Search in sources :

Example 21 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalFlowWithConditionalAuthenticatorEvaluatingToTrueActsAsRequired.

@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalFlowWithConditionalAuthenticatorEvaluatingToTrueActsAsRequired() {
    String newFlowAlias = "browser - copy 1";
    configureBrowserFlowWithConditionalFlowWithOTP(newFlowAlias);
    try {
        loginUsernameOnlyPage.open();
        loginUsernameOnlyPage.assertCurrent();
        loginUsernameOnlyPage.login("user-with-one-configured-otp");
        // Assert on password page now
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(false);
        loginTotpPage.login(getOtpCode(USER_WITH_ONE_OTP_OTP_SECRET));
        Assert.assertFalse(loginTotpPage.isCurrent());
        events.expectLogin().user(testRealm().users().search("user-with-one-configured-otp").get(0).getId()).detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
    } finally {
        revertFlows("browser - copy 1");
    }
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 22 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testAlternativeNonInteractiveExecutorInSubflow.

@Test
@AuthServerContainerExclude(REMOTE)
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void testAlternativeNonInteractiveExecutorInSubflow() {
    final String newFlowAlias = "browser - alternative non-interactive executor";
    testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).copyBrowserFlow(newFlowAlias));
    testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).selectFlow(newFlowAlias).inForms(forms -> forms.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, UsernameFormFactory.PROVIDER_ID).addSubFlowExecution(Requirement.REQUIRED, reqSubFlow -> reqSubFlow.addAuthenticatorExecution(Requirement.ALTERNATIVE, PassThroughAuthenticator.PROVIDER_ID))).defineAsBrowserFlow());
    try {
        // provides username
        loginUsernameOnlyPage.open();
        loginUsernameOnlyPage.login("test-user@localhost");
        // Check that Keycloak is redirecting us to the Keycloak account management page
        WebElement aHref = driver.findElement(By.tagName("a"));
        driver.get(aHref.getAttribute("href"));
        assertThat(driver.getTitle(), containsString("Account Management"));
    } finally {
        revertFlows("browser - alternative non-interactive executor");
    }
}
Also used : Arrays(java.util.Arrays) UsernameFormFactory(org.keycloak.authentication.authenticators.browser.UsernameFormFactory) AbstractAdminTest.loadJson(org.keycloak.testsuite.admin.AbstractAdminTest.loadJson) AssertEvents(org.keycloak.testsuite.AssertEvents) WebElement(org.openqa.selenium.WebElement) SetUserAttributeAuthenticatorFactory(org.keycloak.testsuite.authentication.SetUserAttributeAuthenticatorFactory) Page(org.jboss.arquillian.graphene.page.Page) DefaultAuthenticationFlows(org.keycloak.models.utils.DefaultAuthenticationFlows) OAuthClient(org.keycloak.testsuite.util.OAuthClient) REMOTE(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer.REMOTE) LoginTotpPage(org.keycloak.testsuite.pages.LoginTotpPage) Requirement(org.keycloak.models.AuthenticationExecutionModel.Requirement) GOOGLE(org.keycloak.testsuite.broker.SocialLoginTest.Provider.GOOGLE) UsernamePasswordFormFactory(org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFactory) RealmResource(org.keycloak.admin.client.resource.RealmResource) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) GITLAB(org.keycloak.testsuite.broker.SocialLoginTest.Provider.GITLAB) URLUtils(org.keycloak.testsuite.util.URLUtils) PasswordFormFactory(org.keycloak.authentication.authenticators.browser.PasswordFormFactory) ConditionalUserConfiguredAuthenticatorFactory(org.keycloak.authentication.authenticators.conditional.ConditionalUserConfiguredAuthenticatorFactory) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) ConditionalRoleAuthenticatorFactory(org.keycloak.authentication.authenticators.conditional.ConditionalRoleAuthenticatorFactory) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) RoleBuilder(org.keycloak.testsuite.util.RoleBuilder) List(java.util.List) GITHUB(org.keycloak.testsuite.broker.SocialLoginTest.Provider.GITHUB) Details(org.keycloak.events.Details) LoginPage(org.keycloak.testsuite.pages.LoginPage) OneTimeCode(org.keycloak.testsuite.auth.page.login.OneTimeCode) ActionURIUtils(org.keycloak.testsuite.ActionURIUtils) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) WebAuthnRegisterFactory(org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory) Matchers.containsString(org.hamcrest.Matchers.containsString) IdentityProviderRepresentation(org.keycloak.representations.idm.IdentityProviderRepresentation) ConditionalUserAttributeValueFactory(org.keycloak.testsuite.authentication.ConditionalUserAttributeValueFactory) Profile(org.keycloak.common.Profile) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) Constants(org.keycloak.models.Constants) TimeBasedOTP(org.keycloak.models.utils.TimeBasedOTP) OTPFormAuthenticatorFactory(org.keycloak.authentication.authenticators.browser.OTPFormAuthenticatorFactory) WebAuthnAuthenticatorFactory(org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature) Drone(org.jboss.arquillian.drone.api.annotation.Drone) AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) ArquillianResource(org.jboss.arquillian.test.api.ArquillianResource) FlowUtil(org.keycloak.testsuite.util.FlowUtil) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) UserResource(org.keycloak.admin.client.resource.UserResource) RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) By(org.openqa.selenium.By) PasswordPage(org.keycloak.testsuite.pages.PasswordPage) RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest) Consumer(java.util.function.Consumer) Rule(org.junit.Rule) LoginUsernameOnlyPage(org.keycloak.testsuite.pages.LoginUsernameOnlyPage) ErrorPage(org.keycloak.testsuite.pages.ErrorPage) Assert(org.junit.Assert) Collections(java.util.Collections) OTPFormAuthenticator(org.keycloak.authentication.authenticators.browser.OTPFormAuthenticator) Matchers.containsString(org.hamcrest.Matchers.containsString) WebElement(org.openqa.selenium.WebElement) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 23 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalRoleAuthenticator.

// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required role "user" and an OTP authenticator
// user-with-two-configured-otp has the "user" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticator() {
    String requiredRole = "user";
    // A browser flow is configured with an OTPForm for users having the role "user"
    configureBrowserFlowOTPNeedsRole(requiredRole);
    try {
        // user-with-two-configured-otp has been configured with role "user". He should be asked for an OTP code
        provideUsernamePassword("user-with-two-configured-otp");
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(true);
        // user-with-one-configured-otp has not configured role. He should not be asked for an OTP code
        provideUsernamePassword("user-with-one-configured-otp");
        Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
        Assert.assertFalse(loginTotpPage.isCurrent());
    } finally {
        revertFlows("browser - rule");
    }
}
Also used : Matchers.containsString(org.hamcrest.Matchers.containsString) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 24 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserFlowTest method testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole.

// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required client role "child-client-role-1" from "test-app" client and an OTP authenticator
// "child-client-role-1" is a client role included in composite client role "composite-client-role-1"
// user-with-two-configured-otp has the "composite-client-role-1" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole() {
    String clientName = "test-app";
    ClientRepresentation testClient = testRealm().clients().findByClientId(clientName).get(0);
    // Create composite-client-role-1
    String compositeClientRoleName = "composite-client-role-1";
    testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(compositeClientRoleName).build());
    // Create child-client-role-1
    String childClientRoleName = "child-client-role-1";
    testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(childClientRoleName).build());
    // Make child-client-role-1 a member of composite-client-role-1
    testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).addComposites(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(childClientRoleName).toRepresentation()));
    // Add composite-client-role-1 to user "user-with-two-configured-otp"
    UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
    userResource.roles().clientLevel(testClient.getId()).add(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).toRepresentation()));
    // A browser flow is configured with an OTPForm for users having the role "test-app.child-client-role-1"
    configureBrowserFlowOTPNeedsRole(clientName + "." + childClientRoleName);
    try {
        // user-with-two-configured-otp has been configured with role "test-app.child-client-role-1". He should be asked for an OTP code
        provideUsernamePassword("user-with-two-configured-otp");
        Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
        loginTotpPage.assertCurrent();
        loginTotpPage.assertOtpCredentialSelectorAvailability(true);
        // user-with-one-configured-otp doesn't have the role. He should not be asked for an OTP code
        provideUsernamePassword("user-with-one-configured-otp");
        Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
        Assert.assertFalse(loginTotpPage.isCurrent());
    } finally {
        testRealm().clients().get(testClient.getId()).roles().deleteRole(childClientRoleName);
        testRealm().clients().get(testClient.getId()).roles().deleteRole(compositeClientRoleName);
        revertFlows("browser - rule");
    }
}
Also used : UserResource(org.keycloak.admin.client.resource.UserResource) Matchers.containsString(org.hamcrest.Matchers.containsString) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)

Example 25 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class LoginTest method loginWithLongRedirectUri.

@AuthServerContainerExclude(value = { AuthServerContainerExclude.AuthServer.REMOTE }, details = "Remote testsuite: max-detail-length is set to zero in standalone.xml, proposed fix - KEYCLOAK-17659")
@Test
public void loginWithLongRedirectUri() throws Exception {
    try (AutoCloseable c = new RealmAttributeUpdater(adminClient.realm("test")).updateWith(r -> r.setEventsEnabled(true)).update()) {
        String randomLongString = RandomStringUtils.random(2500, true, true);
        String longRedirectUri = oauth.getRedirectUri() + "?longQueryParameterValue=" + randomLongString;
        UriBuilder longLoginUri = UriBuilder.fromUri(oauth.getLoginFormUrl()).replaceQueryParam(OAuth2Constants.REDIRECT_URI, longRedirectUri);
        DroneUtils.getCurrentDriver().navigate().to(longLoginUri.build().toString());
        loginPage.assertCurrent();
        loginPage.login("login-test", "password");
        events.expectLogin().user(userId).detail(OAuth2Constants.REDIRECT_URI, longRedirectUri).assertEvent();
    }
}
Also used : JavascriptBrowser(org.keycloak.testsuite.util.JavascriptBrowser) AUTHORIZATION(org.keycloak.common.Profile.Feature.AUTHORIZATION) Arrays(java.util.Arrays) AssertEvents(org.keycloak.testsuite.AssertEvents) Page(org.jboss.arquillian.graphene.page.Page) OAuthClient(org.keycloak.testsuite.util.OAuthClient) LoginPasswordUpdatePage(org.keycloak.testsuite.pages.LoginPasswordUpdatePage) AdminClientUtil(org.keycloak.testsuite.util.AdminClientUtil) BrowserSecurityHeaders(org.keycloak.models.BrowserSecurityHeaders) AdminConsole(org.keycloak.testsuite.console.page.AdminConsole) UriBuilder(javax.ws.rs.core.UriBuilder) ClientResource(org.keycloak.admin.client.resource.ClientResource) ApiUtil.findClientByClientId(org.keycloak.testsuite.admin.ApiUtil.findClientByClientId) DYNAMIC_SCOPES(org.keycloak.common.Profile.Feature.DYNAMIC_SCOPES) ClientScopeModel(org.keycloak.models.ClientScopeModel) Matchers(org.keycloak.testsuite.util.Matchers) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) UUID(java.util.UUID) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) List(java.util.List) Response(javax.ws.rs.core.Response) Details(org.keycloak.events.Details) LoginPage(org.keycloak.testsuite.pages.LoginPage) Assert.assertFalse(org.junit.Assert.assertFalse) SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper) Matchers.equalTo(org.hamcrest.Matchers.equalTo) OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol) RandomStringUtils(org.apache.commons.lang3.RandomStringUtils) Matchers.is(org.hamcrest.Matchers.is) Matchers.containsString(org.hamcrest.Matchers.containsString) SERVER_ROOT(org.keycloak.testsuite.util.OAuthClient.SERVER_ROOT) OAuth2Constants(org.keycloak.OAuth2Constants) Profile(org.keycloak.common.Profile) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) WebDriver(org.openqa.selenium.WebDriver) Client(javax.ws.rs.client.Client) ContainerAssume(org.keycloak.testsuite.util.ContainerAssume) DroneUtils(org.keycloak.testsuite.util.DroneUtils) Algorithm(org.keycloak.crypto.Algorithm) HashMap(java.util.HashMap) ServerURLs.getAuthServerContextRoot(org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot) AccountUpdateProfilePage(org.keycloak.testsuite.pages.AccountUpdateProfilePage) JWSInputException(org.keycloak.jose.jws.JWSInputException) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature) RealmBuilder(org.keycloak.testsuite.util.RealmBuilder) Drone(org.jboss.arquillian.drone.api.annotation.Drone) UserBuilder(org.keycloak.testsuite.util.UserBuilder) UserResource(org.keycloak.admin.client.resource.UserResource) OIDCLoginProtocolService(org.keycloak.protocol.oidc.OIDCLoginProtocolService) ProfileAssume(org.keycloak.testsuite.ProfileAssume) Retry(org.keycloak.common.util.Retry) ApiUtil(org.keycloak.testsuite.admin.ApiUtil) JWSInput(org.keycloak.jose.jws.JWSInput) WaitUtils(org.keycloak.testsuite.util.WaitUtils) AUTH_SERVER_ROOT(org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT) AppPage(org.keycloak.testsuite.pages.AppPage) Errors(org.keycloak.events.Errors) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) Assert.assertTrue(org.junit.Assert.assertTrue) Test(org.junit.Test) EventType(org.keycloak.events.EventType) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest) URLAssert.assertCurrentUrlStartsWithLoginUrlOf(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf) Assert.assertNotEquals(org.junit.Assert.assertNotEquals) TimeUnit(java.util.concurrent.TimeUnit) Rule(org.junit.Rule) TokenSignatureUtil(org.keycloak.testsuite.util.TokenSignatureUtil) RequestType(org.keycloak.testsuite.pages.AppPage.RequestType) ErrorPage(org.keycloak.testsuite.pages.ErrorPage) Closeable(java.io.Closeable) Assert(org.junit.Assert) Assert.assertEquals(org.junit.Assert.assertEquals) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) Matchers.containsString(org.hamcrest.Matchers.containsString) UriBuilder(javax.ws.rs.core.UriBuilder) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7