Search in sources :

Example 6 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method updateUserWithRawCredentials.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void updateUserWithRawCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_rawpw");
    user.setEmail("email.raw@localhost");
    CredentialRepresentation rawPassword = new CredentialRepresentation();
    rawPassword.setValue("ABCD");
    rawPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(rawPassword));
    String id = createUser(user);
    PasswordCredentialModel credential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", credential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, credential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, credential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("ABCD", credential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, credential.getType());
    UserResource userResource = realm.users().get(id);
    UserRepresentation userRep = userResource.toRepresentation();
    CredentialRepresentation rawPasswordForUpdate = new CredentialRepresentation();
    rawPasswordForUpdate.setValue("EFGH");
    rawPasswordForUpdate.setType(CredentialRepresentation.PASSWORD);
    userRep.setCredentials(Arrays.asList(rawPasswordForUpdate));
    updateUser(userResource, userRep);
    PasswordCredentialModel updatedCredential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", updatedCredential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, updatedCredential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, updatedCredential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("EFGH", updatedCredential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, updatedCredential.getType());
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserResource(org.keycloak.admin.client.resource.UserResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 7 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserTest method updateUserWithReadOnlyAttributes.

@Test
// TODO: Enable for remote
@AuthServerContainerExclude({ REMOTE })
public void updateUserWithReadOnlyAttributes() {
    // Admin is able to update "usercertificate" attribute
    UserRepresentation user1 = new UserRepresentation();
    user1.setUsername("user1");
    user1.singleAttribute("usercertificate", "foo1");
    String user1Id = createUser(user1);
    user1 = realm.users().get(user1Id).toRepresentation();
    // Update of the user should be rejected due adding the "denied" attribute LDAP_ID
    try {
        user1.singleAttribute("usercertificate", "foo");
        user1.singleAttribute("saml.persistent.name.id.for.foo", "bar");
        user1.singleAttribute(LDAPConstants.LDAP_ID, "baz");
        updateUser(realm.users().get(user1Id), user1);
        Assert.fail("Not supposed to successfully update user");
    } catch (BadRequestException bre) {
        // Expected
        assertAdminEvents.assertEmpty();
    }
    // The same test as before, but with the case-sensitivity used
    try {
        user1.getAttributes().remove(LDAPConstants.LDAP_ID);
        user1.singleAttribute("LDap_Id", "baz");
        updateUser(realm.users().get(user1Id), user1);
        Assert.fail("Not supposed to successfully update user");
    } catch (BadRequestException bre) {
        // Expected
        assertAdminEvents.assertEmpty();
    }
    // Attribute "deniedSomeAdmin" was denied for administrator
    try {
        user1.getAttributes().remove("LDap_Id");
        user1.singleAttribute("deniedSomeAdmin", "baz");
        updateUser(realm.users().get(user1Id), user1);
        Assert.fail("Not supposed to successfully update user");
    } catch (BadRequestException bre) {
        // Expected
        assertAdminEvents.assertEmpty();
    }
    // usercertificate and saml attribute are allowed by admin
    user1.getAttributes().remove("deniedSomeAdmin");
    updateUser(realm.users().get(user1Id), user1);
    user1 = realm.users().get(user1Id).toRepresentation();
    assertEquals("foo", user1.getAttributes().get("usercertificate").get(0));
    assertEquals("bar", user1.getAttributes().get("saml.persistent.name.id.for.foo").get(0));
    assertFalse(user1.getAttributes().containsKey(LDAPConstants.LDAP_ID));
}
Also used : BadRequestException(javax.ws.rs.BadRequestException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 8 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class UserStorageTest method testRegisterWithRequiredEmail.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRegisterWithRequiredEmail() throws Exception {
    try (AutoCloseable c = new RealmAttributeUpdater(testRealmResource()).updateWith(r -> {
        Map<String, String> config = new HashMap<>();
        config.put("from", "auto@keycloak.org");
        config.put("host", "localhost");
        config.put("port", "3025");
        r.setSmtpServer(config);
        r.setRegistrationAllowed(true);
        r.setVerifyEmail(true);
    }).update()) {
        testRealmAccountPage.navigateTo();
        loginPage.clickRegister();
        registerPage.register("firstName", "lastName", "email@mail.com", "verifyEmail", "password", "password");
        verifyEmailPage.assertCurrent();
        Assert.assertEquals(1, greenMail.getReceivedMessages().length);
        MimeMessage message = greenMail.getReceivedMessages()[0];
        String verificationUrl = getPasswordResetEmailLink(message);
        driver.navigate().to(verificationUrl.trim());
        testRealmAccountPage.assertCurrent();
    }
}
Also used : Arrays(java.util.Arrays) URISyntaxException(java.net.URISyntaxException) IMPORT_ENABLED(org.keycloak.storage.UserStorageProviderModel.IMPORT_ENABLED) GroupRepresentation(org.keycloak.representations.idm.GroupRepresentation) Page(org.jboss.arquillian.graphene.page.Page) Assert.assertThat(org.junit.Assert.assertThat) RequiredActionEmailVerificationTest.getPasswordResetEmailLink(org.keycloak.testsuite.actions.RequiredActionEmailVerificationTest.getPasswordResetEmailLink) After(org.junit.After) Map(java.util.Map) CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) Assert.fail(org.junit.Assert.fail) UserMapStorage(org.keycloak.testsuite.federation.UserMapStorage) EVICTION_MINUTE(org.keycloak.storage.UserStorageProviderModel.EVICTION_MINUTE) DAY_OF_WEEK(java.util.Calendar.DAY_OF_WEEK) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) RealmModel(org.keycloak.models.RealmModel) CredentialAuthentication(org.keycloak.credential.CredentialAuthentication) RealmResource(org.keycloak.admin.client.resource.RealmResource) Set(java.util.Set) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) CachedUserModel(org.keycloak.models.cache.CachedUserModel) Collectors(java.util.stream.Collectors) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) NotFoundException(javax.ws.rs.NotFoundException) List(java.util.List) URLAssert.assertCurrentUrlStartsWith(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) LoginPage(org.keycloak.testsuite.pages.LoginPage) Assert.assertFalse(org.junit.Assert.assertFalse) Matchers.equalTo(org.hamcrest.Matchers.equalTo) UserCredentialStoreManager(org.keycloak.credential.UserCredentialStoreManager) Profile(org.keycloak.common.Profile) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) RegisterPage(org.keycloak.testsuite.pages.RegisterPage) GreenMailRule(org.keycloak.testsuite.util.GreenMailRule) HashMap(java.util.HashMap) EVICTION_DAY(org.keycloak.storage.UserStorageProviderModel.EVICTION_DAY) ObjectUtil(org.keycloak.common.util.ObjectUtil) AtomicReference(java.util.concurrent.atomic.AtomicReference) StorageId(org.keycloak.storage.StorageId) ArrayList(java.util.ArrayList) CACHE_POLICY(org.keycloak.storage.UserStorageProviderModel.CACHE_POLICY) HashSet(java.util.HashSet) ComponentRepresentation(org.keycloak.representations.idm.ComponentRepresentation) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) UserModel(org.keycloak.models.UserModel) Calendar(java.util.Calendar) EVICTION_HOUR(org.keycloak.storage.UserStorageProviderModel.EVICTION_HOUR) URLAssert.assertCurrentUrlDoesntStartWith(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlDoesntStartWith) Matchers.hasSize(org.hamcrest.Matchers.hasSize) UserResource(org.keycloak.admin.client.resource.UserResource) AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) Before(org.junit.Before) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) MINUTE(java.util.Calendar.MINUTE) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) MAX_LIFESPAN(org.keycloak.storage.UserStorageProviderModel.MAX_LIFESPAN) CredentialModel(org.keycloak.credential.CredentialModel) UserPropertyFileStorageFactory(org.keycloak.testsuite.federation.UserPropertyFileStorageFactory) UserStorageProvider(org.keycloak.storage.UserStorageProvider) Assert.assertNotNull(org.junit.Assert.assertNotNull) KeycloakSession(org.keycloak.models.KeycloakSession) Assert.assertTrue(org.junit.Assert.assertTrue) FileUtils(org.apache.commons.io.FileUtils) Test(org.junit.Test) VerifyEmailPage(org.keycloak.testsuite.pages.VerifyEmailPage) IOException(java.io.IOException) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) MimeMessage(javax.mail.internet.MimeMessage) TestCleanup(org.keycloak.testsuite.util.TestCleanup) File(java.io.File) HOUR_OF_DAY(java.util.Calendar.HOUR_OF_DAY) Rule(org.junit.Rule) Ignore(org.junit.Ignore) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserMapStorageFactory(org.keycloak.testsuite.federation.UserMapStorageFactory) CachePolicy(org.keycloak.storage.CacheableStorageProviderModel.CachePolicy) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) Assert(org.junit.Assert) UPDATE_PROFILE(org.keycloak.models.UserModel.RequiredAction.UPDATE_PROFILE) MimeMessage(javax.mail.internet.MimeMessage) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) Map(java.util.Map) HashMap(java.util.HashMap) MultivaluedHashMap(org.keycloak.common.util.MultivaluedHashMap) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest) AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest) Test(org.junit.Test)

Example 9 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class TrustStoreEmailTest method verifyEmailWithSslEnabled.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void verifyEmailWithSslEnabled() {
    UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
    SslMailServer.startWithSsl(this.getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
    accountManagement.navigateTo();
    testRealmLoginPage.form().login(user.getUsername(), "password");
    EventRepresentation sendEvent = events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).user(user.getId()).client("account").detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
    String mailCodeId = sendEvent.getDetails().get(Details.CODE_ID);
    assertEquals("You need to verify your email address to activate your account.", testRealmVerifyEmailPage.feedbackMessage().getText());
    String verifyEmailUrl = assertEmailAndGetUrl(MailServerConfiguration.FROM, user.getEmail(), "Someone has created a Test account with this email address.", true);
    log.info("navigating to url from email: " + verifyEmailUrl);
    driver.navigate().to(verifyEmailUrl);
    events.expectRequiredAction(EventType.VERIFY_EMAIL).user(user.getId()).client("account").detail(Details.USERNAME, "test-user@localhost").detail(Details.EMAIL, "test-user@localhost").detail(Details.CODE_ID, mailCodeId).removeDetail(Details.REDIRECT_URI).assertEvent();
    events.expectLogin().client("account").user(user.getId()).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").removeDetail(Details.REDIRECT_URI).assertEvent();
    assertCurrentUrlStartsWith(accountManagement);
    accountManagement.signOut();
    testRealmLoginPage.form().login(user.getUsername(), "password");
    assertCurrentUrlStartsWith(accountManagement);
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 10 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class AccountFormServiceTest method applicationsVisibilityNoScopesNoConsent.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void applicationsVisibilityNoScopesNoConsent() throws Exception {
    try (ClientAttributeUpdater cau = ClientAttributeUpdater.forClient(adminClient, REALM_NAME, ROOT_URL_CLIENT).setConsentRequired(false).setFullScopeAllowed(false).setDefaultClientScopes(Collections.EMPTY_LIST).setOptionalClientScopes(Collections.EMPTY_LIST).update();
        RoleScopeUpdater rsu = cau.realmRoleScope().update()) {
        applicationsPage.open();
        loginPage.login("john-doh@localhost", "password");
        applicationsPage.assertCurrent();
        Map<String, AccountApplicationsPage.AppEntry> apps = applicationsPage.getApplications();
        Assert.assertThat(apps.keySet(), containsInAnyOrder(/* "root-url-client", */
        "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"));
        rsu.add(testRealm().roles().get("user").toRepresentation()).update();
        driver.navigate().refresh();
        apps = applicationsPage.getApplications();
        Assert.assertThat(apps.keySet(), containsInAnyOrder("root-url-client", "Account", "Account Console", "test-app", "test-app-scope", "third-party", "test-app-authz", "My Named Test App", "Test App Named - ${client_account}", "direct-grant", "custom-audience"));
    }
}
Also used : ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) Matchers.containsString(org.hamcrest.Matchers.containsString) RoleScopeUpdater(org.keycloak.testsuite.updaters.RoleScopeUpdater) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7