use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithWithNoWebAuthnCredentialAndAlternativeActionProvider.
/**
* This test checks that if a alternative authentication execution which has isUserSetupAllowed -> true for
* but is not a CredentialValidator (and therefore will not be removed by the selection mechanism),
* then it will not try to create the required action, and will instead move to the next alternative
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoWebAuthnCredentialAndAlternativeActionProvider() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithAlternativeWebAuthnAndPassword(newFlowAlias);
try {
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.assertCurrent();
loginUsernameOnlyPage.login("test-user@localhost");
// Assert that the login skipped the OTP authenticator and moved to the password
passwordPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithWithNoOTPCredentialAndNoRequiredActionProviderRegistered.
/**
* This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
* has its requiredActionProvider in a not registered state, then it will not try to create the required action,
* and will instead raise an credential setup required error.
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoOTPCredentialAndNoRequiredActionProviderRegistered() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithRequiredOTP(newFlowAlias);
RequiredActionProviderRepresentation otpRequiredAction = testRealm().flows().getRequiredAction("CONFIGURE_TOTP");
testRealm().flows().removeRequiredAction("CONFIGURE_TOTP");
try {
provideUsernamePassword("test-user@localhost");
// Assert that the login evaluates to an error, as all required elements to not validate to successful
errorPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
RequiredActionProviderSimpleRepresentation simpleRepresentation = new RequiredActionProviderSimpleRepresentation();
simpleRepresentation.setProviderId("CONFIGURE_TOTP");
simpleRepresentation.setName(otpRequiredAction.getName());
testRealm().flows().registerRequiredAction(simpleRepresentation);
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithWithNoOTPCredential.
/**
* This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
* has its requiredActionProvider enabled, than it will login and show the otpSetup page.
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoOTPCredential() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithRequiredOTP(newFlowAlias);
;
try {
provideUsernamePassword("test-user@localhost");
// Assert that in this case you arrive to an OTP setup
Assert.assertTrue(driver.getCurrentUrl().contains("required-action?execution=CONFIGURE_TOTP"));
} finally {
revertFlows("browser - copy 1");
UserRepresentation user = testRealm().users().search("test-user@localhost").get(0);
user.setRequiredActions(Collections.emptyList());
testRealm().users().get(user.getId()).update(user);
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testLoginWithWithNoWebAuthnCredentialAndRequiredActionProviderDisabled.
/**
* This test checks that if a REQUIRED authentication execution which has isUserSetupAllowed -> true
* has its requiredActionProvider disabled, then it will not try to create the required action,
* and will instead raise an credential setup required error.
* NOTE: webauthn currently isn't configured by default in the realm. When this changes, this test will need to be adapted
*/
@Test
@AuthServerContainerExclude(REMOTE)
public void testLoginWithWithNoWebAuthnCredentialAndRequiredActionProviderDisabled() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithRequiredWebAuthn(newFlowAlias);
RequiredActionProviderSimpleRepresentation requiredActionRepresentation = new RequiredActionProviderSimpleRepresentation();
requiredActionRepresentation.setName("WebAuthn Required Action");
requiredActionRepresentation.setProviderId(WebAuthnRegisterFactory.PROVIDER_ID);
testRealm().flows().registerRequiredAction(requiredActionRepresentation);
RequiredActionProviderRepresentation rapr = testRealm().flows().getRequiredAction(WebAuthnRegisterFactory.PROVIDER_ID);
rapr.setEnabled(false);
testRealm().flows().updateRequiredAction(WebAuthnRegisterFactory.PROVIDER_ID, rapr);
try {
provideUsernamePassword("test-user@localhost");
// Assert that the login evaluates to an error, as all required elements to not validate to successful
errorPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
testRealm().flows().removeRequiredAction(WebAuthnRegisterFactory.PROVIDER_ID);
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testConditionalFlowWithConditionalAuthenticatorEvaluatingToFalseActsAsDisabled.
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalFlowWithConditionalAuthenticatorEvaluatingToFalseActsAsDisabled() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithConditionalFlowWithOTP(newFlowAlias);
try {
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.assertCurrent();
loginUsernameOnlyPage.login("test-user@localhost");
// Assert that the login evaluates to an error, as all required elements to not validate to successful
errorPage.assertCurrent();
} finally {
revertFlows("browser - copy 1");
}
}
Aggregations