From a46982f8ec2938fd928d9f13acb8cb27a4d01a30 Mon Sep 17 00:00:00 2001 From: Stan Silvert Date: Thu, 12 May 2016 15:51:32 -0400 Subject: [PATCH] KEYCLOAK-2909 Migrate account package to new testsuite --- .../pages/AccountUpdateProfilePage.java | 2 +- .../testsuite/account/AccountTest.java | 684 ++++++++++++++- .../testsuite/account/ChangePasswordTest.java | 87 -- .../testsuite/account/ProfileTest.java | 136 +-- .../testsuite/account/RegistrationTest.java | 134 --- .../testsuite/account/RememberMeTest.java | 70 -- .../account/ResetCredentialsTest.java | 102 --- .../testsuite/account/VerifyEmailTest.java | 87 -- .../AbstractAccountManagementTest.java | 2 +- .../AbstractCustomAccountManagementTest.java | 1 - .../testsuite/util/ClientBuilder.java | 37 +- .../keycloak/testsuite/util/UserBuilder.java | 10 + .../base/src/test/resources/testrealm.json | 2 +- .../testsuite/account/AccountTest.java | 800 ------------------ 14 files changed, 759 insertions(+), 1395 deletions(-) mode change 100644 => 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ChangePasswordTest.java rename testsuite/{integration => integration-arquillian/tests/base}/src/test/java/org/keycloak/testsuite/account/ProfileTest.java (67%) delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RegistrationTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RememberMeTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResetCredentialsTest.java delete mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/VerifyEmailTest.java rename testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/{ => custom}/AbstractAccountManagementTest.java (97%) delete mode 100755 testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java index 833acc0965..2159c2f6ff 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/pages/AccountUpdateProfilePage.java @@ -56,7 +56,7 @@ public class AccountUpdateProfilePage extends AbstractAccountPage { @FindBy(className = "alert-error") private WebElement errorMessage; - private String getPath() { + public String getPath() { return RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build("test").toString(); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java old mode 100644 new mode 100755 index 2005d81aa7..a4f7257baa --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AccountTest.java @@ -16,64 +16,656 @@ */ package org.keycloak.testsuite.account; -import org.jboss.arquillian.graphene.page.Page; -import org.junit.After; -import org.junit.Test; - -import static org.junit.Assert.assertEquals; +import org.junit.Assert; import org.junit.Before; -import org.keycloak.testsuite.auth.page.account.Account; +import org.junit.Rule; +import org.junit.Test; +import org.keycloak.events.Details; +import org.keycloak.events.EventType; +import org.keycloak.models.utils.TimeBasedOTP; +import org.keycloak.services.resources.AccountService; +import org.keycloak.services.resources.RealmsResource; +import org.keycloak.testsuite.AssertEvents; +import org.keycloak.testsuite.pages.AccountApplicationsPage; +import org.keycloak.testsuite.pages.AccountLogPage; +import org.keycloak.testsuite.pages.AccountPasswordPage; +import org.keycloak.testsuite.pages.AccountSessionsPage; +import org.keycloak.testsuite.pages.AccountTotpPage; +import org.keycloak.testsuite.pages.AccountUpdateProfilePage; +import org.keycloak.testsuite.pages.AppPage; +import org.keycloak.testsuite.pages.AppPage.RequestType; +import org.keycloak.testsuite.pages.ErrorPage; +import org.keycloak.testsuite.pages.LoginPage; +import org.keycloak.testsuite.pages.RegisterPage; +import org.openqa.selenium.By; +import org.openqa.selenium.WebDriver; + +import javax.ws.rs.core.UriBuilder; +import java.util.LinkedList; +import java.util.List; +import java.util.Map; +import org.jboss.arquillian.drone.api.annotation.Drone; +import org.jboss.arquillian.graphene.page.Page; +import org.keycloak.representations.idm.EventRepresentation; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.TestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; +import org.keycloak.testsuite.drone.Different; +import org.keycloak.testsuite.util.OAuthClient; +import org.keycloak.testsuite.util.RealmBuilder; +import org.keycloak.testsuite.util.UserBuilder; /** - * - * @author Petr Mensik - * @author tkyjovsk + * @author Stian Thorgersen + * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc. */ -public class AccountTest extends AbstractAccountManagementTest { - - private static final String UPDATED_EMAIL = "new-name@email.test"; - private static final String NEW_FIRST_NAME = "John"; - private static final String NEW_LAST_NAME = "Smith"; - - @Page - private Account testRealmAccountPage; +public class AccountTest extends TestRealmKeycloakTest { @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmAccountPage.setAuthRealm(testRealmPage); - } - - @Before - public void beforeAccountTest() { - testRealmAccountManagementPage.navigateTo(); - testRealmLoginPage.form().login(testUser); + public void configureTestRealm(RealmRepresentation testRealm) { + //UserRepresentation user = findUserInRealmRep(testRealm, "test-user@localhost"); + //ClientRepresentation accountApp = findClientInRealmRep(testRealm, ACCOUNT_MANAGEMENT_CLIENT_ID); + UserRepresentation user2 = UserBuilder.create() + .enabled(true) + .username("test-user-no-access@localhost") + .email("test-user-no-access@localhost") + .password("password") + .build(); + + RealmBuilder.edit(testRealm) + .user(user2); } - @After - public void afterAccountTest() { - testRealmAccountManagementPage.navigateTo(); - testRealmAccountManagementPage.signOut(); + private static final UriBuilder BASE = UriBuilder.fromUri("http://localhost:8180/auth"); + private static final String ACCOUNT_URL = RealmsResource.accountUrl(BASE.clone()).build("test").toString(); + public static String ACCOUNT_REDIRECT = AccountService.loginRedirectUrl(BASE.clone()).build("test").toString(); + + // Create second session + @Drone + @Different + WebDriver driver2; + + @Rule + public AssertEvents events = new AssertEvents(this); + + @Page + protected AppPage appPage; + + @Page + protected LoginPage loginPage; + + @Page + protected RegisterPage registerPage; + + @Page + protected AccountPasswordPage changePasswordPage; + + @Page + protected AccountUpdateProfilePage profilePage; + + @Page + protected AccountTotpPage totpPage; + + @Page + protected AccountLogPage logPage; + + @Page + protected AccountSessionsPage sessionsPage; + + @Page + protected AccountApplicationsPage applicationsPage; + + @Page + protected ErrorPage errorPage; + + private TimeBasedOTP totp = new TimeBasedOTP(); + private String userId; + + @Before + public void before() { + oauth.state("mystate"); // keycloak enforces that a state param has been sent by client + userId = findUser("test-user@localhost").getId(); } @Test - public void editAccount() { - testRealmAccountManagementPage.account(); - assertEquals(testRealmAccountPage.getUsername(), testUser.getUsername()); - - testRealmAccountPage.setEmail(UPDATED_EMAIL); - testRealmAccountPage.setFirstName(NEW_FIRST_NAME); - testRealmAccountPage.setLastName(NEW_LAST_NAME); - testRealmAccountPage.save(); - assertAlertSuccess(); + public void returnToAppFromQueryParam() { + driver.navigate().to(profilePage.getPath() + "?referrer=test-app"); + loginPage.login("test-user@localhost", "password"); + Assert.assertTrue(profilePage.isCurrent()); + profilePage.backToApplication(); - testRealmAccountManagementPage.signOut(); - testRealmLoginPage.form().login(testUser); - - testRealmAccountManagementPage.account(); - assertEquals(testRealmAccountPage.getEmail(), UPDATED_EMAIL); - assertEquals(testRealmAccountPage.getFirstName(), NEW_FIRST_NAME); - assertEquals(testRealmAccountPage.getLastName(), NEW_LAST_NAME); + Assert.assertTrue(appPage.isCurrent()); + + driver.navigate().to(profilePage.getPath() + "?referrer=test-app&referrer_uri=http://localhost:8180/auth/realms/master/app/auth?test"); + Assert.assertTrue(profilePage.isCurrent()); + profilePage.backToApplication(); + + Assert.assertTrue(appPage.isCurrent()); + Assert.assertEquals(appPage.baseUrl + "?test", driver.getCurrentUrl()); + + driver.navigate().to(profilePage.getPath() + "?referrer=test-app"); + Assert.assertTrue(profilePage.isCurrent()); + + driver.findElement(By.linkText("Authenticator")).click(); + Assert.assertTrue(totpPage.isCurrent()); + + driver.findElement(By.linkText("Account")).click(); + Assert.assertTrue(profilePage.isCurrent()); + + profilePage.backToApplication(); + + Assert.assertTrue(appPage.isCurrent()); + + events.clear(); + } + + @Test + public void changePassword() { + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + + EventRepresentation event = events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + String sessionId = event.getSessionId(); + String userId = event.getUserId(); + changePasswordPage.changePassword("", "new-password", "new-password"); + + Assert.assertEquals("Please specify password.", profilePage.getError()); + + changePasswordPage.changePassword("password", "new-password", "new-password2"); + + Assert.assertEquals("Password confirmation doesn't match.", profilePage.getError()); + + changePasswordPage.changePassword("password", "new-password", "new-password"); + + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + + changePasswordPage.logout(); + + events.expectLogout(sessionId).detail(Details.REDIRECT_URI, changePasswordPage.getPath()).assertEvent(); + + loginPage.open(); + loginPage.login("test-user@localhost", "password"); + + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + + events.expectLogin().session((String) null).error("invalid_user_credentials") + .removeDetail(Details.CONSENT) + .assertEvent(); + + loginPage.open(); + loginPage.login("test-user@localhost", "new-password"); + + Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + events.expectLogin().assertEvent(); + } + + private void setPasswordPolicy(String policy) { + RealmRepresentation testRealm = testRealm().toRepresentation(); + testRealm.setPasswordPolicy(policy); + testRealm().update(testRealm); + } + @Test + public void changePasswordWithLengthPasswordPolicy() { + setPasswordPolicy("length"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + + + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("", "new", "new"); + + Assert.assertEquals("Please specify password.", profilePage.getError()); + + changePasswordPage.changePassword("password", "new-password", "new-password"); + + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changePasswordWithPasswordHistoryPolicy() { + setPasswordPolicy("passwordHistory(2)"); + + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); + + changePasswordPage.changePassword("password", "password", "password"); + + Assert.assertEquals("Invalid password: must not be equal to any of last 2 passwords.", profilePage.getError()); + + changePasswordPage.changePassword("password", "password1", "password1"); + + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + + changePasswordPage.changePassword("password1", "password", "password"); + + Assert.assertEquals("Invalid password: must not be equal to any of last 2 passwords.", profilePage.getError()); + + changePasswordPage.changePassword("password1", "password1", "password1"); + + Assert.assertEquals("Invalid password: must not be equal to any of last 2 passwords.", profilePage.getError()); + + changePasswordPage.changePassword("password1", "password2", "password2"); + + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + + events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); + } + + @Test + public void changeProfile() { + profilePage.open(); + loginPage.login("test-user@localhost", "password"); + + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); + + Assert.assertEquals("Tom", profilePage.getFirstName()); + Assert.assertEquals("Brady", profilePage.getLastName()); + Assert.assertEquals("test-user@localhost", profilePage.getEmail()); + + // All fields are required, so there should be an error when something is missing. + profilePage.updateProfile("", "New last", "new@email.com"); + + Assert.assertEquals("Please specify first name.", profilePage.getError()); + Assert.assertEquals("", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("new@email.com", profilePage.getEmail()); + + events.assertEmpty(); + + profilePage.updateProfile("New first", "", "new@email.com"); + + Assert.assertEquals("Please specify last name.", profilePage.getError()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("", profilePage.getLastName()); + Assert.assertEquals("new@email.com", profilePage.getEmail()); + + events.assertEmpty(); + + profilePage.updateProfile("New first", "New last", ""); + + Assert.assertEquals("Please specify email.", profilePage.getError()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("", profilePage.getEmail()); + + events.assertEmpty(); + + profilePage.clickCancel(); + + Assert.assertEquals("Tom", profilePage.getFirstName()); + Assert.assertEquals("Brady", profilePage.getLastName()); + Assert.assertEquals("test-user@localhost", profilePage.getEmail()); + + events.assertEmpty(); + + profilePage.updateProfile("New first", "New last", "new@email.com"); + + Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("new@email.com", profilePage.getEmail()); + + events.expectAccount(EventType.UPDATE_PROFILE).assertEvent(); + events.expectAccount(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent(); + + // reset user for other tests + profilePage.updateProfile("Tom", "Brady", "test-user@localhost"); + events.clear(); + } + + private void setEditUsernameAllowed() { + RealmRepresentation testRealm = testRealm().toRepresentation(); + testRealm.setEditUsernameAllowed(true); + testRealm().update(testRealm); + } + + @Test + public void changeUsername() { + // allow to edit the username in realm + setEditUsernameAllowed(); + + profilePage.open(); + loginPage.login("test-user@localhost", "password"); + + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); + + Assert.assertEquals("test-user@localhost", profilePage.getUsername()); + Assert.assertEquals("Tom", profilePage.getFirstName()); + Assert.assertEquals("Brady", profilePage.getLastName()); + Assert.assertEquals("test-user@localhost", profilePage.getEmail()); + + // All fields are required, so there should be an error when something is missing. + profilePage.updateProfile("", "New first", "New last", "new@email.com"); + + Assert.assertEquals("Please specify username.", profilePage.getError()); + Assert.assertEquals("", profilePage.getUsername()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("new@email.com", profilePage.getEmail()); + + events.assertEmpty(); + + // Change to the username already occupied by other user + profilePage.updateProfile("test-user-no-access@localhost", "New first", "New last", "new@email.com"); + + Assert.assertEquals("Username already exists.", profilePage.getError()); + Assert.assertEquals("test-user-no-access@localhost", profilePage.getUsername()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("new@email.com", profilePage.getEmail()); + + events.assertEmpty(); + + profilePage.updateProfile("test-user-new@localhost", "New first", "New last", "new@email.com"); + + Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); + Assert.assertEquals("test-user-new@localhost", profilePage.getUsername()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("new@email.com", profilePage.getEmail()); + } + + private void addUser(String username, String email) { + UserRepresentation user = UserBuilder.create() + .username(username) + .enabled(true) + .email(email) + .firstName("first") + .lastName("last") + .build(); + ApiUtil.createUserAndResetPasswordWithAdminClient(testRealm(), user, "password"); + } + + @Test + public void changeUsernameLoginWithOldUsername() { + addUser("change-username", "change-username@localhost"); + setEditUsernameAllowed(); + + profilePage.open(); + loginPage.login("change-username", "password"); + + profilePage.updateUsername("change-username-updated"); + + Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); + + profilePage.logout(); + + profilePage.open(); + + Assert.assertTrue(loginPage.isCurrent()); + + loginPage.login("change-username", "password"); + + Assert.assertTrue(loginPage.isCurrent()); + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + + loginPage.login("change-username-updated", "password"); + } + + @Test + public void changeEmailLoginWithOldEmail() { + addUser("change-email", "change-username@localhost"); + setEditUsernameAllowed(); + + profilePage.open(); + loginPage.login("change-username@localhost", "password"); + profilePage.updateEmail("change-username-updated@localhost"); + + Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); + + profilePage.logout(); + + profilePage.open(); + + Assert.assertTrue(loginPage.isCurrent()); + + loginPage.login("change-username@localhost", "password"); + + Assert.assertTrue(loginPage.isCurrent()); + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + + loginPage.login("change-username-updated@localhost", "password"); + } + + // KEYCLOAK-1534 + @Test + public void changeEmailToExisting() { + profilePage.open(); + loginPage.login("test-user@localhost", "password"); + + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); + + Assert.assertEquals("test-user@localhost", profilePage.getUsername()); + Assert.assertEquals("test-user@localhost", profilePage.getEmail()); + + // Change to the email, which some other user has + profilePage.updateProfile("New first", "New last", "test-user-no-access@localhost"); + + profilePage.assertCurrent(); + Assert.assertEquals("Email already exists.", profilePage.getError()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("test-user-no-access@localhost", profilePage.getEmail()); + + events.assertEmpty(); + + // Change some other things, but not email + profilePage.updateProfile("New first", "New last", "test-user@localhost"); + + Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); + Assert.assertEquals("New first", profilePage.getFirstName()); + Assert.assertEquals("New last", profilePage.getLastName()); + Assert.assertEquals("test-user@localhost", profilePage.getEmail()); + + events.expectAccount(EventType.UPDATE_PROFILE).assertEvent(); + + // Change email and other things to original values + profilePage.updateProfile("Tom", "Brady", "test-user@localhost"); + events.expectAccount(EventType.UPDATE_PROFILE).assertEvent(); + } + + @Test + public void setupTotp() { + totpPage.open(); + loginPage.login("test-user@localhost", "password"); + + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=totp").assertEvent(); + + Assert.assertTrue(totpPage.isCurrent()); + + Assert.assertFalse(driver.getPageSource().contains("Remove Google")); + + // Error with false code + totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret() + "123")); + + Assert.assertEquals("Invalid authenticator code.", profilePage.getError()); + + totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret())); + + Assert.assertEquals("Mobile authenticator configured.", profilePage.getSuccess()); + + events.expectAccount(EventType.UPDATE_TOTP).assertEvent(); + + Assert.assertTrue(driver.getPageSource().contains("pficon-delete")); + + totpPage.removeTotp(); + + events.expectAccount(EventType.REMOVE_TOTP).assertEvent(); + } + + @Test + public void changeProfileNoAccess() throws Exception { + profilePage.open(); + loginPage.login("test-user-no-access@localhost", "password"); + + UserRepresentation noAccessUser = this.findUser("test-user-no-access@localhost"); + events.expectLogin().client("account").user(noAccessUser.getId()) + .detail(Details.USERNAME, "test-user-no-access@localhost") + .detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); + + Assert.assertTrue(errorPage.isCurrent()); + Assert.assertEquals("No access", errorPage.getError()); + } + + private void setEventsEnabled() { + RealmRepresentation testRealm = testRealm().toRepresentation(); + testRealm.setEventsEnabled(true); + testRealm().update(testRealm); + } + + @Test + public void viewLog() { + setEventsEnabled(); + + List expectedEvents = new LinkedList<>(); + + loginPage.open(); + loginPage.clickRegister(); + + registerPage.register("view", "log", "view-log@localhost", "view-log", "password", "password"); + + expectedEvents.add(events.poll()); + expectedEvents.add(events.poll()); + + profilePage.open(); + profilePage.updateProfile("view", "log2", "view-log@localhost"); + + expectedEvents.add(events.poll()); + + logPage.open(); + + Assert.assertTrue(logPage.isCurrent()); + + List> actualEvents = logPage.getEvents(); + + Assert.assertEquals(expectedEvents.size(), actualEvents.size()); + + for (EventRepresentation e : expectedEvents) { + boolean match = false; + for (List a : logPage.getEvents()) { + if (e.getType().toString().replace('_', ' ').toLowerCase().equals(a.get(1)) && + e.getIpAddress().equals(a.get(2)) && + e.getClientId().equals(a.get(3))) { + match = true; + break; + } + } + if (!match) { + Assert.fail("Event not found " + e.getType()); + } + } + } + + @Test + public void sessions() { + loginPage.open(); + loginPage.clickRegister(); + + registerPage.register("view", "sessions", "view-sessions@localhost", "view-sessions", "password", "password"); + + EventRepresentation registerEvent = events.expectRegister("view-sessions", "view-sessions@localhost").assertEvent(); + String userId = registerEvent.getUserId(); + + events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent(); + + sessionsPage.open(); + + Assert.assertTrue(sessionsPage.isCurrent()); + + List> sessions = sessionsPage.getSessions(); + Assert.assertEquals(1, sessions.size()); + Assert.assertEquals("127.0.0.1", sessions.get(0).get(0)); + + // Create second session + try { + OAuthClient oauth2 = new OAuthClient(); + oauth2.init(adminClient, driver2); + oauth2.state("mystate"); + oauth2.doLogin("view-sessions", "password"); + + EventRepresentation login2Event = events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent(); + + sessionsPage.open(); + sessions = sessionsPage.getSessions(); + Assert.assertEquals(2, sessions.size()); + + sessionsPage.logoutAll(); + + events.expectLogout(registerEvent.getSessionId()); + events.expectLogout(login2Event.getSessionId()); + } finally { + driver2.close(); + } + } + + // More tests (including revoke) are in OAuthGrantTest and OfflineTokenTest + @Test + public void applications() { + applicationsPage.open(); + loginPage.login("test-user@localhost", "password"); + + events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=applications").assertEvent(); + Assert.assertTrue(applicationsPage.isCurrent()); + + Map apps = applicationsPage.getApplications(); + Assert.assertEquals(3, apps.size()); + + AccountApplicationsPage.AppEntry accountEntry = apps.get("Account"); + Assert.assertEquals(2, accountEntry.getRolesAvailable().size()); + Assert.assertTrue(accountEntry.getRolesAvailable().contains("Manage account in Account")); + Assert.assertTrue(accountEntry.getRolesAvailable().contains("View profile in Account")); + Assert.assertEquals(1, accountEntry.getRolesGranted().size()); + Assert.assertTrue(accountEntry.getRolesGranted().contains("Full Access")); + Assert.assertEquals(1, accountEntry.getProtocolMappersGranted().size()); + Assert.assertTrue(accountEntry.getProtocolMappersGranted().contains("Full Access")); + + AccountApplicationsPage.AppEntry testAppEntry = apps.get("test-app"); + Assert.assertEquals(5, testAppEntry.getRolesAvailable().size()); + Assert.assertTrue(testAppEntry.getRolesAvailable().contains("Offline access")); + Assert.assertTrue(testAppEntry.getRolesGranted().contains("Full Access")); + Assert.assertTrue(testAppEntry.getProtocolMappersGranted().contains("Full Access")); + + AccountApplicationsPage.AppEntry thirdPartyEntry = apps.get("third-party"); + Assert.assertEquals(2, thirdPartyEntry.getRolesAvailable().size()); + Assert.assertTrue(thirdPartyEntry.getRolesAvailable().contains("Have User privileges")); + Assert.assertTrue(thirdPartyEntry.getRolesAvailable().contains("Have Customer User privileges in test-app")); + Assert.assertEquals(0, thirdPartyEntry.getRolesGranted().size()); + Assert.assertEquals(0, thirdPartyEntry.getProtocolMappersGranted().size()); + } + + @Test + public void loginToSpecificPage() { + changePasswordPage.open(); + loginPage.login("test-user@localhost", "password"); + + Assert.assertTrue(changePasswordPage.isCurrent()); + + events.clear(); + } + + @Test + public void loginToSpecificPageWithReferrer() { + driver.navigate().to(changePasswordPage.getPath() + "?referrer=account"); + System.out.println(driver.getCurrentUrl()); + + loginPage.login("test-user@localhost", "password"); + System.out.println(driver.getCurrentUrl()); + + Assert.assertTrue(changePasswordPage.isCurrent()); + + events.clear(); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ChangePasswordTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ChangePasswordTest.java deleted file mode 100644 index ce1900d01f..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ChangePasswordTest.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.account; - -import org.jboss.arquillian.graphene.page.Page; -import org.junit.Before; -import org.junit.Test; -import org.keycloak.testsuite.auth.page.account.ChangePassword; -import static org.keycloak.testsuite.admin.Users.getPasswordOf; -import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; - -/** - * - * @author tkyjovsk - */ -public class ChangePasswordTest extends AbstractAccountManagementTest { - - private static final String NEW_PASSWORD = "newpassword"; - private static final String WRONG_PASSWORD = "wrongpassword"; - - @Page - private ChangePassword testRealmChangePasswordPage; - - private String correctPassword; - - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmChangePasswordPage.setAuthRealm(testRealmPage); - } - - @Before - public void beforeChangePasswordTest() { - correctPassword = getPasswordOf(testUser); - testRealmAccountManagementPage.navigateTo(); - testRealmLoginPage.form().login(testUser); - testRealmAccountManagementPage.password(); - } - - @Test - public void invalidChangeAttempts() { - testRealmChangePasswordPage.save(); - assertAlertError(); - - testRealmChangePasswordPage.changePasswords(WRONG_PASSWORD, NEW_PASSWORD, NEW_PASSWORD); - assertAlertError(); - - testRealmChangePasswordPage.changePasswords(correctPassword, NEW_PASSWORD, NEW_PASSWORD + "-mismatch"); - assertAlertError(); - - testRealmChangePasswordPage.changePasswords(correctPassword, " ", " "); - assertAlertError(); - } - - @Test - public void successfulChangeAttempts() { - // change password successfully - testRealmChangePasswordPage.changePasswords(correctPassword, NEW_PASSWORD, NEW_PASSWORD); - assertAlertSuccess(); - - // login using new password - testRealmAccountManagementPage.signOut(); - testRealmLoginPage.form().login(testUser.getUsername(), NEW_PASSWORD); - assertCurrentUrlStartsWith(testRealmAccountManagementPage); - - // change password back - testRealmAccountManagementPage.password(); - testRealmChangePasswordPage.changePasswords(NEW_PASSWORD, correctPassword, correctPassword); - assertAlertSuccess(); - } - -} diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java similarity index 67% rename from testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java index d9b77718f5..670e340919 100755 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/ProfileTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ProfileTest.java @@ -23,96 +23,110 @@ import org.apache.http.HttpResponse; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.DefaultHttpClient; -import org.json.JSONArray; -import org.json.JSONObject; -import org.junit.ClassRule; -import org.junit.Rule; import org.junit.Test; import org.keycloak.OAuth2Constants; -import org.keycloak.models.AccountRoles; -import org.keycloak.models.ClientModel; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resources.RealmsResource; -import org.keycloak.testsuite.Constants; -import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.pages.AccountApplicationsPage; import org.keycloak.testsuite.pages.AccountUpdateProfilePage; import org.keycloak.testsuite.pages.LoginPage; import org.keycloak.testsuite.pages.OAuthGrantPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; import org.openqa.selenium.JavascriptExecutor; -import org.openqa.selenium.WebDriver; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.UriBuilder; import java.io.IOException; import java.net.URI; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import org.jboss.arquillian.graphene.page.Page; +import org.junit.Before; +import org.keycloak.admin.client.resource.ClientResource; +import org.keycloak.admin.client.resource.RoleMappingResource; +import org.keycloak.admin.client.resource.RoleScopeResource; +import org.keycloak.models.AccountRoles; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.representations.idm.RoleRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.testsuite.TestRealmKeycloakTest; +import org.keycloak.testsuite.admin.ApiUtil; +import org.keycloak.testsuite.util.ClientBuilder; +import org.keycloak.testsuite.util.RealmBuilder; +import org.keycloak.testsuite.util.UserBuilder; +import twitter4j.JSONArray; +import twitter4j.JSONObject; import static org.junit.Assert.assertEquals; import static org.junit.Assert.fail; /** * @author Stian Thorgersen + * @author Stan Silvert ssilvert@redhat.com (C) 2016 Red Hat Inc. */ -public class ProfileTest { +public class ProfileTest extends TestRealmKeycloakTest { - @ClassRule - public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm); - user.setFirstName("First"); - user.setLastName("Last"); - user.setSingleAttribute("key1", "value1"); - user.setSingleAttribute("key2", "value2"); - - ClientModel accountApp = appRealm.getClientByClientId(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); - - UserModel user2 = manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost"); - user2.setEnabled(true); - for (String r : accountApp.getDefaultRoles()) { - user2.deleteRoleMapping(accountApp.getRole(r)); - } - UserCredentialModel creds = new UserCredentialModel(); - creds.setType(CredentialRepresentation.PASSWORD); - creds.setValue("password"); - user2.updateCredential(creds); - - ClientModel app = appRealm.getClientByClientId("test-app"); - app.addScopeMapping(accountApp.getRole(AccountRoles.VIEW_PROFILE)); - app.addRedirectUri("http://localhost:8081/app/*"); - app.addWebOrigin("http://localtest.me:8081"); - - ClientModel thirdParty = appRealm.getClientByClientId("third-party"); - thirdParty.addScopeMapping(accountApp.getRole(AccountRoles.VIEW_PROFILE)); + @Override + public void configureTestRealm(RealmRepresentation testRealm) { + UserRepresentation user = findUserInRealmRep(testRealm, "test-user@localhost"); + user.setFirstName("First"); + user.setLastName("Last"); + Map attributes = user.getAttributes(); + if (attributes == null) { + attributes = new HashMap<>(); + user.setAttributes(attributes); } - }); + attributes.put("key1", "value1"); + attributes.put("key2", "value2"); - @Rule - public WebRule webRule = new WebRule(this); + UserRepresentation user2 = UserBuilder.create() + .enabled(true) + .username("test-user-no-access@localhost") + .password("password") + .build(); + RealmBuilder.edit(testRealm) + .user(user2); - @WebResource - protected WebDriver driver; + ClientBuilder.edit(findClientInRealmRep(testRealm, "test-app")) + .addWebOrigin("http://localtest.me:8180"); + } - @WebResource - protected OAuthClient oauth; + private RoleRepresentation findViewProfileRole(ClientResource accountApp) { + RoleMappingResource scopeMappings = accountApp.getScopeMappings(); + RoleScopeResource clientLevelMappings = scopeMappings.clientLevel(accountApp.toRepresentation().getId()); + List accountRoleList = clientLevelMappings.listEffective(); - @WebResource + for (RoleRepresentation role : accountRoleList) { + if (role.getName().equals(AccountRoles.VIEW_PROFILE)) return role; + } + + return null; + } + + @Before + public void addScopeMappings() { + String accountClientId = org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID; + ClientResource accountApp = ApiUtil.findClientByClientId(testRealm(), accountClientId); + RoleRepresentation role = findViewProfileRole(accountApp); + + String accountAppId = accountApp.toRepresentation().getId(); + ClientResource app = ApiUtil.findClientByClientId(testRealm(), "test-app"); + app.getScopeMappings().clientLevel(accountAppId).add(Collections.singletonList(role)); + + ClientResource thirdParty = ApiUtil.findClientByClientId(testRealm(), "third-party"); + thirdParty.getScopeMappings().clientLevel(accountAppId).add(Collections.singletonList(role)); + } + + @Page protected AccountUpdateProfilePage profilePage; - @WebResource + @Page protected AccountApplicationsPage accountApplicationsPage; - @WebResource + @Page protected LoginPage loginPage; - @WebResource + @Page protected OAuthGrantPage grantPage; @Test @@ -147,7 +161,7 @@ public class ProfileTest { String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); String token = oauth.doAccessTokenRequest(code, "password").getAccessToken(); - driver.navigate().to("http://localtest.me:8081/app"); + driver.navigate().to("http://localtest.me:8180/app"); String[] response = doGetProfileJs(token); assertEquals("200", response[0]); @@ -160,7 +174,7 @@ public class ProfileTest { String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE); String token = oauth.doAccessTokenRequest(code, "password").getAccessToken(); - driver.navigate().to("http://invalid.localtest.me:8081"); + driver.navigate().to("http://invalid.localtest.me:8180"); try { doGetProfileJs(token); @@ -229,7 +243,7 @@ public class ProfileTest { } private URI getAccountURI() { - return RealmsResource.accountUrl(UriBuilder.fromUri(Constants.AUTH_SERVER_ROOT)).build(oauth.getRealm()); + return RealmsResource.accountUrl(UriBuilder.fromUri(oauth.AUTH_SERVER_ROOT)).build(oauth.getRealm()); } private HttpResponse doGetProfile(String token, String origin) throws IOException { diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RegistrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RegistrationTest.java deleted file mode 100644 index 1e3e916638..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RegistrationTest.java +++ /dev/null @@ -1,134 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.testsuite.account; - -import org.jboss.arquillian.graphene.page.Page; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; -import org.junit.Test; -import org.keycloak.testsuite.auth.page.login.Registration; - -import org.junit.Before; -import static org.keycloak.representations.idm.CredentialRepresentation.PASSWORD; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.representations.idm.UserRepresentation; -import static org.keycloak.testsuite.admin.ApiUtil.findUserByUsername; -import static org.keycloak.testsuite.admin.Users.getPasswordOf; -import static org.keycloak.testsuite.admin.Users.setPasswordFor; - -/** - * - * @author Petr Mensik - * @author tkyjovsk - */ -public class RegistrationTest extends AbstractAccountManagementTest { - - @Page - private Registration testRealmRegistrationPage; - - private UserRepresentation newUser; - - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmRegistrationPage.setAuthRealm(testRealmPage); - } - - @Before - public void beforeUserRegistration() { - // enable user registration in test realm - RealmRepresentation testRealmRep = testRealmResource().toRepresentation(); - testRealmRep.setRegistrationAllowed(true); - testRealmResource().update(testRealmRep); - - newUser = createUserRepresentation("new_user", "new_user@email.test", "new", "user", true); - setPasswordFor(newUser, PASSWORD); - - testRealmAccountManagementPage.navigateTo(); - assertTrue("Registration should be allowed.", testRealmResource().toRepresentation().isRegistrationAllowed()); - testRealmLoginPage.form().register(); - } - - public void assertUserExistsWithAdminClient(UserRepresentation user) { - assertNotNull(findUserByUsername(testRealmResource(), user.getUsername())); - } - - public void assertUserDoesntExistWithAdminClient(UserRepresentation user) { - assertNull(findUserByUsername(testRealmResource(), user.getUsername())); - } - - public void assertMessageAttributeMissing(String attributeName) { - String feedbackTest = testRealmRegistrationPage.getFeedbackText(); - String contains = "Please specify " + attributeName + "."; - assertTrue("'" + feedbackTest + "' doesn't contain '" + contains + "'", feedbackTest.contains(contains)); - } - - @Test - public void successfulRegistration() { - testRealmRegistrationPage.register(newUser); - assertUserExistsWithAdminClient(newUser); - } - - @Test - public void invalidEmail() { - newUser.setEmail("invalid.email.value"); - testRealmRegistrationPage.register(newUser); - assertEquals("Invalid email address.", testRealmRegistrationPage.getFeedbackText()); - assertUserDoesntExistWithAdminClient(newUser); - } - - @Test - public void emptyAttributes() { - UserRepresentation newUserEmpty = new UserRepresentation(); // empty user attributes - - testRealmRegistrationPage.register(newUserEmpty); - assertMessageAttributeMissing("username"); - - newUserEmpty.setUsername(newUser.getUsername()); - testRealmRegistrationPage.register(newUserEmpty); - assertMessageAttributeMissing("first name"); - - newUserEmpty.setFirstName(newUser.getFirstName()); - testRealmRegistrationPage.register(newUserEmpty); - assertMessageAttributeMissing("last name"); - - newUserEmpty.setLastName(newUser.getLastName()); - testRealmRegistrationPage.register(newUserEmpty); - assertMessageAttributeMissing("email"); - - newUserEmpty.setEmail(newUser.getEmail()); - testRealmRegistrationPage.register(newUserEmpty); - assertMessageAttributeMissing("password"); - - setPasswordFor(newUserEmpty, getPasswordOf(newUser)); - testRealmRegistrationPage.register(newUser); - assertUserExistsWithAdminClient(newUserEmpty); - } - - @Test - public void notMatchingPasswords() { - testRealmRegistrationPage.setValues(newUser, "not-matching-password"); - testRealmRegistrationPage.submit(); - assertEquals("Password confirmation doesn't match.", testRealmRegistrationPage.getFeedbackText()); - - testRealmRegistrationPage.register(newUser); - assertUserExistsWithAdminClient(newUser); - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RememberMeTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RememberMeTest.java deleted file mode 100644 index 8ff6ab0f82..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/RememberMeTest.java +++ /dev/null @@ -1,70 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.testsuite.account; - -import org.junit.Before; -import org.junit.Ignore; -import org.junit.Test; -import org.keycloak.representations.idm.RealmRepresentation; - - -/** - * - * @author vramik - */ -@Ignore //TODO find out the way how to restart browser during the test -public class RememberMeTest extends AbstractAccountManagementTest { - - - @Before - public void beforeRememberMe() { - // enable remember me in test realm - RealmRepresentation testRealmRep = testRealmResource().toRepresentation(); - testRealmRep.setRememberMe(true); - testRealmResource().update(testRealmRep); - } - - @Test - public void rememberMe() { - - testRealmAccountManagementPage.navigateTo(); - - log.info("login with remember me unchecked"); - testRealmLoginPage.form().login(testUser); - testRealmAccountManagementPage.waitForAccountLinkPresent(); - log.debug("logged in"); - - //TODO: restart browser - - testRealmAccountManagementPage.navigateTo(); - log.debug("user shouldn't be logged in"); - testRealmLoginPage.form().waitForRememberMePresent(); - - log.info("login with remember me checked"); - testRealmLoginPage.form().rememberMe(true); - testRealmLoginPage.form().login(testUser); - testRealmAccountManagementPage.waitForAccountLinkPresent(); - - //TODO: restart browser - - testRealmAccountManagementPage.navigateTo(); - log.debug("user should be logged in"); - testRealmAccountManagementPage.waitForAccountLinkPresent(); - - } - -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResetCredentialsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResetCredentialsTest.java deleted file mode 100644 index 83a4b0c223..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/ResetCredentialsTest.java +++ /dev/null @@ -1,102 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.testsuite.account; - -import org.jboss.arquillian.graphene.page.Page; -import org.junit.AfterClass; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import org.junit.Before; -import org.junit.Test; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.testsuite.auth.page.login.ResetCredentials; -import static org.keycloak.testsuite.util.MailAssert.assertEmailAndGetUrl; -import org.keycloak.testsuite.util.MailServer; -import org.keycloak.testsuite.util.MailServerConfiguration; -import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; - - -/** - * - * @author vramik - */ -public class ResetCredentialsTest extends AbstractAccountManagementTest { - - @Page - private ResetCredentials testRealmResetCredentialsPage; - - private static boolean init = false; - - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmResetCredentialsPage.setAuthRealm(testRealmPage); - } - - @Before - public void beforeResetCredentials() { - // enable reset credentials and configure smpt server in test realm - RealmRepresentation testRealmRep = testRealmResource().toRepresentation(); - testRealmRep.setSmtpServer(suiteContext.getSmtpServer()); - testRealmRep.setResetPasswordAllowed(true); - testRealmResource().update(testRealmRep); - - if (!init) { - init = true; - MailServer.start(); - MailServer.createEmailAccount(testUser.getEmail(), "password"); - } - - testRealmAccountManagementPage.navigateTo(); - assertTrue("Reset password should be allowed.", testRealmResource().toRepresentation().isResetPasswordAllowed()); - testRealmLoginPage.form().forgotPassword(); - } - - @AfterClass - public static void afterClass() { - MailServer.stop(); - } - - @Test - public void resetCredentialsWithEmail() { - testRealmResetCredentialsPage.resetCredentials(testUser.getEmail()); - resetCredentialsAndLoginWithNewPassword(); - } - - @Test - public void resetCredentialsWithUsername() { - testRealmResetCredentialsPage.resetCredentials(testUser.getUsername()); - resetCredentialsAndLoginWithNewPassword(); - } - - private void resetCredentialsAndLoginWithNewPassword() { - assertEquals("You should receive an email shortly with further instructions.", - testRealmResetCredentialsPage.getFeedbackText()); - - String url = assertEmailAndGetUrl(MailServerConfiguration.FROM, testUser.getEmail(), - "Someone just requested to change your Test account's credentials."); - - log.info("navigating to " + url); - driver.navigate().to(url); - //assertCurrentUrlStartsWith(testRealmResetCredentialsPage); - testRealmResetCredentialsPage.updatePassword("newPassword"); - assertCurrentUrlStartsWith(testRealmAccountManagementPage); - testRealmAccountManagementPage.signOut(); - testRealmLoginPage.form().login("test", "newPassword"); - assertCurrentUrlStartsWith(testRealmAccountManagementPage); - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/VerifyEmailTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/VerifyEmailTest.java deleted file mode 100644 index dc08331f5f..0000000000 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/VerifyEmailTest.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.testsuite.account; - -import org.jboss.arquillian.graphene.page.Page; -import org.junit.AfterClass; -import static org.junit.Assert.assertEquals; -import org.junit.Before; -import org.junit.Test; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.testsuite.auth.page.login.VerifyEmail; -import static org.keycloak.testsuite.util.MailAssert.assertEmailAndGetUrl; -import org.keycloak.testsuite.util.MailServer; -import org.keycloak.testsuite.util.MailServerConfiguration; -import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith; - - -/** - * - * @author vramik - */ -public class VerifyEmailTest extends AbstractAccountManagementTest { - - @Page - private VerifyEmail testRealmVerifyEmailPage; - - private static boolean init = false; - - @Override - public void setDefaultPageUriParameters() { - super.setDefaultPageUriParameters(); - testRealmVerifyEmailPage.setAuthRealm(testRealmPage); - } - - @Before - public void beforeVerifyEmail() { - log.info("enable verify email and configure smpt server in test realm"); - RealmRepresentation testRealmRep = testRealmResource().toRepresentation(); - testRealmRep.setSmtpServer(suiteContext.getSmtpServer()); - testRealmRep.setVerifyEmail(true); - testRealmResource().update(testRealmRep); - - if (!init) { - init = true; - MailServer.start(); - MailServer.createEmailAccount(testUser.getEmail(), "password"); - } - } - - @AfterClass - public static void afterClass() { - MailServer.stop(); - } - - @Test - public void verifyEmail() { - testRealmAccountManagementPage.navigateTo(); - testRealmLoginPage.form().login(testUser); - - assertEquals("You need to verify your email address to activate your account.", - testRealmVerifyEmailPage.getFeedbackText()); - - String verifyEmailUrl = assertEmailAndGetUrl(MailServerConfiguration.FROM, testUser.getEmail(), - "Someone has created a Test account with this email address."); - - log.info("navigating to url from email: " + verifyEmailUrl); - driver.navigate().to(verifyEmailUrl); - assertCurrentUrlStartsWith(testRealmAccountManagementPage); - testRealmAccountManagementPage.signOut(); - testRealmLoginPage.form().login(testUser); - assertCurrentUrlStartsWith(testRealmAccountManagementPage); - } -} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractAccountManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/AbstractAccountManagementTest.java similarity index 97% rename from testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractAccountManagementTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/AbstractAccountManagementTest.java index 0dde2fa407..6ceb4f8895 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/AbstractAccountManagementTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/AbstractAccountManagementTest.java @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.keycloak.testsuite.account; +package org.keycloak.testsuite.account.custom; import org.jboss.arquillian.graphene.page.Page; import static org.junit.Assert.assertTrue; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/AbstractCustomAccountManagementTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/AbstractCustomAccountManagementTest.java index f73deb7d37..9b59a6048c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/AbstractCustomAccountManagementTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/account/custom/AbstractCustomAccountManagementTest.java @@ -23,7 +23,6 @@ import org.junit.Before; import org.keycloak.admin.client.resource.AuthenticationManagementResource; import org.keycloak.models.AuthenticationExecutionModel; import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation; -import org.keycloak.testsuite.account.AbstractAccountManagementTest; /** * diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java index b98877de2d..5d066b0cd4 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/ClientBuilder.java @@ -17,11 +17,14 @@ package org.keycloak.testsuite.util; +import java.util.ArrayList; import org.keycloak.dom.saml.v2.ac.BooleanType; import org.keycloak.representations.idm.ClientRepresentation; import java.util.Arrays; import java.util.HashMap; +import java.util.LinkedList; +import java.util.List; import java.util.Map; /** @@ -29,14 +32,20 @@ import java.util.Map; */ public class ClientBuilder { - private ClientRepresentation rep = new ClientRepresentation(); + private ClientRepresentation rep; public static ClientBuilder create() { - return new ClientBuilder(); + ClientRepresentation rep = new ClientRepresentation(); + rep.setEnabled(Boolean.TRUE); + return new ClientBuilder(rep); } - private ClientBuilder() { - rep.setEnabled(true); + public static ClientBuilder edit(ClientRepresentation rep) { + return new ClientBuilder(rep); + } + + private ClientBuilder(ClientRepresentation rep) { + this.rep = rep; } public ClientBuilder id(String id) { @@ -100,6 +109,26 @@ public class ClientBuilder { return this; } + public ClientBuilder addWebOrigin(String webOrigin) { + List uris = rep.getWebOrigins(); + if (uris == null) { + uris = new LinkedList<>(); + rep.setWebOrigins(uris); + } + uris.add(webOrigin); + return this; + } + + public ClientBuilder addRedirectUri(String redirectUri) { + List uris = rep.getRedirectUris(); + if (uris == null) { + uris = new LinkedList<>(); + rep.setRedirectUris(uris); + } + uris.add(redirectUri); + return this; + } + public ClientBuilder redirectUris(String... redirectUris) { rep.setRedirectUris(Arrays.asList(redirectUris)); return this; diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/UserBuilder.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/UserBuilder.java index 379d4ef4b9..f127d7a99c 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/UserBuilder.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/util/UserBuilder.java @@ -56,6 +56,16 @@ public class UserBuilder { return this; } + public UserBuilder firstName(String firstName) { + rep.setFirstName(firstName); + return this; + } + + public UserBuilder lastName(String lastName) { + rep.setLastName(lastName); + return this; + } + /** * This method adds additional passwords to the user. */ diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json b/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json index 93624ef734..e24b31efe7 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/testrealm.json @@ -101,7 +101,7 @@ { "clientId": "test-app", "enabled": true, - "baseUrl": "http://localhost:8180/auth/realms/master/app", + "baseUrl": "http://localhost:8180/auth/realms/master/app/auth", "redirectUris": [ "http://localhost:8180/auth/realms/master/app/*" ], diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java deleted file mode 100755 index 7c5152bde4..0000000000 --- a/testsuite/integration/src/test/java/org/keycloak/testsuite/account/AccountTest.java +++ /dev/null @@ -1,800 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.keycloak.testsuite.account; - -import org.junit.After; -import org.junit.Assert; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.Rule; -import org.junit.Test; -import org.keycloak.events.Details; -import org.keycloak.events.Event; -import org.keycloak.events.EventType; -import org.keycloak.migration.MigrationModel; -import org.keycloak.models.ClientModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.PasswordPolicy; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.TimeBasedOTP; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.services.resources.AccountService; -import org.keycloak.services.resources.RealmsResource; -import org.keycloak.testsuite.AssertEvents; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AccountApplicationsPage; -import org.keycloak.testsuite.pages.AccountLogPage; -import org.keycloak.testsuite.pages.AccountPasswordPage; -import org.keycloak.testsuite.pages.AccountSessionsPage; -import org.keycloak.testsuite.pages.AccountTotpPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.AppPage.RequestType; -import org.keycloak.testsuite.pages.ErrorPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.By; -import org.openqa.selenium.WebDriver; - -import javax.ws.rs.core.UriBuilder; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; - -/** - * @author Stian Thorgersen - */ -public class AccountTest { - - @ClassRule - public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm); - - ClientModel accountApp = appRealm.getClientByClientId(org.keycloak.models.Constants.ACCOUNT_MANAGEMENT_CLIENT_ID); - - UserModel user2 = manager.getSession().users().addUser(appRealm, "test-user-no-access@localhost"); - user2.setEnabled(true); - user2.setEmail("test-user-no-access@localhost"); - for (String r : accountApp.getDefaultRoles()) { - user2.deleteRoleMapping(accountApp.getRole(r)); - } - UserCredentialModel creds = new UserCredentialModel(); - creds.setType(CredentialRepresentation.PASSWORD); - creds.setValue("password"); - user2.updateCredential(creds); - } - }); - - private static final UriBuilder BASE = UriBuilder.fromUri("http://localhost:8081/auth"); - private static final String ACCOUNT_URL = RealmsResource.accountUrl(BASE.clone()).build("test").toString(); - public static String ACCOUNT_REDIRECT = AccountService.loginRedirectUrl(BASE.clone()).build("test").toString(); - - @Rule - public AssertEvents events = new AssertEvents(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected WebDriver driver; - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected AppPage appPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected AccountPasswordPage changePasswordPage; - - @WebResource - protected AccountUpdateProfilePage profilePage; - - @WebResource - protected AccountTotpPage totpPage; - - @WebResource - protected AccountLogPage logPage; - - @WebResource - protected AccountSessionsPage sessionsPage; - - @WebResource - protected AccountApplicationsPage applicationsPage; - - @WebResource - protected ErrorPage errorPage; - - private TimeBasedOTP totp = new TimeBasedOTP(); - private String userId; - - @Before - public void before() { - oauth.state("mystate"); // keycloak enforces that a state param has been sent by client - userId = keycloakRule.getUser("test", "test-user@localhost").getId(); - } - - @After - public void after() { - keycloakRule.update(new KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel defaultRealm, RealmModel appRealm) { - UserModel user = manager.getSession().users().getUserByUsername("test-user@localhost", appRealm); - user.setFirstName("Tom"); - user.setLastName("Brady"); - user.setEmail("test-user@localhost"); - - UserCredentialModel cred = new UserCredentialModel(); - cred.setType(CredentialRepresentation.PASSWORD); - cred.setValue("password"); - - user.updateCredential(cred); - } - }); - } - - //@Test - public void ideTesting() throws Exception { - Thread.sleep(100000000); - } - - @Test - public void testMigrationModel() { - KeycloakSession keycloakSession = keycloakRule.startSession(); - Assert.assertEquals(keycloakSession.realms().getMigrationModel().getStoredVersion(), MigrationModel.LATEST_VERSION); - keycloakSession.close(); - } - - - - @Test - public void returnToAppFromQueryParam() { - driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app"); - loginPage.login("test-user@localhost", "password"); - Assert.assertTrue(profilePage.isCurrent()); - profilePage.backToApplication(); - - Assert.assertTrue(appPage.isCurrent()); - - driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app&referrer_uri=http://localhost:8081/app?test"); - Assert.assertTrue(profilePage.isCurrent()); - profilePage.backToApplication(); - - Assert.assertTrue(appPage.isCurrent()); - Assert.assertEquals(appPage.baseUrl + "?test", driver.getCurrentUrl()); - - driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app"); - Assert.assertTrue(profilePage.isCurrent()); - - driver.findElement(By.linkText("Authenticator")).click(); - Assert.assertTrue(totpPage.isCurrent()); - - driver.findElement(By.linkText("Account")).click(); - Assert.assertTrue(profilePage.isCurrent()); - - profilePage.backToApplication(); - - Assert.assertTrue(appPage.isCurrent()); - - events.clear(); - } - - @Test - public void changePassword() { - changePasswordPage.open(); - loginPage.login("test-user@localhost", "password"); - - Event event = events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); - String sessionId = event.getSessionId(); - String userId = event.getUserId(); - changePasswordPage.changePassword("", "new-password", "new-password"); - - Assert.assertEquals("Please specify password.", profilePage.getError()); - - changePasswordPage.changePassword("password", "new-password", "new-password2"); - - Assert.assertEquals("Password confirmation doesn't match.", profilePage.getError()); - - changePasswordPage.changePassword("password", "new-password", "new-password"); - - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - - events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); - - changePasswordPage.logout(); - - events.expectLogout(sessionId).detail(Details.REDIRECT_URI, changePasswordPage.getPath()).assertEvent(); - - loginPage.open(); - loginPage.login("test-user@localhost", "password"); - - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - events.expectLogin().session((String) null).error("invalid_user_credentials") - .removeDetail(Details.CONSENT) - .assertEvent(); - - loginPage.open(); - loginPage.login("test-user@localhost", "new-password"); - - Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - events.expectLogin().assertEvent(); - } - - @Test - public void changePasswordWithLengthPasswordPolicy() { - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setPasswordPolicy(new PasswordPolicy("length")); - } - }); - - try { - changePasswordPage.open(); - loginPage.login("test-user@localhost", "password"); - - - events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); - - changePasswordPage.changePassword("", "new", "new"); - - Assert.assertEquals("Please specify password.", profilePage.getError()); - - changePasswordPage.changePassword("password", "new-password", "new-password"); - - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - - events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); - } finally { - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setPasswordPolicy(new PasswordPolicy(null)); - } - }); - } - } - - @Test - public void changePasswordWithPasswordHistoryPolicy() { - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setPasswordPolicy(new PasswordPolicy("passwordHistory(2)")); - } - }); - - try { - changePasswordPage.open(); - loginPage.login("test-user@localhost", "password"); - - events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password").assertEvent(); - - changePasswordPage.changePassword("password", "password", "password"); - - Assert.assertEquals("Invalid password: must not be equal to any of last 2 passwords.", profilePage.getError()); - - changePasswordPage.changePassword("password", "password1", "password1"); - - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - - events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); - - changePasswordPage.changePassword("password1", "password", "password"); - - Assert.assertEquals("Invalid password: must not be equal to any of last 2 passwords.", profilePage.getError()); - - changePasswordPage.changePassword("password1", "password1", "password1"); - - Assert.assertEquals("Invalid password: must not be equal to any of last 2 passwords.", profilePage.getError()); - - changePasswordPage.changePassword("password1", "password2", "password2"); - - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - - events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent(); - - } finally { - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setPasswordPolicy(new PasswordPolicy(null)); - } - }); - } - } - - @Test - public void changeProfile() { - profilePage.open(); - loginPage.login("test-user@localhost", "password"); - - events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); - - Assert.assertEquals("Tom", profilePage.getFirstName()); - Assert.assertEquals("Brady", profilePage.getLastName()); - Assert.assertEquals("test-user@localhost", profilePage.getEmail()); - - // All fields are required, so there should be an error when something is missing. - profilePage.updateProfile("", "New last", "new@email.com"); - - Assert.assertEquals("Please specify first name.", profilePage.getError()); - Assert.assertEquals("", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("new@email.com", profilePage.getEmail()); - - events.assertEmpty(); - - profilePage.updateProfile("New first", "", "new@email.com"); - - Assert.assertEquals("Please specify last name.", profilePage.getError()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("", profilePage.getLastName()); - Assert.assertEquals("new@email.com", profilePage.getEmail()); - - events.assertEmpty(); - - profilePage.updateProfile("New first", "New last", ""); - - Assert.assertEquals("Please specify email.", profilePage.getError()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("", profilePage.getEmail()); - - events.assertEmpty(); - - profilePage.clickCancel(); - - Assert.assertEquals("Tom", profilePage.getFirstName()); - Assert.assertEquals("Brady", profilePage.getLastName()); - Assert.assertEquals("test-user@localhost", profilePage.getEmail()); - - events.assertEmpty(); - - profilePage.updateProfile("New first", "New last", "new@email.com"); - - Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("new@email.com", profilePage.getEmail()); - - events.expectAccount(EventType.UPDATE_PROFILE).assertEvent(); - events.expectAccount(EventType.UPDATE_EMAIL).detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com").assertEvent(); - - // reset user for other tests - profilePage.updateProfile("Tom", "Brady", "test-user@localhost"); - events.clear(); - } - - @Test - public void changeUsername() { - // allow to edit the username in realm - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEditUsernameAllowed(true); - } - }); - - try { - profilePage.open(); - loginPage.login("test-user@localhost", "password"); - - events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); - - Assert.assertEquals("test-user@localhost", profilePage.getUsername()); - Assert.assertEquals("Tom", profilePage.getFirstName()); - Assert.assertEquals("Brady", profilePage.getLastName()); - Assert.assertEquals("test-user@localhost", profilePage.getEmail()); - - // All fields are required, so there should be an error when something is missing. - profilePage.updateProfile("", "New first", "New last", "new@email.com"); - - Assert.assertEquals("Please specify username.", profilePage.getError()); - Assert.assertEquals("", profilePage.getUsername()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("new@email.com", profilePage.getEmail()); - - events.assertEmpty(); - - // Change to the username already occupied by other user - profilePage.updateProfile("test-user-no-access@localhost", "New first", "New last", "new@email.com"); - - Assert.assertEquals("Username already exists.", profilePage.getError()); - Assert.assertEquals("test-user-no-access@localhost", profilePage.getUsername()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("new@email.com", profilePage.getEmail()); - - events.assertEmpty(); - - profilePage.updateProfile("test-user-new@localhost", "New first", "New last", "new@email.com"); - - Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); - Assert.assertEquals("test-user-new@localhost", profilePage.getUsername()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("new@email.com", profilePage.getEmail()); - - } finally { - // reset user for other tests - profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost"); - events.clear(); - - // reset realm - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEditUsernameAllowed(false); - } - }); - } - } - - @Test - public void changeUsernameLoginWithOldUsername() { - KeycloakSession session = keycloakRule.startSession(); - UserModel user = session.users().addUser(session.realms().getRealm("test"), "change-username"); - user.setEnabled(true); - user.setEmail("change-username@localhost"); - user.setFirstName("first"); - user.setLastName("last"); - user.updateCredential(UserCredentialModel.password("password")); - keycloakRule.stopSession(session, true); - - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEditUsernameAllowed(true); - } - }); - - try { - profilePage.open(); - loginPage.login("change-username", "password"); - - profilePage.updateUsername("change-username-updated"); - - Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); - - profilePage.logout(); - - profilePage.open(); - - Assert.assertTrue(loginPage.isCurrent()); - - loginPage.login("change-username", "password"); - - Assert.assertTrue(loginPage.isCurrent()); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - loginPage.login("change-username-updated", "password"); - } finally { - events.clear(); - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEditUsernameAllowed(false); - } - }); - } - } - - @Test - public void changeEmailLoginWithOldEmail() { - KeycloakSession session = keycloakRule.startSession(); - UserModel user = session.users().addUser(session.realms().getRealm("test"), "change-email"); - user.setEnabled(true); - user.setEmail("change-username@localhost"); - user.setFirstName("first"); - user.setLastName("last"); - user.updateCredential(UserCredentialModel.password("password")); - keycloakRule.stopSession(session, true); - - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEditUsernameAllowed(true); - } - }); - - try { - profilePage.open(); - loginPage.login("change-username@localhost", "password"); - - profilePage.updateEmail("change-username-updated@localhost"); - - Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); - - profilePage.logout(); - - profilePage.open(); - - Assert.assertTrue(loginPage.isCurrent()); - - loginPage.login("change-username@localhost", "password"); - - Assert.assertTrue(loginPage.isCurrent()); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - loginPage.login("change-username-updated@localhost", "password"); - } finally { - events.clear(); - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEditUsernameAllowed(false); - } - }); - } - } - - // KEYCLOAK-1534 - @Test - public void changeEmailToExisting() { - profilePage.open(); - loginPage.login("test-user@localhost", "password"); - - events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); - - Assert.assertEquals("test-user@localhost", profilePage.getUsername()); - Assert.assertEquals("test-user@localhost", profilePage.getEmail()); - - // Change to the email, which some other user has - profilePage.updateProfile("New first", "New last", "test-user-no-access@localhost"); - - profilePage.assertCurrent(); - Assert.assertEquals("Email already exists.", profilePage.getError()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("test-user-no-access@localhost", profilePage.getEmail()); - - events.assertEmpty(); - - // Change some other things, but not email - profilePage.updateProfile("New first", "New last", "test-user@localhost"); - - Assert.assertEquals("Your account has been updated.", profilePage.getSuccess()); - Assert.assertEquals("New first", profilePage.getFirstName()); - Assert.assertEquals("New last", profilePage.getLastName()); - Assert.assertEquals("test-user@localhost", profilePage.getEmail()); - - events.expectAccount(EventType.UPDATE_PROFILE).assertEvent(); - - // Change email and other things to original values - profilePage.updateProfile("Tom", "Brady", "test-user@localhost"); - events.expectAccount(EventType.UPDATE_PROFILE).assertEvent(); - } - - @Test - public void setupTotp() { - totpPage.open(); - loginPage.login("test-user@localhost", "password"); - - events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=totp").assertEvent(); - - Assert.assertTrue(totpPage.isCurrent()); - - Assert.assertFalse(driver.getPageSource().contains("Remove Google")); - - // Error with false code - totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret() + "123")); - - Assert.assertEquals("Invalid authenticator code.", profilePage.getError()); - - totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret())); - - Assert.assertEquals("Mobile authenticator configured.", profilePage.getSuccess()); - - events.expectAccount(EventType.UPDATE_TOTP).assertEvent(); - - Assert.assertTrue(driver.getPageSource().contains("pficon-delete")); - - totpPage.removeTotp(); - - events.expectAccount(EventType.REMOVE_TOTP).assertEvent(); - } - - @Test - public void changeProfileNoAccess() throws Exception { - profilePage.open(); - loginPage.login("test-user-no-access@localhost", "password"); - - events.expectLogin().client("account").user(keycloakRule.getUser("test", "test-user-no-access@localhost").getId()) - .detail(Details.USERNAME, "test-user-no-access@localhost") - .detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT).assertEvent(); - - Assert.assertTrue(errorPage.isCurrent()); - Assert.assertEquals("No access", errorPage.getError()); - } - - @Test - public void viewLog() { - keycloakRule.update(new KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEventsEnabled(true); - } - }); - - try { - List expectedEvents = new LinkedList(); - - loginPage.open(); - loginPage.clickRegister(); - - registerPage.register("view", "log", "view-log@localhost", "view-log", "password", "password"); - - expectedEvents.add(events.poll()); - expectedEvents.add(events.poll()); - - profilePage.open(); - profilePage.updateProfile("view", "log2", "view-log@localhost"); - - expectedEvents.add(events.poll()); - - logPage.open(); - - Assert.assertTrue(logPage.isCurrent()); - - List> actualEvents = logPage.getEvents(); - - Assert.assertEquals(expectedEvents.size(), actualEvents.size()); - - for (Event e : expectedEvents) { - boolean match = false; - for (List a : logPage.getEvents()) { - if (e.getType().toString().replace('_', ' ').toLowerCase().equals(a.get(1)) && - e.getIpAddress().equals(a.get(2)) && - e.getClientId().equals(a.get(3))) { - match = true; - break; - } - } - if (!match) { - Assert.fail("Event not found " + e.getType()); - } - } - } finally { - keycloakRule.update(new KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - appRealm.setEventsEnabled(false); - } - }); - } - } - - @Test - public void sessions() { - loginPage.open(); - loginPage.clickRegister(); - - registerPage.register("view", "sessions", "view-sessions@localhost", "view-sessions", "password", "password"); - - Event registerEvent = events.expectRegister("view-sessions", "view-sessions@localhost").assertEvent(); - String userId = registerEvent.getUserId(); - - events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent(); - - sessionsPage.open(); - - Assert.assertTrue(sessionsPage.isCurrent()); - - List> sessions = sessionsPage.getSessions(); - Assert.assertEquals(1, sessions.size()); - Assert.assertEquals("127.0.0.1", sessions.get(0).get(0)); - - // Create second session - WebDriver driver2 = WebRule.createWebDriver(); - try { - OAuthClient oauth2 = new OAuthClient(driver2); - oauth2.state("mystate"); - oauth2.doLogin("view-sessions", "password"); - - Event login2Event = events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent(); - - sessionsPage.open(); - sessions = sessionsPage.getSessions(); - Assert.assertEquals(2, sessions.size()); - - sessionsPage.logoutAll(); - - events.expectLogout(registerEvent.getSessionId()); - events.expectLogout(login2Event.getSessionId()); - } finally { - driver2.close(); - } - } - - // More tests (including revoke) are in OAuthGrantTest and OfflineTokenTest - @Test - public void applications() { - applicationsPage.open(); - loginPage.login("test-user@localhost", "password"); - - events.expectLogin().client("account").detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=applications").assertEvent(); - Assert.assertTrue(applicationsPage.isCurrent()); - - Map apps = applicationsPage.getApplications(); - Assert.assertEquals(3, apps.size()); - - AccountApplicationsPage.AppEntry accountEntry = apps.get("Account"); - Assert.assertEquals(2, accountEntry.getRolesAvailable().size()); - Assert.assertTrue(accountEntry.getRolesAvailable().contains("Manage account in Account")); - Assert.assertTrue(accountEntry.getRolesAvailable().contains("View profile in Account")); - Assert.assertEquals(1, accountEntry.getRolesGranted().size()); - Assert.assertTrue(accountEntry.getRolesGranted().contains("Full Access")); - Assert.assertEquals(1, accountEntry.getProtocolMappersGranted().size()); - Assert.assertTrue(accountEntry.getProtocolMappersGranted().contains("Full Access")); - - AccountApplicationsPage.AppEntry testAppEntry = apps.get("test-app"); - Assert.assertEquals(5, testAppEntry.getRolesAvailable().size()); - Assert.assertTrue(testAppEntry.getRolesAvailable().contains("Offline access")); - Assert.assertTrue(testAppEntry.getRolesGranted().contains("Full Access")); - Assert.assertTrue(testAppEntry.getProtocolMappersGranted().contains("Full Access")); - - AccountApplicationsPage.AppEntry thirdPartyEntry = apps.get("third-party"); - Assert.assertEquals(2, thirdPartyEntry.getRolesAvailable().size()); - Assert.assertTrue(thirdPartyEntry.getRolesAvailable().contains("Have User privileges")); - Assert.assertTrue(thirdPartyEntry.getRolesAvailable().contains("Have Customer User privileges in test-app")); - Assert.assertEquals(0, thirdPartyEntry.getRolesGranted().size()); - Assert.assertEquals(0, thirdPartyEntry.getProtocolMappersGranted().size()); - } - - @Test - public void loginToSpecificPage() { - changePasswordPage.open(); - loginPage.login("test-user@localhost", "password"); - - Assert.assertTrue(changePasswordPage.isCurrent()); - - events.clear(); - } - - @Test - public void loginToSpecificPageWithReferrer() { - driver.navigate().to(changePasswordPage.getPath() + "?referrer=account"); - System.out.println(driver.getCurrentUrl()); - - loginPage.login("test-user@localhost", "password"); - System.out.println(driver.getCurrentUrl()); - - Assert.assertTrue(changePasswordPage.isCurrent()); - - events.clear(); - } - -}