Examples with AuthServerContainerExclude - org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude

Example 96 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestInPKCEValidDefaultCodeChallengeMethod.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void accessTokenRequestInPKCEValidDefaultCodeChallengeMethod() throws Exception {
    // test case : success : A-1-4
    oauth.codeChallenge("1234567890123456789012345678901234567890123");
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    oauth.codeVerifier("1234567890123456789012345678901234567890123");
    expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
}

Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)

Example 97 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class OAuthProofKeyForCodeExchangeTest method accessTokenRequestWithoutPKCE.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void accessTokenRequestWithoutPKCE() throws Exception {
    // test case : success : A-1-1
    oauth.doLogin("test-user@localhost", "password");
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    String codeId = loginEvent.getDetails().get(Details.CODE_ID);
    String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
    expectSuccessfulResponseFromTokenEndpoint(codeId, sessionId, code);
}

Example 98 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class GroupTest method doNotAllowSameGroupNameAtTopLevelInDatabase.

@Test
@UncaughtServerErrorExpected
@AuthServerContainerExclude(REMOTE)
public void doNotAllowSameGroupNameAtTopLevelInDatabase() throws Exception {
    final String id = KeycloakModelUtils.generateId();
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealm("test");
        realm.createGroup(id, "test-group");
    });
    getCleanup().addGroupId(id);
    // unique key should work even in top groups
    expectedException.expect(RunOnServerException.class);
    expectedException.expectMessage(ModelDuplicateException.class.getName());
    testingClient.server().run(session -> {
        RealmModel realm = session.realms().getRealm("test");
        realm.createGroup("test-group");
    });
}

Also used : RealmModel(org.keycloak.models.RealmModel) ModelDuplicateException(org.keycloak.models.ModelDuplicateException) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)

Example 99 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testLoginWithAlternativeOTPAndConditionalPassword.

/**
 * Test for KEYCLOAK-12858
 *
 * Flow is configured, so that once user provides username, there are 2 alternatives:
 * - OTP
 * - Subflow1, which contains another conditional subflow2, which requires user to authenticate with Password if he has password configured
 *
 * After login with password and fulfill the conditional subflow2, the subflow1 should be considered successful as well and the OTP authentication should not be needed
 */
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithAlternativeOTPAndConditionalPassword() {
    String newFlowAlias = "browser - copy 2";
    configureBrowserFlowWithAlternativeOTPAndConditionalPassword(newFlowAlias);
    try {
        loginUsernameOnlyPage.open();
        loginUsernameOnlyPage.assertCurrent();
        loginUsernameOnlyPage.login("user-with-one-configured-otp");
        // Assert that the login skipped the OTP authenticator and moved to the password
        passwordPage.assertCurrent();
        passwordPage.assertTryAnotherWayLinkAvailability(true);
        passwordPage.login("password");
        Assert.assertFalse(loginPage.isCurrent());
        Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
        events.expectLogin().user(testRealm().users().search("user-with-one-configured-otp").get(0).getId()).detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
    } finally {
        revertFlows(newFlowAlias);
    }
}

Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 100 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testLoginWithWithNoWebAuthnCredentialAndNoRequiredActionProviderRegistered.

/**
 * This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
 * has its requiredActionProvider in a not registered state, then it will not try to create the required action,
 * and will instead raise an credential setup required error.
 * NOTE: webauthn currently isn't configured by default in the realm. When this changes, this test will need to be adapted
 */
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoWebAuthnCredentialAndNoRequiredActionProviderRegistered() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithRequiredWebAuthn(newFlowAlias);
    try {
        provideUsernamePassword("test-user@localhost");
        // Assert that the login evaluates to an error, as all required elements to not validate to successful
        errorPage.assertCurrent();
    } finally {
        revertFlows("browser - copy 1");
    }
}

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7