use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class RefreshTokenTest method testUserSessionRefreshAndIdleRememberMe.
@Test
public void testUserSessionRefreshAndIdleRememberMe() throws Exception {
RealmResource testRealm = adminClient.realm("test");
RealmRepresentation testRealmRep = testRealm.toRepresentation();
Boolean previousRememberMe = testRealmRep.isRememberMe();
int originalIdleRememberMe = testRealmRep.getSsoSessionIdleTimeoutRememberMe();
try {
testRealmRep.setRememberMe(true);
testRealm.update(testRealmRep);
oauth.doRememberMeLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
events.poll();
String refreshId = oauth.parseRefreshToken(tokenResponse.getRefreshToken()).getId();
int last = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
setTimeOffset(2);
tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
oauth.verifyToken(tokenResponse.getAccessToken());
oauth.parseRefreshToken(tokenResponse.getRefreshToken());
assertEquals(200, tokenResponse.getStatusCode());
int next = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
Assert.assertNotEquals(last, next);
testRealmRep.setSsoSessionIdleTimeoutRememberMe(1);
testRealm.update(testRealmRep);
events.clear();
// Needs to add some additional time due the tollerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
setTimeOffset(6 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
// test idle remember me timeout
assertEquals(400, tokenResponse.getStatusCode());
assertNull(tokenResponse.getAccessToken());
assertNull(tokenResponse.getRefreshToken());
events.expectRefresh(refreshId, sessionId).error(Errors.INVALID_TOKEN);
events.clear();
} finally {
testRealmRep.setSsoSessionIdleTimeoutRememberMe(originalIdleRememberMe);
testRealmRep.setRememberMe(previousRememberMe);
testRealm.update(testRealmRep);
setTimeOffset(0);
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class RefreshTokenTest method refreshTokenReuseTokenWithoutRefreshTokensRevoked.
@Test
public void refreshTokenReuseTokenWithoutRefreshTokensRevoked() throws Exception {
try {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
OAuthClient.AccessTokenResponse response1 = oauth.doAccessTokenRequest(code, "password");
RefreshToken refreshToken1 = oauth.parseRefreshToken(response1.getRefreshToken());
events.expectCodeToToken(codeId, sessionId).assertEvent();
setTimeOffset(2);
OAuthClient.AccessTokenResponse response2 = oauth.doRefreshTokenRequest(response1.getRefreshToken(), "password");
assertEquals(200, response2.getStatusCode());
events.expectRefresh(refreshToken1.getId(), sessionId).assertEvent();
setTimeOffset(4);
OAuthClient.AccessTokenResponse response3 = oauth.doRefreshTokenRequest(response1.getRefreshToken(), "password");
assertEquals(200, response3.getStatusCode());
events.expectRefresh(refreshToken1.getId(), sessionId).assertEvent();
} finally {
setTimeOffset(0);
}
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class BackchannelLogoutTest method assertLoginEvent.
private String assertLoginEvent(String userId, String clientId, String realmName) {
String sessionId = null;
String realmId = adminClient.realm(realmName).toRepresentation().getId();
List<EventRepresentation> eventList = adminClient.realm(realmName).getEvents();
Optional<EventRepresentation> loginEventOptional = eventList.stream().filter(event -> userId.equals(event.getUserId())).filter(event -> event.getType().equals(EventType.LOGIN.name())).findAny();
if (loginEventOptional.isPresent()) {
EventRepresentation loginEvent = loginEventOptional.get();
this.events.expectLogin().realm(realmId).client(clientId).user(userId).removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).assertEvent(loginEvent);
sessionId = loginEvent.getSessionId();
} else {
fail("No Login event found for user " + userId);
}
return sessionId;
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class ClientAuthSecretSignedJWTTest method testAssertionReuse.
@Test
public void testAssertionReuse() throws Exception {
oauth.clientId("test-app");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().client("test-app").assertEvent();
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
String clientSignedJWT = getClientSignedJWT("password", 20);
OAuthClient.AccessTokenResponse response = doAccessTokenRequest(code, clientSignedJWT);
assertEquals(200, response.getStatusCode());
events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).client(oauth.getClientId()).detail(Details.CLIENT_AUTH_METHOD, JWTClientSecretAuthenticator.PROVIDER_ID).assertEvent();
// 2nd attempt to use same clientSignedJWT should fail
oauth.openLoginForm();
loginEvent = events.expectLogin().client("test-app").assertEvent();
String code2 = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
response = doAccessTokenRequest(code2, clientSignedJWT);
events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).error("invalid_client_credentials").clearDetails().user((String) null).session((String) null).assertEvent();
assertEquals(400, response.getStatusCode());
assertEquals("unauthorized_client", response.getError());
}
use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.
the class OAuthGrantTest method oauthGrantUserNotLoggedOutAfterConsentRevoke.
// KEYCLOAK-16006 - tests that after revoke consent from single client, the SSO session is still valid and not automatically logged-out
@Test
public void oauthGrantUserNotLoggedOutAfterConsentRevoke() throws Exception {
// Login
oauth.clientId(THIRD_PARTY_APP);
oauth.doLoginGrant("test-user@localhost", "password");
// Confirm consent screen
grantPage.assertCurrent();
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
grantPage.accept();
Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.CODE));
EventRepresentation loginEvent = events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
String sessionId = loginEvent.getSessionId();
// Revoke consent with admin REST API
adminClient.realm(REALM_NAME).users().get(loginEvent.getUserId()).revokeConsent(THIRD_PARTY_APP);
// Make sure that after refresh, consent page is displayed and user doesn't need to re-authenticate. Just accept consent screen again
oauth.openLoginForm();
grantPage.assertCurrent();
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
grantPage.accept();
loginEvent = events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
// String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String sessionId2 = loginEvent.getSessionId();
Assert.assertEquals(sessionId, sessionId2);
// Revert consent
adminClient.realm(REALM_NAME).users().get(loginEvent.getUserId()).revokeConsent(THIRD_PARTY_APP);
}
Aggregations