Search in sources :

Example 76 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class IdentityProviderTest method failCreateInvalidUrl.

@Test
@AuthServerContainerExclude(REMOTE)
public void failCreateInvalidUrl() throws Exception {
    try (AutoCloseable c = new RealmAttributeUpdater(realmsResouce().realm("test")).updateWith(r -> r.setSslRequired(SslRequired.ALL.name())).update()) {
        IdentityProviderRepresentation newIdentityProvider = createRep("new-identity-provider", "oidc");
        newIdentityProvider.getConfig().put("clientId", "clientId");
        newIdentityProvider.getConfig().put("clientSecret", "some secret value");
        OIDCIdentityProviderConfigRep oidcConfig = new OIDCIdentityProviderConfigRep(newIdentityProvider);
        oidcConfig.setAuthorizationUrl("invalid://test");
        try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
            assertEquals("The url [authorization_url] is malformed", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl("http://test");
        try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
            assertEquals("The url [token_url] requires secure connections", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl(null);
        oidcConfig.setJwksUrl("http://test");
        try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
            assertEquals("The url [jwks_url] requires secure connections", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl(null);
        oidcConfig.setJwksUrl(null);
        oidcConfig.setLogoutUrl("http://test");
        try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
            assertEquals("The url [logout_url] requires secure connections", error.getErrorMessage());
        }
        oidcConfig.setAuthorizationUrl(null);
        oidcConfig.setTokenUrl(null);
        oidcConfig.setJwksUrl(null);
        oidcConfig.setLogoutUrl(null);
        oidcConfig.setUserInfoUrl("http://test");
        try (Response response = this.realm.identityProviders().create(newIdentityProvider)) {
            assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
            ErrorRepresentation error = response.readEntity(ErrorRepresentation.class);
            assertEquals("The url [userinfo_url] requires secure connections", error.getErrorMessage());
        }
    }
}
Also used : EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) Arrays(java.util.Arrays) ResourceType(org.keycloak.events.admin.ResourceType) OIDCIdentityProviderConfigRep(org.keycloak.testsuite.broker.OIDCIdentityProviderConfigRep) URL(java.net.URL) URISyntaxException(java.net.URISyntaxException) Matchers.not(org.hamcrest.Matchers.not) ClientErrorException(javax.ws.rs.ClientErrorException) Assert.assertThat(org.junit.Assert.assertThat) SAMLIdentityProviderConfig(org.keycloak.broker.saml.SAMLIdentityProviderConfig) MediaType(javax.ws.rs.core.MediaType) MultipartFormDataOutput(org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput) ByteArrayInputStream(java.io.ByteArrayInputStream) REMOTE(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer.REMOTE) Document(org.w3c.dom.Document) Map(java.util.Map) Assert.fail(org.junit.Assert.fail) URI(java.net.URI) AdminEventPaths(org.keycloak.testsuite.util.AdminEventPaths) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) Set(java.util.Set) IdentityProviderModel(org.keycloak.models.IdentityProviderModel) UUID(java.util.UUID) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) NotFoundException(javax.ws.rs.NotFoundException) DocumentUtil(org.keycloak.saml.common.util.DocumentUtil) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) List(java.util.List) SslRequired(org.keycloak.common.enums.SslRequired) Response(javax.ws.rs.core.Response) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Assert.assertFalse(org.junit.Assert.assertFalse) Matchers.equalTo(org.hamcrest.Matchers.equalTo) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) XMLSignature(javax.xml.crypto.dsig.XMLSignature) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) OperationType(org.keycloak.events.admin.OperationType) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) Assert(org.keycloak.testsuite.Assert) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel) HashMap(java.util.HashMap) IdentityProviderMapperTypeRepresentation(org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation) ErrorRepresentation(org.keycloak.representations.idm.ErrorRepresentation) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) HashSet(java.util.HashSet) ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) Charset(java.nio.charset.Charset) AUTH_SERVER_SSL_REQUIRED(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_SSL_REQUIRED) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) AdminEventRepresentation(org.keycloak.representations.idm.AdminEventRepresentation) IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) StripSecretsUtils(org.keycloak.models.utils.StripSecretsUtils) Matchers.hasSize(org.hamcrest.Matchers.hasSize) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) Matchers.empty(org.hamcrest.Matchers.empty) NodeList(org.w3c.dom.NodeList) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) Files(java.nio.file.Files) Assert.assertNotNull(org.junit.Assert.assertNotNull) KeyTypes(org.keycloak.dom.saml.v2.metadata.KeyTypes) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) IOException(java.io.IOException) XMLDSIG_NSURI(org.keycloak.saml.common.constants.JBossSAMLURIConstants.XMLDSIG_NSURI) Element(org.w3c.dom.Element) Assert.assertNull(org.junit.Assert.assertNull) Paths(java.nio.file.Paths) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) IdentityProviderMapperSyncMode(org.keycloak.models.IdentityProviderMapperSyncMode) Assert.assertEquals(org.junit.Assert.assertEquals) Response(javax.ws.rs.core.Response) OIDCIdentityProviderConfigRep(org.keycloak.testsuite.broker.OIDCIdentityProviderConfigRep) ErrorRepresentation(org.keycloak.representations.idm.ErrorRepresentation) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 77 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method sendResetPasswordEmailWithCustomLifespan.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void sendResetPasswordEmailWithCustomLifespan() throws IOException {
    UserRepresentation userRep = new UserRepresentation();
    userRep.setEnabled(true);
    userRep.setUsername("user1");
    userRep.setEmail("user1@test.com");
    String id = createUser(userRep);
    UserResource user = realm.users().get(id);
    List<String> actions = new LinkedList<>();
    actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
    final int lifespan = (int) TimeUnit.HOURS.toSeconds(5);
    user.executeActionsEmail(actions, lifespan);
    assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email", ResourceType.USER);
    Assert.assertEquals(1, greenMail.getReceivedMessages().length);
    MimeMessage message = greenMail.getReceivedMessages()[0];
    MailUtils.EmailBody body = MailUtils.getBody(message);
    assertTrue(body.getText().contains("Update Password"));
    assertTrue(body.getText().contains("your Admin-client-test account"));
    assertTrue(body.getText().contains("This link will expire within 5 hours"));
    assertTrue(body.getHtml().contains("Update Password"));
    assertTrue(body.getHtml().contains("your Admin-client-test account"));
    assertTrue(body.getHtml().contains("This link will expire within 5 hours"));
    String link = MailUtils.getPasswordResetEmailLink(body);
    String token = link.substring(link.indexOf("key=") + "key=".length());
    try {
        final AccessToken accessToken = TokenVerifier.create(token, AccessToken.class).getToken();
        assertEquals(lifespan, accessToken.getExpiration() - accessToken.getIssuedAt());
    } catch (VerificationException e) {
        throw new IOException(e);
    }
    driver.navigate().to(link);
    proceedPage.assertCurrent();
    assertThat(proceedPage.getInfo(), Matchers.containsString("Update Password"));
    proceedPage.clickProceedLink();
    passwordUpdatePage.assertCurrent();
    passwordUpdatePage.changePassword("new-pass", "new-pass");
    assertEquals("Your account has been updated.", PageUtils.getPageTitle(driver));
    driver.navigate().to(link);
    assertEquals("We are sorry...", PageUtils.getPageTitle(driver));
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) AccessToken(org.keycloak.representations.AccessToken) UserResource(org.keycloak.admin.client.resource.UserResource) VerificationException(org.keycloak.common.VerificationException) IOException(java.io.IOException) LinkedList(java.util.LinkedList) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) MailUtils(org.keycloak.testsuite.util.MailUtils) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 78 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method sendResetPasswordEmailSuccessTwoLinks.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void sendResetPasswordEmailSuccessTwoLinks() throws IOException {
    UserRepresentation userRep = new UserRepresentation();
    userRep.setEnabled(true);
    userRep.setUsername("user1");
    userRep.setEmail("user1@test.com");
    String id = createUser(userRep);
    UserResource user = realm.users().get(id);
    List<String> actions = new LinkedList<>();
    actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
    user.executeActionsEmail(actions);
    user.executeActionsEmail(actions);
    assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email", ResourceType.USER);
    assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email", ResourceType.USER);
    Assert.assertEquals(2, greenMail.getReceivedMessages().length);
    int i = 1;
    for (MimeMessage message : greenMail.getReceivedMessages()) {
        String link = MailUtils.getPasswordResetEmailLink(message);
        driver.navigate().to(link);
        proceedPage.assertCurrent();
        assertThat(proceedPage.getInfo(), Matchers.containsString("Update Password"));
        proceedPage.clickProceedLink();
        passwordUpdatePage.assertCurrent();
        passwordUpdatePage.changePassword("new-pass" + i, "new-pass" + i);
        i++;
        assertEquals("Your account has been updated.", PageUtils.getPageTitle(driver));
    }
    for (MimeMessage message : greenMail.getReceivedMessages()) {
        String link = MailUtils.getPasswordResetEmailLink(message);
        driver.navigate().to(link);
        errorPage.assertCurrent();
    }
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) UserResource(org.keycloak.admin.client.resource.UserResource) LinkedList(java.util.LinkedList) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 79 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method sendResetPasswordEmailSuccessTokenShortLifespan.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void sendResetPasswordEmailSuccessTokenShortLifespan() throws IOException {
    UserRepresentation userRep = new UserRepresentation();
    userRep.setEnabled(true);
    userRep.setUsername("user1");
    userRep.setEmail("user1@test.com");
    String id = createUser(userRep);
    final AtomicInteger originalValue = new AtomicInteger();
    RealmRepresentation realmRep = realm.toRepresentation();
    originalValue.set(realmRep.getActionTokenGeneratedByAdminLifespan());
    realmRep.setActionTokenGeneratedByAdminLifespan(60);
    realm.update(realmRep);
    try {
        UserResource user = realm.users().get(id);
        List<String> actions = new LinkedList<>();
        actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
        user.executeActionsEmail(actions);
        Assert.assertEquals(1, greenMail.getReceivedMessages().length);
        MimeMessage message = greenMail.getReceivedMessages()[0];
        String link = MailUtils.getPasswordResetEmailLink(message);
        setTimeOffset(70);
        driver.navigate().to(link);
        errorPage.assertCurrent();
        assertEquals("Action expired.", errorPage.getError());
    } finally {
        setTimeOffset(0);
        realmRep.setActionTokenGeneratedByAdminLifespan(originalValue.get());
        realm.update(realmRep);
    }
}
Also used : AtomicInteger(java.util.concurrent.atomic.AtomicInteger) MimeMessage(javax.mail.internet.MimeMessage) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource) LinkedList(java.util.LinkedList) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 80 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method sendResetPasswordEmailSuccess.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void sendResetPasswordEmailSuccess() throws IOException {
    UserRepresentation userRep = new UserRepresentation();
    userRep.setEnabled(true);
    userRep.setUsername("user1");
    userRep.setEmail("user1@test.com");
    String id = createUser(userRep);
    UserResource user = realm.users().get(id);
    List<String> actions = new LinkedList<>();
    actions.add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
    user.executeActionsEmail(actions);
    assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResourcePath(id) + "/execute-actions-email", ResourceType.USER);
    Assert.assertEquals(1, greenMail.getReceivedMessages().length);
    MimeMessage message = greenMail.getReceivedMessages()[0];
    MailUtils.EmailBody body = MailUtils.getBody(message);
    assertTrue(body.getText().contains("Update Password"));
    assertTrue(body.getText().contains("your Admin-client-test account"));
    assertTrue(body.getText().contains("This link will expire within 12 hours"));
    assertTrue(body.getHtml().contains("Update Password"));
    assertTrue(body.getHtml().contains("your Admin-client-test account"));
    assertTrue(body.getHtml().contains("This link will expire within 12 hours"));
    String link = MailUtils.getPasswordResetEmailLink(body);
    driver.navigate().to(link);
    proceedPage.assertCurrent();
    assertThat(proceedPage.getInfo(), Matchers.containsString("Update Password"));
    proceedPage.clickProceedLink();
    passwordUpdatePage.assertCurrent();
    passwordUpdatePage.changePassword("new-pass", "new-pass");
    assertEquals("Your account has been updated.", PageUtils.getPageTitle(driver));
    driver.navigate().to(link);
    assertEquals("We are sorry...", PageUtils.getPageTitle(driver));
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) UserResource(org.keycloak.admin.client.resource.UserResource) LinkedList(java.util.LinkedList) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) MailUtils(org.keycloak.testsuite.util.MailUtils) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7