Search in sources :

Example 56 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testSocialProvidersPresentOnLoginUsernameOnlyPageIfConfigured.

@Test
@AuthServerContainerExclude(REMOTE)
public void testSocialProvidersPresentOnLoginUsernameOnlyPageIfConfigured() {
    String testRealm = "test";
    // Test setup - Configure the testing Keycloak instance with UsernameForm & PasswordForm (both REQUIRED) and OTPFormAuthenticator (ALTERNATIVE)
    configureBrowserFlowWithRequiredPasswordFormAndAlternativeOTP("browser - copy 1");
    try {
        SocialLoginTest socialLoginTest = new SocialLoginTest();
        // matters is if they are visible (clickable) on the LoginUsernameOnlyPage once the page is loaded
        for (SocialLoginTest.Provider provider : Arrays.asList(GITHUB, GITLAB, GOOGLE)) {
            adminClient.realm(testRealm).identityProviders().create(socialLoginTest.buildIdp(provider));
            loginUsernameOnlyPage.open();
            loginUsernameOnlyPage.assertCurrent();
            // For each of the testing social providers, check the particular social provider button is present on the UsernameForm
            // Test succeeded if NoSuchElementException is thrown for none of them
            loginUsernameOnlyPage.findSocialButton(provider.id());
        }
    // Test cleanup - Return back to the initial state
    } finally {
        // Drop the testing social providers previously created within the test
        for (IdentityProviderRepresentation providerRepresentation : adminClient.realm(testRealm).identityProviders().findAll()) {
            adminClient.realm(testRealm).identityProviders().get(providerRepresentation.getInternalId()).remove();
        }
        revertFlows("browser - copy 1");
    }
}
Also used : IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) Matchers.containsString(org.hamcrest.Matchers.containsString) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 57 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalRoleAuthenticatorWithRealmRoleIncludedInCompositeRealmRole.

// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required realm role "child-realm-role-1" and an OTP authenticator
// "child-realm-role-1" is a realm role included in realm composite role "composite-realm-role-1"
// user-with-two-configured-otp has the "composite-realm-role-1" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticatorWithRealmRoleIncludedInCompositeRealmRole() {
    // Create composite-realm-role-1
    String compositeRealmRoleName = "composite-realm-role-1";
    testRealm().roles().create(RoleBuilder.create().name(compositeRealmRoleName).build());
    // Create child-realm-role-1
    String childRealmRoleName = "child-realm-role-1";
    testRealm().roles().create(RoleBuilder.create().name(childRealmRoleName).build());
    // Make child-realm-role-1 a member of composite-realm-role-1
    testRealm().roles().get(compositeRealmRoleName).addComposites(Collections.singletonList(testRealm().roles().get(childRealmRoleName).toRepresentation()));
    // Add composite-realm-role-1 to user "user-with-two-configured-otp"
    UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
    userResource.roles().realmLevel().add(Collections.singletonList(testRealm().roles().get(compositeRealmRoleName).toRepresentation()));
    // A browser flow is configured with an OTPForm for users having the role "child-realm-role-1"
    configureBrowserFlowOTPNeedsRole(childRealmRoleName);
    try {
        // user-with-two-configured-otp has been configured with role "composite-realm-role-1".
        // He should be asked for an OTP code
        provideUsernamePassword("user-with-two-configured-otp");
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(true);
        // user-with-one-configured-otp doesn't have the role. He should not be asked for an OTP code
        provideUsernamePassword("user-with-one-configured-otp");
        Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
        Assert.assertFalse(loginTotpPage.isCurrent());
    } finally {
        testRealm().roles().deleteRole(childRealmRoleName);
        testRealm().roles().deleteRole(compositeRealmRoleName);
        revertFlows("browser - rule");
    }
}
Also used : UserResource(org.keycloak.admin.client.resource.UserResource) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 58 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testLoginWithWithNoOTPCredentialAndRequiredActionProviderDisabled.

/**
 * This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
 * has its requiredActionProvider disabled, then it will not try to create the required action,
 * and will instead raise an credential setup required error.
 */
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoOTPCredentialAndRequiredActionProviderDisabled() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithRequiredOTP(newFlowAlias);
    RequiredActionProviderRepresentation otpRequiredAction = testRealm().flows().getRequiredAction("CONFIGURE_TOTP");
    otpRequiredAction.setEnabled(false);
    testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", otpRequiredAction);
    try {
        provideUsernamePassword("test-user@localhost");
        // Assert that the login evaluates to an error, as all required elements to not validate to successful
        errorPage.assertCurrent();
    } finally {
        revertFlows("browser - copy 1");
        otpRequiredAction.setEnabled(true);
        testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", otpRequiredAction);
    }
}
Also used : RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 59 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testLoginWithWithNoOTPCredentialAndAlternativeActionProvider.

/**
 * This test checks that if a alternative authentication execution which has no credential, and the alternative is a flow,
 * then the selection mechanism will see that there's no viable alternative, and move on to the next execution (in this case the flow)
 */
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoOTPCredentialAndAlternativeActionProvider() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithAlternativeOTPAndPassword(newFlowAlias);
    try {
        loginUsernameOnlyPage.open();
        loginUsernameOnlyPage.assertCurrent();
        loginUsernameOnlyPage.login("test-user@localhost");
        // Assert that the login skipped the OTP authenticator and moved to the password
        passwordPage.assertCurrent();
    } finally {
        revertFlows("browser - copy 1");
    }
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 60 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class JavaKeystoreKeyProviderTest method invalidKeyAlias.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void invalidKeyAlias() throws Exception {
    ComponentRepresentation rep = createRep("valid", System.currentTimeMillis());
    rep.getConfig().putSingle("keyAlias", "invalid");
    Response response = adminClient.realm("test").components().add(rep);
    assertErrror(response, "Failed to load keys. Error creating X509v1Certificate.");
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) Response(javax.ws.rs.core.Response) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7