Search in sources :

Example 71 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class SessionRestServiceTest method testGetDevicesResponse.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testGetDevicesResponse() throws Exception {
    assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
    oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0) Gecko/20100101 Firefox/15.0.1");
    OAuthClient.AccessTokenResponse tokenResponse = codeGrant("public-client-0");
    joinSsoSession("public-client-1");
    List<DeviceRepresentation> devices = getDevicesOtherThanOther(tokenResponse.getAccessToken());
    assertEquals("Should have a single device", 1, devices.size());
    DeviceRepresentation device = devices.get(0);
    assertTrue(device.getCurrent());
    assertEquals("Windows", device.getOs());
    assertEquals("10", device.getOsVersion());
    assertEquals("Other", device.getDevice());
    List<SessionRepresentation> sessions = device.getSessions();
    assertEquals(1, sessions.size());
    SessionRepresentation session = sessions.get(0);
    assertEquals("127.0.0.1", session.getIpAddress());
    assertTrue(device.getLastAccess() == session.getLastAccess());
    List<ClientRepresentation> clients = session.getClients();
    assertEquals(2, clients.size());
    assertThat(session.getClients(), Matchers.hasItem(Matchers.hasProperty("clientId", anyOf(Matchers.is("public-client-0"), Matchers.is("public-client-1")))));
    assertThat(session.getClients(), Matchers.hasItem(Matchers.hasProperty("clientName", anyOf(Matchers.is("Public Client 0"), Matchers.is("Public Client 1")))));
}
Also used : DeviceRepresentation(org.keycloak.representations.account.DeviceRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) SessionRepresentation(org.keycloak.representations.account.SessionRepresentation) ClientRepresentation(org.keycloak.representations.account.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 72 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class SessionRestServiceTest method testNullOrEmptyUserAgent.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testNullOrEmptyUserAgent() throws Exception {
    assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
    oauth.setBrowserHeader("User-Agent", null);
    OAuthClient.AccessTokenResponse tokenResponse = codeGrant("public-client-0");
    List<DeviceRepresentation> devices = queryDevices(tokenResponse.getAccessToken());
    assertEquals("Should have a single device", 1, devices.size());
    DeviceRepresentation device = devices.get(0);
    assertTrue(device.getCurrent());
    assertEquals("Other", device.getOs());
    assertEquals("Other", device.getDevice());
    List<SessionRepresentation> sessions = device.getSessions();
    assertEquals(1, sessions.size());
    SessionRepresentation session = sessions.get(0);
    assertEquals("127.0.0.1", session.getIpAddress());
    assertEquals(device.getLastAccess(), session.getLastAccess());
    assertEquals(1, session.getClients().size());
}
Also used : DeviceRepresentation(org.keycloak.representations.account.DeviceRepresentation) OAuthClient(org.keycloak.testsuite.util.OAuthClient) SessionRepresentation(org.keycloak.representations.account.SessionRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 73 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testAnonCreateWithTrustedHost.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testAnonCreateWithTrustedHost() throws Exception {
    // Failed to create client (untrusted host)
    OIDCClientRepresentation client = createRepOidc("http://root", "http://redirect");
    assertOidcFail(ClientRegOp.CREATE, client, 403, "Host not trusted");
    // Should still fail (bad redirect_uri)
    setTrustedHost("localhost");
    assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
    // Should still fail (bad base_uri)
    client.setRedirectUris(Collections.singletonList("http://localhost:8080/foo"));
    assertOidcFail(ClientRegOp.CREATE, client, 403, "URL doesn't match");
    // Success create client
    client.setClientUri("http://localhost:8080/foo");
    OIDCClientRepresentation oidcClientRep = reg.oidc().create(client);
    // Test registration access token
    assertRegAccessToken(oidcClientRep.getRegistrationAccessToken(), RegistrationAuth.ANONYMOUS);
}
Also used : OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 74 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testClientScopesPolicy.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testClientScopesPolicy() throws Exception {
    setTrustedHost("localhost");
    // Add some clientScope through Admin REST
    ClientScopeRepresentation clientScope = new ClientScopeRepresentation();
    clientScope.setName("foo");
    clientScope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    Response response = realmResource().clientScopes().create(clientScope);
    String clientScopeId = ApiUtil.getCreatedId(response);
    response.close();
    // I can't register new client with this scope
    ClientRepresentation clientRep = createRep("test-app");
    clientRep.setDefaultClientScopes(Collections.singletonList("foo"));
    assertFail(ClientRegOp.CREATE, clientRep, 403, "Not permitted to use specified clientScope");
    // Register client without scope - should success
    clientRep.setDefaultClientScopes(null);
    ClientRepresentation registeredClient = reg.create(clientRep);
    reg.auth(Auth.token(registeredClient));
    // Try to update client with scope - should fail
    registeredClient.setDefaultClientScopes(Collections.singletonList("foo"));
    assertFail(ClientRegOp.UPDATE, registeredClient, 403, "Not permitted to use specified clientScope");
    // Update client with the clientScope via Admin REST
    ClientResource client = ApiUtil.findClientByClientId(realmResource(), "test-app");
    client.addDefaultClientScope(clientScopeId);
    // Now the update via clientRegistration is permitted too as scope was already set
    reg.update(registeredClient);
    // Revert client scope
    realmResource().clients().get(client.toRepresentation().getId()).remove();
    realmResource().clientScopes().get(clientScopeId).remove();
}
Also used : Response(javax.ws.rs.core.Response) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 75 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ClientRegistrationPoliciesTest method testProtocolMappersRemoveBuiltins.

@Test
// We would need to do domain name -> ip address to set trusted host
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testProtocolMappersRemoveBuiltins() throws Exception {
    setTrustedHost("localhost");
    // Change policy to allow hardcoded mapper
    ComponentRepresentation protocolMapperPolicyRep = findPolicyByProviderAndAuth(ProtocolMappersClientRegistrationPolicyFactory.PROVIDER_ID, getPolicyAnon());
    protocolMapperPolicyRep.getConfig().add(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
    realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
    // Create client with hardcoded mapper
    ClientRepresentation clientRep = createRep("test-app");
    clientRep.setProtocolMappers(Collections.singletonList(createHardcodedMapperRep()));
    ClientRepresentation registeredClient = reg.create(clientRep);
    Assert.assertEquals(1, registeredClient.getProtocolMappers().size());
    ProtocolMapperRepresentation hardcodedMapper = registeredClient.getProtocolMappers().get(0);
    // Revert
    ApiUtil.findClientResourceByClientId(realmResource(), "test-app").remove();
    protocolMapperPolicyRep.getConfig().remove(ProtocolMappersClientRegistrationPolicyFactory.ALLOWED_PROTOCOL_MAPPER_TYPES, HardcodedRole.PROVIDER_ID);
    realmResource().components().component(protocolMapperPolicyRep.getId()).update(protocolMapperPolicyRep);
}
Also used : ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) OIDCClientRepresentation(org.keycloak.representations.oidc.OIDCClientRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7