use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEValidDefaultCodeChallengeMethod.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void accessTokenRequestInPKCEValidDefaultCodeChallengeMethod() throws Exception {
// test case : success : A-1-4
oauth.codeChallenge("1234567890123456789012345678901234567890123");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
oauth.codeVerifier("1234567890123456789012345678901234567890123");
expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestWithoutPKCE.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void accessTokenRequestWithoutPKCE() throws Exception {
// test case : success : A-1-1
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class GroupTest method doNotAllowSameGroupNameAtTopLevelInDatabase.
@Test
@UncaughtServerErrorExpected
@AuthServerContainerExclude(REMOTE)
public void doNotAllowSameGroupNameAtTopLevelInDatabase() throws Exception {
final String id = KeycloakModelUtils.generateId();
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealm("test");
realm.createGroup(id, "test-group");
});
getCleanup().addGroupId(id);
// unique key should work even in top groups
expectedException.expect(RunOnServerException.class);
expectedException.expectMessage(ModelDuplicateException.class.getName());
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealm("test");
realm.createGroup("test-group");
});
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithAlternativeOTPAndConditionalPassword.
/**
* Test for KEYCLOAK-12858
*
* Flow is configured, so that once user provides username, there are 2 alternatives:
* - OTP
* - Subflow1, which contains another conditional subflow2, which requires user to authenticate with Password if he has password configured
*
* After login with password and fulfill the conditional subflow2, the subflow1 should be considered successful as well and the OTP authentication should not be needed
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithAlternativeOTPAndConditionalPassword() {
String newFlowAlias = "browser - copy 2";
configureBrowserFlowWithAlternativeOTPAndConditionalPassword(newFlowAlias);
try {
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.assertCurrent();
loginUsernameOnlyPage.login("user-with-one-configured-otp");
// Assert that the login skipped the OTP authenticator and moved to the password
passwordPage.assertCurrent();
passwordPage.assertTryAnotherWayLinkAvailability(true);
passwordPage.login("password");
Assert.assertFalse(loginPage.isCurrent());
Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
events.expectLogin().user(testRealm().users().search("user-with-one-configured-otp").get(0).getId()).detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
} finally {
revertFlows(newFlowAlias);
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithWithNoWebAuthnCredentialAndNoRequiredActionProviderRegistered.
/**
* This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
* has its requiredActionProvider in a not registered state, then it will not try to create the required action,
* and will instead raise an credential setup required error.
* NOTE: webauthn currently isn't configured by default in the realm. When this changes, this test will need to be adapted
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoWebAuthnCredentialAndNoRequiredActionProviderRegistered() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithRequiredWebAuthn(newFlowAlias);
try {
provideUsernamePassword("test-user@localhost");
// Assert that the login evaluates to an error, as all required elements to not validate to successful
errorPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
}
}
Aggregations