Search in sources :

Example 31 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RefreshTokenTest method testUserSessionRefreshAndIdleRememberMe.

@Test
public void testUserSessionRefreshAndIdleRememberMe() throws Exception {
    RealmResource testRealm = adminClient.realm("test");
    RealmRepresentation testRealmRep = testRealm.toRepresentation();
    Boolean previousRememberMe = testRealmRep.isRememberMe();
    int originalIdleRememberMe = testRealmRep.getSsoSessionIdleTimeoutRememberMe();
    try {
        testRealmRep.setRememberMe(true);
        testRealm.update(testRealmRep);
        oauth.doRememberMeLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        String sessionId = loginEvent.getSessionId();
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code, "password");
        events.poll();
        String refreshId = oauth.parseRefreshToken(tokenResponse.getRefreshToken()).getId();
        int last = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
        setTimeOffset(2);
        tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
        oauth.verifyToken(tokenResponse.getAccessToken());
        oauth.parseRefreshToken(tokenResponse.getRefreshToken());
        assertEquals(200, tokenResponse.getStatusCode());
        int next = testingClient.testing().getLastSessionRefresh("test", sessionId, false);
        Assert.assertNotEquals(last, next);
        testRealmRep.setSsoSessionIdleTimeoutRememberMe(1);
        testRealm.update(testRealmRep);
        events.clear();
        // Needs to add some additional time due the tollerance allowed by IDLE_TIMEOUT_WINDOW_SECONDS
        setTimeOffset(6 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
        tokenResponse = oauth.doRefreshTokenRequest(tokenResponse.getRefreshToken(), "password");
        // test idle remember me timeout
        assertEquals(400, tokenResponse.getStatusCode());
        assertNull(tokenResponse.getAccessToken());
        assertNull(tokenResponse.getRefreshToken());
        events.expectRefresh(refreshId, sessionId).error(Errors.INVALID_TOKEN);
        events.clear();
    } finally {
        testRealmRep.setSsoSessionIdleTimeoutRememberMe(originalIdleRememberMe);
        testRealmRep.setRememberMe(previousRememberMe);
        testRealm.update(testRealmRep);
        setTimeOffset(0);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 32 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class RefreshTokenTest method refreshTokenReuseTokenWithoutRefreshTokensRevoked.

@Test
public void refreshTokenReuseTokenWithoutRefreshTokensRevoked() throws Exception {
    try {
        oauth.doLogin("test-user@localhost", "password");
        EventRepresentation loginEvent = events.expectLogin().assertEvent();
        String sessionId = loginEvent.getSessionId();
        String codeId = loginEvent.getDetails().get(Details.CODE_ID);
        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
        OAuthClient.AccessTokenResponse response1 = oauth.doAccessTokenRequest(code, "password");
        RefreshToken refreshToken1 = oauth.parseRefreshToken(response1.getRefreshToken());
        events.expectCodeToToken(codeId, sessionId).assertEvent();
        setTimeOffset(2);
        OAuthClient.AccessTokenResponse response2 = oauth.doRefreshTokenRequest(response1.getRefreshToken(), "password");
        assertEquals(200, response2.getStatusCode());
        events.expectRefresh(refreshToken1.getId(), sessionId).assertEvent();
        setTimeOffset(4);
        OAuthClient.AccessTokenResponse response3 = oauth.doRefreshTokenRequest(response1.getRefreshToken(), "password");
        assertEquals(200, response3.getStatusCode());
        events.expectRefresh(refreshToken1.getId(), sessionId).assertEvent();
    } finally {
        setTimeOffset(0);
    }
}
Also used : RefreshToken(org.keycloak.representations.RefreshToken) OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) Test(org.junit.Test)

Example 33 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class BackchannelLogoutTest method assertLoginEvent.

private String assertLoginEvent(String userId, String clientId, String realmName) {
    String sessionId = null;
    String realmId = adminClient.realm(realmName).toRepresentation().getId();
    List<EventRepresentation> eventList = adminClient.realm(realmName).getEvents();
    Optional<EventRepresentation> loginEventOptional = eventList.stream().filter(event -> userId.equals(event.getUserId())).filter(event -> event.getType().equals(EventType.LOGIN.name())).findAny();
    if (loginEventOptional.isPresent()) {
        EventRepresentation loginEvent = loginEventOptional.get();
        this.events.expectLogin().realm(realmId).client(clientId).user(userId).removeDetail(Details.CODE_ID).removeDetail(Details.REDIRECT_URI).removeDetail(Details.CONSENT).assertEvent(loginEvent);
        sessionId = loginEvent.getSessionId();
    } else {
        fail("No Login event found for user " + userId);
    }
    return sessionId;
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) ApiUtil.createUserWithAdminClient(org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient) KeyPair(java.security.KeyPair) LogoutTokenValidationCode(org.keycloak.protocol.oidc.LogoutTokenValidationCode) Arrays(java.util.Arrays) AssertEvents(org.keycloak.testsuite.AssertEvents) Assert.assertThat(org.junit.Assert.assertThat) OAuthClient(org.keycloak.testsuite.util.OAuthClient) ClientsResource(org.keycloak.admin.client.resource.ClientsResource) Map(java.util.Map) Assert.fail(org.junit.Assert.fail) ClientResource(org.keycloak.admin.client.resource.ClientResource) RealmManager(org.keycloak.testsuite.util.RealmManager) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) RealmResource(org.keycloak.admin.client.resource.RealmResource) Matchers(org.keycloak.testsuite.util.Matchers) LogoutTokenUtil(org.keycloak.testsuite.util.LogoutTokenUtil) UUID(java.util.UUID) Collectors(java.util.stream.Collectors) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) List(java.util.List) Response(javax.ws.rs.core.Response) Details(org.keycloak.events.Details) Optional(java.util.Optional) OAuth2Constants(org.keycloak.OAuth2Constants) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) OidcBackchannelLogoutBrokerConfiguration(org.keycloak.testsuite.broker.OidcBackchannelLogoutBrokerConfiguration) UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) SecondBrowser(org.keycloak.testsuite.util.SecondBrowser) CredentialBuilder(org.keycloak.testsuite.util.CredentialBuilder) WebDriver(org.openqa.selenium.WebDriver) BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot) ApiUtil.resetUserPassword(org.keycloak.testsuite.admin.ApiUtil.resetUserPassword) Drone(org.jboss.arquillian.drone.api.annotation.Drone) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) KeyUtils(org.keycloak.common.util.KeyUtils) Base64Url(org.keycloak.common.util.Base64Url) Before(org.junit.Before) AbstractNestedBrokerTest(org.keycloak.testsuite.broker.AbstractNestedBrokerTest) Errors(org.keycloak.events.Errors) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test) EventType(org.keycloak.events.EventType) IOException(java.io.IOException) JsonSerialization(org.keycloak.util.JsonSerialization) Rule(org.junit.Rule) NestedBrokerConfiguration(org.keycloak.testsuite.broker.NestedBrokerConfiguration) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)

Example 34 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class ClientAuthSecretSignedJWTTest method testAssertionReuse.

@Test
public void testAssertionReuse() throws Exception {
    oauth.clientId("test-app");
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().client("test-app").assertEvent();
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    String clientSignedJWT = getClientSignedJWT("password", 20);
    OAuthClient.AccessTokenResponse response = doAccessTokenRequest(code, clientSignedJWT);
    assertEquals(200, response.getStatusCode());
    events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).client(oauth.getClientId()).detail(Details.CLIENT_AUTH_METHOD, JWTClientSecretAuthenticator.PROVIDER_ID).assertEvent();
    // 2nd attempt to use same clientSignedJWT should fail
    oauth.openLoginForm();
    loginEvent = events.expectLogin().client("test-app").assertEvent();
    String code2 = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    response = doAccessTokenRequest(code2, clientSignedJWT);
    events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).error("invalid_client_credentials").clearDetails().user((String) null).session((String) null).assertEvent();
    assertEquals(400, response.getStatusCode());
    assertEquals("unauthorized_client", response.getError());
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 35 with EventRepresentation

use of org.keycloak.representations.idm.EventRepresentation in project keycloak by keycloak.

the class OAuthGrantTest method oauthGrantUserNotLoggedOutAfterConsentRevoke.

// KEYCLOAK-16006 - tests that after revoke consent from single client, the SSO session is still valid and not automatically logged-out
@Test
public void oauthGrantUserNotLoggedOutAfterConsentRevoke() throws Exception {
    // Login
    oauth.clientId(THIRD_PARTY_APP);
    oauth.doLoginGrant("test-user@localhost", "password");
    // Confirm consent screen
    grantPage.assertCurrent();
    grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
    grantPage.accept();
    Assert.assertTrue(oauth.getCurrentQuery().containsKey(OAuth2Constants.CODE));
    EventRepresentation loginEvent = events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    String sessionId = loginEvent.getSessionId();
    // Revoke consent with admin REST API
    adminClient.realm(REALM_NAME).users().get(loginEvent.getUserId()).revokeConsent(THIRD_PARTY_APP);
    // Make sure that after refresh, consent page is displayed and user doesn't need to re-authenticate. Just accept consent screen again
    oauth.openLoginForm();
    grantPage.assertCurrent();
    grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
    grantPage.accept();
    loginEvent = events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    // String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String sessionId2 = loginEvent.getSessionId();
    Assert.assertEquals(sessionId, sessionId2);
    // Revert consent
    adminClient.realm(REALM_NAME).users().get(loginEvent.getUserId()).revokeConsent(THIRD_PARTY_APP);
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Aggregations

EventRepresentation (org.keycloak.representations.idm.EventRepresentation)164 Test (org.junit.Test)124 OAuthClient (org.keycloak.testsuite.util.OAuthClient)93 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)60 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)44 RefreshToken (org.keycloak.representations.RefreshToken)27 ClientResource (org.keycloak.admin.client.resource.ClientResource)26 AccessToken (org.keycloak.representations.AccessToken)26 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)25 IDToken (org.keycloak.representations.IDToken)23 Matchers.containsString (org.hamcrest.Matchers.containsString)15 AbstractAdminTest (org.keycloak.testsuite.admin.AbstractAdminTest)15 Response (javax.ws.rs.core.Response)13 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 AccessTokenResponse (org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse)12 IOException (java.io.IOException)11 RealmResource (org.keycloak.admin.client.resource.RealmResource)11 AssertEvents (org.keycloak.testsuite.AssertEvents)10 JWSInput (org.keycloak.jose.jws.JWSInput)9 TestAuthenticationChannelRequest (org.keycloak.testsuite.rest.representation.TestAuthenticationChannelRequest)9