Search in sources :

Example 81 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class UserStorageFailureTest method testKeycloak5350.

// this is a hack so that UserModel doesn't have to be available when offline token is imported.
// see related JIRA - KEYCLOAK-5350 and corresponding test
/**
 *  KEYCLOAK-5350
 */
@Test
public void testKeycloak5350() throws Exception {
    ContainerAssume.assumeNotAuthServerRemote();
    oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
    oauth.clientId("offline-client");
    oauth.redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/offline-client");
    oauth.doLogin(FailableHardcodedStorageProvider.username, "password");
    EventRepresentation loginEvent = events.expectLogin().user(AssertEvents.isUUID()).client("offline-client").detail(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/offline-client").assertEvent();
    final String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret");
    AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
    String offlineTokenString = tokenResponse.getRefreshToken();
    RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
    events.clear();
    evictUser(FailableHardcodedStorageProvider.username);
    toggleForceFail(true);
    // make sure failure is turned on
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealmByName(AuthRealm.TEST);
        try {
            UserModel user = session.users().getUserByUsername(realm, FailableHardcodedStorageProvider.username);
            Assert.fail();
        } catch (Exception e) {
            Assert.assertEquals("FORCED FAILURE", e.getMessage());
        }
    });
    controller.stop(suiteContext.getAuthServerInfo().getQualifier());
    controller.start(suiteContext.getAuthServerInfo().getQualifier());
    reconnectAdminClient();
    toggleForceFail(false);
    // test that once user storage provider is available again we can still access the token.
    tokenResponse = oauth.doRefreshTokenRequest(offlineTokenString, "secret");
    Assert.assertNotNull(tokenResponse.getAccessToken());
    token = oauth.verifyToken(tokenResponse.getAccessToken());
    offlineTokenString = tokenResponse.getRefreshToken();
    offlineToken = oauth.parseRefreshToken(offlineTokenString);
    events.clear();
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserModel(org.keycloak.models.UserModel) CachedUserModel(org.keycloak.models.cache.CachedUserModel) RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) AccessToken(org.keycloak.representations.AccessToken) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 82 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class JavascriptAdapterTest method grantBrowserBasedApp.

@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void grantBrowserBasedApp() {
    Assume.assumeTrue("This test doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
    ClientResource clientResource = ApiUtil.findClientResourceByClientId(adminClient.realm(REALM_NAME), CLIENT_ID);
    ClientRepresentation client = clientResource.toRepresentation();
    try {
        client.setConsentRequired(true);
        clientResource.update(client);
        testExecutor.init(defaultArguments(), this::assertInitNotAuth).login(this::assertOnLoginPage).loginForm(testUser, (driver1, output, events) -> assertTrue(oAuthGrantPage.isCurrent(driver1)));
        oAuthGrantPage.accept();
        EventRepresentation loginEvent = events.expectLogin().client(CLIENT_ID).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).detail(Details.REDIRECT_URI, testAppUrl).detail(Details.USERNAME, testUser.getUsername()).assertEvent();
        String codeId = loginEvent.getDetails().get(Details.CODE_ID);
        testExecutor.init(defaultArguments(), this::assertInitAuth);
        applicationsPage.navigateTo();
        events.expectCodeToToken(codeId, loginEvent.getSessionId()).client(CLIENT_ID).assertEvent();
        applicationsPage.revokeGrantForApplication(CLIENT_ID);
        events.expect(EventType.REVOKE_GRANT).client("account").detail(Details.REVOKED_CLIENT, CLIENT_ID).assertEvent();
        jsDriver.navigate().to(testAppUrl);
        // need to configure because we refreshed page
        testExecutor.configure().init(defaultArguments(), this::assertInitNotAuth).login((driver1, output, events) -> assertTrue(oAuthGrantPage.isCurrent(driver1)));
    } finally {
        // Clean
        client.setConsentRequired(false);
        clientResource.update(client);
    }
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) Test(org.junit.Test)

Example 83 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RequiredActionEmailVerificationTest method verifyEmailResendWithRefreshes.

@Test
public void verifyEmailResendWithRefreshes() throws IOException, MessagingException {
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    verifyEmailPage.assertCurrent();
    driver.navigate().refresh();
    Assert.assertEquals(1, greenMail.getReceivedMessages().length);
    EventRepresentation sendEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost").assertEvent();
    String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
    verifyEmailPage.clickResendEmail();
    verifyEmailPage.assertCurrent();
    driver.navigate().refresh();
    events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail(Details.CODE_ID, mailCodeId).detail("email", "test-user@localhost").assertEvent();
    Assert.assertEquals(2, greenMail.getReceivedMessages().length);
    MimeMessage message = greenMail.getLastReceivedMessage();
    String verificationUrl = getPasswordResetEmailLink(message);
    driver.navigate().to(verificationUrl.trim());
    appPage.assertCurrent();
    Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectRequiredAction(EventType.VERIFY_EMAIL).user(testUserId).detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").detail(Details.CODE_ID, mailCodeId).assertEvent();
    events.expectLogin().user(testUserId).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AuthenticationSessionFailoverClusterTest(org.keycloak.testsuite.cluster.AuthenticationSessionFailoverClusterTest)

Example 84 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RequiredActionEmailVerificationTest method verifyEmailExisting.

@Test
public void verifyEmailExisting() throws IOException, MessagingException {
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    verifyEmailPage.assertCurrent();
    Assert.assertEquals(1, greenMail.getReceivedMessages().length);
    MimeMessage message = greenMail.getReceivedMessages()[0];
    String verificationUrl = getPasswordResetEmailLink(message);
    AssertEvents.ExpectedEvent emailEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost");
    EventRepresentation sendEvent = emailEvent.assertEvent();
    String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
    driver.navigate().to(verificationUrl.trim());
    events.expectRequiredAction(EventType.VERIFY_EMAIL).user(testUserId).detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").detail(Details.CODE_ID, mailCodeId).assertEvent();
    appPage.assertCurrent();
    Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectLogin().user(testUserId).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) AssertEvents(org.keycloak.testsuite.AssertEvents) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AuthenticationSessionFailoverClusterTest(org.keycloak.testsuite.cluster.AuthenticationSessionFailoverClusterTest)

Example 85 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RequiredActionTotpSetupTest method setupOtpPolicyChangedHotp.

@Test
public void setupOtpPolicyChangedHotp() {
    RealmRepresentation realmRep = adminClient.realm("test").toRepresentation();
    RealmBuilder.edit(realmRep).otpLookAheadWindow(0).otpDigits(6).otpPeriod(30).otpType(OTPCredentialModel.HOTP).otpAlgorithm(HmacOTP.HMAC_SHA1).otpInitialCounter(0);
    adminClient.realm("test").update(realmRep);
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    totpPage.assertCurrent();
    String totpSecret = totpPage.getTotpSecret();
    HmacOTP otpgen = new HmacOTP(6, HmacOTP.HMAC_SHA1, 1);
    totpPage.configure(otpgen.generateHOTP(totpSecret, 0));
    String uri = driver.getCurrentUrl();
    String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getDetails().get(Details.CODE_ID);
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    EventRepresentation loginEvent = events.expectLogin().session(sessionId).assertEvent();
    oauth.openLogout();
    events.expectLogout(loginEvent.getSessionId()).assertEvent();
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    loginTotpPage.assertCurrent();
    loginTotpPage.login(otpgen.generateHOTP(totpSecret, 1));
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectLogin().assertEvent();
    oauth.openLogout();
    events.expectLogout(null).session(AssertEvents.isUUID()).assertEvent();
    // test lookAheadWindow
    realmRep = adminClient.realm("test").toRepresentation();
    RealmBuilder.edit(realmRep).otpLookAheadWindow(5).otpDigits(6).otpPeriod(30).otpType(OTPCredentialModel.HOTP).otpAlgorithm(HmacOTP.HMAC_SHA1).otpInitialCounter(0);
    adminClient.realm("test").update(realmRep);
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    loginTotpPage.assertCurrent();
    loginTotpPage.login(otpgen.generateHOTP(totpSecret, 2));
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectLogin().assertEvent();
    // Revert
    realmRep = adminClient.realm("test").toRepresentation();
    RealmBuilder.edit(realmRep).otpLookAheadWindow(1).otpDigits(6).otpPeriod(30).otpType(OTPCredentialModel.TOTP).otpAlgorithm(HmacOTP.HMAC_SHA1).otpInitialCounter(0);
    adminClient.realm("test").update(realmRep);
}
Also used : HmacOTP(org.keycloak.models.utils.HmacOTP) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

EventRepresentation (org.keycloak.representations.idm.EventRepresentation)164 Test (org.junit.Test)124 OAuthClient (org.keycloak.testsuite.util.OAuthClient)93 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)60 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)44 RefreshToken (org.keycloak.representations.RefreshToken)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 AccessToken (org.keycloak.representations.AccessToken)26 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)25 IDToken (org.keycloak.representations.IDToken)23 Matchers.containsString (org.hamcrest.Matchers.containsString)15 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)15 Response (javax.ws.rs.core.Response)13 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)12 IOException (java.io.IOException)11 RealmResource (org.keycloak.admin.client.resource.RealmResource)11 AssertEvents (org.keycloak.testsuite.AssertEvents)10 JWSInput (org.keycloak.jose.jws.JWSInput)9 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)9