Search in sources :

Example 91 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPMSADMapperTest method getPwdLastSetOfJohn.

private long getPwdLastSetOfJohn() {
    String pwdLastSett = testingClient.server().fetchString(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
        String pwdLastSet = ldapJohn.getAttributeAsString(LDAPConstants.PWD_LAST_SET);
        return pwdLastSet;
    });
    if (pwdLastSett == null) {
        Assert.fail("LDAP user johnkeycloak does not have pwdLastSet on him");
    }
    // Need to remove double quotes TODO: Ideally fix fetchString method and all the tests, which uses it as it is dummy to need to remove quotes in each test individually...
    return Long.parseLong(pwdLastSett.replace("\"", ""));
}
Also used : RealmModel(org.keycloak.models.RealmModel) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 92 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPMSADMapperTest method test04UpdateLDAPDirectlyToSetUpdatePassword.

@Test
public void test04UpdateLDAPDirectlyToSetUpdatePassword() {
    // Add required action to user johnkeycloak through Keycloak admin API
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
        ldapJohn.removeReadOnlyAttributeName(LDAPConstants.PWD_LAST_SET);
        ldapJohn.setSingleAttribute(LDAPConstants.PWD_LAST_SET, "0");
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapJohn);
    });
    // Check in LDAP, that johnkeycloak has pwdLastSet set to 0 in LDAP
    Assert.assertEquals(0, getPwdLastSetOfJohn());
    // Check Admin REST API contains UPDATE_PASSWORD required action
    UserResource john = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "johnkeycloak");
    UserRepresentation johnRep = john.toRepresentation();
    Assert.assertEquals(UserModel.RequiredAction.UPDATE_PASSWORD.name(), johnRep.getRequiredActions().get(0));
    // Login as johnkeycloak and update password after login
    loginPage.open();
    loginPage.login("johnkeycloak", "Password1");
    passwordUpdatePage.assertCurrent();
    passwordUpdatePage.changePassword("Password1", "Password1");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    // Check in LDAP, that johnkeycloak does not have pwdLastSet set to 0
    Assert.assertThat(getPwdLastSetOfJohn(), Matchers.greaterThan(0L));
    // Check in admin REST API, that johnkeycloak does not have required action on him
    johnRep = john.toRepresentation();
    Assert.assertTrue(johnRep.getRequiredActions().isEmpty());
    // Logout and login again. There should not be a need to update required action anymore
    john.logout();
    loginPage.open();
    loginPage.login("johnkeycloak", "Password1");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserResource(org.keycloak.admin.client.resource.UserResource) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 93 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPMSADMapperTest method test07DisabledUserInMSADSwitchedToEnabledInKeycloak.

@Test
public void test07DisabledUserInMSADSwitchedToEnabledInKeycloak() {
    // Disable user in MSAD
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel appRealm = ctx.getRealm();
        LDAPObject ldapJohn = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak");
        String userAccountControlStr = ldapJohn.getAttributeAsString(LDAPConstants.USER_ACCOUNT_CONTROL);
        UserAccountControl control = new UserAccountControl(Long.parseLong(userAccountControlStr));
        control.add(UserAccountControl.ACCOUNTDISABLE);
        ldapJohn.setSingleAttribute(LDAPConstants.USER_ACCOUNT_CONTROL, String.valueOf(control.getValue()));
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapJohn);
    });
    // Check user disabled in both admin REST API and MSAD
    UserResource john = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "johnkeycloak");
    UserRepresentation johnRep = john.toRepresentation();
    Assert.assertFalse(johnRep.isEnabled());
    Assert.assertFalse(isJohnEnabledInMSAD());
    // Login as johnkeycloak, but user disabled
    loginPage.open();
    loginPage.login("johnkeycloak", "Password1");
    Assert.assertEquals("Account is disabled, contact your administrator.", loginPage.getError());
    // Enable user in admin REST API
    johnRep.setEnabled(true);
    john.update(johnRep);
    // Assert user enabled also in MSAD
    Assert.assertTrue(isJohnEnabledInMSAD());
    // Logout and login again. There should not be a need to update required action anymore
    john.logout();
    loginPage.open();
    loginPage.login("johnkeycloak", "Password1");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
Also used : RealmModel(org.keycloak.models.RealmModel) UserAccountControl(org.keycloak.storage.ldap.mappers.msad.UserAccountControl) UserResource(org.keycloak.admin.client.resource.UserResource) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 94 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPNoCacheTest method afterImportTestRealm.

@Override
protected void afterImportTestRealm() {
    testingClient.server().run(session -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        // Switch to NO_CACHE
        RealmModel appRealm = ctx.getRealm();
        ctx.getLdapModel().setCachePolicy(UserStorageProviderModel.CachePolicy.NO_CACHE);
        appRealm.updateComponent(ctx.getLdapModel());
        // Switch mappers to "Always read value from LDAP". Changed attributes in LDAP should be immediately visible on Keycloak side
        appRealm.getComponentsStream(ctx.getLdapModel().getId()).filter(mapper -> UserAttributeLDAPStorageMapperFactory.PROVIDER_ID.equals(mapper.getProviderId())).forEach(mapper -> {
            mapper.put(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, true);
            appRealm.updateComponent(mapper);
        });
        // Delete all LDAP users and add some new for testing
        LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm);
        LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "johnkeycloak", "John", "Doe", "john_old@email.org", null, "1234");
        LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, "Password1");
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) MethodSorters(org.junit.runners.MethodSorters) CoreMatchers.is(org.hamcrest.CoreMatchers.is) Assume.assumeThat(org.junit.Assume.assumeThat) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) Assert(org.keycloak.testsuite.Assert) GreenMailRule(org.keycloak.testsuite.util.GreenMailRule) CoreMatchers.not(org.hamcrest.CoreMatchers.not) MessagingException(javax.mail.MessagingException) Page(org.jboss.arquillian.graphene.page.Page) LDAPConstants(org.keycloak.models.LDAPConstants) Assert.assertThat(org.junit.Assert.assertThat) UserModel(org.keycloak.models.UserModel) LoginPasswordUpdatePage(org.keycloak.testsuite.pages.LoginPasswordUpdatePage) LDAPRule(org.keycloak.testsuite.util.LDAPRule) Matchers.nullValue(org.hamcrest.Matchers.nullValue) Matchers.hasSize(org.hamcrest.Matchers.hasSize) UserStorageProviderModel(org.keycloak.storage.UserStorageProviderModel) ClassRule(org.junit.ClassRule) UserAttributeLDAPStorageMapperFactory(org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapperFactory) MailUtils(org.keycloak.testsuite.util.MailUtils) AppPage(org.keycloak.testsuite.pages.AppPage) RealmModel(org.keycloak.models.RealmModel) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) LDAPTestUtils(org.keycloak.testsuite.util.LDAPTestUtils) KeycloakSession(org.keycloak.models.KeycloakSession) IOException(java.io.IOException) Test(org.junit.Test) MimeMessage(javax.mail.internet.MimeMessage) KeycloakTestingClient(org.keycloak.testsuite.client.KeycloakTestingClient) Collectors(java.util.stream.Collectors) LoginPasswordResetPage(org.keycloak.testsuite.pages.LoginPasswordResetPage) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject) UserProvider(org.keycloak.models.UserProvider) List(java.util.List) Rule(org.junit.Rule) UserAttributeLDAPStorageMapper(org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper) LoginPage(org.keycloak.testsuite.pages.LoginPage) FixMethodOrder(org.junit.FixMethodOrder) Assert.assertEquals(org.junit.Assert.assertEquals) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Example 95 with LDAPObject

use of org.keycloak.storage.ldap.idm.model.LDAPObject in project keycloak by keycloak.

the class LDAPNoCacheTest method changeEmailAddressInLDAP.

private static void changeEmailAddressInLDAP(KeycloakTestingClient testingClient, String newEmail) {
    testingClient.server().run((KeycloakSession session) -> {
        LDAPTestContext ctx = LDAPTestContext.init(session);
        RealmModel realm = ctx.getRealm();
        LDAPStorageProvider ldapProvider = ctx.getLdapProvider();
        LDAPObject ldapUser = ldapProvider.loadLDAPUserByUsername(realm, "johnkeycloak");
        ldapUser.setSingleAttribute(LDAPConstants.EMAIL, newEmail);
        ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser);
    });
}
Also used : RealmModel(org.keycloak.models.RealmModel) KeycloakSession(org.keycloak.models.KeycloakSession) LDAPStorageProvider(org.keycloak.storage.ldap.LDAPStorageProvider) LDAPObject(org.keycloak.storage.ldap.idm.model.LDAPObject)

Aggregations

LDAPObject (org.keycloak.storage.ldap.idm.model.LDAPObject)105 RealmModel (org.keycloak.models.RealmModel)61 Test (org.junit.Test)38 LDAPStorageProvider (org.keycloak.storage.ldap.LDAPStorageProvider)37 ComponentModel (org.keycloak.component.ComponentModel)35 UserModel (org.keycloak.models.UserModel)28 GroupModel (org.keycloak.models.GroupModel)18 SynchronizationResult (org.keycloak.storage.user.SynchronizationResult)16 GroupLDAPStorageMapper (org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper)14 ModelException (org.keycloak.models.ModelException)11 LDAPDn (org.keycloak.storage.ldap.idm.model.LDAPDn)10 LDAPQuery (org.keycloak.storage.ldap.idm.query.internal.LDAPQuery)10 HashMap (java.util.HashMap)9 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)8 HashSet (java.util.HashSet)7 List (java.util.List)7 CachedUserModel (org.keycloak.models.cache.CachedUserModel)7 LDAPConfig (org.keycloak.storage.ldap.LDAPConfig)7 LDAPStorageMapper (org.keycloak.storage.ldap.mappers.LDAPStorageMapper)7 Map (java.util.Map)6