Example 31 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class GroupStorageTest method testSearchTimeout.
@Test
public void testSearchTimeout() throws Exception {
runTestWithTimeout(4000, () -> {
String hardcodedGroup = HardcodedGroupStorageProviderFactory.PROVIDER_ID;
String delayedSearch = HardcodedGroupStorageProviderFactory.DELAYED_SEARCH;
String providerId = this.providerId;
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName(AuthRealm.TEST);
assertThat(session.groupStorageManager().searchForGroupByName(realm, "group", null, null).stream().map(GroupModel::getName).collect(Collectors.toList()), allOf(hasItem(hardcodedGroup), hasItem("sample-realm-group")));
// update the provider to simulate delay during the search
ComponentModel memoryProvider = realm.getComponent(providerId);
memoryProvider.getConfig().putSingle(delayedSearch, Boolean.toString(true));
realm.updateComponent(memoryProvider);
});
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName(AuthRealm.TEST);
// search for groups and check hardcoded-group is not present
assertThat(session.groupStorageManager().searchForGroupByName(realm, "group", null, null).stream().map(GroupModel::getName).collect(Collectors.toList()), allOf(not(hasItem(hardcodedGroup)), hasItem("sample-realm-group")));
});
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ComponentModel(org.keycloak.component.ComponentModel)
GroupModel(org.keycloak.models.GroupModel)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 32 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class GroupStorageTest method testGetGroupById.
@Test
public void testGetGroupById() {
String providerId = this.providerId;
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
StorageId storageId = new StorageId(providerId, "hardcoded-group");
GroupModel hardcoded = session.groups().getGroupById(realm, storageId.getId());
assertNotNull(hardcoded);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
GroupModel(org.keycloak.models.GroupModel)
StorageId(org.keycloak.storage.StorageId)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 33 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPProvidersIntegrationTest method testHardcodedGroupMapper.
@Test
public void testHardcodedGroupMapper() {
final String uuid = UUID.randomUUID().toString();
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel hardcodedGroup = appRealm.createGroup(uuid, "hardcoded-group");
// assert that user "johnkeycloak" doesn't have hardcoded group
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertFalse(john.isMemberOf(hardcodedGroup));
ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded group", ctx.getLdapModel().getId(), HardcodedLDAPGroupStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), HardcodedLDAPGroupStorageMapper.GROUP, "hardcoded-group");
appRealm.addComponentModel(hardcodedMapperModel);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel hardcodedGroup = appRealm.getGroupById(uuid);
// Assert user is successfully imported in Keycloak DB now with correct firstName and lastName
UserModel john = session.users().getUserByUsername(appRealm, "johnkeycloak");
Assert.assertTrue(john.isMemberOf(hardcodedGroup));
// Can't remove user from hardcoded role
try {
john.leaveGroup(hardcodedGroup);
Assert.fail("Didn't expected to leave group");
} catch (ModelException expected) {
}
// Revert mappers
ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "hardcoded group");
appRealm.removeComponent(hardcodedMapperModel);
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
CachedUserModel(org.keycloak.models.cache.CachedUserModel)
UserModel(org.keycloak.models.UserModel)
LDAPStorageMapper(org.keycloak.storage.ldap.mappers.LDAPStorageMapper)
UserAttributeLDAPStorageMapper(org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper)
ModelException(org.keycloak.models.ModelException)
ComponentModel(org.keycloak.component.ComponentModel)
GroupModel(org.keycloak.models.GroupModel)
AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest)
Test(org.junit.Test)
Example 34 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class LDAPSyncTest method test09MembershipUsingDifferentAttributes.
// KEYCLOAK-14696
@Test
public void test09MembershipUsingDifferentAttributes() throws Exception {
final Map<String, String> previousConf = testingClient.server().fetch(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// Remove all users from model
session.userLocalStorage().getUsersStream(ctx.getRealm(), true).peek(user -> System.out.println("trying to delete user: " + user.getUsername())).collect(Collectors.toList()).forEach(user -> {
UserCache userCache = session.userCache();
if (userCache != null) {
userCache.evict(ctx.getRealm(), user);
}
session.userLocalStorage().removeUser(ctx.getRealm(), user);
});
Map<String, String> orig = new HashMap<>();
orig.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, ctx.getLdapModel().getConfig().getFirst(LDAPConstants.RDN_LDAP_ATTRIBUTE));
orig.put(LDAPConstants.USERS_DN, ctx.getLdapModel().getConfig().getFirst(LDAPConstants.USERS_DN));
orig.put(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, ctx.getLdapModel().getConfig().getFirst(LDAPConstants.USERNAME_LDAP_ATTRIBUTE));
// create an OU and this test will work below it, set RDN to CN and username to uid/samaccountname
LDAPTestUtils.addLdapOU(ctx.getLdapProvider(), "KC14696");
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERS_DN, "ou=KC14696," + orig.get(LDAPConstants.USERS_DN));
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.RDN_LDAP_ATTRIBUTE, LDAPConstants.CN);
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, ctx.getLdapProvider().getLdapIdentityStore().getConfig().isActiveDirectory() ? LDAPConstants.SAM_ACCOUNT_NAME : LDAPConstants.UID);
ctx.getRealm().updateComponent(ctx.getLdapModel());
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "username");
mapperModel.getConfig().putSingle(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, ctx.getLdapProvider().getLdapIdentityStore().getConfig().isActiveDirectory() ? LDAPConstants.SAM_ACCOUNT_NAME : LDAPConstants.UID);
ctx.getRealm().updateComponent(mapperModel);
LDAPTestUtils.addUserAttributeMapper(appRealm, LDAPTestUtils.getLdapProviderModel(appRealm), "cnMapper", "firstName", LDAPConstants.CN);
return orig;
}, Map.class);
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
// create a user8 inside the usersDn
LDAPObject user8 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user8", "User8FN", "User8LN", "user8@email.org", "user8street", "126");
// create a sample ou inside usersDn
LDAPTestUtils.addLdapOU(ctx.getLdapProvider(), "sample-org");
// create a user below the sample org with the same common-name but different username
String usersDn = ctx.getLdapModel().get(LDAPConstants.USERS_DN);
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERS_DN, "ou=sample-org," + usersDn);
ctx.getRealm().updateComponent(ctx.getLdapModel());
LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user8bis", "User8FN", "User8LN", "user8bis@email.org", "user8street", "126");
// get back to parent usersDn
ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERS_DN, usersDn);
ctx.getRealm().updateComponent(ctx.getLdapModel());
// create a group with user8 as a member
String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider());
LDAPObject user8Group = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "user8group", descriptionAttrName, "user8group - description");
LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", user8Group, user8);
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory();
SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel());
Assert.assertEquals(2, syncResult.getAdded());
});
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
GroupModel user8Group = KeycloakModelUtils.findGroupByPath(appRealm, "/user8group");
Assert.assertNotNull(user8Group);
UserModel user8 = session.users().getUserByUsername(appRealm, "user8");
Assert.assertNotNull(user8);
UserModel user8Bis = session.users().getUserByUsername(appRealm, "user8bis");
Assert.assertNotNull(user8Bis);
Assert.assertTrue("User user8 contains the group", user8.getGroupsStream().collect(Collectors.toSet()).contains(user8Group));
Assert.assertFalse("User user8bis does not contain the group", user8Bis.getGroupsStream().collect(Collectors.toSet()).contains(user8Group));
List<String> members = session.users().getGroupMembersStream(appRealm, user8Group).map(u -> u.getUsername()).collect(Collectors.toList());
Assert.assertEquals("Group contains only user8", members, Collections.singletonList("user8"));
});
// revert changes
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
session.users().removeImportedUsers(appRealm, ldapModelId);
LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), appRealm, ctx.getLdapProvider().getLdapIdentityStore().getConfig(), "user8");
LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), appRealm, ctx.getLdapProvider().getLdapIdentityStore().getConfig(), "user8bis");
LDAPObject ou = new LDAPObject();
ou.setDn(LDAPDn.fromString("ou=sample-org,ou=KC14696," + previousConf.get(LDAPConstants.USERS_DN)));
ctx.getLdapProvider().getLdapIdentityStore().remove(ou);
ou.setDn(LDAPDn.fromString("ou=KC14696," + previousConf.get(LDAPConstants.USERS_DN)));
ctx.getLdapProvider().getLdapIdentityStore().remove(ou);
for (Map.Entry<String, String> e : previousConf.entrySet()) {
if (e.getValue() == null) {
ctx.getLdapModel().getConfig().remove(e.getKey());
} else {
ctx.getLdapModel().getConfig().putSingle(e.getKey(), e.getValue());
}
}
ctx.getRealm().updateComponent(ctx.getLdapModel());
ComponentModel cnMapper = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "cnMapper");
ctx.getRealm().removeComponent(cnMapper);
ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "username");
mapperModel.getConfig().putSingle(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE, ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute());
ctx.getRealm().updateComponent(mapperModel);
});
}
Also used :
MethodSorters(org.junit.runners.MethodSorters)
LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider)
KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils)
HashMap(java.util.HashMap)
SynchronizationResultRepresentation(org.keycloak.representations.idm.SynchronizationResultRepresentation)
LDAPConstants(org.keycloak.models.LDAPConstants)
ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation)
UserModel(org.keycloak.models.UserModel)
LDAPRule(org.keycloak.testsuite.util.LDAPRule)
Map(java.util.Map)
ComponentModel(org.keycloak.component.ComponentModel)
GroupModel(org.keycloak.models.GroupModel)
BadRequestException(javax.ws.rs.BadRequestException)
ClassRule(org.junit.ClassRule)
LDAPGroupMapperMode(org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode)
LDAPDn(org.keycloak.storage.ldap.idm.model.LDAPDn)
MembershipType(org.keycloak.storage.ldap.mappers.membership.MembershipType)
WaitUtils(org.keycloak.testsuite.util.WaitUtils)
RealmModel(org.keycloak.models.RealmModel)
LDAPTestUtils(org.keycloak.testsuite.util.LDAPTestUtils)
Matchers(org.hamcrest.Matchers)
Test(org.junit.Test)
LDAPStorageProviderFactory(org.keycloak.storage.ldap.LDAPStorageProviderFactory)
GroupLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)
Collectors(java.util.stream.Collectors)
GroupLDAPStorageMapper(org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)
UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
UserProvider(org.keycloak.models.UserProvider)
List(java.util.List)
UserCache(org.keycloak.models.cache.UserCache)
UserAttributeLDAPStorageMapper(org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper)
LDAPUtils(org.keycloak.storage.ldap.LDAPUtils)
KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
Assert(org.junit.Assert)
FixMethodOrder(org.junit.FixMethodOrder)
Collections(java.util.Collections)
GroupMapperConfig(org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig)
UserStorageSyncManager(org.keycloak.services.managers.UserStorageSyncManager)
HashMap(java.util.HashMap)
GroupModel(org.keycloak.models.GroupModel)
UserCache(org.keycloak.models.cache.UserCache)
KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory)
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ComponentModel(org.keycloak.component.ComponentModel)
LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)
SynchronizationResult(org.keycloak.storage.user.SynchronizationResult)
HashMap(java.util.HashMap)
Map(java.util.Map)
Test(org.junit.Test)
Example 35 with GroupModel
use of org.keycloak.models.GroupModel in project keycloak by keycloak.
the class FederatedStorageExportImportTest method testSingleFile.
@Test
public void testSingleFile() {
ComponentExportImportTest.clearExportImportProperties(testingClient);
final String userId = "f:1:path";
testingClient.server().run(session -> {
RealmModel realm = new RealmManager(session).createRealm(REALM_NAME);
RoleModel role = realm.addRole("test-role");
GroupModel group = realm.createGroup("test-group");
List<String> attrValues = new LinkedList<>();
attrValues.add("1");
attrValues.add("2");
session.userFederatedStorage().setSingleAttribute(realm, userId, "single1", "value1");
session.userFederatedStorage().setAttribute(realm, userId, "list1", attrValues);
session.userFederatedStorage().addRequiredAction(realm, userId, "UPDATE_PASSWORD");
PasswordCredentialModel credential = FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).encodedCredential("password", realm.getPasswordPolicy().getHashIterations());
session.userFederatedStorage().createCredential(realm, userId, credential);
session.userFederatedStorage().grantRole(realm, userId, role);
session.userFederatedStorage().joinGroup(realm, userId, group);
});
final String realmId = testRealmResource().toRepresentation().getId();
final String groupId = testRealmResource().getGroupByPath("/test-group").getId();
final String exportFileAbsolutePath = this.exportFileAbsolutePath;
testingClient.server().run(session -> {
ExportImportConfig.setProvider(SingleFileExportProviderFactory.PROVIDER_ID);
ExportImportConfig.setFile(exportFileAbsolutePath);
ExportImportConfig.setRealmName(REALM_NAME);
ExportImportConfig.setAction(ExportImportConfig.ACTION_EXPORT);
new ExportImportManager(session).runExport();
session.realms().removeRealm(realmId);
});
testingClient.server().run(session -> {
Assert.assertNull(session.realms().getRealmByName(REALM_NAME));
ExportImportConfig.setAction(ExportImportConfig.ACTION_IMPORT);
new ExportImportManager(session).runImport();
});
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName(REALM_NAME);
Assert.assertNotNull(realm);
RoleModel role = realm.getRole("test-role");
GroupModel group = realm.getGroupById(groupId);
Assert.assertEquals(1, session.userFederatedStorage().getStoredUsersCount(realm));
MultivaluedHashMap<String, String> attributes = session.userFederatedStorage().getAttributes(realm, userId);
Assert.assertEquals(3, attributes.size());
Assert.assertEquals("value1", attributes.getFirst("single1"));
Assert.assertTrue(attributes.getList("list1").contains("1"));
Assert.assertTrue(attributes.getList("list1").contains("2"));
Assert.assertTrue(session.userFederatedStorage().getRequiredActionsStream(realm, userId).collect(Collectors.toSet()).contains("UPDATE_PASSWORD"));
Assert.assertTrue(session.userFederatedStorage().getRoleMappingsStream(realm, userId).collect(Collectors.toSet()).contains(role));
Assert.assertTrue(session.userFederatedStorage().getGroupsStream(realm, userId).collect(Collectors.toSet()).contains(group));
List<CredentialModel> creds = session.userFederatedStorage().getStoredCredentialsStream(realm, userId).collect(Collectors.toList());
Assert.assertEquals(1, creds.size());
Assert.assertTrue(FederatedStorageExportImportTest.getHashProvider(session, realm.getPasswordPolicy()).verify("password", PasswordCredentialModel.createFromCredentialModel(creds.get(0))));
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
CredentialModel(org.keycloak.credential.CredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
GroupModel(org.keycloak.models.GroupModel)
ExportImportManager(org.keycloak.exportimport.ExportImportManager)
RoleModel(org.keycloak.models.RoleModel)
RealmManager(org.keycloak.services.managers.RealmManager)
LinkedList(java.util.LinkedList)
AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest)
Test(org.junit.Test)
Aggregations
GroupModel (org.keycloak.models.GroupModel)72
RealmModel (org.keycloak.models.RealmModel)40
Test (org.junit.Test)26
ComponentModel (org.keycloak.component.ComponentModel)23
UserModel (org.keycloak.models.UserModel)20
LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)18
LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)13
GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)12
RoleModel (org.keycloak.models.RoleModel)10
ClientModel (org.keycloak.models.ClientModel)9
GroupLDAPStorageMapperFactory (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory)9
HashMap (java.util.HashMap)8
List (java.util.List)8
NotFoundException (javax.ws.rs.NotFoundException)7
SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)7
HashSet (java.util.HashSet)6
Map (java.util.Map)6
Collectors (java.util.stream.Collectors)6
Path (javax.ws.rs.Path)6
Policy (org.keycloak.authorization.model.Policy)6
