libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases Packages Activity Actions
keycloak-scim/js/libs/keycloak-admin-client/test/groupUser.spec.ts
dependabot[bot] 97727dbed5
Bump @faker-js/faker from 9.0.3 to 9.1.0 (#34377) 
* Bump @faker-js/faker from 9.0.3 to 9.1.0

Bumps [@faker-js/faker](https://github.com/faker-js/faker) from 9.0.3 to 9.1.0.
- [Release notes](https://github.com/faker-js/faker/releases)
- [Changelog](https://github.com/faker-js/faker/blob/next/CHANGELOG.md)
- [Commits](https://github.com/faker-js/faker/compare/v9.0.3...v9.1.0)

---
updated-dependencies:
- dependency-name: "@faker-js/faker"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* removed use of deprecated userName()

Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2024-10-30 12:14:02 +01:00

206 lines
6.4 KiB
TypeScript
Raw Blame History

// tslint:disable:no-unused-expression
import { faker } from "@faker-js/faker";
import * as chai from "chai";
import { omit, pick } from "lodash-es";
import { KeycloakAdminClient } from "../src/client.js";
import type ClientRepresentation from "../src/defs/clientRepresentation.js";
import type GroupRepresentation from "../src/defs/groupRepresentation.js";
import type PolicyRepresentation from "../src/defs/policyRepresentation.js";
import { DecisionStrategy, Logic } from "../src/defs/policyRepresentation.js";
import type UserRepresentation from "../src/defs/userRepresentation.js";
import { credentials } from "./constants.js";
const expect = chai.expect;
describe("Group user integration", () => {
let kcAdminClient: KeycloakAdminClient;
let currentGroup: GroupRepresentation;
let currentUser: UserRepresentation;
let managementClient: ClientRepresentation;
let currentUserPolicy: PolicyRepresentation;
let currentPolicy: PolicyRepresentation;
before(async () => {
const groupName = faker.internet.username();
kcAdminClient = new KeycloakAdminClient();
await kcAdminClient.auth(credentials);
// create group
const group = await kcAdminClient.groups.create({
name: groupName,
});
currentGroup = (await kcAdminClient.groups.findOne({ id: group.id }))!;
// create user
const username = faker.internet.username();
const user = await kcAdminClient.users.create({
username,
email: "test@keycloak.org",
enabled: true,
});
currentUser = (await kcAdminClient.users.findOne({ id: user.id }))!;
});
after(async () => {
await kcAdminClient.groups.del({
id: currentGroup.id!,
});
await kcAdminClient.users.del({
id: currentUser.id!,
});
});
it("should list user's group and expect empty", async () => {
const groups = await kcAdminClient.users.listGroups({
id: currentUser.id!,
});
expect(groups).to.be.eql([]);
});
it("should add user to group", async () => {
await kcAdminClient.users.addToGroup({
id: currentUser.id!,
groupId: currentGroup.id!,
});
const groups = await kcAdminClient.users.listGroups({
id: currentUser.id!,
});
// expect id,name,path to be the same
expect(groups[0]).to.be.eql(pick(currentGroup, ["id", "name", "path"]));
});
it("should list members using group api", async () => {
const members = await kcAdminClient.groups.listMembers({
id: currentGroup.id!,
});
// access will not returned from member api
expect(members[0]).to.be.eql(omit(currentUser, ["access"]));
});
it("should remove user from group", async () => {
await kcAdminClient.users.delFromGroup({
id: currentUser.id!,
groupId: currentGroup.id!,
});
const groups = await kcAdminClient.users.listGroups({
id: currentUser.id!,
});
expect(groups).to.be.eql([]);
});
/**
* Authorization permissions
*/
describe.skip("authorization permissions", () => {
before(async () => {
const clients = await kcAdminClient.clients.find();
managementClient = clients.find(
(client) => client.clientId === "master-realm",
)!;
});
after(async () => {
await kcAdminClient.clients.delPolicy({
id: managementClient.id!,
policyId: currentUserPolicy.id!,
});
});
it("Enable permissions", async () => {
const permission = await kcAdminClient.groups.updatePermission(
{ id: currentGroup.id! },
{ enabled: true },
);
expect(permission).to.include({
enabled: true,
});
});
it("list of users in policy management", async () => {
const userPolicyData: PolicyRepresentation = {
type: "user",
logic: Logic.POSITIVE,
decisionStrategy: DecisionStrategy.UNANIMOUS,
name: `policy.manager.${currentGroup.id}`,
users: [currentUser.id!],
};
currentUserPolicy = await kcAdminClient.clients.createPolicy(
{ id: managementClient.id!, type: userPolicyData.type! },
userPolicyData,
);
expect(currentUserPolicy).to.include({
type: "user",
logic: Logic.POSITIVE,
decisionStrategy: DecisionStrategy.UNANIMOUS,
name: `policy.manager.${currentGroup.id}`,
});
});
it("list the roles available for this group", async () => {
const permissions = (await kcAdminClient.groups.listPermissions({
id: currentGroup.id!,
}))!;
expect(permissions.scopePermissions).to.be.an("object");
const scopes = (await kcAdminClient.clients.listScopesByResource({
id: managementClient.id!,
resourceName: permissions.resource!,
}))!;
const policies = await kcAdminClient.clients.listPolicies({
id: managementClient.id,
resource: permissions.resource,
max: 2,
});
expect(policies).to.have.length(2);
expect(scopes).to.have.length(5);
// Search for the id of the management role
const roleId = scopes.find((scope) => scope.name === "manage")!.id;
const userPolicy = await kcAdminClient.clients.findPolicyByName({
id: managementClient.id!,
name: `policy.manager.${currentGroup.id}`,
});
expect(userPolicy).to.deep.include({
name: `policy.manager.${currentGroup.id}`,
});
// Update of the role with the above modifications
const policyData: PolicyRepresentation = {
id: permissions.scopePermissions!.manage!,
name: `manage.permission.group.${currentGroup.id}`,
type: "scope",
logic: Logic.POSITIVE,
decisionStrategy: DecisionStrategy.UNANIMOUS,
resources: [permissions.resource!],
scopes: [roleId],
policies: [userPolicy.id!],
};
await kcAdminClient.clients.updatePermission(
{
id: managementClient.id!,
permissionId: permissions.scopePermissions!.manage,
type: "scope",
},
policyData,
);
currentPolicy = (await kcAdminClient.clients.findOnePermission({
id: managementClient.id!,
permissionId: permissions.scopePermissions!.manage,
type: "scope",
}))!;
expect(currentPolicy).to.deep.include({
id: permissions.scopePermissions!.manage,
name: `manage.permission.group.${currentGroup.id}`,
type: "scope",
logic: Logic.POSITIVE,
decisionStrategy: DecisionStrategy.UNANIMOUS,
});
});
});
});
Reference in a new issue View git blame Copy permalink