Examples with AuthServerContainerExclude org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude used on opensource projects

Example 6 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method updateUserWithRawCredentials.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void updateUserWithRawCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_rawpw");
    user.setEmail("email.raw@localhost");
    CredentialRepresentation rawPassword = new CredentialRepresentation();
    rawPassword.setValue("ABCD");
    rawPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(rawPassword));
    String id = createUser(user);
    PasswordCredentialModel credential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", credential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, credential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, credential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("ABCD", credential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, credential.getType());
    UserResource userResource = realm.users().get(id);
    UserRepresentation userRep = userResource.toRepresentation();
    CredentialRepresentation rawPasswordForUpdate = new CredentialRepresentation();
    rawPasswordForUpdate.setValue("EFGH");
    rawPasswordForUpdate.setType(CredentialRepresentation.PASSWORD);
    userRep.setCredentials(Arrays.asList(rawPasswordForUpdate));
    updateUser(userResource, userRep);
    PasswordCredentialModel updatedCredential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", updatedCredential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, updatedCredential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, updatedCredential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("EFGH", updatedCredential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, updatedCredential.getType());
}

Example 7 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method updateUserWithReadOnlyAttributes.

@Test
// TODO: Enable for remote
@AuthServerContainerExclude({ REMOTE })
public void updateUserWithReadOnlyAttributes() {
    // Admin is able to update "usercertificate" attribute
    UserRepresentation user1 = new UserRepresentation();
    user1.setUsername("user1");
    user1.singleAttribute("usercertificate", "foo1");
    String user1Id = createUser(user1);
    user1 = realm.users().get(user1Id).toRepresentation();
    // Update of the user should be rejected due adding the "denied" attribute LDAP_ID
    try {
        user1.singleAttribute("usercertificate", "foo");
        user1.singleAttribute("saml.persistent.name.id.for.foo", "bar");
        user1.singleAttribute(LDAPConstants.LDAP_ID, "baz");
        updateUser(realm.users().get(user1Id), user1);
        Assert.fail("Not supposed to successfully update user");
    } catch (BadRequestException bre) {
        // Expected
        assertAdminEvents.assertEmpty();
    }
    // The same test as before, but with the case-sensitivity used
    try {
        user1.getAttributes().remove(LDAPConstants.LDAP_ID);
        user1.singleAttribute("LDap_Id", "baz");
        updateUser(realm.users().get(user1Id), user1);
        Assert.fail("Not supposed to successfully update user");
    } catch (BadRequestException bre) {
        // Expected
        assertAdminEvents.assertEmpty();
    }
    // Attribute "deniedSomeAdmin" was denied for administrator
    try {
        user1.getAttributes().remove("LDap_Id");
        user1.singleAttribute("deniedSomeAdmin", "baz");
        updateUser(realm.users().get(user1Id), user1);
        Assert.fail("Not supposed to successfully update user");
    } catch (BadRequestException bre) {
        // Expected
        assertAdminEvents.assertEmpty();
    }
    // usercertificate and saml attribute are allowed by admin
    user1.getAttributes().remove("deniedSomeAdmin");
    updateUser(realm.users().get(user1Id), user1);
    user1 = realm.users().get(user1Id).toRepresentation();
    assertEquals("foo", user1.getAttributes().get("usercertificate").get(0));
    assertEquals("bar", user1.getAttributes().get("saml.persistent.name.id.for.foo").get(0));
    assertFalse(user1.getAttributes().containsKey(LDAPConstants.LDAP_ID));
}

Example 8 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserStorageTest method testRegisterWithRequiredEmail.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRegisterWithRequiredEmail() throws Exception {
    try (AutoCloseable c = new RealmAttributeUpdater(testRealmResource()).updateWith(r -> {
        Map<String, String> config = new HashMap<>();
        config.put("from", "auto@keycloak.org");
        config.put("host", "localhost");
        config.put("port", "3025");
        r.setSmtpServer(config);
        r.setRegistrationAllowed(true);
        r.setVerifyEmail(true);
    }).update()) {
        testRealmAccountPage.navigateTo();
        loginPage.clickRegister();
        registerPage.register("firstName", "lastName", "email@mail.com", "verifyEmail", "password", "password");
        verifyEmailPage.assertCurrent();
        Assert.assertEquals(1, greenMail.getReceivedMessages().length);
        MimeMessage message = greenMail.getReceivedMessages()[0];
        String verificationUrl = getPasswordResetEmailLink(message);
        driver.navigate().to(verificationUrl.trim());
        testRealmAccountPage.assertCurrent();
    }
}

Example 9 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class TrustStoreEmailTest method verifyEmailWithSslEnabled.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void verifyEmailWithSslEnabled() {
    UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
    SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
    accountManagement.navigateTo();
    testRealmLoginPage.form().login(user.getUsername(), "password");
    EventRepresentation sendEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).user(user.getId()).client("account").detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
    String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
    assertEquals("You need to verify your email address to activate your account.", testRealmVerifyEmailPage.feedbackMessage().getText());
    String verifyEmailUrl = assertEmailAndGetUrl(MailServerConfiguration.FROM, user.getEmail(), "Someone has created a Test account with this email address.", true);
    log.info("navigating to url from email: " + verifyEmailUrl);
    driver.navigate().to(verifyEmailUrl);
    events.expectRequiredAction(EventType.VERIFY_EMAIL).user(user.getId()).client("account").detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").detail(Details.CODE_ID, mailCodeId).removeDetail(Details.REDIRECT_URI).assertEvent();
    events.expectLogin().client("account").user(user.getId()).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
    assertCurrentUrlStartsWith(accountManagement);
    accountManagement.signOut();
    testRealmLoginPage.form().login(user.getUsername(), "password");
    assertCurrentUrlStartsWith(accountManagement);
}

Example 10 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class AccountFormServiceTest method applicationsVisibilityNoScopesNoConsent.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void applicationsVisibilityNoScopesNoConsent() throws Exception {
    try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, ROOT_URL_CLIENT).setConsentRequired(false).setFullScopeAllowed(false).setDefaultClientScopes(Collections.EMPTY_LIST).setOptionalClientScopes(Collections.EMPTY_LIST).update();
        RoleScopeUpdater rsu = cau.realmRoleScope().update()) {
        applicationsPage.open();
        loginPage.login("john-doh@localhost", "password");
        applicationsPage.assertCurrent();
        Map<String, AccountApplicationsPage.AppEntry> apps = applicationsPage.getApplications();
        Assert.assertThat(apps.keySet(), containsInAnyOrder(/* "root-url-client", */
        "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"));
        rsu.add(testRealm().roles().get("user").toRepresentation()).update();
        driver.navigate().refresh();
        apps = applicationsPage.getApplications();
        Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"));
    }
}