Example 6 with UsersResource
use of org.keycloak.admin.client.resource.UsersResource in project keycloak by keycloak.
the class KcSamlIdPInitiatedSsoTest method assertSingleUserSession.
private void assertSingleUserSession(String realmName, String userName, String... expectedClientIds) {
final UsersResource users = adminClient.realm(realmName).users();
final ClientsResource clients = adminClient.realm(realmName).clients();
UserRepresentation userRepresentation = users.search(userName).stream().findFirst().get();
List<UserSessionRepresentation> userSessions = users.get(userRepresentation.getId()).getUserSessions();
assertThat(userSessions, hasSize(1));
Map<String, String> clientSessions = userSessions.get(0).getClients();
Set<String> clientIds = clientSessions.values().stream().flatMap(c -> clients.findByClientId(c).stream()).map(ClientRepresentation::getClientId).collect(Collectors.toSet());
assertThat(clientIds, containsInAnyOrder(expectedClientIds));
}
Also used :
UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation)
UsersResource(org.keycloak.admin.client.resource.UsersResource)
ClientsResource(org.keycloak.admin.client.resource.ClientsResource)
Matchers.containsString(org.hamcrest.Matchers.containsString)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Example 7 with UsersResource
use of org.keycloak.admin.client.resource.UsersResource in project keycloak by keycloak.
the class KcOidcBrokerPromptParameterTest method loginUser.
@Override
protected void loginUser() {
driver.navigate().to(getAccountUrl(getConsumerRoot(), bc.consumerRealmName()));
driver.navigate().to(driver.getCurrentUrl() + "&" + OIDCLoginProtocol.PROMPT_PARAM + "=" + PROMPT_CONSENT);
log.debug("Clicking social " + bc.getIDPAlias());
loginPage.clickSocial(bc.getIDPAlias());
waitForPage(driver, "sign in to", true);
Assert.assertTrue("Driver should be on the provider realm page right now", driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
Assert.assertFalse(OIDCLoginProtocol.PROMPT_PARAM + "=" + PROMPT_LOGIN + " should not be part of the url", driver.getCurrentUrl().contains(OIDCLoginProtocol.PROMPT_PARAM + "=" + PROMPT_LOGIN));
Assert.assertTrue(OIDCLoginProtocol.PROMPT_PARAM + "=" + PROMPT_CONSENT + " should be part of the url", driver.getCurrentUrl().contains(OIDCLoginProtocol.PROMPT_PARAM + "=" + PROMPT_CONSENT));
log.debug("Logging in");
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
waitForPage(driver, "update account information", false);
updateAccountInformationPage.assertCurrent();
Assert.assertTrue("We must be on correct realm right now", driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation(bc.getUserLogin(), bc.getUserEmail(), "Firstname", "Lastname");
UsersResource consumerUsers = adminClient.realm(bc.consumerRealmName()).users();
int userCount = consumerUsers.count();
Assert.assertTrue("There must be at least one user", userCount > 0);
List<UserRepresentation> users = consumerUsers.search("", 0, userCount);
boolean isUserFound = false;
for (UserRepresentation user : users) {
if (user.getUsername().equals(bc.getUserLogin()) && user.getEmail().equals(bc.getUserEmail())) {
isUserFound = true;
break;
}
}
Assert.assertTrue("There must be user " + bc.getUserLogin() + " in realm " + bc.consumerRealmName(), isUserFound);
}
Also used :
UsersResource(org.keycloak.admin.client.resource.UsersResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Example 8 with UsersResource
use of org.keycloak.admin.client.resource.UsersResource in project keycloak by keycloak.
the class UserTest method defaultMaxResults.
@Test
public void defaultMaxResults() {
UsersResource users = adminClient.realms().realm("test").users();
for (int i = 0; i < 110; i++) {
users.create(UserBuilder.create().username("test-" + i).addAttribute("aName", "aValue").build()).close();
}
List<UserRepresentation> result = users.search("test", null, null);
assertEquals(100, result.size());
for (UserRepresentation user : result) {
assertThat(user.getAttributes(), Matchers.notNullValue());
assertThat(user.getAttributes().keySet(), Matchers.hasSize(1));
assertThat(user.getAttributes(), Matchers.hasEntry(is("aName"), Matchers.contains("aValue")));
}
assertEquals(105, users.search("test", 0, 105).size());
assertEquals(111, users.search("test", 0, 1000).size());
}
Also used :
UsersResource(org.keycloak.admin.client.resource.UsersResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Test(org.junit.Test)
Example 9 with UsersResource
use of org.keycloak.admin.client.resource.UsersResource in project keycloak by keycloak.
the class AbstractPhotozExampleAdapterTest method testClientRoleNotRequired.
@Test
public void testClientRoleNotRequired() throws Exception {
loginToClientPage(aliceUser);
clientPage.createAlbum(ALICE_ALBUM_NAME);
clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
UsersResource usersResource = realmsResouce().realm(REALM_NAME).users();
List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
assertFalse(users.isEmpty());
UserRepresentation userRepresentation = users.get(0);
UserResource userResource = usersResource.get(userRepresentation.getId());
ClientResource html5ClientApp = getClientResource("photoz-html5-client");
userResource.revokeConsent(html5ClientApp.toRepresentation().getClientId());
ClientResource resourceServerClient = getClientResource(RESOURCE_SERVER_ID);
RoleResource manageAlbumRole = resourceServerClient.roles().get("manage-albums");
RoleRepresentation roleRepresentation = manageAlbumRole.toRepresentation();
setManageAlbumScopeRequired();
manageAlbumRole.update(roleRepresentation);
loginToClientPage(aliceUser);
clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
for (PolicyRepresentation policy : getAuthorizationResource().policies().policies()) {
if ("Any User Policy".equals(policy.getName())) {
List<Map<String, Object>> roles = JsonSerialization.readValue(policy.getConfig().get("roles"), List.class);
roles.forEach(role -> {
String roleId = (String) role.get("id");
if (roleId.equals(manageAlbumRole.toRepresentation().getId())) {
role.put("required", false);
}
});
policy.getConfig().put("roles", JsonSerialization.writeValueAsString(roles));
getAuthorizationResource().policies().policy(policy.getId()).update(policy);
}
}
printUpdatedPolicies();
loginToClientPage(aliceUser);
clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
}
Also used :
RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation)
PolicyRepresentation(org.keycloak.representations.idm.authorization.PolicyRepresentation)
RoleResource(org.keycloak.admin.client.resource.RoleResource)
UsersResource(org.keycloak.admin.client.resource.UsersResource)
UserResource(org.keycloak.admin.client.resource.UserResource)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
Matchers.containsString(org.hamcrest.Matchers.containsString)
HashMap(java.util.HashMap)
Map(java.util.Map)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
Test(org.junit.Test)
Example 10 with UsersResource
use of org.keycloak.admin.client.resource.UsersResource in project keycloak by keycloak.
the class AbstractPhotozExampleAdapterTest method testClientRoleRepresentingUserConsent.
@Test
public void testClientRoleRepresentingUserConsent() throws Exception {
loginToClientPage(aliceUser);
clientPage.createAlbum(ALICE_ALBUM_NAME);
clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
RealmResource realmResource = realmsResouce().realm(REALM_NAME);
UsersResource usersResource = realmResource.users();
List<UserRepresentation> users = usersResource.search("alice", null, null, null, null, null);
assertFalse(users.isEmpty());
UserRepresentation userRepresentation = users.get(0);
UserResource userResource = usersResource.get(userRepresentation.getId());
ClientResource html5ClientApp = getClientResource("photoz-html5-client");
ClientRepresentation clientRepresentation = html5ClientApp.toRepresentation();
userResource.revokeConsent(clientRepresentation.getClientId());
setManageAlbumScopeRequired();
loginToClientPage(aliceUser);
clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasDenied);
loginToClientPage(aliceUser, "manage-albums");
clientPage.viewAlbum(ALICE_ALBUM_NAME, this::assertWasNotDenied);
}
Also used :
RealmResource(org.keycloak.admin.client.resource.RealmResource)
UsersResource(org.keycloak.admin.client.resource.UsersResource)
UserResource(org.keycloak.admin.client.resource.UserResource)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
Test(org.junit.Test)
Aggregations
UsersResource (org.keycloak.admin.client.resource.UsersResource)36
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)32
Test (org.junit.Test)18
UserResource (org.keycloak.admin.client.resource.UserResource)10
RealmResource (org.keycloak.admin.client.resource.RealmResource)9
Response (javax.ws.rs.core.Response)7
ClientsResource (org.keycloak.admin.client.resource.ClientsResource)7
Map (java.util.Map)6
List (java.util.List)5
Matchers.containsString (org.hamcrest.Matchers.containsString)5
Before (org.junit.Before)5
UserSessionRepresentation (org.keycloak.representations.idm.UserSessionRepresentation)5
IdentityProviderResource (org.keycloak.admin.client.resource.IdentityProviderResource)4
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)4
HashMap (java.util.HashMap)3
Collectors (java.util.stream.Collectors)3
Matchers.hasSize (org.hamcrest.Matchers.hasSize)3
Assert.assertThat (org.junit.Assert.assertThat)3
RolesResource (org.keycloak.admin.client.resource.RolesResource)3
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)3
