Search in sources :

Example 66 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ConsentsTest method testConsents.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testConsents() {
    driver.navigate().to(getAccountUrl(consumerRealmName()));
    log.debug("Clicking social " + getIDPAlias());
    accountLoginPage.clickSocial(getIDPAlias());
    if (!driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/")) {
        log.debug("Not on provider realm page, url: " + driver.getCurrentUrl());
    }
    Assert.assertTrue("Driver should be on the provider realm page right now", driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));
    log.debug("Logging in");
    accountLoginPage.login(getUserLogin(), getUserPassword());
    waitForPage("grant access");
    Assert.assertTrue(consentPage.isCurrent());
    consentPage.confirm();
    Assert.assertTrue("We must be on correct realm right now", driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/"));
    UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users();
    Assert.assertTrue("There must be at least one user", consumerUsers.count() > 0);
    List<UserRepresentation> users = consumerUsers.search("", 0, 5);
    UserRepresentation foundUser = null;
    for (UserRepresentation user : users) {
        if (user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) {
            foundUser = user;
            break;
        }
    }
    Assert.assertNotNull("There must be user " + getUserLogin() + " in realm " + consumerRealmName(), foundUser);
    // get user with the same username from provider realm
    RealmResource providerRealm = adminClient.realm(providerRealmName());
    users = providerRealm.users().search(null, foundUser.getFirstName(), foundUser.getLastName(), null, 0, 1);
    Assert.assertEquals("Same user should be in provider realm", 1, users.size());
    String userId = users.get(0).getId();
    UserResource userResource = providerRealm.users().get(userId);
    // list consents
    List<Map<String, Object>> consents = userResource.getConsents();
    Assert.assertEquals("There should be one consent", 1, consents.size());
    Map<String, Object> consent = consents.get(0);
    Assert.assertEquals("Consent should be given to " + CLIENT_ID, CLIENT_ID, consent.get("clientId"));
    // list sessions. Single client should be in user session
    List<UserSessionRepresentation> sessions = userResource.getUserSessions();
    Assert.assertEquals("There should be one active session", 1, sessions.size());
    Assert.assertEquals("There should be one client in user session", 1, sessions.get(0).getClients().size());
    // revoke consent
    userResource.revokeConsent(CLIENT_ID);
    // list consents
    consents = userResource.getConsents();
    Assert.assertEquals("There should be no consents", 0, consents.size());
    // list sessions
    sessions = userResource.getUserSessions();
    Assert.assertEquals("There should be one active session", 1, sessions.size());
    Assert.assertEquals("There should be no client in user session", 0, sessions.get(0).getClients().size());
}
Also used : UserSessionRepresentation(org.keycloak.representations.idm.UserSessionRepresentation) RealmResource(org.keycloak.admin.client.resource.RealmResource) UsersResource(org.keycloak.admin.client.resource.UsersResource) UserResource(org.keycloak.admin.client.resource.UserResource) Map(java.util.Map) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 67 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ConsentsTest method testRetrieveConsentsForUserWithClientsWithGrantedOfflineAccess.

/**
 * KEYCLOAK-18954
 */
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRetrieveConsentsForUserWithClientsWithGrantedOfflineAccess() throws Exception {
    RealmResource providerRealm = adminClient.realm(providerRealmName());
    RealmRepresentation providerRealmRep = providerRealm.toRepresentation();
    providerRealmRep.setAccountTheme("keycloak");
    providerRealm.update(providerRealmRep);
    ClientRepresentation providerAccountRep = providerRealm.clients().findByClientId("account").get(0);
    // add offline_scope to default account-console client scope
    ClientScopeRepresentation offlineAccessScope = providerRealm.getDefaultOptionalClientScopes().stream().filter(csr -> csr.getName().equals(OAuth2Constants.OFFLINE_ACCESS)).findFirst().get();
    providerRealm.clients().get(providerAccountRep.getId()).removeOptionalClientScope(offlineAccessScope.getId());
    providerRealm.clients().get(providerAccountRep.getId()).addDefaultClientScope(offlineAccessScope.getId());
    // enable consent required to explicitly grant offline access
    providerAccountRep.setConsentRequired(true);
    // for offline token retrieval
    providerAccountRep.setDirectAccessGrantsEnabled(true);
    providerRealm.clients().get(providerAccountRep.getId()).update(providerAccountRep);
    List<UserRepresentation> searchResult = providerRealm.users().search(getUserLogin());
    UserRepresentation user = searchResult.get(0);
    driver.navigate().to(getAccountUrl(providerRealmName()));
    waitForPage("Sign in to provider");
    log.debug("Logging in");
    accountLoginPage.login(getUserLogin(), getUserPassword());
    waitForPage("grant access");
    log.debug("Grant consent for offline_access");
    Assert.assertTrue(consentPage.isCurrent());
    consentPage.confirm();
    waitForPage("keycloak account console");
    // disable consent required again to enable direct grant token retrieval.
    providerAccountRep.setConsentRequired(false);
    providerRealm.clients().get(providerAccountRep.getId()).update(providerAccountRep);
    log.debug("Obtain offline_token");
    OAuthClient.AccessTokenResponse response = oauth.realm(providerRealmRep.getRealm()).clientId(providerAccountRep.getClientId()).scope(OAuth2Constants.SCOPE_OPENID + " " + OAuth2Constants.SCOPE_PROFILE + " " + OAuth2Constants.OFFLINE_ACCESS).doGrantAccessTokenRequest(null, getUserLogin(), getUserPassword());
    assertNotNull(response.getRefreshToken());
    log.debug("Check for Offline Token in consents");
    List<Map<String, Object>> consents = providerRealm.users().get(user.getId()).getConsents();
    assertFalse("Consents should not be empty", consents.isEmpty());
    assertTrue(consents.toString().contains("Offline Token"));
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) AccessTokenResponse(org.keycloak.testsuite.util.OAuthClient.AccessTokenResponse) Map(java.util.Map) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 68 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class AdminEventStoreProviderTest method query.

@Test
// This looks like some database issue, test should get events which are newer or equal to requested time, however it gets only newer events from remote server
@AuthServerContainerExclude(AuthServer.REMOTE)
public void query() {
    long oldest = System.currentTimeMillis() - 30000;
    long newest = System.currentTimeMillis() + 30000;
    testing().onAdminEvent(create("realmId", OperationType.CREATE, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(newest, "realmId", OperationType.ACTION, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(newest, "realmId", OperationType.ACTION, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create("realmId2", OperationType.CREATE, "realmId2", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(oldest, "realmId", OperationType.CREATE, "realmId", "clientId2", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create("realmId", OperationType.CREATE, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
    Assert.assertEquals(5, testing().getAdminEvents(null, null, null, "clientId", null, null, null, null, null, null, null).size());
    Assert.assertEquals(5, testing().getAdminEvents(null, null, "realmId", null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, toList(OperationType.CREATE), null, null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(6, testing().getAdminEvents(null, toList(OperationType.CREATE, OperationType.ACTION), null, null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, "userId", null, null, null, null, null, null).size());
    Assert.assertEquals(1, testing().getAdminEvents(null, toList(OperationType.ACTION), null, null, "userId", null, null, null, null, null, null).size());
    Assert.assertEquals(2, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, null, 2).size());
    Assert.assertEquals(1, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, 5, null).size());
    Assert.assertEquals(newest, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, null, 1).get(0).getTime());
    Assert.assertEquals(oldest, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, 5, 1).get(0).getTime());
    testing().clearAdminEventStore("realmId");
    testing().clearAdminEventStore("realmId2");
    Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, null, null, null, null).size());
    String d1 = "2015-03-04";
    String d2 = "2015-03-05";
    String d3 = "2015-03-06";
    String d4 = "2015-03-07";
    String d5 = "2015-03-01";
    String d6 = "2015-03-03";
    String d7 = "2015-03-08";
    String d8 = "2015-03-10";
    SimpleDateFormat formatter = new SimpleDateFormat("yyyy-MM-dd");
    Date date1 = null, date2 = null, date3 = null, date4 = null;
    try {
        date1 = formatter.parse(d1);
        date2 = formatter.parse(d2);
        date3 = formatter.parse(d3);
        date4 = formatter.parse(d4);
    } catch (ParseException e) {
        e.printStackTrace();
    }
    testing().onAdminEvent(create(date1, "realmId", OperationType.CREATE, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(date1, "realmId", OperationType.CREATE, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(date2, "realmId", OperationType.ACTION, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(date2, "realmId", OperationType.ACTION, "realmId", "clientId", "userId", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(date3, "realmId", OperationType.UPDATE, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(date3, "realmId", OperationType.DELETE, "realmId", "clientId", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(date4, "realmId2", OperationType.CREATE, "realmId2", "clientId2", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
    testing().onAdminEvent(create(date4, "realmId2", OperationType.CREATE, "realmId2", "clientId2", "userId2", "127.0.0.1", "/admin/realms/master", "error"), false);
    Assert.assertEquals(6, testing().getAdminEvents(null, null, null, "clientId", null, null, null, null, null, null, null).size());
    Assert.assertEquals(2, testing().getAdminEvents(null, null, null, "clientId2", null, null, null, null, null, null, null).size());
    Assert.assertEquals(6, testing().getAdminEvents(null, null, "realmId", null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(2, testing().getAdminEvents(null, null, "realmId2", null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, "userId", null, null, null, null, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, "userId2", null, null, null, null, null, null).size());
    Assert.assertEquals(2, testing().getAdminEvents(null, toList(OperationType.ACTION), null, null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(6, testing().getAdminEvents(null, toList(OperationType.CREATE, OperationType.ACTION), null, null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(1, testing().getAdminEvents(null, toList(OperationType.UPDATE), null, null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(1, testing().getAdminEvents(null, toList(OperationType.DELETE), null, null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, toList(OperationType.CREATE), null, null, null, null, null, null, null, null, null).size());
    Assert.assertEquals(8, testing().getAdminEvents(null, null, null, null, null, null, null, d1, null, null, null).size());
    Assert.assertEquals(8, testing().getAdminEvents(null, null, null, null, null, null, null, null, d4, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, d3, null, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, null, d2, null, null).size());
    Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, d7, null, null, null).size());
    Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, null, d6, null, null).size());
    Assert.assertEquals(8, testing().getAdminEvents(null, null, null, null, null, null, null, d1, d4, null, null).size());
    Assert.assertEquals(6, testing().getAdminEvents(null, null, null, null, null, null, null, d2, d4, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, d1, d2, null, null).size());
    Assert.assertEquals(4, testing().getAdminEvents(null, null, null, null, null, null, null, d3, d4, null, null).size());
    Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, d5, d6, null, null).size());
    Assert.assertEquals(0, testing().getAdminEvents(null, null, null, null, null, null, null, d7, d8, null, null).size());
}
Also used : ParseException(java.text.ParseException) SimpleDateFormat(java.text.SimpleDateFormat) Date(java.util.Date) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 69 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class AccountFormServiceTest method sessions.

@Test
// we need to do domain name -> ip address to make this test work in remote testing
@AuthServerContainerExclude(AuthServer.REMOTE)
public void sessions() {
    loginPage.open();
    loginPage.clickRegister();
    registerPage.register("view", "sessions", "view-sessions@localhost", "view-sessions", "password", "password");
    EventRepresentation registerEvent = events.expectRegister("view-sessions", "view-sessions@localhost").assertEvent();
    String userId = registerEvent.getUserId();
    events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();
    sessionsPage.open();
    Assert.assertTrue(sessionsPage.isCurrent());
    List<List<String>> sessions = sessionsPage.getSessions();
    assertThat(sessions, hasSize(1));
    assertThat(sessions.get(0).get(0), anyOf(equalTo("127.0.0.1"), equalTo("0:0:0:0:0:0:0:1")));
    // Create second session
    try {
        OAuthClient oauth2 = new OAuthClient();
        oauth2.init(driver2);
        oauth2.doLogin("view-sessions", "password");
        EventRepresentation login2Event = events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();
        sessionsPage.open();
        sessions = sessionsPage.getSessions();
        Assert.assertEquals(2, sessions.size());
        sessionsPage.logoutAll();
        events.expectLogout(registerEvent.getSessionId());
        events.expectLogout(login2Event.getSessionId());
    } finally {
        driver2.close();
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) List(java.util.List) LinkedList(java.util.LinkedList) Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 70 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class LinkedAccountsRestServiceTest method testBuildLinkedAccountUri.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testBuildLinkedAccountUri() throws IOException {
    AccountLinkUriRepresentation rep = SimpleHttp.doGet(getAccountUrl("linked-accounts/github?redirectUri=phonyUri"), client).auth(tokenUtil.getToken()).asJson(new TypeReference<AccountLinkUriRepresentation>() {
    });
    URI brokerUri = rep.getAccountLinkUri();
    assertTrue(brokerUri.getPath().endsWith("/auth/realms/test/broker/github/link"));
    List<NameValuePair> queryParams = URLEncodedUtils.parse(brokerUri, Charset.defaultCharset());
    assertEquals(4, queryParams.size());
    for (NameValuePair nvp : queryParams) {
        switch(nvp.getName()) {
            case "nonce":
                {
                    assertNotNull(nvp.getValue());
                    assertEquals(rep.getNonce(), nvp.getValue());
                    break;
                }
            case "hash":
                {
                    assertNotNull(nvp.getValue());
                    assertEquals(rep.getHash(), nvp.getValue());
                    break;
                }
            case "client_id":
                assertEquals(ACCOUNT_CONSOLE_CLIENT_ID, nvp.getValue());
                break;
            case "redirect_uri":
                assertEquals("phonyUri", nvp.getValue());
        }
    }
}
Also used : AccountLinkUriRepresentation(org.keycloak.representations.account.AccountLinkUriRepresentation) NameValuePair(org.apache.http.NameValuePair) URI(java.net.URI) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7