use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class UserStorageFailureTest method testKeycloak5350.
// this is a hack so that UserModel doesn't have to be available when offline token is imported.
// see related JIRA - KEYCLOAK-5350 and corresponding test
/**
* KEYCLOAK-5350
*/
@Test
public void testKeycloak5350() throws Exception {
ContainerAssume.assumeNotAuthServerRemote();
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
oauth.clientId("offline-client");
oauth.redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/offline-client");
oauth.doLogin(FailableHardcodedStorageProvider.username, "password");
EventRepresentation loginEvent = events.expectLogin().user(AssertEvents.isUUID()).client("offline-client").detail(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/offline-client").assertEvent();
final String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "secret");
AccessToken token = oauth.verifyToken(tokenResponse.getAccessToken());
String offlineTokenString = tokenResponse.getRefreshToken();
RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
events.clear();
evictUser(FailableHardcodedStorageProvider.username);
toggleForceFail(true);
// make sure failure is turned on
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName(AuthRealm.TEST);
try {
UserModel user = session.users().getUserByUsername(realm, FailableHardcodedStorageProvider.username);
Assert.fail();
} catch (Exception e) {
Assert.assertEquals("FORCED FAILURE", e.getMessage());
}
});
controller.stop(suiteContext.getAuthServerInfo().getQualifier());
controller.start(suiteContext.getAuthServerInfo().getQualifier());
reconnectAdminClient();
toggleForceFail(false);
// test that once user storage provider is available again we can still access the token.
tokenResponse = oauth.doRefreshTokenRequest(offlineTokenString, "secret");
Assert.assertNotNull(tokenResponse.getAccessToken());
token = oauth.verifyToken(tokenResponse.getAccessToken());
offlineTokenString = tokenResponse.getRefreshToken();
offlineToken = oauth.parseRefreshToken(offlineTokenString);
events.clear();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class JavascriptAdapterTest method grantBrowserBasedApp.
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void grantBrowserBasedApp() {
Assume.assumeTrue("This test doesn't work with phantomjs", !"phantomjs".equals(System.getProperty("js.browser")));
ClientResource clientResource = ApiUtil.findClientResourceByClientId(adminClient.realm(REALM_NAME), CLIENT_ID);
ClientRepresentation client = clientResource.toRepresentation();
try {
client.setConsentRequired(true);
clientResource.update(client);
testExecutor.init(defaultArguments(), this::assertInitNotAuth).login(this::assertOnLoginPage).loginForm(testUser, (driver1, output, events) -> assertTrue(oAuthGrantPage.isCurrent(driver1)));
oAuthGrantPage.accept();
EventRepresentation loginEvent = events.expectLogin().client(CLIENT_ID).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).detail(Details.REDIRECT_URI, testAppUrl).detail(Details.USERNAME, testUser.getUsername()).assertEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
testExecutor.init(defaultArguments(), this::assertInitAuth);
applicationsPage.navigateTo();
events.expectCodeToToken(codeId, loginEvent.getSessionId()).client(CLIENT_ID).assertEvent();
applicationsPage.revokeGrantForApplication(CLIENT_ID);
events.expect(EventType.REVOKE_GRANT).client("account").detail(Details.REVOKED_CLIENT, CLIENT_ID).assertEvent();
jsDriver.navigate().to(testAppUrl);
// need to configure because we refreshed page
testExecutor.configure().init(defaultArguments(), this::assertInitNotAuth).login((driver1, output, events) -> assertTrue(oAuthGrantPage.isCurrent(driver1)));
} finally {
// Clean
client.setConsentRequired(false);
clientResource.update(client);
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class RequiredActionEmailVerificationTest method verifyEmailResendWithRefreshes.
@Test
public void verifyEmailResendWithRefreshes() throws IOException, MessagingException {
loginPage.open();
loginPage.login("test-user@localhost", "password");
verifyEmailPage.assertCurrent();
driver.navigate().refresh();
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
EventRepresentation sendEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost").assertEvent();
String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
verifyEmailPage.clickResendEmail();
verifyEmailPage.assertCurrent();
driver.navigate().refresh();
events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail(Details.CODE_ID, mailCodeId).detail("email", "test-user@localhost").assertEvent();
Assert.assertEquals(2, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getLastReceivedMessage();
String verificationUrl = getPasswordResetEmailLink(message);
driver.navigate().to(verificationUrl.trim());
appPage.assertCurrent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectRequiredAction(EventType.VERIFY_EMAIL).user(testUserId).detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").detail(Details.CODE_ID, mailCodeId).assertEvent();
events.expectLogin().user(testUserId).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class RequiredActionEmailVerificationTest method verifyEmailExisting.
@Test
public void verifyEmailExisting() throws IOException, MessagingException {
loginPage.open();
loginPage.login("test-user@localhost", "password");
verifyEmailPage.assertCurrent();
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String verificationUrl = getPasswordResetEmailLink(message);
AssertEvents.ExpectedEvent emailEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).detail("email", "test-user@localhost");
EventRepresentation sendEvent = emailEvent.assertEvent();
String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
driver.navigate().to(verificationUrl.trim());
events.expectRequiredAction(EventType.VERIFY_EMAIL).user(testUserId).detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").detail(Details.CODE_ID, mailCodeId).assertEvent();
appPage.assertCurrent();
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(testUserId).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class RequiredActionTotpSetupTest method setupOtpPolicyChangedHotp.
@Test
public void setupOtpPolicyChangedHotp() {
RealmRepresentation realmRep = adminClient.realm("test").toRepresentation();
RealmBuilder.edit(realmRep).otpLookAheadWindow(0).otpDigits(6).otpPeriod(30).otpType(OTPCredentialModel.HOTP).otpAlgorithm(HmacOTP.HMAC_SHA1).otpInitialCounter(0);
adminClient.realm("test").update(realmRep);
loginPage.open();
loginPage.login("test-user@localhost", "password");
totpPage.assertCurrent();
String totpSecret = totpPage.getTotpSecret();
HmacOTP otpgen = new HmacOTP(6, HmacOTP.HMAC_SHA1, 1);
totpPage.configure(otpgen.generateHOTP(totpSecret, 0));
String uri = driver.getCurrentUrl();
String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getDetails().get(Details.CODE_ID);
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().session(sessionId).assertEvent();
oauth.openLogout();
events.expectLogout(loginEvent.getSessionId()).assertEvent();
loginPage.open();
loginPage.login("test-user@localhost", "password");
loginTotpPage.assertCurrent();
loginTotpPage.login(otpgen.generateHOTP(totpSecret, 1));
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
oauth.openLogout();
events.expectLogout(null).session(AssertEvents.isUUID()).assertEvent();
// test lookAheadWindow
realmRep = adminClient.realm("test").toRepresentation();
RealmBuilder.edit(realmRep).otpLookAheadWindow(5).otpDigits(6).otpPeriod(30).otpType(OTPCredentialModel.HOTP).otpAlgorithm(HmacOTP.HMAC_SHA1).otpInitialCounter(0);
adminClient.realm("test").update(realmRep);
loginPage.open();
loginPage.login("test-user@localhost", "password");
loginTotpPage.assertCurrent();
loginTotpPage.login(otpgen.generateHOTP(totpSecret, 2));
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
// Revert
realmRep = adminClient.realm("test").toRepresentation();
RealmBuilder.edit(realmRep).otpLookAheadWindow(1).otpDigits(6).otpPeriod(30).otpType(OTPCredentialModel.TOTP).otpAlgorithm(HmacOTP.HMAC_SHA1).otpInitialCounter(0);
adminClient.realm("test").update(realmRep);
}
Aggregations