Search in sources :

Example 86 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RequiredActionResetPasswordTest method tempPassword.

@Test
public void tempPassword() throws Exception {
    requireUpdatePassword();
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    changePasswordPage.assertCurrent();
    assertFalse(changePasswordPage.isCancelDisplayed());
    changePasswordPage.changePassword("new-password", "new-password");
    events.expectRequiredAction(EventType.UPDATE_PASSWORD).assertEvent();
    Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    oauth.openLogout();
    events.expectLogout(loginEvent.getSessionId()).assertEvent();
    loginPage.open();
    loginPage.login("test-user@localhost", "new-password");
    events.expectLogin().assertEvent();
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 87 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RequiredActionTotpSetupTest method setupTotpExisting.

@Test
public void setupTotpExisting() {
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    totpPage.assertCurrent();
    String totpSecret = totpPage.getTotpSecret();
    totpPage.configure(totp.generateTOTP(totpSecret));
    String authSessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getDetails().get(Details.CODE_ID);
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    EventRepresentation loginEvent = events.expectLogin().session(authSessionId).assertEvent();
    oauth.openLogout();
    events.expectLogout(authSessionId).assertEvent();
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    String src = driver.getPageSource();
    loginTotpPage.login(totp.generateTOTP(totpSecret));
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectLogin().assertEvent();
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 88 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RequiredActionTotpSetupTest method setupOtpPolicyChangedTotp8Digits.

@Test
public void setupOtpPolicyChangedTotp8Digits() {
    // set policy to 8 digits
    RealmRepresentation realmRep = adminClient.realm("test").toRepresentation();
    RealmBuilder.edit(realmRep).otpLookAheadWindow(1).otpDigits(8).otpPeriod(30).otpType(OTPCredentialModel.TOTP).otpAlgorithm(HmacOTP.HMAC_SHA1).otpInitialCounter(0);
    adminClient.realm("test").update(realmRep);
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    totpPage.assertCurrent();
    String totpSecret = totpPage.getTotpSecret();
    TimeBasedOTP timeBased = new TimeBasedOTP(HmacOTP.HMAC_SHA1, 8, 30, 1);
    totpPage.configure(timeBased.generateTOTP(totpSecret));
    String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).assertEvent().getDetails().get(Details.CODE_ID);
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    EventRepresentation loginEvent = events.expectLogin().session(sessionId).assertEvent();
    oauth.openLogout();
    events.expectLogout(loginEvent.getSessionId()).assertEvent();
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    String src = driver.getPageSource();
    String token = timeBased.generateTOTP(totpSecret);
    assertEquals(8, token.length());
    loginTotpPage.login(token);
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectLogin().assertEvent();
    // Revert
    realmRep = adminClient.realm("test").toRepresentation();
    RealmBuilder.edit(realmRep).otpDigits(6);
    adminClient.realm("test").update(realmRep);
}
Also used : TimeBasedOTP(org.keycloak.models.utils.TimeBasedOTP) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 89 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RequiredActionTotpSetupTest method setupTotpRegisteredAfterTotpRemoval.

@Test
public void setupTotpRegisteredAfterTotpRemoval() {
    // Register new user
    loginPage.open();
    loginPage.clickRegister();
    registerPage.register("firstName2", "lastName2", "email2@mail.com", "setupTotp2", "password2", "password2");
    String userId = events.expectRegister("setupTotp2", "email2@mail.com").assertEvent().getUserId();
    // Configure totp
    totpPage.assertCurrent();
    String totpCode = totpPage.getTotpSecret();
    totpPage.configure(totp.generateTOTP(totpCode));
    // After totp config, user should be on the app page
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
    EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
    // Logout
    oauth.openLogout();
    events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
    // Try to login after logout
    loginPage.open();
    loginPage.login("setupTotp2", "password2");
    // Totp is already configured, thus one-time password is needed, login page should be loaded
    String uri = driver.getCurrentUrl();
    String src = driver.getPageSource();
    assertTrue(loginPage.isCurrent());
    Assert.assertFalse(totpPage.isCurrent());
    // Login with one-time password
    loginTotpPage.login(totp.generateTOTP(totpCode));
    loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setupTotp2").assertEvent();
    // Open account page
    accountTotpPage.open();
    accountTotpPage.assertCurrent();
    // Remove google authentificator
    accountTotpPage.removeTotp();
    events.expectAccount(EventType.REMOVE_TOTP).user(userId).assertEvent();
    // Logout
    oauth.openLogout();
    events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
    // Try to login
    loginPage.open();
    loginPage.login("setupTotp2", "password2");
    // Since the authentificator was removed, it has to be set up again
    totpPage.assertCurrent();
    totpPage.configure(totp.generateTOTP(totpPage.getTotpSecret()));
    String sessionId = events.expectRequiredAction(EventType.UPDATE_TOTP).user(userId).detail(Details.USERNAME, "setupTotp2").assertEvent().getDetails().get(Details.CODE_ID);
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    events.expectLogin().user(userId).session(sessionId).detail(Details.USERNAME, "setupTotp2").assertEvent();
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 90 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class ClientPoliciesTest method testSecureSigningAlgorithmForSignedJwtEnforceExecutorWithSecureAlg.

@Test
public void testSecureSigningAlgorithmForSignedJwtEnforceExecutorWithSecureAlg() throws Exception {
    // register profiles
    String json = (new ClientProfilesBuilder()).addProfile((new ClientProfileBuilder()).createProfile(PROFILE_NAME, "Ensimmainen Profiili").addExecutor(SecureSigningAlgorithmForSignedJwtExecutorFactory.PROVIDER_ID, createSecureSigningAlgorithmForSignedJwtEnforceExecutorConfig(Boolean.TRUE)).toRepresentation()).toString();
    updateProfiles(json);
    // register policies
    String roleAlphaName = "sample-client-role-alpha";
    String roleZetaName = "sample-client-role-zeta";
    String roleCommonName = "sample-client-role-common";
    json = (new ClientPoliciesBuilder()).addPolicy((new ClientPolicyBuilder()).createPolicy(POLICY_NAME, "Den Forste Politikken", Boolean.TRUE).addCondition(ClientRolesConditionFactory.PROVIDER_ID, createClientRolesConditionConfig(Arrays.asList(roleAlphaName, roleZetaName))).addProfile(PROFILE_NAME).toRepresentation()).toString();
    updatePolicies(json);
    // create a client with client role
    String clientId = generateSuffixedName(CLIENT_NAME);
    String cid = createClientByAdmin(clientId, (ClientRepresentation clientRep) -> {
        clientRep.setSecret("secret");
        clientRep.setClientAuthenticatorType(JWTClientAuthenticator.PROVIDER_ID);
        clientRep.setAttributes(new HashMap<>());
        clientRep.getAttributes().put(OIDCConfigAttributes.TOKEN_ENDPOINT_AUTH_SIGNING_ALG, org.keycloak.crypto.Algorithm.ES256);
    });
    adminClient.realm(REALM_NAME).clients().get(cid).roles().create(RoleBuilder.create().name(roleAlphaName).build());
    adminClient.realm(REALM_NAME).clients().get(cid).roles().create(RoleBuilder.create().name(roleCommonName).build());
    ClientResource clientResource = ApiUtil.findClientByClientId(adminClient.realm(REALM_NAME), clientId);
    ClientRepresentation clientRep = clientResource.toRepresentation();
    KeyPair keyPair = setupJwksUrl(org.keycloak.crypto.Algorithm.ES256, clientRep, clientResource);
    PublicKey publicKey = keyPair.getPublic();
    PrivateKey privateKey = keyPair.getPrivate();
    String signedJwt = createSignedRequestToken(clientId, privateKey, publicKey, org.keycloak.crypto.Algorithm.ES256);
    oauth.clientId(clientId);
    oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
    EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
    String sessionId = loginEvent.getSessionId();
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    // obtain access token
    OAuthClient.AccessTokenResponse response = doAccessTokenRequestWithSignedJWT(code, signedJwt);
    assertEquals(200, response.getStatusCode());
    oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
    assertEquals(sessionId, refreshToken.getSessionState());
    assertEquals(sessionId, refreshToken.getSessionState());
    events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).client(clientId).detail(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID).assertEvent();
    // refresh token
    signedJwt = createSignedRequestToken(clientId, privateKey, publicKey, org.keycloak.crypto.Algorithm.ES256);
    OAuthClient.AccessTokenResponse refreshedResponse = doRefreshTokenRequestWithSignedJWT(response.getRefreshToken(), signedJwt);
    assertEquals(200, refreshedResponse.getStatusCode());
    // introspect token
    signedJwt = createSignedRequestToken(clientId, privateKey, publicKey, org.keycloak.crypto.Algorithm.ES256);
    HttpResponse tokenIntrospectionResponse = doTokenIntrospectionWithSignedJWT("access_token", refreshedResponse.getAccessToken(), signedJwt);
    assertEquals(200, tokenIntrospectionResponse.getStatusLine().getStatusCode());
    // revoke token
    signedJwt = createSignedRequestToken(clientId, privateKey, publicKey, org.keycloak.crypto.Algorithm.ES256);
    HttpResponse revokeTokenResponse = doTokenRevokeWithSignedJWT("refresh_toke", refreshedResponse.getRefreshToken(), signedJwt);
    assertEquals(200, revokeTokenResponse.getStatusLine().getStatusCode());
    signedJwt = createSignedRequestToken(clientId, privateKey, publicKey, org.keycloak.crypto.Algorithm.ES256);
    OAuthClient.AccessTokenResponse tokenRes = doRefreshTokenRequestWithSignedJWT(refreshedResponse.getRefreshToken(), signedJwt);
    assertEquals(400, tokenRes.getStatusCode());
    assertEquals(OAuthErrorException.INVALID_GRANT, tokenRes.getError());
    // logout
    signedJwt = createSignedRequestToken(clientId, privateKey, publicKey, org.keycloak.crypto.Algorithm.ES256);
    HttpResponse logoutResponse = doLogoutWithSignedJWT(refreshedResponse.getRefreshToken(), signedJwt);
    assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
}
Also used : KeyPair(java.security.KeyPair) PrivateKey(java.security.PrivateKey) OAuthClient(org.keycloak.testsuite.util.OAuthClient) PublicKey(java.security.PublicKey) ClientProfilesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfilesBuilder) ClientPoliciesBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPoliciesBuilder) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) ClientPolicyBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientPolicyBuilder) HttpResponse(org.apache.http.HttpResponse) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ClientProfileBuilder(org.keycloak.testsuite.util.ClientPoliciesUtil.ClientProfileBuilder) RefreshToken(org.keycloak.representations.RefreshToken) ClientResource(org.keycloak.admin.client.resource.ClientResource) Test(org.junit.Test)

Aggregations

EventRepresentation (org.keycloak.representations.idm.EventRepresentation)164 Test (org.junit.Test)124 OAuthClient (org.keycloak.testsuite.util.OAuthClient)93 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)60 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)44 RefreshToken (org.keycloak.representations.RefreshToken)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 AccessToken (org.keycloak.representations.AccessToken)26 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)25 IDToken (org.keycloak.representations.IDToken)23 Matchers.containsString (org.hamcrest.Matchers.containsString)15 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)15 Response (javax.ws.rs.core.Response)13 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)12 IOException (java.io.IOException)11 RealmResource (org.keycloak.admin.client.resource.RealmResource)11 AssertEvents (org.keycloak.testsuite.AssertEvents)10 JWSInput (org.keycloak.jose.jws.JWSInput)9 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)9