1308 lines
36 KiB
TypeScript
1308 lines
36 KiB
TypeScript
// tslint:disable:no-unused-expression
|
|
import { faker } from "@faker-js/faker";
|
|
import * as chai from "chai";
|
|
import { KeycloakAdminClient } from "../src/client.js";
|
|
import type ClientRepresentation from "../src/defs/clientRepresentation.js";
|
|
import type ClientScopeRepresentation from "../src/defs/clientScopeRepresentation.js";
|
|
import type PolicyRepresentation from "../src/defs/policyRepresentation.js";
|
|
import { Logic } from "../src/defs/policyRepresentation.js";
|
|
import type ProtocolMapperRepresentation from "../src/defs/protocolMapperRepresentation.js";
|
|
import type ResourceRepresentation from "../src/defs/resourceRepresentation.js";
|
|
import type ScopeRepresentation from "../src/defs/scopeRepresentation.js";
|
|
import type UserRepresentation from "../src/defs/userRepresentation.js";
|
|
import { credentials } from "./constants.js";
|
|
|
|
const expect = chai.expect;
|
|
|
|
describe("Clients", () => {
|
|
let kcAdminClient: KeycloakAdminClient;
|
|
let currentClient: ClientRepresentation;
|
|
let currentClientScope: ClientScopeRepresentation;
|
|
let currentRoleName: string;
|
|
|
|
before(async () => {
|
|
kcAdminClient = new KeycloakAdminClient();
|
|
await kcAdminClient.auth(credentials);
|
|
|
|
// create client and also test it
|
|
// NOTICE: to be clear, clientId stands for the property `clientId` of client
|
|
// clientUniqueId stands for property `id` of client
|
|
const clientId = faker.internet.userName();
|
|
const createdClient = await kcAdminClient.clients.create({
|
|
clientId,
|
|
});
|
|
expect(createdClient.id).to.be.ok;
|
|
|
|
const client = await kcAdminClient.clients.findOne({
|
|
id: createdClient.id,
|
|
});
|
|
expect(client).to.be.ok;
|
|
currentClient = client!;
|
|
});
|
|
|
|
after(async () => {
|
|
// delete the current one
|
|
await kcAdminClient.clients.del({
|
|
id: currentClient.id!,
|
|
});
|
|
});
|
|
|
|
it("list clients", async () => {
|
|
const clients = await kcAdminClient.clients.find();
|
|
expect(clients).to.be.ok;
|
|
});
|
|
|
|
it("get single client", async () => {
|
|
const clientUniqueId = currentClient.id!;
|
|
const client = await kcAdminClient.clients.findOne({
|
|
id: clientUniqueId,
|
|
});
|
|
// not sure why entity from list api will not have property: authorizationServicesEnabled
|
|
expect(client).to.deep.include(currentClient);
|
|
});
|
|
|
|
it("update single client", async () => {
|
|
const { clientId, id: clientUniqueId } = currentClient;
|
|
await kcAdminClient.clients.update(
|
|
{ id: clientUniqueId! },
|
|
{
|
|
// clientId is required in client update. no idea why...
|
|
clientId,
|
|
description: "test",
|
|
},
|
|
);
|
|
|
|
const client = await kcAdminClient.clients.findOne({
|
|
id: clientUniqueId!,
|
|
});
|
|
expect(client).to.include({
|
|
description: "test",
|
|
});
|
|
});
|
|
|
|
it("delete single client", async () => {
|
|
// create another one for delete test
|
|
const clientId = faker.internet.userName();
|
|
const { id } = await kcAdminClient.clients.create({
|
|
clientId,
|
|
});
|
|
|
|
// delete it
|
|
await kcAdminClient.clients.del({
|
|
id,
|
|
});
|
|
|
|
const delClient = await kcAdminClient.clients.findOne({
|
|
id,
|
|
});
|
|
expect(delClient).to.be.null;
|
|
});
|
|
|
|
/**
|
|
* client roles
|
|
*/
|
|
describe("client roles", () => {
|
|
before(async () => {
|
|
const roleName = faker.internet.userName();
|
|
// create a client role
|
|
const { roleName: createdRoleName } =
|
|
await kcAdminClient.clients.createRole({
|
|
id: currentClient.id,
|
|
name: roleName,
|
|
});
|
|
|
|
expect(createdRoleName).to.be.equal(roleName);
|
|
|
|
// assign currentClientRole
|
|
currentRoleName = roleName;
|
|
});
|
|
|
|
after(async () => {
|
|
// delete client role
|
|
await kcAdminClient.clients.delRole({
|
|
id: currentClient.id!,
|
|
roleName: currentRoleName,
|
|
});
|
|
});
|
|
|
|
it("list the client roles", async () => {
|
|
const roles = await kcAdminClient.clients.listRoles({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(roles[0]).to.include({
|
|
name: currentRoleName,
|
|
});
|
|
});
|
|
|
|
it("find the client role", async () => {
|
|
const role = await kcAdminClient.clients.findRole({
|
|
id: currentClient.id!,
|
|
roleName: currentRoleName,
|
|
});
|
|
|
|
expect(role).to.include({
|
|
name: currentRoleName,
|
|
clientRole: true,
|
|
containerId: currentClient.id,
|
|
});
|
|
});
|
|
|
|
it("update the client role", async () => {
|
|
// NOTICE: roleName MUST be in the payload, no idea why...
|
|
const delta = {
|
|
name: currentRoleName,
|
|
description: "test",
|
|
};
|
|
await kcAdminClient.clients.updateRole(
|
|
{
|
|
id: currentClient.id!,
|
|
roleName: currentRoleName,
|
|
},
|
|
delta,
|
|
);
|
|
|
|
// check the change
|
|
const role = await kcAdminClient.clients.findRole({
|
|
id: currentClient.id!,
|
|
roleName: currentRoleName,
|
|
});
|
|
|
|
expect(role).to.include(delta);
|
|
});
|
|
|
|
it("delete a client role", async () => {
|
|
const roleName = faker.internet.userName();
|
|
// create a client role
|
|
await kcAdminClient.clients.createRole({
|
|
id: currentClient.id,
|
|
name: roleName,
|
|
});
|
|
|
|
// delete
|
|
await kcAdminClient.clients.delRole({
|
|
id: currentClient.id!,
|
|
roleName,
|
|
});
|
|
|
|
// check it's null
|
|
const role = await kcAdminClient.clients.findRole({
|
|
id: currentClient.id!,
|
|
roleName,
|
|
});
|
|
|
|
expect(role).to.be.null;
|
|
});
|
|
});
|
|
|
|
describe("client secret", () => {
|
|
before(async () => {
|
|
const { clientId, id: clientUniqueId } = currentClient;
|
|
// update with serviceAccountsEnabled: true
|
|
await kcAdminClient.clients.update(
|
|
{
|
|
id: clientUniqueId!,
|
|
},
|
|
{
|
|
clientId,
|
|
serviceAccountsEnabled: true,
|
|
},
|
|
);
|
|
});
|
|
|
|
it("get client secret", async () => {
|
|
const credential = await kcAdminClient.clients.getClientSecret({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(credential).to.have.all.keys("type", "value");
|
|
});
|
|
|
|
it("generate new client secret", async () => {
|
|
const newCredential = await kcAdminClient.clients.generateNewClientSecret(
|
|
{
|
|
id: currentClient.id!,
|
|
},
|
|
);
|
|
|
|
const credential = await kcAdminClient.clients.getClientSecret({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(newCredential).to.be.eql(credential);
|
|
});
|
|
|
|
it("generate new registration access token", async () => {
|
|
const newRegistrationAccessToken =
|
|
await kcAdminClient.clients.generateRegistrationAccessToken({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(newRegistrationAccessToken).to.be.ok;
|
|
});
|
|
|
|
it("invalidate rotation token", async () => {
|
|
await kcAdminClient.clients.invalidateSecret({
|
|
id: currentClient.id!,
|
|
});
|
|
});
|
|
|
|
it("get installation providers", async () => {
|
|
const installationProvider =
|
|
await kcAdminClient.clients.getInstallationProviders({
|
|
id: currentClient.id!,
|
|
providerId: "keycloak-oidc-jboss-subsystem",
|
|
});
|
|
expect(installationProvider).to.be.ok;
|
|
expect(typeof installationProvider).to.be.equal("string");
|
|
});
|
|
|
|
it("get service account user", async () => {
|
|
const serviceAccountUser =
|
|
await kcAdminClient.clients.getServiceAccountUser({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(serviceAccountUser).to.be.ok;
|
|
});
|
|
});
|
|
|
|
describe("default client scopes", () => {
|
|
let dummyClientScope: ClientScopeRepresentation;
|
|
|
|
beforeEach(async () => {
|
|
dummyClientScope = {
|
|
name: "does-anyone-read-this",
|
|
description: "Oh - seems like you are reading Hey there!",
|
|
protocol: "openid-connect",
|
|
};
|
|
|
|
// setup dummy client scope
|
|
await kcAdminClient.clientScopes.create(dummyClientScope);
|
|
currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
|
|
name: dummyClientScope.name!,
|
|
}))!;
|
|
});
|
|
|
|
afterEach(async () => {
|
|
// cleanup default scopes
|
|
try {
|
|
const { id } = currentClient;
|
|
const { id: clientScopeId } = currentClientScope;
|
|
await kcAdminClient.clients.delDefaultClientScope({
|
|
clientScopeId: clientScopeId!,
|
|
id: id!,
|
|
});
|
|
} catch (e) {
|
|
// ignore
|
|
}
|
|
|
|
// cleanup client scopes
|
|
try {
|
|
await kcAdminClient.clientScopes.delByName({
|
|
name: dummyClientScope.name!,
|
|
});
|
|
} catch (e) {
|
|
// ignore
|
|
}
|
|
});
|
|
|
|
it("list default client scopes", async () => {
|
|
const defaultClientScopes =
|
|
await kcAdminClient.clients.listDefaultClientScopes({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(defaultClientScopes).to.be.ok;
|
|
});
|
|
|
|
it("add default client scope", async () => {
|
|
const { id } = currentClient;
|
|
const { id: clientScopeId } = currentClientScope;
|
|
|
|
await kcAdminClient.clients.addDefaultClientScope({
|
|
id: id!,
|
|
clientScopeId: clientScopeId!,
|
|
});
|
|
|
|
const defaultScopes = await kcAdminClient.clients.listDefaultClientScopes(
|
|
{ id: id! },
|
|
);
|
|
|
|
expect(defaultScopes).to.be.ok;
|
|
|
|
const clientScope = defaultScopes.find(
|
|
(scope) => scope.id === clientScopeId,
|
|
);
|
|
expect(clientScope).to.be.ok;
|
|
});
|
|
|
|
it("delete default client scope", async () => {
|
|
const { id } = currentClient;
|
|
const { id: clientScopeId } = currentClientScope;
|
|
|
|
await kcAdminClient.clients.addDefaultClientScope({
|
|
id: id!,
|
|
clientScopeId: clientScopeId!,
|
|
});
|
|
|
|
await kcAdminClient.clients.delDefaultClientScope({
|
|
id: id!,
|
|
clientScopeId: clientScopeId!,
|
|
});
|
|
const defaultScopes = await kcAdminClient.clients.listDefaultClientScopes(
|
|
{ id: id! },
|
|
);
|
|
|
|
const clientScope = defaultScopes.find(
|
|
(scope) => scope.id === clientScopeId,
|
|
);
|
|
expect(clientScope).not.to.be.ok;
|
|
});
|
|
});
|
|
|
|
describe("optional client scopes", () => {
|
|
let dummyClientScope: ClientScopeRepresentation;
|
|
|
|
beforeEach(async () => {
|
|
dummyClientScope = {
|
|
name: "i-hope-your-well",
|
|
description: "Everyone has that one friend.",
|
|
protocol: "openid-connect",
|
|
};
|
|
|
|
// setup dummy client scope
|
|
await kcAdminClient.clientScopes.create(dummyClientScope);
|
|
currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
|
|
name: dummyClientScope.name!,
|
|
}))!;
|
|
});
|
|
|
|
afterEach(async () => {
|
|
// cleanup optional scopes
|
|
try {
|
|
const { id } = currentClient;
|
|
const { id: clientScopeId } = currentClientScope;
|
|
await kcAdminClient.clients.delOptionalClientScope({
|
|
clientScopeId: clientScopeId!,
|
|
id: id!,
|
|
});
|
|
} catch (e) {
|
|
// ignore
|
|
}
|
|
|
|
// cleanup client scopes
|
|
try {
|
|
await kcAdminClient.clientScopes.delByName({
|
|
name: dummyClientScope.name!,
|
|
});
|
|
} catch (e) {
|
|
// ignore
|
|
}
|
|
});
|
|
|
|
it("list optional client scopes", async () => {
|
|
const optionalClientScopes =
|
|
await kcAdminClient.clients.listOptionalClientScopes({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(optionalClientScopes).to.be.ok;
|
|
});
|
|
|
|
it("add optional client scope", async () => {
|
|
const { id } = currentClient;
|
|
const { id: clientScopeId } = currentClientScope;
|
|
|
|
await kcAdminClient.clients.addOptionalClientScope({
|
|
id: id!,
|
|
clientScopeId: clientScopeId!,
|
|
});
|
|
|
|
const optionalScopes =
|
|
await kcAdminClient.clients.listOptionalClientScopes({ id: id! });
|
|
|
|
expect(optionalScopes).to.be.ok;
|
|
|
|
const clientScope = optionalScopes.find(
|
|
(scope) => scope.id === clientScopeId,
|
|
);
|
|
expect(clientScope).to.be.ok;
|
|
});
|
|
|
|
it("delete optional client scope", async () => {
|
|
const { id } = currentClient;
|
|
const { id: clientScopeId } = currentClientScope;
|
|
|
|
await kcAdminClient.clients.addOptionalClientScope({
|
|
id: id!,
|
|
clientScopeId: clientScopeId!,
|
|
});
|
|
|
|
await kcAdminClient.clients.delOptionalClientScope({
|
|
id: id!,
|
|
clientScopeId: clientScopeId!,
|
|
});
|
|
const optionalScopes =
|
|
await kcAdminClient.clients.listOptionalClientScopes({ id: id! });
|
|
|
|
const clientScope = optionalScopes.find(
|
|
(scope) => scope.id === clientScopeId,
|
|
);
|
|
expect(clientScope).not.to.be.ok;
|
|
});
|
|
});
|
|
|
|
describe("protocol mappers", () => {
|
|
let dummyMapper: ProtocolMapperRepresentation;
|
|
|
|
beforeEach(() => {
|
|
dummyMapper = {
|
|
name: "become-a-farmer",
|
|
protocol: "openid-connect",
|
|
protocolMapper: "oidc-role-name-mapper",
|
|
config: {
|
|
role: "admin",
|
|
"new.role.name": "farmer",
|
|
},
|
|
};
|
|
});
|
|
|
|
afterEach(async () => {
|
|
try {
|
|
const { id: clientUniqueId } = currentClient;
|
|
const { id: mapperId } =
|
|
(await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: clientUniqueId!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
await kcAdminClient.clients.delProtocolMapper({
|
|
id: clientUniqueId!,
|
|
mapperId: mapperId!,
|
|
});
|
|
} catch (e) {
|
|
// ignore
|
|
}
|
|
});
|
|
|
|
it("list protocol mappers", async () => {
|
|
const { id } = currentClient;
|
|
const mapperList = await kcAdminClient.clients.listProtocolMappers({
|
|
id: id!,
|
|
});
|
|
expect(mapperList).to.be.ok;
|
|
});
|
|
|
|
it("add multiple protocol mappers", async () => {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.addMultipleProtocolMappers({ id: id! }, [
|
|
dummyMapper,
|
|
]);
|
|
|
|
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
expect(mapper).to.be.ok;
|
|
expect(mapper.protocol).to.eq(dummyMapper.protocol);
|
|
expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
|
|
});
|
|
|
|
it("add single protocol mapper", async () => {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
|
|
|
|
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
expect(mapper).to.be.ok;
|
|
expect(mapper.protocol).to.eq(dummyMapper.protocol);
|
|
expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
|
|
});
|
|
|
|
it("find protocol mapper by id", async () => {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
|
|
|
|
const { id: mapperId } =
|
|
(await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
|
|
const mapper = await kcAdminClient.clients.findProtocolMapperById({
|
|
mapperId: mapperId!,
|
|
id: id!,
|
|
});
|
|
|
|
expect(mapper).to.be.ok;
|
|
expect(mapper.id).to.eql(mapperId);
|
|
});
|
|
|
|
it("find protocol mapper by name", async () => {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
|
|
|
|
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
|
|
expect(mapper).to.be.ok;
|
|
expect(mapper.name).to.eql(dummyMapper.name);
|
|
});
|
|
|
|
it("find protocol mappers by protocol", async () => {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
|
|
|
|
const mapperList =
|
|
await kcAdminClient.clients.findProtocolMappersByProtocol({
|
|
id: id!,
|
|
protocol: dummyMapper.protocol!,
|
|
});
|
|
|
|
expect(mapperList).to.be.ok;
|
|
expect(mapperList.length).to.be.gte(1);
|
|
|
|
const mapper = mapperList.find((item) => item.name === dummyMapper.name);
|
|
expect(mapper).to.be.ok;
|
|
});
|
|
|
|
it("update protocol mapper", async () => {
|
|
const { id } = currentClient;
|
|
|
|
dummyMapper.config = { "access.token.claim": "true" };
|
|
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
|
|
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
|
|
expect(mapper.config!["access.token.claim"]).to.eq("true");
|
|
|
|
mapper.config = { "access.token.claim": "false" };
|
|
|
|
await kcAdminClient.clients.updateProtocolMapper(
|
|
{ id: id!, mapperId: mapper.id! },
|
|
mapper,
|
|
);
|
|
|
|
const updatedMapper =
|
|
(await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
|
|
expect(updatedMapper.config!["access.token.claim"]).to.eq("false");
|
|
});
|
|
|
|
it("delete protocol mapper", async () => {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
|
|
|
|
const { id: mapperId } =
|
|
(await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
}))!;
|
|
|
|
await kcAdminClient.clients.delProtocolMapper({
|
|
id: id!,
|
|
mapperId: mapperId!,
|
|
});
|
|
|
|
const mapper = await kcAdminClient.clients.findProtocolMapperByName({
|
|
id: id!,
|
|
name: dummyMapper.name!,
|
|
});
|
|
|
|
expect(mapper).not.to.be.ok;
|
|
});
|
|
});
|
|
|
|
describe("scope mappings", () => {
|
|
it("list client and realm scope mappings", async () => {
|
|
const { id } = currentClient;
|
|
const scopes = await kcAdminClient.clients.listScopeMappings({
|
|
id: id!,
|
|
});
|
|
expect(scopes).to.be.ok;
|
|
});
|
|
|
|
describe("client", () => {
|
|
const dummyRoleName = "clientScopeMappingsRole-dummy";
|
|
|
|
beforeEach(async () => {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.createRole({
|
|
id,
|
|
name: dummyRoleName,
|
|
});
|
|
});
|
|
|
|
afterEach(async () => {
|
|
try {
|
|
const { id } = currentClient;
|
|
await kcAdminClient.clients.delRole({
|
|
id: id!,
|
|
roleName: dummyRoleName,
|
|
});
|
|
} catch (e) {
|
|
// ignore
|
|
}
|
|
});
|
|
|
|
it("add scope mappings", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
|
|
const availableRoles =
|
|
await kcAdminClient.clients.listAvailableClientScopeMappings({
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
});
|
|
|
|
await kcAdminClient.clients.addClientScopeMappings(
|
|
{
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
},
|
|
availableRoles,
|
|
);
|
|
|
|
const roles = await kcAdminClient.clients.listClientScopeMappings({
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
});
|
|
|
|
expect(roles).to.be.ok;
|
|
expect(roles).to.be.eql(availableRoles);
|
|
});
|
|
|
|
it("list scope mappings", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
const roles = await kcAdminClient.clients.listClientScopeMappings({
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
});
|
|
expect(roles).to.be.ok;
|
|
});
|
|
|
|
it("list available scope mappings", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
const roles =
|
|
await kcAdminClient.clients.listAvailableClientScopeMappings({
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
});
|
|
expect(roles).to.be.ok;
|
|
});
|
|
|
|
it("list composite scope mappings", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
const roles =
|
|
await kcAdminClient.clients.listCompositeClientScopeMappings({
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
});
|
|
expect(roles).to.be.ok;
|
|
});
|
|
|
|
it("delete scope mappings", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
|
|
const rolesBefore = await kcAdminClient.clients.listClientScopeMappings(
|
|
{
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
},
|
|
);
|
|
|
|
await kcAdminClient.clients.delClientScopeMappings(
|
|
{
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
},
|
|
rolesBefore,
|
|
);
|
|
|
|
const rolesAfter = await kcAdminClient.clients.listClientScopeMappings({
|
|
id: clientUniqueId!,
|
|
client: clientUniqueId!,
|
|
});
|
|
|
|
expect(rolesAfter).to.be.ok;
|
|
expect(rolesAfter).to.eql([]);
|
|
});
|
|
|
|
it("get effective scope mapping of all roles for a specific container", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
const roles = await kcAdminClient.clients.evaluatePermission({
|
|
id: clientUniqueId!,
|
|
roleContainer: "master",
|
|
type: "granted",
|
|
scope: "openid",
|
|
});
|
|
|
|
expect(roles).to.be.ok;
|
|
expect(roles.length).to.be.eq(5);
|
|
});
|
|
|
|
it("get list of all protocol mappers", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
const protocolMappers =
|
|
await kcAdminClient.clients.evaluateListProtocolMapper({
|
|
id: clientUniqueId!,
|
|
scope: "openid",
|
|
});
|
|
expect(protocolMappers).to.be.ok;
|
|
expect(protocolMappers.length).to.be.gt(10);
|
|
});
|
|
|
|
it("get JSON with payload of examples", async () => {
|
|
const { id: clientUniqueId } = currentClient;
|
|
const username = faker.internet.userName();
|
|
const user = await kcAdminClient.users.create({
|
|
username,
|
|
});
|
|
const accessToken =
|
|
await kcAdminClient.clients.evaluateGenerateAccessToken({
|
|
id: clientUniqueId!,
|
|
userId: user.id,
|
|
scope: "openid",
|
|
});
|
|
const idToken = await kcAdminClient.clients.evaluateGenerateIdToken({
|
|
id: clientUniqueId!,
|
|
userId: user.id,
|
|
scope: "openid",
|
|
});
|
|
const userInfo = await kcAdminClient.clients.evaluateGenerateUserInfo({
|
|
id: clientUniqueId!,
|
|
userId: user.id,
|
|
scope: "openid",
|
|
});
|
|
|
|
expect(accessToken).to.be.ok;
|
|
expect(idToken).to.be.ok;
|
|
expect(userInfo).to.be.ok;
|
|
await kcAdminClient.users.del({ id: user.id });
|
|
});
|
|
});
|
|
|
|
describe("realm", () => {
|
|
const dummyRoleName = "realmScopeMappingsRole-dummy";
|
|
|
|
beforeEach(async () => {
|
|
await kcAdminClient.roles.create({
|
|
name: dummyRoleName,
|
|
});
|
|
});
|
|
|
|
afterEach(async () => {
|
|
try {
|
|
await kcAdminClient.roles.delByName({
|
|
name: dummyRoleName,
|
|
});
|
|
} catch (e) {
|
|
// ignore
|
|
}
|
|
});
|
|
|
|
it("add scope mappings", async () => {
|
|
const { id } = currentClient;
|
|
|
|
const availableRoles =
|
|
await kcAdminClient.clients.listAvailableRealmScopeMappings({
|
|
id: id!,
|
|
});
|
|
|
|
await kcAdminClient.clients.addRealmScopeMappings(
|
|
{ id: id! },
|
|
availableRoles,
|
|
);
|
|
|
|
const roles = await kcAdminClient.clients.listRealmScopeMappings({
|
|
id: id!,
|
|
});
|
|
|
|
expect(roles).to.be.ok;
|
|
expect(roles).to.deep.members(availableRoles);
|
|
});
|
|
|
|
it("list scope mappings", async () => {
|
|
const { id } = currentClient;
|
|
const roles = await kcAdminClient.clients.listRealmScopeMappings({
|
|
id: id!,
|
|
});
|
|
expect(roles).to.be.ok;
|
|
});
|
|
|
|
it("list available scope mappings", async () => {
|
|
const { id } = currentClient;
|
|
const roles =
|
|
await kcAdminClient.clients.listAvailableRealmScopeMappings({
|
|
id: id!,
|
|
});
|
|
expect(roles).to.be.ok;
|
|
});
|
|
|
|
it("list composite scope mappings", async () => {
|
|
const { id } = currentClient;
|
|
const roles =
|
|
await kcAdminClient.clients.listCompositeRealmScopeMappings({
|
|
id: id!,
|
|
});
|
|
expect(roles).to.be.ok;
|
|
});
|
|
|
|
it("delete scope mappings", async () => {
|
|
const { id } = currentClient;
|
|
|
|
const rolesBefore = await kcAdminClient.clients.listRealmScopeMappings({
|
|
id: id!,
|
|
});
|
|
|
|
await kcAdminClient.clients.delRealmScopeMappings(
|
|
{ id: id! },
|
|
rolesBefore,
|
|
);
|
|
|
|
const rolesAfter = await kcAdminClient.clients.listRealmScopeMappings({
|
|
id: id!,
|
|
});
|
|
|
|
expect(rolesAfter).to.be.ok;
|
|
expect(rolesAfter).to.eql([]);
|
|
});
|
|
});
|
|
});
|
|
|
|
describe("sessions", () => {
|
|
it("list clients user sessions", async () => {
|
|
const clientUniqueId = currentClient.id;
|
|
const userSessions = await kcAdminClient.clients.listSessions({
|
|
id: clientUniqueId!,
|
|
});
|
|
expect(userSessions).to.be.ok;
|
|
});
|
|
|
|
it("list clients offline user sessions", async () => {
|
|
const clientUniqueId = currentClient.id;
|
|
const userSessions = await kcAdminClient.clients.listOfflineSessions({
|
|
id: clientUniqueId!,
|
|
});
|
|
expect(userSessions).to.be.ok;
|
|
});
|
|
|
|
it("list clients user session count", async () => {
|
|
const clientUniqueId = currentClient.id;
|
|
const userSessions = await kcAdminClient.clients.getSessionCount({
|
|
id: clientUniqueId!,
|
|
});
|
|
expect(userSessions).to.be.ok;
|
|
});
|
|
|
|
it("list clients offline user session count", async () => {
|
|
const clientUniqueId = currentClient.id;
|
|
const userSessions = await kcAdminClient.clients.getOfflineSessionCount({
|
|
id: clientUniqueId!,
|
|
});
|
|
expect(userSessions).to.be.ok;
|
|
});
|
|
});
|
|
|
|
describe("nodes", () => {
|
|
const host = "127.0.0.1";
|
|
it("register a node manually", async () => {
|
|
await kcAdminClient.clients.addClusterNode({
|
|
id: currentClient.id!,
|
|
node: host,
|
|
});
|
|
const client = (await kcAdminClient.clients.findOne({
|
|
id: currentClient.id!,
|
|
}))!;
|
|
|
|
expect(Object.keys(client.registeredNodes!)).to.be.eql([host]);
|
|
});
|
|
|
|
it("remove registered host", async () => {
|
|
await kcAdminClient.clients.deleteClusterNode({
|
|
id: currentClient.id!,
|
|
node: host,
|
|
});
|
|
const client = (await kcAdminClient.clients.findOne({
|
|
id: currentClient.id!,
|
|
}))!;
|
|
|
|
expect(client.registeredNodes).to.be.undefined;
|
|
});
|
|
});
|
|
|
|
describe("client attribute certificate", () => {
|
|
const keystoreConfig = {
|
|
format: "JKS",
|
|
keyAlias: "new",
|
|
keyPassword: "password",
|
|
realmAlias: "master",
|
|
realmCertificate: false,
|
|
storePassword: "password",
|
|
};
|
|
const attr = "jwt.credential";
|
|
|
|
it("generate and download keys", async () => {
|
|
const result = await kcAdminClient.clients.generateAndDownloadKey(
|
|
{ id: currentClient.id!, attr },
|
|
keystoreConfig,
|
|
);
|
|
|
|
expect(result).to.be.ok;
|
|
});
|
|
|
|
it("generate key and updated info", async () => {
|
|
const certificate = await kcAdminClient.clients.generateKey({
|
|
id: currentClient.id!,
|
|
attr,
|
|
});
|
|
|
|
expect(certificate).to.be.ok;
|
|
expect(certificate.certificate).to.be.ok;
|
|
|
|
const info = await kcAdminClient.clients.getKeyInfo({
|
|
id: currentClient.id!,
|
|
attr,
|
|
});
|
|
expect(info).to.be.eql(certificate);
|
|
});
|
|
|
|
it("download key", async () => {
|
|
const result = await kcAdminClient.clients.downloadKey(
|
|
{ id: currentClient.id!, attr },
|
|
keystoreConfig,
|
|
);
|
|
|
|
expect(result).to.be.ok;
|
|
});
|
|
});
|
|
|
|
describe("authorization", async () => {
|
|
const resourceConfig = {
|
|
name: "testResourceName",
|
|
type: "testResourceType",
|
|
scopeNames: ["testScopeA", "testScopeB", "testScopeC"],
|
|
};
|
|
const policyConfig = {
|
|
name: "testPolicyName",
|
|
type: "user",
|
|
logic: Logic.POSITIVE,
|
|
};
|
|
const permissionConfig = {
|
|
name: "testPermissionName",
|
|
type: "scope",
|
|
logic: Logic.POSITIVE,
|
|
};
|
|
let scopes: ScopeRepresentation[];
|
|
let resource: ResourceRepresentation;
|
|
let policy: PolicyRepresentation;
|
|
let permission: PolicyRepresentation;
|
|
let user: UserRepresentation;
|
|
|
|
before("enable authorization services", async () => {
|
|
await kcAdminClient.clients.update(
|
|
{ id: currentClient.id! },
|
|
{
|
|
clientId: currentClient.clientId,
|
|
authorizationServicesEnabled: true,
|
|
serviceAccountsEnabled: true,
|
|
},
|
|
);
|
|
});
|
|
|
|
before("create test user", async () => {
|
|
const username = faker.internet.userName();
|
|
user = await kcAdminClient.users.create({
|
|
username,
|
|
});
|
|
});
|
|
|
|
after("delete test user", async () => {
|
|
await kcAdminClient.users.del({
|
|
id: user.id!,
|
|
});
|
|
});
|
|
|
|
after("disable authorization services", async () => {
|
|
await kcAdminClient.clients.update(
|
|
{ id: currentClient.id! },
|
|
{
|
|
clientId: currentClient.clientId,
|
|
authorizationServicesEnabled: false,
|
|
serviceAccountsEnabled: false,
|
|
},
|
|
);
|
|
});
|
|
|
|
it("create authorization scopes", async () => {
|
|
scopes = (
|
|
await Promise.all(
|
|
resourceConfig.scopeNames.map(async (name) => {
|
|
const result = await kcAdminClient.clients.createAuthorizationScope(
|
|
{ id: currentClient.id! },
|
|
{
|
|
name,
|
|
},
|
|
);
|
|
expect(result).to.be.ok;
|
|
return result;
|
|
}),
|
|
)
|
|
).sort((a, b) => (a.name < b.name ? -1 : 1));
|
|
});
|
|
|
|
it("list all authorization scopes", async () => {
|
|
const result = await kcAdminClient.clients.listAllScopes({
|
|
id: currentClient.id!,
|
|
});
|
|
expect(result.sort((a, b) => (a.name! < b.name! ? -1 : 1))).to.deep.equal(
|
|
scopes,
|
|
);
|
|
});
|
|
|
|
it("update authorization scope", async () => {
|
|
const updatedScope = { ...scopes[0], displayName: "Hello" };
|
|
await kcAdminClient.clients.updateAuthorizationScope(
|
|
{ id: currentClient.id!, scopeId: scopes[0].id! },
|
|
updatedScope,
|
|
);
|
|
|
|
const fetchedScope = await kcAdminClient.clients.getAuthorizationScope({
|
|
id: currentClient.id!,
|
|
scopeId: scopes[0].id!,
|
|
});
|
|
|
|
expect(fetchedScope).to.deep.equal(updatedScope);
|
|
});
|
|
|
|
it("list all resources by scope", async () => {
|
|
const result = await kcAdminClient.clients.listAllResourcesByScope({
|
|
id: currentClient.id!,
|
|
scopeId: scopes[0].id!,
|
|
});
|
|
expect(result).to.deep.equal([]);
|
|
});
|
|
|
|
it("list all permissions by scope", async () => {
|
|
const result = await kcAdminClient.clients.listAllPermissionsByScope({
|
|
id: currentClient.id!,
|
|
scopeId: scopes[0].id!,
|
|
});
|
|
expect(result).to.deep.equal([]);
|
|
});
|
|
|
|
it("import resource", async () => {
|
|
await kcAdminClient.clients.importResource(
|
|
{ id: currentClient.id! },
|
|
{
|
|
allowRemoteResourceManagement: true,
|
|
policyEnforcementMode: "ENFORCING",
|
|
resources: [],
|
|
policies: [],
|
|
scopes: [],
|
|
decisionStrategy: "UNANIMOUS",
|
|
},
|
|
);
|
|
});
|
|
|
|
it("export resource", async () => {
|
|
const result = await kcAdminClient.clients.exportResource({
|
|
id: currentClient.id!,
|
|
});
|
|
|
|
expect(result.allowRemoteResourceManagement).to.be.equal(true);
|
|
expect(result.resources?.length).to.be.equal(1);
|
|
});
|
|
|
|
it("create resource", async () => {
|
|
resource = await kcAdminClient.clients.createResource(
|
|
{ id: currentClient.id! },
|
|
{
|
|
name: resourceConfig.name,
|
|
type: resourceConfig.type,
|
|
scopes,
|
|
},
|
|
);
|
|
expect(resource).to.be.ok;
|
|
});
|
|
|
|
it("get resource", async () => {
|
|
const r = await kcAdminClient.clients.getResource({
|
|
id: currentClient.id!,
|
|
resourceId: resource._id!,
|
|
});
|
|
expect(r).to.deep.equal(resource);
|
|
});
|
|
|
|
it("get resource server", async () => {
|
|
const resourceServer = await kcAdminClient.clients.getResourceServer({
|
|
id: currentClient.id!,
|
|
});
|
|
expect(resourceServer).to.be.ok;
|
|
expect(resourceServer.clientId).to.be.equal(currentClient.id);
|
|
|
|
resourceServer.decisionStrategy = "UNANIMOUS";
|
|
await kcAdminClient.clients.updateResourceServer(
|
|
{ id: currentClient.id! },
|
|
resourceServer,
|
|
);
|
|
});
|
|
|
|
it("list permission by resource", async () => {
|
|
const result = await kcAdminClient.clients.listPermissionsByResource({
|
|
id: currentClient.id!,
|
|
resourceId: resource._id!,
|
|
});
|
|
|
|
expect(result).to.be.ok;
|
|
});
|
|
|
|
it("list scopes by resource", async () => {
|
|
const result = await kcAdminClient.clients.listScopesByResource({
|
|
id: currentClient.id!,
|
|
resourceName: resource._id!,
|
|
});
|
|
expect(result.sort((a, b) => (a.name < b.name ? -1 : 1))).to.deep.equal(
|
|
scopes,
|
|
);
|
|
});
|
|
|
|
it("list resources", async () => {
|
|
const result = await kcAdminClient.clients.listResources({
|
|
id: currentClient.id!,
|
|
});
|
|
expect(result).to.deep.include(resource);
|
|
});
|
|
|
|
it("update resource", async () => {
|
|
resource.name = "foo";
|
|
await kcAdminClient.clients.updateResource(
|
|
{
|
|
id: currentClient.id!,
|
|
resourceId: resource._id!,
|
|
},
|
|
resource,
|
|
);
|
|
const result = await kcAdminClient.clients.getResource({
|
|
id: currentClient.id!,
|
|
resourceId: resource._id!,
|
|
});
|
|
|
|
expect(result.name).to.equal("foo");
|
|
});
|
|
|
|
it("create policy", async () => {
|
|
policy = await kcAdminClient.clients.createPolicy(
|
|
{
|
|
id: currentClient.id!,
|
|
type: policyConfig.type,
|
|
},
|
|
{
|
|
name: policyConfig.name,
|
|
logic: policyConfig.logic,
|
|
users: [user.id!],
|
|
},
|
|
);
|
|
expect(policy).to.be.ok;
|
|
});
|
|
|
|
it("policy list dependencies", async () => {
|
|
const dependencies = await kcAdminClient.clients.listDependentPolicies({
|
|
id: currentClient.id!,
|
|
policyId: policy.id!,
|
|
});
|
|
expect(dependencies).to.be.ok;
|
|
});
|
|
|
|
it("create permission", async () => {
|
|
permission = await kcAdminClient.clients.createPermission(
|
|
{
|
|
id: currentClient.id!,
|
|
type: "scope",
|
|
},
|
|
{
|
|
name: permissionConfig.name,
|
|
logic: permissionConfig.logic,
|
|
// @ts-ignore
|
|
resources: [resource._id],
|
|
policies: [policy.id!],
|
|
scopes: scopes.map((scope) => scope.id!),
|
|
},
|
|
);
|
|
|
|
const p = await kcAdminClient.clients.findPermissions({
|
|
id: currentClient.id!,
|
|
name: permissionConfig.name,
|
|
});
|
|
|
|
expect(p.length).to.be.eq(1);
|
|
expect(p[0].logic).to.be.eq(permissionConfig.logic);
|
|
});
|
|
|
|
it("get associated scopes for permission", async () => {
|
|
const result = await kcAdminClient.clients.getAssociatedScopes({
|
|
id: currentClient.id!,
|
|
permissionId: permission.id!,
|
|
});
|
|
expect(result.sort((a, b) => (a.name < b.name ? -1 : 1))).to.deep.equal(
|
|
scopes,
|
|
);
|
|
});
|
|
|
|
it("get associated policies for permission", async () => {
|
|
const result = await kcAdminClient.clients.getAssociatedPolicies({
|
|
id: currentClient.id!,
|
|
permissionId: permission.id!,
|
|
});
|
|
|
|
expect(result.length).to.be.eq(1);
|
|
expect(result[0].id).to.be.eq(policy.id);
|
|
});
|
|
|
|
it("get associated resources for permission", async () => {
|
|
const result = await kcAdminClient.clients.getAssociatedResources({
|
|
id: currentClient.id!,
|
|
permissionId: permission.id!,
|
|
});
|
|
expect(result).to.deep.equal([
|
|
{
|
|
_id: resource._id,
|
|
name: resource.name,
|
|
},
|
|
]);
|
|
});
|
|
|
|
it("list policy providers", async () => {
|
|
const result = await kcAdminClient.clients.listPolicyProviders({
|
|
id: currentClient.id!,
|
|
});
|
|
expect(result).to.be.ok;
|
|
});
|
|
|
|
it.skip("Enable fine grained permissions", async () => {
|
|
const permission = await kcAdminClient.clients.updateFineGrainPermission(
|
|
{ id: currentClient.id! },
|
|
{ enabled: true },
|
|
);
|
|
expect(permission).to.include({
|
|
enabled: true,
|
|
});
|
|
});
|
|
|
|
it.skip("List fine grained permissions for this client", async () => {
|
|
const permissions = (await kcAdminClient.clients.listFineGrainPermissions(
|
|
{ id: currentClient.id! },
|
|
))!;
|
|
|
|
expect(permissions.scopePermissions).to.be.an("object");
|
|
});
|
|
});
|
|
});
|