use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testConditionalFlowWithConditionalAuthenticatorEvaluatingToTrueActsAsRequired.
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalFlowWithConditionalAuthenticatorEvaluatingToTrueActsAsRequired() {
String newFlowAlias = "browser - copy 1";
configureBrowserFlowWithConditionalFlowWithOTP(newFlowAlias);
try {
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.assertCurrent();
loginUsernameOnlyPage.login("user-with-one-configured-otp");
// Assert on password page now
Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
loginTotpPage.assertCurrent();
loginTotpPage.assertOtpCredentialSelectorAvailability(false);
loginTotpPage.login(getOtpCode(USER_WITH_ONE_OTP_OTP_SECRET));
Assert.assertFalse(loginTotpPage.isCurrent());
events.expectLogin().user(testRealm().users().search("user-with-one-configured-otp").get(0).getId()).detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
} finally {
revertFlows("browser - copy 1");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testAlternativeNonInteractiveExecutorInSubflow.
@Test
@AuthServerContainerExclude(REMOTE)
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void testAlternativeNonInteractiveExecutorInSubflow() {
final String newFlowAlias = "browser - alternative non-interactive executor";
testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).copyBrowserFlow(newFlowAlias));
testingClient.server("test").run(session -> FlowUtil.inCurrentRealm(session).selectFlow(newFlowAlias).inForms(forms -> forms.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, UsernameFormFactory.PROVIDER_ID).addSubFlowExecution(Requirement.REQUIRED, reqSubFlow -> reqSubFlow.addAuthenticatorExecution(Requirement.ALTERNATIVE, PassThroughAuthenticator.PROVIDER_ID))).defineAsBrowserFlow());
try {
// provides username
loginUsernameOnlyPage.open();
loginUsernameOnlyPage.login("test-user@localhost");
// Check that Keycloak is redirecting us to the Keycloak account management page
WebElement aHref = driver.findElement(By.tagName("a"));
driver.get(aHref.getAttribute("href"));
assertThat(driver.getTitle(), containsString("Account Management"));
} finally {
revertFlows("browser - alternative non-interactive executor");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testConditionalRoleAuthenticator.
// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required role "user" and an OTP authenticator
// user-with-two-configured-otp has the "user" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticator() {
String requiredRole = "user";
// A browser flow is configured with an OTPForm for users having the role "user"
configureBrowserFlowOTPNeedsRole(requiredRole);
try {
// user-with-two-configured-otp has been configured with role "user". He should be asked for an OTP code
provideUsernamePassword("user-with-two-configured-otp");
Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
loginTotpPage.assertCurrent();
loginTotpPage.assertOtpCredentialSelectorAvailability(true);
// user-with-one-configured-otp has not configured role. He should not be asked for an OTP code
provideUsernamePassword("user-with-one-configured-otp");
Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
Assert.assertFalse(loginTotpPage.isCurrent());
} finally {
revertFlows("browser - rule");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class BrowserFlowTest method testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole.
// Check the ConditionalRoleAuthenticator
// Configure a conditional subflow with the required client role "child-client-role-1" from "test-app" client and an OTP authenticator
// "child-client-role-1" is a client role included in composite client role "composite-client-role-1"
// user-with-two-configured-otp has the "composite-client-role-1" role and should be asked for an OTP code
// user-with-one-configured-otp does not have the role. He should not be asked for an OTP code
@Test
@AuthServerContainerExclude(REMOTE)
public void testConditionalRoleAuthenticatorWithClientRoleIncludedInCompositeClientRole() {
String clientName = "test-app";
ClientRepresentation testClient = testRealm().clients().findByClientId(clientName).get(0);
// Create composite-client-role-1
String compositeClientRoleName = "composite-client-role-1";
testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(compositeClientRoleName).build());
// Create child-client-role-1
String childClientRoleName = "child-client-role-1";
testRealm().clients().get(testClient.getId()).roles().create(RoleBuilder.create().name(childClientRoleName).build());
// Make child-client-role-1 a member of composite-client-role-1
testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).addComposites(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(childClientRoleName).toRepresentation()));
// Add composite-client-role-1 to user "user-with-two-configured-otp"
UserResource userResource = ApiUtil.findUserByUsernameId(testRealm(), "user-with-two-configured-otp");
userResource.roles().clientLevel(testClient.getId()).add(Collections.singletonList(testRealm().clients().get(testClient.getId()).roles().get(compositeClientRoleName).toRepresentation()));
// A browser flow is configured with an OTPForm for users having the role "test-app.child-client-role-1"
configureBrowserFlowOTPNeedsRole(clientName + "." + childClientRoleName);
try {
// user-with-two-configured-otp has been configured with role "test-app.child-client-role-1". He should be asked for an OTP code
provideUsernamePassword("user-with-two-configured-otp");
Assert.assertTrue(oneTimeCodePage.isOtpLabelPresent());
loginTotpPage.assertCurrent();
loginTotpPage.assertOtpCredentialSelectorAvailability(true);
// user-with-one-configured-otp doesn't have the role. He should not be asked for an OTP code
provideUsernamePassword("user-with-one-configured-otp");
Assert.assertFalse(oneTimeCodePage.isOtpLabelPresent());
Assert.assertFalse(loginTotpPage.isCurrent());
} finally {
testRealm().clients().get(testClient.getId()).roles().deleteRole(childClientRoleName);
testRealm().clients().get(testClient.getId()).roles().deleteRole(compositeClientRoleName);
revertFlows("browser - rule");
}
}
use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.
the class LoginTest method loginWithLongRedirectUri.
@AuthServerContainerExclude(value = { AuthServerContainerExclude.AuthServer.REMOTE }, details = "Remote testsuite: max-detail-length is set to zero in standalone.xml, proposed fix - KEYCLOAK-17659")
@Test
public void loginWithLongRedirectUri() throws Exception {
try (AutoCloseable c = new RealmAttributeUpdater(adminClient.realm("test")).updateWith(r -> r.setEventsEnabled(true)).update()) {
String randomLongString = RandomStringUtils.random(2500, true, true);
String longRedirectUri = oauth.getRedirectUri() + "?longQueryParameterValue=" + randomLongString;
UriBuilder longLoginUri = UriBuilder.fromUri(oauth.getLoginFormUrl()).replaceQueryParam(OAuth2Constants.REDIRECT_URI, longRedirectUri);
DroneUtils.getCurrentDriver().navigate().to(longLoginUri.build().toString());
loginPage.assertCurrent();
loginPage.login("login-test", "password");
events.expectLogin().user(userId).detail(OAuth2Constants.REDIRECT_URI, longRedirectUri).assertEvent();
}
}
Aggregations