use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPMSADMapperTest method getPwdLastSetOfJohn.
private long getPwdLastSetOfJohn() {
String pwdLastSett = testingClient.server().fetchString(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
String pwdLastSet = ldapJohn.getAttributeAsString(LDAPConstants.PWD_LAST_SET);
return pwdLastSet;
});
if (pwdLastSett == null) {
Assert.fail("LDAP user johnkeycloak does not have pwdLastSet on him");
}
// Need to remove double quotes TODO: Ideally fix fetchString method and all the tests, which uses it as it is dummy to need to remove quotes in each test individually...
return Long.parseLong(pwdLastSett.replace("\"", ""));
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPMSADMapperTest method test04UpdateLDAPDirectlyToSetUpdatePassword.
@Test
public void test04UpdateLDAPDirectlyToSetUpdatePassword() {
// Add required action to user johnkeycloak through Keycloak admin API
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
ldapJohn.removeReadOnlyAttributeName(LDAPConstants.PWD_LAST_SET);
ldapJohn.setSingleAttribute(LDAPConstants.PWD_LAST_SET, "0");
ctx.getLdapProvider().getLdapIdentityStore().update(ldapJohn);
});
// Check in LDAP, that johnkeycloak has pwdLastSet set to 0 in LDAP
Assert.assertEquals(0, getPwdLastSetOfJohn());
// Check Admin REST API contains UPDATE_PASSWORD required action
UserResource john = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "johnkeycloak");
UserRepresentation johnRep = john.toRepresentation();
Assert.assertEquals(UserModel.RequiredAction.UPDATE_PASSWORD.name(), johnRep.getRequiredActions().get(0));
// Login as johnkeycloak and update password after login
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
passwordUpdatePage.assertCurrent();
passwordUpdatePage.changePassword("Password1", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
// Check in LDAP, that johnkeycloak does not have pwdLastSet set to 0
Assert.assertThat(getPwdLastSetOfJohn(), Matchers.greaterThan(0L));
// Check in admin REST API, that johnkeycloak does not have required action on him
johnRep = john.toRepresentation();
Assert.assertTrue(johnRep.getRequiredActions().isEmpty());
// Logout and login again. There should not be a need to update required action anymore
john.logout();
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPMSADMapperTest method test07DisabledUserInMSADSwitchedToEnabledInKeycloak.
@Test
public void test07DisabledUserInMSADSwitchedToEnabledInKeycloak() {
// Disable user in MSAD
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel appRealm = ctx.getRealm();
LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
String userAccountControlStr = ldapJohn.getAttributeAsString(LDAPConstants.USER_ACCOUNT_CONTROL);
UserAccountControl control = new UserAccountControl(Long.parseLong(userAccountControlStr));
control.add(UserAccountControl.ACCOUNTDISABLE);
ldapJohn.setSingleAttribute(LDAPConstants.USER_ACCOUNT_CONTROL, String.valueOf(control.getValue()));
ctx.getLdapProvider().getLdapIdentityStore().update(ldapJohn);
});
// Check user disabled in both admin REST API and MSAD
UserResource john = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "johnkeycloak");
UserRepresentation johnRep = john.toRepresentation();
Assert.assertFalse(johnRep.isEnabled());
Assert.assertFalse(isJohnEnabledInMSAD());
// Login as johnkeycloak, but user disabled
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
Assert.assertEquals("Account is disabled, contact your administrator.", loginPage.getError());
// Enable user in admin REST API
johnRep.setEnabled(true);
john.update(johnRep);
// Assert user enabled also in MSAD
Assert.assertTrue(isJohnEnabledInMSAD());
// Logout and login again. There should not be a need to update required action anymore
john.logout();
loginPage.open();
loginPage.login("johnkeycloak", "Password1");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPNoCacheTest method afterImportTestRealm.
@Override
protected void afterImportTestRealm() {
testingClient.server().run(session -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
// Switch to NO_CACHE
RealmModel appRealm = ctx.getRealm();
ctx.getLdapModel().setCachePolicy(UserStorageProviderModel.CachePolicy.NO_CACHE);
appRealm.updateComponent(ctx.getLdapModel());
// Switch mappers to "Always read value from LDAP". Changed attributes in LDAP should be immediately visible on Keycloak side
appRealm.getComponentsStream(ctx.getLdapModel().getId()).filter(mapper -> UserAttributeLDAPStorageMapperFactory.PROVIDER_ID.equals(mapper.getProviderId())).forEach(mapper -> {
mapper.put(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, true);
appRealm.updateComponent(mapper);
});
// Delete all LDAP users and add some new for testing
LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "johnkeycloak", "John", "Doe", "john_old@email.org", null, "1234");
LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, "Password1");
});
}
use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.
the class LDAPNoCacheTest method changeEmailAddressInLDAP.
private static void changeEmailAddressInLDAP(KeycloakTestingClient testingClient, String newEmail) {
testingClient.server().run((KeycloakSession session) -> {
LDAPTestContext ctx = LDAPTestContext.init(session);
RealmModel realm = ctx.getRealm();
LDAPStorageProvider ldapProvider = ctx.getLdapProvider();
LDAPObject ldapUser = ldapProvider.loadLDAPUserByUsername(realm, "johnkeycloak");
ldapUser.setSingleAttribute(LDAPConstants.EMAIL, newEmail);
ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser);
});
}
Aggregations