use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class SessionRestServiceTest method testGetDevicesResponse.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testGetDevicesResponse() throws Exception {
assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0) Gecko/20100101 Firefox/15.0.1");
OAuthClient.AccessTokenResponse tokenResponse = codeGrant("public-client-0");
joinSsoSession("public-client-1");
List<DeviceRepresentation> devices = getDevicesOtherThanOther(tokenResponse.getAccessToken());
assertEquals("Should have a single device", 1, devices.size());
DeviceRepresentation device = devices.get(0);
assertTrue(device.getCurrent());
assertEquals("Windows", device.getOs());
assertEquals("10", device.getOsVersion());
assertEquals("Other", device.getDevice());
List<SessionRepresentation> sessions = device.getSessions();
assertEquals(1, sessions.size());
SessionRepresentation session = sessions.get(0);
assertEquals("127.0.0.1", session.getIpAddress());
assertTrue(device.getLastAccess() == session.getLastAccess());
List<ClientRepresentation> clients = session.getClients();
assertEquals(2, clients.size());
assertThat(session.getClients(), Matchers.hasItem(Matchers.hasProperty("clientId", anyOf(Matchers.is("public-client-0"), Matchers.is("public-client-1")))));
assertThat(session.getClients(), Matchers.hasItem(Matchers.hasProperty("clientName", anyOf(Matchers.is("Public Client 0"), Matchers.is("Public Client 1")))));
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class SessionRestServiceTest method testNullOrEmptyUserAgent.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testNullOrEmptyUserAgent() throws Exception {
assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
oauth.setBrowserHeader("User-Agent", null);
OAuthClient.AccessTokenResponse tokenResponse = codeGrant("public-client-0");
List<DeviceRepresentation> devices = queryDevices(tokenResponse.getAccessToken());
assertEquals("Should have a single device", 1, devices.size());
DeviceRepresentation device = devices.get(0);
assertTrue(device.getCurrent());
assertEquals("Other", device.getOs());
assertEquals("Other", device.getDevice());
List<SessionRepresentation> sessions = device.getSessions();
assertEquals(1, sessions.size());
SessionRepresentation session = sessions.get(0);
assertEquals("127.0.0.1", session.getIpAddress());
assertEquals(device.getLastAccess(), session.getLastAccess());
assertEquals(1, session.getClients().size());
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testAnonCreateWithTrustedHost.
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testAnonCreateWithTrustedHost() throws Exception {
// Failed to create client (untrusted host)
OIDCClientRepresentation client = createRepOidc("http://root", "http://redirect");
assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted");
// Should still fail (bad redirect_uri)
setTrustedHost("localhost");
assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
// Should still fail (bad base_uri)
client.setRedirectUris(Collections.singletonList("http://localhost:8080/foo"));
assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
// Success create client
client.setClientUri("http://localhost:8080/foo");
OIDCClientRepresentation oidcClientRep = reg.oidc().create(client);
// Test registration access token
assertRegAccessToken(oidcClientRep.getRegistrationAccessToken(), RegistrationAuth.ANONYMOUS);
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testClientScopesPolicy.
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testClientScopesPolicy() throws Exception {
setTrustedHost("localhost");
// Add some clientScope through Admin REST
ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
clientScope.setName("foo");
clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
Response response = realmResource().clientScopes().create(clientScope);
String clientScopeId = ApiUtil.getCreatedId(response);
response.close();
// I can't register new client with this scope
ClientRepresentation clientRep = createRep("test-app");
clientRep.setDefaultClientScopes(Collections.singletonList("foo"));
assertFail(ClientRegOp.CREATE, clientRep, 403, "Not permitted to use specified clientScope");
// Register client without scope - should success
clientRep.setDefaultClientScopes(null);
ClientRepresentation registeredClient = reg.create(clientRep);
reg.auth(Auth.token(registeredClient));
// Try to update client with scope - should fail
registeredClient.setDefaultClientScopes(Collections.singletonList("foo"));
assertFail(ClientRegOp.UPDATE, registeredClient, 403, "Not permitted to use specified clientScope");
// Update client with the clientScope via Admin REST
ClientResource client = ApiUtil.findClientByClientId(realmResource(), "test-app");
client.addDefaultClientScope(clientScopeId);
// Now the update via clientRegistration is permitted too as scope was already set
reg.update(registeredClient);
// Revert client scope
realmResource().clients().get(client.toRepresentation().getId()).remove();
realmResource().clientScopes().get(clientScopeId).remove();
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class ClientRegistrationPoliciesTest method testProtocolMappersRemoveBuiltins.
@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testProtocolMappersRemoveBuiltins() throws Exception {
setTrustedHost("localhost");
// Change policy to allow hardcoded mapper
ComponentRepresentation protocolMapperPolicyRep = findPolicyByProviderAndAuth(ProtocolMappersClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
protocolMapperPolicyRep.getConfig().add(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
// Create client with hardcoded mapper
ClientRepresentation clientRep = createRep("test-app");
clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
ClientRepresentation registeredClient = reg.create(clientRep);
Assert.assertEquals(1, registeredClient.getProtocolMappers().size());
ProtocolMapperRepresentation hardcodedMapper = registeredClient.getProtocolMappers().get(0);
// Revert
ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
}
Aggregations