAuthenticator.FORCE_OTP_ROLE;
-import static org.mockito.Matchers.any;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.when;
-
-public class ConditionalOtpFormAuthenticatorTest {
-
-    private Map<String, String> config;
-
-    private boolean otpFormShown;
-
-    private UserModel user;
-
-    private Set<GroupModel> userGroups;
-
-    private Set<RoleModel> userRoles;
-
-    @Mock
-    private RealmModel realm;
-
-    @Mock
-    private RoleModel role;
-
-    @Mock
-    private GroupModel group;
-
-    @Mock
-    private LoginFormsProvider form;
-
-    @Mock
-    private HttpHeaders httpHeaders;
-
-    @Mock
-    private HttpRequest httpRequest;
-
-    @Mock
-    private AuthenticatorConfigModel authenticatorConfigModel;
-
-    @Mock
-    private AuthenticationFlowContext authenticationFlowContext;
-
-    private ConditionalOtpFormAuthenticator authenticator;
-
-    @Before
-    public void setup() {
-        MockitoAnnotations.initMocks(this);
-        this.authenticator = new ConditionalOtpFormAuthenticator();
-        this.config = new HashMap<>();
-        this.config.put(DEFAULT_OTP_OUTCOME, "skip");
-        this.otpFormShown = false;
-        this.user = new AbstractUserAdapter(null, this.realm, null) {
-
-            @Override
-            public String getUsername() {
-                return "";
-            }
-
-            protected Set<GroupModel> getGroupsInternal() {
-                return userGroups;
-            }
-
-            protected Set<RoleModel> getRoleMappingsInternal() {
-                return userRoles;
-            }
-        };
-        this.userRoles = new HashSet<>();
-        this.userGroups = new HashSet<>();
-        this.user.getRoleMappings().clear();
-        when(authenticationFlowContext.form()).thenReturn(form);
-        when(authenticationFlowContext.getAuthenticatorConfig()).thenReturn(authenticatorConfigModel);
-        when(authenticatorConfigModel.getConfig()).thenReturn(config);
-        when(authenticationFlowContext.getRealm()).thenReturn(realm);
-        when(authenticationFlowContext.getUser()).thenReturn(user);
-        when(authenticationFlowContext.getHttpRequest()).thenReturn(httpRequest);
-        when(httpRequest.getHttpHeaders()).thenReturn(httpHeaders);
-        doAnswer((Answer) invocation -> {
-            this.otpFormShown = true;
-            return null;
-        }).when(authenticationFlowContext).challenge(any());
-    }
-
-    @Test
-    public void shouldNotShowOTPWithDefaultingToSkip() {
-
-        this.authenticator.authenticate(this.authenticationFlowContext);
-
-        assertFalse("OTP Form not shown", this.otpFormShown);
-    }
-
-    @Test
-    public void shouldNotShowOtpWithoutAnyGroup() {
-        this.config.put(FORCE_OTP_ROLE, "admin");
-        when(realm.getRole("admin")).thenReturn(role);
-
-        this.authenticator.authenticate(this.authenticationFlowContext);
-
-        assertFalse("OTP Form not shown", this.otpFormShown);
-    }
-
-    @Test
-    public void shouldShowOtpWithExplicitAssignedAndExistignRealmRole() {
-        this.config.put(FORCE_OTP_ROLE, "admin");
-        when(realm.getRole("admin")).thenReturn(role);
-        this.userRoles.add(role);
-
-        this.authenticator.authenticate(this.authenticationFlowContext);
-
-        assertTrue("OTP Form shown", this.otpFormShown);
-    }
-
-    @Test
-    public void shouldShowOtpWithImplicitRealmRoleViaGroup() {
-        this.config.put(FORCE_OTP_ROLE, "admin");
-        when(realm.getRole("admin")).thenReturn(role);
-        when(group.hasRole(role)).thenReturn(true);
-        when(group.getRoleMappings()).thenReturn(new HashSet<>(Arrays.asList(role)));
-        this.userGroups.add(group);
-
-        this.authenticator.authenticate(this.authenticationFlowContext);
-
-        assertTrue("OTP Form shown", this.otpFormShown);
-    }
-
-    @Test
-    public void shouldNotShowOtpWithoutImplicitRealmRoleViaGroup() {
-        this.config.put(FORCE_OTP_ROLE, "admin");
-        when(realm.getRole("admin")).thenReturn(role);
-        when(group.hasRole(role)).thenReturn(false);
-        when(group.getRoleMappings()).thenReturn(new HashSet<>(Arrays.asList(role)));
-        this.userGroups.add(group);
-
-        this.authenticator.authenticate(this.authenticationFlowContext);
-
-        assertFalse("OTP Form not shown", this.otpFormShown);
-    }
-}
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.java
@ -22,10 +22,7 @@ import org.junit.Test;
 import org.keycloak.models.AuthenticationExecutionModel.Requirement;
 import org.keycloak.models.utils.DefaultAuthenticationFlows;
 import org.keycloak.models.utils.TimeBasedOTP;
-import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
-import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
-import org.keycloak.representations.idm.RealmRepresentation;
-import org.keycloak.representations.idm.RoleRepresentation;
+import org.keycloak.representations.idm.*;
 import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.admin.Users;
 import org.keycloak.testsuite.auth.page.login.OneTimeCode;
@ -34,10 +31,7 @@ import org.keycloak.testsuite.pages.PageUtils;

 import javax.ws.rs.NotFoundException;
 import javax.ws.rs.core.Response;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.util.*;

 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertTrue;
@ -337,6 +331,34 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
        assertCurrentUrlStartsWith(testLoginOneTimeCodePage);
    }

+    @Test
+    public void conditionalOTPRoleForceViaGroup() {
+        //prepare config - role, default to skip
+        Map<String, String> config = new HashMap<>();
+        config.put(FORCE_OTP_ROLE, "otp_role");
+        config.put(DEFAULT_OTP_OUTCOME, SKIP);
+
+        setConditionalOTPForm(config);
+
+        //create role
+        GroupRepresentation group = getOrCreateOTPRoleInGroup();
+
+        //add group to user
+        testRealmResource().users().get(testUser.getId()).groups().add(group);
+
+        //test OTP is required
+        testRealmAccountManagementPage.navigateTo();
+        testRealmLoginPage.form().login(testUser);
+
+        assertTrue(loginConfigTotpPage.isCurrent());
+
+        configureOTP();
+        testRealmLoginPage.form().login(testUser);
+
+        //verify that the page is login page, not totp setup
+        assertCurrentUrlStartsWith(testLoginOneTimeCodePage);
+    }
+
    private RoleRepresentation getOrCreateOTPRole() {
        try {
            return testRealmResource().roles().get("otp_role").toRepresentation();
@ -348,6 +370,20 @@ public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
        }
    }

+    private GroupRepresentation getOrCreateOTPRoleInGroup() {
+        try {
+            return testRealmResource().groups().groups("otp_group",0,1).get(0);
+        } catch (NotFoundException | IndexOutOfBoundsException ex ) {
+            RoleRepresentation role = this.getOrCreateOTPRole();
+            GroupRepresentation group = new GroupRepresentation();
+            group.setName("otp_group");
+            group.setRealmRoles(Arrays.asList("otp_role"));
+            testRealmResource().groups().add(group);
+            //obtain id
+            return testRealmResource().groups().groups("otp_group",0,1).get(0);
+        }
+    }
+
    @Test
    public void conditionalOTPRequestHeaderSkip() {
        //prepare config - request header skip, default to force