Search in sources :

Example 21 with AuthenticatedClientSessionModel

use of org.keycloak.models.AuthenticatedClientSessionModel in project keycloak by keycloak.

the class UserSessionPersisterProviderTest method assertSession.

public static void assertSession(UserSessionModel session, UserModel user, String ipAddress, int started, int lastRefresh, String... clients) {
    assertEquals(user.getId(), session.getUser().getId());
    assertEquals(ipAddress, session.getIpAddress());
    assertEquals(user.getUsername(), session.getLoginUsername());
    assertEquals("form", session.getAuthMethod());
    assertTrue(session.isRememberMe());
    assertTrue(session.getStarted() >= started - 1 && session.getStarted() <= started + 1);
    assertTrue(session.getLastSessionRefresh() >= lastRefresh - 1 && session.getLastSessionRefresh() <= lastRefresh + 1);
    String[] actualClients = new String[session.getAuthenticatedClientSessions().size()];
    int i = 0;
    for (Map.Entry<String, AuthenticatedClientSessionModel> entry : session.getAuthenticatedClientSessions().entrySet()) {
        String clientUUID = entry.getKey();
        AuthenticatedClientSessionModel clientSession = entry.getValue();
        Assert.assertEquals(clientUUID, clientSession.getClient().getId());
        actualClients[i] = clientSession.getClient().getClientId();
        i++;
    }
    assertThat(actualClients, Matchers.arrayContainingInAnyOrder(clients));
}
Also used : AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) Map(java.util.Map)

Example 22 with AuthenticatedClientSessionModel

use of org.keycloak.models.AuthenticatedClientSessionModel in project keycloak by keycloak.

the class UserSessionProviderOfflineModelTest method createOfflineSessionIncludeClientSessions.

private static Set<String> createOfflineSessionIncludeClientSessions(KeycloakSession session, UserSessionModel userSession) {
    Set<String> offlineSessions = new HashSet<>();
    UserSessionManager localManager = new UserSessionManager(session);
    for (AuthenticatedClientSessionModel clientSession : userSession.getAuthenticatedClientSessions().values()) {
        localManager.createOrUpdateOfflineSession(clientSession, userSession);
        offlineSessions.add(clientSession.getClient().getId());
    }
    return offlineSessions;
}
Also used : UserSessionManager(org.keycloak.services.managers.UserSessionManager) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) HashSet(java.util.HashSet)

Example 23 with AuthenticatedClientSessionModel

use of org.keycloak.models.AuthenticatedClientSessionModel in project keycloak by keycloak.

the class UserSessionProviderOfflineModelTest method createOfflineSessions.

private void createOfflineSessions(String username, int sessionsPerUser, AtomicReference<List<UserSessionModel>> offlineUserSessions, AtomicReference<List<AuthenticatedClientSessionModel>> offlineClientSessions) {
    withRealm(realmId, (session, realm) -> {
        final UserModel user = session.users().getUserByUsername(realm, username);
        ClientModel testAppClient = realm.getClientByClientId("test-app");
        ClientModel thirdPartyClient = realm.getClientByClientId("third-party");
        IntStream.range(0, sessionsPerUser).mapToObj(index -> session.sessions().createUserSession(realm, user, username + index, "ip" + index, "auth", false, null, null)).forEach(userSession -> {
            AuthenticatedClientSessionModel testAppClientSession = session.sessions().createClientSession(realm, testAppClient, userSession);
            AuthenticatedClientSessionModel thirdPartyClientSession = session.sessions().createClientSession(realm, thirdPartyClient, userSession);
            UserSessionModel offlineUserSession = session.sessions().createOfflineUserSession(userSession);
            offlineUserSessions.get().add(offlineUserSession);
            offlineClientSessions.get().add(session.sessions().createOfflineClientSession(testAppClientSession, offlineUserSession));
            offlineClientSessions.get().add(session.sessions().createOfflineClientSession(thirdPartyClientSession, offlineUserSession));
        });
        return null;
    });
}
Also used : UserModel(org.keycloak.models.UserModel) ClientModel(org.keycloak.models.ClientModel) IntStream(java.util.stream.IntStream) UserSessionProvider(org.keycloak.models.UserSessionProvider) Constants(org.keycloak.models.Constants) AtomicBoolean(java.util.concurrent.atomic.AtomicBoolean) HashMap(java.util.HashMap) Cache(org.infinispan.Cache) AtomicReference(java.util.concurrent.atomic.AtomicReference) HashSet(java.util.HashSet) UserModel(org.keycloak.models.UserModel) RealmProvider(org.keycloak.models.RealmProvider) AtomicInteger(java.util.concurrent.atomic.AtomicInteger) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) Map(java.util.Map) RequireProvider(org.keycloak.testsuite.model.RequireProvider) LinkedList(java.util.LinkedList) TimerProvider(org.keycloak.timer.TimerProvider) Time(org.keycloak.common.util.Time) InfinispanConnectionProvider(org.keycloak.connections.infinispan.InfinispanConnectionProvider) InfinispanTestUtil(org.keycloak.testsuite.model.infinispan.InfinispanTestUtil) UserManager(org.keycloak.models.UserManager) RealmModel(org.keycloak.models.RealmModel) UserSessionPersisterProvider(org.keycloak.models.session.UserSessionPersisterProvider) KeycloakSession(org.keycloak.models.KeycloakSession) Set(java.util.Set) Test(org.junit.Test) PersisterLastSessionRefreshStoreFactory(org.keycloak.models.sessions.infinispan.changes.sessions.PersisterLastSessionRefreshStoreFactory) KeycloakModelTest(org.keycloak.testsuite.model.KeycloakModelTest) UserSessionModel(org.keycloak.models.UserSessionModel) Collectors(java.util.stream.Collectors) UserProvider(org.keycloak.models.UserProvider) CountDownLatch(java.util.concurrent.CountDownLatch) List(java.util.List) UserSessionManager(org.keycloak.services.managers.UserSessionManager) ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent) Assert(org.junit.Assert) ClientModel(org.keycloak.models.ClientModel) UserSessionModel(org.keycloak.models.UserSessionModel) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)

Example 24 with AuthenticatedClientSessionModel

use of org.keycloak.models.AuthenticatedClientSessionModel in project keycloak by keycloak.

the class UserSessionProviderModelTest method testExpiredClientSessions.

@Test
public void testExpiredClientSessions() {
    // Suspend periodic tasks to avoid race-conditions, which may cause missing updates of lastSessionRefresh times to UserSessionPersisterProvider
    TimerProvider timer = kcSession.getProvider(TimerProvider.class);
    TimerProvider.TimerTaskContext timerTaskCtx = null;
    if (timer != null) {
        timerTaskCtx = timer.cancelTask(PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
        log.info("Cancelled periodic task " + PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
        InfinispanTestUtil.setTestingTimeService(kcSession);
    }
    try {
        UserSessionModel[] origSessions = inComittedTransaction(session -> {
            // create some user and client sessions
            return createSessions(session, realmId);
        });
        AtomicReference<List<String>> clientSessionIds = new AtomicReference<>();
        clientSessionIds.set(origSessions[0].getAuthenticatedClientSessions().values().stream().map(AuthenticatedClientSessionModel::getId).collect(Collectors.toList()));
        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
            UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
            Assert.assertEquals(origSessions[0], userSession);
            AuthenticatedClientSessionModel clientSession = session.sessions().getClientSession(userSession, realm.getClientByClientId("test-app"), origSessions[0].getAuthenticatedClientSessionByClient(realm.getClientByClientId("test-app").getId()).getId(), false);
            Assert.assertEquals(origSessions[0].getAuthenticatedClientSessionByClient(realm.getClientByClientId("test-app").getId()).getId(), clientSession.getId());
            userSession = session.sessions().getUserSession(realm, origSessions[1].getId());
            Assert.assertEquals(origSessions[1], userSession);
        });
        // not possible to expire client session without expiring user sessions with time offset in map storage because
        // expiration in map storage takes min of (clientSessionIdleExpiration, ssoSessionIdleTimeout)
        inComittedTransaction(session -> {
            if (session.getProvider(UserSessionProvider.class) instanceof MapUserSessionProvider) {
                RealmModel realm = session.realms().getRealm(realmId);
                UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
                userSession.getAuthenticatedClientSessions().values().stream().forEach(clientSession -> {
                    // expire client sessions
                    clientSession.setTimestamp(1);
                });
            } else {
                Time.setOffset(1000);
            }
        });
        inComittedTransaction(session -> {
            RealmModel realm = session.realms().getRealm(realmId);
            // assert the user session is still there
            UserSessionModel userSession = session.sessions().getUserSession(realm, origSessions[0].getId());
            Assert.assertEquals(origSessions[0], userSession);
            // assert the client sessions are expired
            clientSessionIds.get().forEach(clientSessionId -> {
                Assert.assertNull(session.sessions().getClientSession(userSession, realm.getClientByClientId("test-app"), clientSessionId, false));
                Assert.assertNull(session.sessions().getClientSession(userSession, realm.getClientByClientId("third-party"), clientSessionId, false));
            });
        });
    } finally {
        Time.setOffset(0);
        kcSession.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
        if (timer != null && timerTaskCtx != null) {
            timer.schedule(timerTaskCtx.getRunnable(), timerTaskCtx.getIntervalMillis(), PersisterLastSessionRefreshStoreFactory.DB_LSR_PERIODIC_TASK_NAME);
            InfinispanTestUtil.revertTimeService();
        }
    }
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserSessionProvider(org.keycloak.models.UserSessionProvider) MapUserSessionProvider(org.keycloak.models.map.userSession.MapUserSessionProvider) UserSessionModel(org.keycloak.models.UserSessionModel) ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) MapUserSessionProvider(org.keycloak.models.map.userSession.MapUserSessionProvider) TimerProvider(org.keycloak.timer.TimerProvider) List(java.util.List) AtomicReference(java.util.concurrent.atomic.AtomicReference) Test(org.junit.Test) KeycloakModelTest(org.keycloak.testsuite.model.KeycloakModelTest)

Example 25 with AuthenticatedClientSessionModel

use of org.keycloak.models.AuthenticatedClientSessionModel in project keycloak by keycloak.

the class UserSessionProviderTest method testCreateClientSession.

@Test
@ModelTest
public void testCreateClientSession(KeycloakSession session) {
    RealmModel realm = session.realms().getRealmByName("test");
    UserSessionModel[] sessions = createSessions(session);
    Map<String, AuthenticatedClientSessionModel> clientSessions = session.sessions().getUserSession(realm, sessions[0].getId()).getAuthenticatedClientSessions();
    assertEquals(2, clientSessions.size());
    String clientUUID = realm.getClientByClientId("test-app").getId();
    AuthenticatedClientSessionModel session1 = clientSessions.get(clientUUID);
    assertNull(session1.getAction());
    assertEquals(realm.getClientByClientId("test-app").getClientId(), session1.getClient().getClientId());
    assertEquals(sessions[0].getId(), session1.getUserSession().getId());
    assertEquals("http://redirect", session1.getRedirectUri());
    assertEquals("state", session1.getNote(OIDCLoginProtocol.STATE_PARAM));
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserSessionModel(org.keycloak.models.UserSessionModel) AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)59 UserSessionModel (org.keycloak.models.UserSessionModel)35 RealmModel (org.keycloak.models.RealmModel)25 ClientModel (org.keycloak.models.ClientModel)23 Test (org.junit.Test)16 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)13 UserModel (org.keycloak.models.UserModel)12 KeycloakSession (org.keycloak.models.KeycloakSession)11 ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)11 HashMap (java.util.HashMap)10 Map (java.util.Map)9 ClientSessionContext (org.keycloak.models.ClientSessionContext)9 LinkedList (java.util.LinkedList)8 DefaultClientSessionContext (org.keycloak.services.util.DefaultClientSessionContext)8 OAuthErrorException (org.keycloak.OAuthErrorException)6 VerificationException (org.keycloak.common.VerificationException)6 AccessToken (org.keycloak.representations.AccessToken)6 ClientPolicyException (org.keycloak.services.clientpolicy.ClientPolicyException)6 HashSet (java.util.HashSet)5 List (java.util.List)5