keycloak-scim/js/libs/keycloak-admin-client/test/clients.spec.ts
dependabot[bot] 97727dbed5
Bump @faker-js/faker from 9.0.3 to 9.1.0 (#34377)
* Bump @faker-js/faker from 9.0.3 to 9.1.0

Bumps [@faker-js/faker](https://github.com/faker-js/faker) from 9.0.3 to 9.1.0.
- [Release notes](https://github.com/faker-js/faker/releases)
- [Changelog](https://github.com/faker-js/faker/blob/next/CHANGELOG.md)
- [Commits](https://github.com/faker-js/faker/compare/v9.0.3...v9.1.0)

---
updated-dependencies:
- dependency-name: "@faker-js/faker"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* removed use of deprecated userName()

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-10-30 12:14:02 +01:00

1308 lines
36 KiB
TypeScript

// tslint:disable:no-unused-expression
import { faker } from "@faker-js/faker";
import * as chai from "chai";
import { KeycloakAdminClient } from "../src/client.js";
import type ClientRepresentation from "../src/defs/clientRepresentation.js";
import type ClientScopeRepresentation from "../src/defs/clientScopeRepresentation.js";
import type PolicyRepresentation from "../src/defs/policyRepresentation.js";
import { Logic } from "../src/defs/policyRepresentation.js";
import type ProtocolMapperRepresentation from "../src/defs/protocolMapperRepresentation.js";
import type ResourceRepresentation from "../src/defs/resourceRepresentation.js";
import type ScopeRepresentation from "../src/defs/scopeRepresentation.js";
import type UserRepresentation from "../src/defs/userRepresentation.js";
import { credentials } from "./constants.js";
const expect = chai.expect;
describe("Clients", () => {
let kcAdminClient: KeycloakAdminClient;
let currentClient: ClientRepresentation;
let currentClientScope: ClientScopeRepresentation;
let currentRoleName: string;
before(async () => {
kcAdminClient = new KeycloakAdminClient();
await kcAdminClient.auth(credentials);
// create client and also test it
// NOTICE: to be clear, clientId stands for the property `clientId` of client
// clientUniqueId stands for property `id` of client
const clientId = faker.internet.username();
const createdClient = await kcAdminClient.clients.create({
clientId,
});
expect(createdClient.id).to.be.ok;
const client = await kcAdminClient.clients.findOne({
id: createdClient.id,
});
expect(client).to.be.ok;
currentClient = client!;
});
after(async () => {
// delete the current one
await kcAdminClient.clients.del({
id: currentClient.id!,
});
});
it("list clients", async () => {
const clients = await kcAdminClient.clients.find();
expect(clients).to.be.ok;
});
it("get single client", async () => {
const clientUniqueId = currentClient.id!;
const client = await kcAdminClient.clients.findOne({
id: clientUniqueId,
});
// not sure why entity from list api will not have property: authorizationServicesEnabled
expect(client).to.deep.include(currentClient);
});
it("update single client", async () => {
const { clientId, id: clientUniqueId } = currentClient;
await kcAdminClient.clients.update(
{ id: clientUniqueId! },
{
// clientId is required in client update. no idea why...
clientId,
description: "test",
},
);
const client = await kcAdminClient.clients.findOne({
id: clientUniqueId!,
});
expect(client).to.include({
description: "test",
});
});
it("delete single client", async () => {
// create another one for delete test
const clientId = faker.internet.username();
const { id } = await kcAdminClient.clients.create({
clientId,
});
// delete it
await kcAdminClient.clients.del({
id,
});
const delClient = await kcAdminClient.clients.findOne({
id,
});
expect(delClient).to.be.null;
});
/**
* client roles
*/
describe("client roles", () => {
before(async () => {
const roleName = faker.internet.username();
// create a client role
const { roleName: createdRoleName } =
await kcAdminClient.clients.createRole({
id: currentClient.id,
name: roleName,
});
expect(createdRoleName).to.be.equal(roleName);
// assign currentClientRole
currentRoleName = roleName;
});
after(async () => {
// delete client role
await kcAdminClient.clients.delRole({
id: currentClient.id!,
roleName: currentRoleName,
});
});
it("list the client roles", async () => {
const roles = await kcAdminClient.clients.listRoles({
id: currentClient.id!,
});
expect(roles[0]).to.include({
name: currentRoleName,
});
});
it("find the client role", async () => {
const role = await kcAdminClient.clients.findRole({
id: currentClient.id!,
roleName: currentRoleName,
});
expect(role).to.include({
name: currentRoleName,
clientRole: true,
containerId: currentClient.id,
});
});
it("update the client role", async () => {
// NOTICE: roleName MUST be in the payload, no idea why...
const delta = {
name: currentRoleName,
description: "test",
};
await kcAdminClient.clients.updateRole(
{
id: currentClient.id!,
roleName: currentRoleName,
},
delta,
);
// check the change
const role = await kcAdminClient.clients.findRole({
id: currentClient.id!,
roleName: currentRoleName,
});
expect(role).to.include(delta);
});
it("delete a client role", async () => {
const roleName = faker.internet.username();
// create a client role
await kcAdminClient.clients.createRole({
id: currentClient.id,
name: roleName,
});
// delete
await kcAdminClient.clients.delRole({
id: currentClient.id!,
roleName,
});
// check it's null
const role = await kcAdminClient.clients.findRole({
id: currentClient.id!,
roleName,
});
expect(role).to.be.null;
});
});
describe("client secret", () => {
before(async () => {
const { clientId, id: clientUniqueId } = currentClient;
// update with serviceAccountsEnabled: true
await kcAdminClient.clients.update(
{
id: clientUniqueId!,
},
{
clientId,
serviceAccountsEnabled: true,
},
);
});
it("get client secret", async () => {
const credential = await kcAdminClient.clients.getClientSecret({
id: currentClient.id!,
});
expect(credential).to.have.all.keys("type", "value");
});
it("generate new client secret", async () => {
const newCredential = await kcAdminClient.clients.generateNewClientSecret(
{
id: currentClient.id!,
},
);
const credential = await kcAdminClient.clients.getClientSecret({
id: currentClient.id!,
});
expect(newCredential).to.be.eql(credential);
});
it("generate new registration access token", async () => {
const newRegistrationAccessToken =
await kcAdminClient.clients.generateRegistrationAccessToken({
id: currentClient.id!,
});
expect(newRegistrationAccessToken).to.be.ok;
});
it("invalidate rotation token", async () => {
await kcAdminClient.clients.invalidateSecret({
id: currentClient.id!,
});
});
it("get installation providers", async () => {
const installationProvider =
await kcAdminClient.clients.getInstallationProviders({
id: currentClient.id!,
providerId: "keycloak-oidc-jboss-subsystem",
});
expect(installationProvider).to.be.ok;
expect(typeof installationProvider).to.be.equal("string");
});
it("get service account user", async () => {
const serviceAccountUser =
await kcAdminClient.clients.getServiceAccountUser({
id: currentClient.id!,
});
expect(serviceAccountUser).to.be.ok;
});
});
describe("default client scopes", () => {
let dummyClientScope: ClientScopeRepresentation;
beforeEach(async () => {
dummyClientScope = {
name: "does-anyone-read-this",
description: "Oh - seems like you are reading Hey there!",
protocol: "openid-connect",
};
// setup dummy client scope
await kcAdminClient.clientScopes.create(dummyClientScope);
currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
name: dummyClientScope.name!,
}))!;
});
afterEach(async () => {
// cleanup default scopes
try {
const { id } = currentClient;
const { id: clientScopeId } = currentClientScope;
await kcAdminClient.clients.delDefaultClientScope({
clientScopeId: clientScopeId!,
id: id!,
});
} catch {
// ignore
}
// cleanup client scopes
try {
await kcAdminClient.clientScopes.delByName({
name: dummyClientScope.name!,
});
} catch {
// ignore
}
});
it("list default client scopes", async () => {
const defaultClientScopes =
await kcAdminClient.clients.listDefaultClientScopes({
id: currentClient.id!,
});
expect(defaultClientScopes).to.be.ok;
});
it("add default client scope", async () => {
const { id } = currentClient;
const { id: clientScopeId } = currentClientScope;
await kcAdminClient.clients.addDefaultClientScope({
id: id!,
clientScopeId: clientScopeId!,
});
const defaultScopes = await kcAdminClient.clients.listDefaultClientScopes(
{ id: id! },
);
expect(defaultScopes).to.be.ok;
const clientScope = defaultScopes.find(
(scope) => scope.id === clientScopeId,
);
expect(clientScope).to.be.ok;
});
it("delete default client scope", async () => {
const { id } = currentClient;
const { id: clientScopeId } = currentClientScope;
await kcAdminClient.clients.addDefaultClientScope({
id: id!,
clientScopeId: clientScopeId!,
});
await kcAdminClient.clients.delDefaultClientScope({
id: id!,
clientScopeId: clientScopeId!,
});
const defaultScopes = await kcAdminClient.clients.listDefaultClientScopes(
{ id: id! },
);
const clientScope = defaultScopes.find(
(scope) => scope.id === clientScopeId,
);
expect(clientScope).not.to.be.ok;
});
});
describe("optional client scopes", () => {
let dummyClientScope: ClientScopeRepresentation;
beforeEach(async () => {
dummyClientScope = {
name: "i-hope-your-well",
description: "Everyone has that one friend.",
protocol: "openid-connect",
};
// setup dummy client scope
await kcAdminClient.clientScopes.create(dummyClientScope);
currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
name: dummyClientScope.name!,
}))!;
});
afterEach(async () => {
// cleanup optional scopes
try {
const { id } = currentClient;
const { id: clientScopeId } = currentClientScope;
await kcAdminClient.clients.delOptionalClientScope({
clientScopeId: clientScopeId!,
id: id!,
});
} catch {
// ignore
}
// cleanup client scopes
try {
await kcAdminClient.clientScopes.delByName({
name: dummyClientScope.name!,
});
} catch {
// ignore
}
});
it("list optional client scopes", async () => {
const optionalClientScopes =
await kcAdminClient.clients.listOptionalClientScopes({
id: currentClient.id!,
});
expect(optionalClientScopes).to.be.ok;
});
it("add optional client scope", async () => {
const { id } = currentClient;
const { id: clientScopeId } = currentClientScope;
await kcAdminClient.clients.addOptionalClientScope({
id: id!,
clientScopeId: clientScopeId!,
});
const optionalScopes =
await kcAdminClient.clients.listOptionalClientScopes({ id: id! });
expect(optionalScopes).to.be.ok;
const clientScope = optionalScopes.find(
(scope) => scope.id === clientScopeId,
);
expect(clientScope).to.be.ok;
});
it("delete optional client scope", async () => {
const { id } = currentClient;
const { id: clientScopeId } = currentClientScope;
await kcAdminClient.clients.addOptionalClientScope({
id: id!,
clientScopeId: clientScopeId!,
});
await kcAdminClient.clients.delOptionalClientScope({
id: id!,
clientScopeId: clientScopeId!,
});
const optionalScopes =
await kcAdminClient.clients.listOptionalClientScopes({ id: id! });
const clientScope = optionalScopes.find(
(scope) => scope.id === clientScopeId,
);
expect(clientScope).not.to.be.ok;
});
});
describe("protocol mappers", () => {
let dummyMapper: ProtocolMapperRepresentation;
beforeEach(() => {
dummyMapper = {
name: "become-a-farmer",
protocol: "openid-connect",
protocolMapper: "oidc-role-name-mapper",
config: {
role: "admin",
"new.role.name": "farmer",
},
};
});
afterEach(async () => {
try {
const { id: clientUniqueId } = currentClient;
const { id: mapperId } =
(await kcAdminClient.clients.findProtocolMapperByName({
id: clientUniqueId!,
name: dummyMapper.name!,
}))!;
await kcAdminClient.clients.delProtocolMapper({
id: clientUniqueId!,
mapperId: mapperId!,
});
} catch {
// ignore
}
});
it("list protocol mappers", async () => {
const { id } = currentClient;
const mapperList = await kcAdminClient.clients.listProtocolMappers({
id: id!,
});
expect(mapperList).to.be.ok;
});
it("add multiple protocol mappers", async () => {
const { id } = currentClient;
await kcAdminClient.clients.addMultipleProtocolMappers({ id: id! }, [
dummyMapper,
]);
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
}))!;
expect(mapper).to.be.ok;
expect(mapper.protocol).to.eq(dummyMapper.protocol);
expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
});
it("add single protocol mapper", async () => {
const { id } = currentClient;
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
}))!;
expect(mapper).to.be.ok;
expect(mapper.protocol).to.eq(dummyMapper.protocol);
expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
});
it("find protocol mapper by id", async () => {
const { id } = currentClient;
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
const { id: mapperId } =
(await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
}))!;
const mapper = await kcAdminClient.clients.findProtocolMapperById({
mapperId: mapperId!,
id: id!,
});
expect(mapper).to.be.ok;
expect(mapper.id).to.eql(mapperId);
});
it("find protocol mapper by name", async () => {
const { id } = currentClient;
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
}))!;
expect(mapper).to.be.ok;
expect(mapper.name).to.eql(dummyMapper.name);
});
it("find protocol mappers by protocol", async () => {
const { id } = currentClient;
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
const mapperList =
await kcAdminClient.clients.findProtocolMappersByProtocol({
id: id!,
protocol: dummyMapper.protocol!,
});
expect(mapperList).to.be.ok;
expect(mapperList.length).to.be.gte(1);
const mapper = mapperList.find((item) => item.name === dummyMapper.name);
expect(mapper).to.be.ok;
});
it("update protocol mapper", async () => {
const { id } = currentClient;
dummyMapper.config = { "access.token.claim": "true" };
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
const mapper = (await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
}))!;
expect(mapper.config!["access.token.claim"]).to.eq("true");
mapper.config = { "access.token.claim": "false" };
await kcAdminClient.clients.updateProtocolMapper(
{ id: id!, mapperId: mapper.id! },
mapper,
);
const updatedMapper =
(await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
}))!;
expect(updatedMapper.config!["access.token.claim"]).to.eq("false");
});
it("delete protocol mapper", async () => {
const { id } = currentClient;
await kcAdminClient.clients.addProtocolMapper({ id: id! }, dummyMapper);
const { id: mapperId } =
(await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
}))!;
await kcAdminClient.clients.delProtocolMapper({
id: id!,
mapperId: mapperId!,
});
const mapper = await kcAdminClient.clients.findProtocolMapperByName({
id: id!,
name: dummyMapper.name!,
});
expect(mapper).not.to.be.ok;
});
});
describe("scope mappings", () => {
it("list client and realm scope mappings", async () => {
const { id } = currentClient;
const scopes = await kcAdminClient.clients.listScopeMappings({
id: id!,
});
expect(scopes).to.be.ok;
});
describe("client", () => {
const dummyRoleName = "clientScopeMappingsRole-dummy";
beforeEach(async () => {
const { id } = currentClient;
await kcAdminClient.clients.createRole({
id,
name: dummyRoleName,
});
});
afterEach(async () => {
try {
const { id } = currentClient;
await kcAdminClient.clients.delRole({
id: id!,
roleName: dummyRoleName,
});
} catch {
// ignore
}
});
it("add scope mappings", async () => {
const { id: clientUniqueId } = currentClient;
const availableRoles =
await kcAdminClient.clients.listAvailableClientScopeMappings({
id: clientUniqueId!,
client: clientUniqueId!,
});
await kcAdminClient.clients.addClientScopeMappings(
{
id: clientUniqueId!,
client: clientUniqueId!,
},
availableRoles,
);
const roles = await kcAdminClient.clients.listClientScopeMappings({
id: clientUniqueId!,
client: clientUniqueId!,
});
expect(roles).to.be.ok;
expect(roles).to.be.eql(availableRoles);
});
it("list scope mappings", async () => {
const { id: clientUniqueId } = currentClient;
const roles = await kcAdminClient.clients.listClientScopeMappings({
id: clientUniqueId!,
client: clientUniqueId!,
});
expect(roles).to.be.ok;
});
it("list available scope mappings", async () => {
const { id: clientUniqueId } = currentClient;
const roles =
await kcAdminClient.clients.listAvailableClientScopeMappings({
id: clientUniqueId!,
client: clientUniqueId!,
});
expect(roles).to.be.ok;
});
it("list composite scope mappings", async () => {
const { id: clientUniqueId } = currentClient;
const roles =
await kcAdminClient.clients.listCompositeClientScopeMappings({
id: clientUniqueId!,
client: clientUniqueId!,
});
expect(roles).to.be.ok;
});
it("delete scope mappings", async () => {
const { id: clientUniqueId } = currentClient;
const rolesBefore = await kcAdminClient.clients.listClientScopeMappings(
{
id: clientUniqueId!,
client: clientUniqueId!,
},
);
await kcAdminClient.clients.delClientScopeMappings(
{
id: clientUniqueId!,
client: clientUniqueId!,
},
rolesBefore,
);
const rolesAfter = await kcAdminClient.clients.listClientScopeMappings({
id: clientUniqueId!,
client: clientUniqueId!,
});
expect(rolesAfter).to.be.ok;
expect(rolesAfter).to.eql([]);
});
it("get effective scope mapping of all roles for a specific container", async () => {
const { id: clientUniqueId } = currentClient;
const roles = await kcAdminClient.clients.evaluatePermission({
id: clientUniqueId!,
roleContainer: "master",
type: "granted",
scope: "openid",
});
expect(roles).to.be.ok;
expect(roles.length).to.be.eq(5);
});
it("get list of all protocol mappers", async () => {
const { id: clientUniqueId } = currentClient;
const protocolMappers =
await kcAdminClient.clients.evaluateListProtocolMapper({
id: clientUniqueId!,
scope: "openid",
});
expect(protocolMappers).to.be.ok;
expect(protocolMappers.length).to.be.gt(10);
});
it("get JSON with payload of examples", async () => {
const { id: clientUniqueId } = currentClient;
const username = faker.internet.username();
const user = await kcAdminClient.users.create({
username,
});
const accessToken =
await kcAdminClient.clients.evaluateGenerateAccessToken({
id: clientUniqueId!,
userId: user.id,
scope: "openid",
});
const idToken = await kcAdminClient.clients.evaluateGenerateIdToken({
id: clientUniqueId!,
userId: user.id,
scope: "openid",
});
const userInfo = await kcAdminClient.clients.evaluateGenerateUserInfo({
id: clientUniqueId!,
userId: user.id,
scope: "openid",
});
expect(accessToken).to.be.ok;
expect(idToken).to.be.ok;
expect(userInfo).to.be.ok;
await kcAdminClient.users.del({ id: user.id });
});
});
describe("realm", () => {
const dummyRoleName = "realmScopeMappingsRole-dummy";
beforeEach(async () => {
await kcAdminClient.roles.create({
name: dummyRoleName,
});
});
afterEach(async () => {
try {
await kcAdminClient.roles.delByName({
name: dummyRoleName,
});
} catch {
// ignore
}
});
it("add scope mappings", async () => {
const { id } = currentClient;
const availableRoles =
await kcAdminClient.clients.listAvailableRealmScopeMappings({
id: id!,
});
await kcAdminClient.clients.addRealmScopeMappings(
{ id: id! },
availableRoles,
);
const roles = await kcAdminClient.clients.listRealmScopeMappings({
id: id!,
});
expect(roles).to.be.ok;
expect(roles).to.deep.members(availableRoles);
});
it("list scope mappings", async () => {
const { id } = currentClient;
const roles = await kcAdminClient.clients.listRealmScopeMappings({
id: id!,
});
expect(roles).to.be.ok;
});
it("list available scope mappings", async () => {
const { id } = currentClient;
const roles =
await kcAdminClient.clients.listAvailableRealmScopeMappings({
id: id!,
});
expect(roles).to.be.ok;
});
it("list composite scope mappings", async () => {
const { id } = currentClient;
const roles =
await kcAdminClient.clients.listCompositeRealmScopeMappings({
id: id!,
});
expect(roles).to.be.ok;
});
it("delete scope mappings", async () => {
const { id } = currentClient;
const rolesBefore = await kcAdminClient.clients.listRealmScopeMappings({
id: id!,
});
await kcAdminClient.clients.delRealmScopeMappings(
{ id: id! },
rolesBefore,
);
const rolesAfter = await kcAdminClient.clients.listRealmScopeMappings({
id: id!,
});
expect(rolesAfter).to.be.ok;
expect(rolesAfter).to.eql([]);
});
});
});
describe("sessions", () => {
it("list clients user sessions", async () => {
const clientUniqueId = currentClient.id;
const userSessions = await kcAdminClient.clients.listSessions({
id: clientUniqueId!,
});
expect(userSessions).to.be.ok;
});
it("list clients offline user sessions", async () => {
const clientUniqueId = currentClient.id;
const userSessions = await kcAdminClient.clients.listOfflineSessions({
id: clientUniqueId!,
});
expect(userSessions).to.be.ok;
});
it("list clients user session count", async () => {
const clientUniqueId = currentClient.id;
const userSessions = await kcAdminClient.clients.getSessionCount({
id: clientUniqueId!,
});
expect(userSessions).to.be.ok;
});
it("list clients offline user session count", async () => {
const clientUniqueId = currentClient.id;
const userSessions = await kcAdminClient.clients.getOfflineSessionCount({
id: clientUniqueId!,
});
expect(userSessions).to.be.ok;
});
});
describe("nodes", () => {
const host = "127.0.0.1";
it("register a node manually", async () => {
await kcAdminClient.clients.addClusterNode({
id: currentClient.id!,
node: host,
});
const client = (await kcAdminClient.clients.findOne({
id: currentClient.id!,
}))!;
expect(Object.keys(client.registeredNodes!)).to.be.eql([host]);
});
it("remove registered host", async () => {
await kcAdminClient.clients.deleteClusterNode({
id: currentClient.id!,
node: host,
});
const client = (await kcAdminClient.clients.findOne({
id: currentClient.id!,
}))!;
expect(client.registeredNodes).to.be.undefined;
});
});
describe("client attribute certificate", () => {
const keystoreConfig = {
format: "JKS",
keyAlias: "new",
keyPassword: "password",
realmAlias: "master",
realmCertificate: false,
storePassword: "password",
};
const attr = "jwt.credential";
it("generate and download keys", async () => {
const result = await kcAdminClient.clients.generateAndDownloadKey(
{ id: currentClient.id!, attr },
keystoreConfig,
);
expect(result).to.be.ok;
});
it("generate key and updated info", async () => {
const certificate = await kcAdminClient.clients.generateKey({
id: currentClient.id!,
attr,
});
expect(certificate).to.be.ok;
expect(certificate.certificate).to.be.ok;
const info = await kcAdminClient.clients.getKeyInfo({
id: currentClient.id!,
attr,
});
expect(info).to.be.eql(certificate);
});
it("download key", async () => {
const result = await kcAdminClient.clients.downloadKey(
{ id: currentClient.id!, attr },
keystoreConfig,
);
expect(result).to.be.ok;
});
});
describe("authorization", async () => {
const resourceConfig = {
name: "testResourceName",
type: "testResourceType",
scopeNames: ["testScopeA", "testScopeB", "testScopeC"],
};
const policyConfig = {
name: "testPolicyName",
type: "user",
logic: Logic.POSITIVE,
};
const permissionConfig = {
name: "testPermissionName",
type: "scope",
logic: Logic.POSITIVE,
};
let scopes: ScopeRepresentation[];
let resource: ResourceRepresentation;
let policy: PolicyRepresentation;
let permission: PolicyRepresentation;
let user: UserRepresentation;
before("enable authorization services", async () => {
await kcAdminClient.clients.update(
{ id: currentClient.id! },
{
clientId: currentClient.clientId,
authorizationServicesEnabled: true,
serviceAccountsEnabled: true,
},
);
});
before("create test user", async () => {
const username = faker.internet.username();
user = await kcAdminClient.users.create({
username,
});
});
after("delete test user", async () => {
await kcAdminClient.users.del({
id: user.id!,
});
});
after("disable authorization services", async () => {
await kcAdminClient.clients.update(
{ id: currentClient.id! },
{
clientId: currentClient.clientId,
authorizationServicesEnabled: false,
serviceAccountsEnabled: false,
},
);
});
it("create authorization scopes", async () => {
scopes = (
await Promise.all(
resourceConfig.scopeNames.map(async (name) => {
const result = await kcAdminClient.clients.createAuthorizationScope(
{ id: currentClient.id! },
{
name,
},
);
expect(result).to.be.ok;
return result;
}),
)
).sort((a, b) => (a.name < b.name ? -1 : 1));
});
it("list all authorization scopes", async () => {
const result = await kcAdminClient.clients.listAllScopes({
id: currentClient.id!,
});
expect(result.sort((a, b) => (a.name! < b.name! ? -1 : 1))).to.deep.equal(
scopes,
);
});
it("update authorization scope", async () => {
const updatedScope = { ...scopes[0], displayName: "Hello" };
await kcAdminClient.clients.updateAuthorizationScope(
{ id: currentClient.id!, scopeId: scopes[0].id! },
updatedScope,
);
const fetchedScope = await kcAdminClient.clients.getAuthorizationScope({
id: currentClient.id!,
scopeId: scopes[0].id!,
});
expect(fetchedScope).to.deep.equal(updatedScope);
});
it("list all resources by scope", async () => {
const result = await kcAdminClient.clients.listAllResourcesByScope({
id: currentClient.id!,
scopeId: scopes[0].id!,
});
expect(result).to.deep.equal([]);
});
it("list all permissions by scope", async () => {
const result = await kcAdminClient.clients.listAllPermissionsByScope({
id: currentClient.id!,
scopeId: scopes[0].id!,
});
expect(result).to.deep.equal([]);
});
it("import resource", async () => {
await kcAdminClient.clients.importResource(
{ id: currentClient.id! },
{
allowRemoteResourceManagement: true,
policyEnforcementMode: "ENFORCING",
resources: [],
policies: [],
scopes: [],
decisionStrategy: "UNANIMOUS",
},
);
});
it("export resource", async () => {
const result = await kcAdminClient.clients.exportResource({
id: currentClient.id!,
});
expect(result.allowRemoteResourceManagement).to.be.equal(true);
expect(result.resources?.length).to.be.equal(1);
});
it("create resource", async () => {
resource = await kcAdminClient.clients.createResource(
{ id: currentClient.id! },
{
name: resourceConfig.name,
type: resourceConfig.type,
scopes,
},
);
expect(resource).to.be.ok;
});
it("get resource", async () => {
const r = await kcAdminClient.clients.getResource({
id: currentClient.id!,
resourceId: resource._id!,
});
expect(r).to.deep.equal(resource);
});
it("get resource server", async () => {
const resourceServer = await kcAdminClient.clients.getResourceServer({
id: currentClient.id!,
});
expect(resourceServer).to.be.ok;
expect(resourceServer.clientId).to.be.equal(currentClient.id);
resourceServer.decisionStrategy = "UNANIMOUS";
await kcAdminClient.clients.updateResourceServer(
{ id: currentClient.id! },
resourceServer,
);
});
it("list permission by resource", async () => {
const result = await kcAdminClient.clients.listPermissionsByResource({
id: currentClient.id!,
resourceId: resource._id!,
});
expect(result).to.be.ok;
});
it("list scopes by resource", async () => {
const result = await kcAdminClient.clients.listScopesByResource({
id: currentClient.id!,
resourceName: resource._id!,
});
expect(result.sort((a, b) => (a.name < b.name ? -1 : 1))).to.deep.equal(
scopes,
);
});
it("list resources", async () => {
const result = await kcAdminClient.clients.listResources({
id: currentClient.id!,
});
expect(result).to.deep.include(resource);
});
it("update resource", async () => {
resource.name = "foo";
await kcAdminClient.clients.updateResource(
{
id: currentClient.id!,
resourceId: resource._id!,
},
resource,
);
const result = await kcAdminClient.clients.getResource({
id: currentClient.id!,
resourceId: resource._id!,
});
expect(result.name).to.equal("foo");
});
it("create policy", async () => {
policy = await kcAdminClient.clients.createPolicy(
{
id: currentClient.id!,
type: policyConfig.type,
},
{
name: policyConfig.name,
logic: policyConfig.logic,
users: [user.id!],
},
);
expect(policy).to.be.ok;
});
it("policy list dependencies", async () => {
const dependencies = await kcAdminClient.clients.listDependentPolicies({
id: currentClient.id!,
policyId: policy.id!,
});
expect(dependencies).to.be.ok;
});
it("create permission", async () => {
permission = await kcAdminClient.clients.createPermission(
{
id: currentClient.id!,
type: "scope",
},
{
name: permissionConfig.name,
logic: permissionConfig.logic,
// @ts-ignore
resources: [resource._id],
policies: [policy.id!],
scopes: scopes.map((scope) => scope.id!),
},
);
const p = await kcAdminClient.clients.findPermissions({
id: currentClient.id!,
name: permissionConfig.name,
});
expect(p.length).to.be.eq(1);
expect(p[0].logic).to.be.eq(permissionConfig.logic);
});
it("get associated scopes for permission", async () => {
const result = await kcAdminClient.clients.getAssociatedScopes({
id: currentClient.id!,
permissionId: permission.id!,
});
expect(result.sort((a, b) => (a.name < b.name ? -1 : 1))).to.deep.equal(
scopes,
);
});
it("get associated policies for permission", async () => {
const result = await kcAdminClient.clients.getAssociatedPolicies({
id: currentClient.id!,
permissionId: permission.id!,
});
expect(result.length).to.be.eq(1);
expect(result[0].id).to.be.eq(policy.id);
});
it("get associated resources for permission", async () => {
const result = await kcAdminClient.clients.getAssociatedResources({
id: currentClient.id!,
permissionId: permission.id!,
});
expect(result).to.deep.equal([
{
_id: resource._id,
name: resource.name,
},
]);
});
it("list policy providers", async () => {
const result = await kcAdminClient.clients.listPolicyProviders({
id: currentClient.id!,
});
expect(result).to.be.ok;
});
it.skip("Enable fine grained permissions", async () => {
const permission = await kcAdminClient.clients.updateFineGrainPermission(
{ id: currentClient.id! },
{ enabled: true },
);
expect(permission).to.include({
enabled: true,
});
});
it.skip("List fine grained permissions for this client", async () => {
const permissions = (await kcAdminClient.clients.listFineGrainPermissions(
{ id: currentClient.id! },
))!;
expect(permissions.scopePermissions).to.be.an("object");
});
});
});