use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ConsentsTest method testConsents.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testConsents() {
driver.navigate().to(getAccountUrl(consumerRealmName()));
log.debug("Clicking social " + getIDPAlias());
accountLoginPage.clickSocial(getIDPAlias());
if (!driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/")) {
log.debug("Not on provider realm page, url: " + driver.getCurrentUrl());
}
Assert.assertTrue("Driver should be on the provider realm page right now", driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));
log.debug("Logging in");
accountLoginPage.login(getUserLogin(), getUserPassword());
waitForPage("grant access");
Assert.assertTrue(consentPage.isCurrent());
consentPage.confirm();
Assert.assertTrue("We must be on correct realm right now", driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/"));
UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users();
Assert.assertTrue("There must be at least one user", consumerUsers.count() > 0);
List<UserRepresentation> users = consumerUsers.search("", 0, 5);
UserRepresentation foundUser = null;
for (UserRepresentation user : users) {
if (user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) {
foundUser = user;
break;
}
}
Assert.assertNotNull("There must be user " + getUserLogin() + " in realm " + consumerRealmName(), foundUser);
// get user with the same username from provider realm
RealmResource providerRealm = adminClient.realm(providerRealmName());
users = providerRealm.users().search(null, foundUser.getFirstName(), foundUser.getLastName(), null, 0, 1);
Assert.assertEquals("Same user should be in provider realm", 1, users.size());
String userId = users.get(0).getId();
UserResource userResource = providerRealm.users().get(userId);
// list consents
List<Map<String, Object>> consents = userResource.getConsents();
Assert.assertEquals("There should be one consent", 1, consents.size());
Map<String, Object> consent = consents.get(0);
Assert.assertEquals("Consent should be given to " + CLIENT_ID, CLIENT_ID, consent.get("clientId"));
// list sessions. Single client should be in user session
List<UserSessionRepresentation> sessions = userResource.getUserSessions();
Assert.assertEquals("There should be one active session", 1, sessions.size());
Assert.assertEquals("There should be one client in user session", 1, sessions.get(0).getClients().size());
// revoke consent
userResource.revokeConsent(CLIENT_ID);
// list consents
consents = userResource.getConsents();
Assert.assertEquals("There should be no consents", 0, consents.size());
// list sessions
sessions = userResource.getUserSessions();
Assert.assertEquals("There should be one active session", 1, sessions.size());
Assert.assertEquals("There should be no client in user session", 0, sessions.get(0).getClients().size());
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ConsentsTest method testRetrieveConsentsForUserWithClientsWithGrantedOfflineAccess.
/**
* KEYCLOAK-18954
*/
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRetrieveConsentsForUserWithClientsWithGrantedOfflineAccess() throws Exception {
RealmResource providerRealm = adminClient.realm(providerRealmName());
RealmRepresentation providerRealmRep = providerRealm.toRepresentation();
providerRealmRep.setAccountTheme("keycloak");
providerRealm.update(providerRealmRep);
ClientRepresentation providerAccountRep = providerRealm.clients().findByClientId("account").get(0);
// add offline_scope to default account-console client scope
ClientScopeRepresentation offlineAccessScope = providerRealm.getDefaultOptionalClientScopes().stream().filter(csr -> csr.getName().equals(OAuth2Constants.OFFLINE_ACCESS)).findFirst().get();
providerRealm.clients().get(providerAccountRep.getId()).removeOptionalClientScope(offlineAccessScope.getId());
providerRealm.clients().get(providerAccountRep.getId()).addDefaultClientScope(offlineAccessScope.getId());
// enable consent required to explicitly grant offline access
providerAccountRep.setConsentRequired(true);
// for offline token retrieval
providerAccountRep.setDirectAccessGrantsEnabled(true);
providerRealm.clients().get(providerAccountRep.getId()).update(providerAccountRep);
List<UserRepresentation> searchResult = providerRealm.users().search(getUserLogin());
UserRepresentation user = searchResult.get(0);
driver.navigate().to(getAccountUrl(providerRealmName()));
waitForPage("Sign in to provider");
log.debug("Logging in");
accountLoginPage.login(getUserLogin(), getUserPassword());
waitForPage("grant access");
log.debug("Grant consent for offline_access");
Assert.assertTrue(consentPage.isCurrent());
consentPage.confirm();
waitForPage("keycloak account console");
// disable consent required again to enable direct grant token retrieval.
providerAccountRep.setConsentRequired(false);
providerRealm.clients().get(providerAccountRep.getId()).update(providerAccountRep);
log.debug("Obtain offline_token");
OAuthClient.AccessTokenResponse response = oauth.realm(providerRealmRep.getRealm()).clientId(providerAccountRep.getClientId()).scope(OAuth2Constants.SCOPE_OPENID + " " + OAuth2Constants.SCOPE_PROFILE + " " + OAuth2Constants.OFFLINE_ACCESS).doGrantAccessTokenRequest(null, getUserLogin(), getUserPassword());
assertNotNull(response.getRefreshToken());
log.debug("Check for Offline Token in consents");
List<Map<String, Object>> consents = providerRealm.users().get(user.getId()).getConsents();
assertFalse("Consents should not be empty", consents.isEmpty());
assertTrue(consents.toString().contains("Offline Token"));
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class AdminEventStoreProviderTest method query.
@Test
// This looks like some database issue, test should get events which are newer or equal to requested time, however it gets only newer events from remote server
@AuthServerContainerExclude(AuthServer.REMOTE)
public void query() {
long oldest = System.currentTimeMillis() - 30000;
long newest = System.currentTimeMillis() + 30000;
testing().onAdminEvent(create("realmId", OperationType.CREATE, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(newest, "realmId", OperationType.ACTION, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(newest, "realmId", OperationType.ACTION, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create("realmId2", OperationType.CREATE, "realmId2", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(oldest, "realmId", OperationType.CREATE, "realmId", "clientId2", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create("realmId", OperationType.CREATE, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
Assert.assertEquals(5, testing().getAdminEvents(null, null, null, "clientId", null, null, null, null, null, null, null).size());
Assert.assertEquals(5, testing().getAdminEvents(null, null, "realmId", null, null, null, null, null, null, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, toList(OperationType.CREATE), null, null, null, null, null, null, null, null, null).size());
Assert.assertEquals(6, testing().getAdminEvents(null, toList(OperationType.CREATE, OperationType.ACTION), null, null, null, null, null, null, null, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, "userId", null, null, null, null, null, null).size());
Assert.assertEquals(1, testing().getAdminEvents(null, toList(OperationType.ACTION), null, null, "userId", null, null, null, null, null, null).size());
Assert.assertEquals(2, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, null, 2).size());
Assert.assertEquals(1, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, 5, null).size());
Assert.assertEquals(newest, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, null, 1).get(0).getTime());
Assert.assertEquals(oldest, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, 5, 1).get(0).getTime());
testing().clearAdminEventStore("realmId");
testing().clearAdminEventStore("realmId2");
Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, null, null).size());
String d1 = "2015-03-04";
String d2 = "2015-03-05";
String d3 = "2015-03-06";
String d4 = "2015-03-07";
String d5 = "2015-03-01";
String d6 = "2015-03-03";
String d7 = "2015-03-08";
String d8 = "2015-03-10";
SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
Date date1 = null, date2 = null, date3 = null, date4 = null;
try {
date1 = formatter.parse(d1);
date2 = formatter.parse(d2);
date3 = formatter.parse(d3);
date4 = formatter.parse(d4);
} catch (ParseException e) {
e.printStackTrace();
}
testing().onAdminEvent(create(date1, "realmId", OperationType.CREATE, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(date1, "realmId", OperationType.CREATE, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(date2, "realmId", OperationType.ACTION, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(date2, "realmId", OperationType.ACTION, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(date3, "realmId", OperationType.UPDATE, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(date3, "realmId", OperationType.DELETE, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(date4, "realmId2", OperationType.CREATE, "realmId2", "clientId2", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
testing().onAdminEvent(create(date4, "realmId2", OperationType.CREATE, "realmId2", "clientId2", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
Assert.assertEquals(6, testing().getAdminEvents(null, null, null, "clientId", null, null, null, null, null, null, null).size());
Assert.assertEquals(2, testing().getAdminEvents(null, null, null, "clientId2", null, null, null, null, null, null, null).size());
Assert.assertEquals(6, testing().getAdminEvents(null, null, "realmId", null, null, null, null, null, null, null, null).size());
Assert.assertEquals(2, testing().getAdminEvents(null, null, "realmId2", null, null, null, null, null, null, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, "userId", null, null, null, null, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, "userId2", null, null, null, null, null, null).size());
Assert.assertEquals(2, testing().getAdminEvents(null, toList(OperationType.ACTION), null, null, null, null, null, null, null, null, null).size());
Assert.assertEquals(6, testing().getAdminEvents(null, toList(OperationType.CREATE, OperationType.ACTION), null, null, null, null, null, null, null, null, null).size());
Assert.assertEquals(1, testing().getAdminEvents(null, toList(OperationType.UPDATE), null, null, null, null, null, null, null, null, null).size());
Assert.assertEquals(1, testing().getAdminEvents(null, toList(OperationType.DELETE), null, null, null, null, null, null, null, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, toList(OperationType.CREATE), null, null, null, null, null, null, null, null, null).size());
Assert.assertEquals(8, testing().getAdminEvents(null, null, null, null, null, null, null, d1, null, null, null).size());
Assert.assertEquals(8, testing().getAdminEvents(null, null, null, null, null, null, null, null, d4, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, d3, null, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, null, d2, null, null).size());
Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, d7, null, null, null).size());
Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, null, d6, null, null).size());
Assert.assertEquals(8, testing().getAdminEvents(null, null, null, null, null, null, null, d1, d4, null, null).size());
Assert.assertEquals(6, testing().getAdminEvents(null, null, null, null, null, null, null, d2, d4, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, d1, d2, null, null).size());
Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, d3, d4, null, null).size());
Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, d5, d6, null, null).size());
Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, d7, d8, null, null).size());
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class AccountFormServiceTest method sessions.
@Test
// we need to do domain name -> ip address to make this test work in remote testing
@AuthServerContainerExclude(AuthServer.REMOTE)
public void sessions() {
loginPage.open();
loginPage.clickRegister();
registerPage.register("view", "sessions", "view-sessions@localhost", "view-sessions", "password", "password");
EventRepresentation registerEvent = events.expectRegister("view-sessions", "view-sessions@localhost").assertEvent();
String userId = registerEvent.getUserId();
events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();
sessionsPage.open();
Assert.assertTrue(sessionsPage.isCurrent());
List<List<String>> sessions = sessionsPage.getSessions();
assertThat(sessions, hasSize(1));
assertThat(sessions.get(0).get(0), anyOf(equalTo("127.0.0.1"), equalTo("0:0:0:0:0:0:0:1")));
// Create second session
try {
OAuthClient oauth2 = new OAuthClient();
oauth2.init(driver2);
oauth2.doLogin("view-sessions", "password");
EventRepresentation login2Event = events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();
sessionsPage.open();
sessions = sessionsPage.getSessions();
Assert.assertEquals(2, sessions.size());
sessionsPage.logoutAll();
events.expectLogout(registerEvent.getSessionId());
events.expectLogout(login2Event.getSessionId());
} finally {
driver2.close();
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class LinkedAccountsRestServiceTest method testBuildLinkedAccountUri.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testBuildLinkedAccountUri() throws IOException {
AccountLinkUriRepresentation rep = SimpleHttp.doGet(getAccountUrl("linked-accounts/github?redirectUri=phonyUri"), client).auth(tokenUtil.getToken()).asJson(new TypeReference<AccountLinkUriRepresentation>() {
});
URI brokerUri = rep.getAccountLinkUri();
assertTrue(brokerUri.getPath().endsWith("/auth/realms/test/broker/github/link"));
List<NameValuePair> queryParams = URLEncodedUtils.parse(brokerUri, Charset.defaultCharset());
assertEquals(4, queryParams.size());
for (NameValuePair nvp : queryParams) {
switch(nvp.getName()) {
case "nonce":
{
assertNotNull(nvp.getValue());
assertEquals(rep.getNonce(), nvp.getValue());
break;
}
case "hash":
{
assertNotNull(nvp.getValue());
assertEquals(rep.getHash(), nvp.getValue());
break;
}
case "client_id":
assertEquals(ACCOUNT_CONSOLE_CLIENT_ID, nvp.getValue());
break;
case "redirect_uri":
assertEquals("phonyUri", nvp.getValue());
}
}
}
Aggregations