Search in sources :

Example 26 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BrowserButtonsTest method backButtonInResetPasswordFlow.

@Test
// GreenMailRule is not working atm
@AuthServerContainerExclude(AuthServer.REMOTE)
public void backButtonInResetPasswordFlow() throws Exception {
    // Click on "forgot password" and type username
    loginPage.open();
    loginPage.login("login-test", "bad-username");
    loginPage.resetPassword();
    resetPasswordPage.assertCurrent();
    resetPasswordPage.changePassword("login-test");
    loginPage.assertCurrent();
    assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
    // Receive email
    MimeMessage message = greenMail.getReceivedMessages()[greenMail.getReceivedMessages().length - 1];
    String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
    driver.navigate().to(changePasswordUrl.trim());
    updatePasswordPage.assertCurrent();
    // Click browser back. Should be on loginPage for "forked flow"
    driver.navigate().back();
    loginPage.assertCurrent();
    // When clicking browser forward, back on updatePasswordPage
    driver.navigate().forward();
    updatePasswordPage.assertCurrent();
    // Click browser back. And continue login. Should be on updatePasswordPage
    driver.navigate().back();
    loginPage.assertCurrent();
    loginPage.login("login-test", "password");
    updatePasswordPage.assertCurrent();
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 27 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class BruteForceTest method testResetPassword.

@Test
// GreenMailRule is not working atm
@AuthServerContainerExclude(REMOTE)
public void testResetPassword() throws Exception {
    String userId = adminClient.realm("test").users().search("user2", null, null, null, 0, 1).get(0).getId();
    loginInvalidPassword("user2");
    loginInvalidPassword("user2");
    expectTemporarilyDisabled("user2", userId, "invalid");
    loginPage.resetPassword();
    passwordResetPage.assertCurrent();
    passwordResetPage.changePassword("user2");
    loginPage.assertCurrent();
    assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
    events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).assertEvent();
    MimeMessage message = greenMail.getReceivedMessages()[0];
    String passwordResetEmailLink = MailUtils.getPasswordResetEmailLink(message);
    driver.navigate().to(passwordResetEmailLink.trim());
    assertTrue(passwordUpdatePage.isCurrent());
    UserRepresentation userRepresentation = testRealm().users().get(userId).toRepresentation();
    assertFalse(userRepresentation.isEnabled());
    updatePasswordPage.updatePasswords("password", "password");
    events.expectRequiredAction(EventType.UPDATE_PASSWORD).user(userId).assertEvent();
    userRepresentation = testRealm().users().get(userId).toRepresentation();
    assertTrue(userRepresentation.isEnabled());
    Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    appPage.logout();
    events.clear();
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 28 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ReAuthenticationTest method identityFirstFormReauthenticationWithGithubLink.

// Re-authentication with user form separate to the password form. The username form is shown due the user linked with "github"
@Test
@AuthServerContainerExclude(REMOTE)
public void identityFirstFormReauthenticationWithGithubLink() {
    // Set identity-first as realm flow
    setupIdentityFirstFlow();
    // Add fake federated link to the user
    UserResource user = ApiUtil.findUserByUsernameId(testRealm(), "test-user@localhost");
    FederatedIdentityRepresentation fedLink = FederatedIdentityBuilder.create().identityProvider("github").userId("123").userName("test").build();
    user.addFederatedIdentity("github", fedLink);
    // Login user
    loginPage.open();
    loginUsernameOnlyPage.assertCurrent();
    loginUsernameOnlyPage.login("test-user@localhost");
    passwordPage.assertCurrent();
    passwordPage.login("password");
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    // See that user can re-authenticate with the github link present on the page as user has link to github social provider
    setTimeOffset(10);
    oauth.maxAge("1");
    loginPage.open();
    // Username input hidden as well as register and rememberMe. Info message should be present
    loginPage.assertCurrent();
    assertUsernameFieldAndOtherFields(false);
    assertInfoMessageAboutReAuthenticate(true);
    // Check there is NO password field
    Assert.assertThat(true, is(driver.findElements(By.id("password")).isEmpty()));
    // Github present, Google hidden
    assertSocialButtonsPresent(true, false);
    // Confirm login with password
    loginUsernameOnlyPage.clickSubmitButton();
    // Login with password. Info message should not be there anymore
    passwordPage.assertCurrent();
    passwordPage.login("password");
    assertInfoMessageAboutReAuthenticate(false);
    Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
    // Remove link and flow
    user.removeFederatedIdentity("github");
    BrowserFlowTest.revertFlows(testRealm(), "browser - identity first");
}
Also used : UserResource(org.keycloak.admin.client.resource.UserResource) FederatedIdentityRepresentation(org.keycloak.representations.idm.FederatedIdentityRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SocialLoginTest(org.keycloak.testsuite.broker.SocialLoginTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 29 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class OIDCWellKnownProviderTest method testDefaultProviderCustomizations.

@Test
@AuthServerContainerExclude(REMOTE)
public void testDefaultProviderCustomizations() throws IOException {
    Client client = AdminClientUtil.createResteasyClient();
    try {
        OIDCConfigurationRepresentation oidcConfig = getOIDCDiscoveryRepresentation(client, OAuthClient.AUTH_SERVER_ROOT);
        // Assert that CustomOIDCWellKnownProvider was used as a prioritized provider over default OIDCWellKnownProvider
        MTLSEndpointAliases mtlsEndpointAliases = oidcConfig.getMtlsEndpointAliases();
        Assert.assertEquals("https://placeholder-host-set-by-testsuite-provider/registration", mtlsEndpointAliases.getRegistrationEndpoint());
        Assert.assertEquals("bar", oidcConfig.getOtherClaims().get("foo"));
        // Assert some configuration was overriden
        Assert.assertEquals("some-new-property-value", oidcConfig.getOtherClaims().get("some-new-property"));
        Assert.assertEquals("nested-value", ((Map) oidcConfig.getOtherClaims().get("some-new-property-compound")).get("nested1"));
        Assert.assertNames(oidcConfig.getIntrospectionEndpointAuthMethodsSupported(), "private_key_jwt", "client_secret_jwt", "tls_client_auth", "custom_nonexisting_authenticator");
        // Exact names already tested in OIDC
        assertScopesSupportedMatchesWithRealm(oidcConfig);
        // Temporarily disable client scopes
        getTestingClient().testing().setSystemPropertyOnServer(CustomOIDCWellKnownProviderFactory.INCLUDE_CLIENT_SCOPES, "false");
        oidcConfig = getOIDCDiscoveryRepresentation(client, OAuthClient.AUTH_SERVER_ROOT);
        Assert.assertNull(oidcConfig.getScopesSupported());
    } finally {
        getTestingClient().testing().setSystemPropertyOnServer(CustomOIDCWellKnownProviderFactory.INCLUDE_CLIENT_SCOPES, null);
        client.close();
    }
}
Also used : MTLSEndpointAliases(org.keycloak.protocol.oidc.representations.MTLSEndpointAliases) OAuthClient(org.keycloak.testsuite.util.OAuthClient) Client(javax.ws.rs.client.Client) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) OIDCConfigurationRepresentation(org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) BrowserFlowTest(org.keycloak.testsuite.forms.BrowserFlowTest) Test(org.junit.Test) LevelOfAssuranceFlowTest(org.keycloak.testsuite.forms.LevelOfAssuranceFlowTest)

Example 30 with AuthServerContainerExclude

use of org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude in project keycloak by keycloak.

the class ArtifactBindingTest method testSessionStateDuringArtifactBindingLogoutWithOneClient.

// Won't work with openshift, because openshift wouldn't see ArtifactResolutionService
@AuthServerContainerExclude(AuthServerContainerExclude.AuthServer.REMOTE)
@Test
public void testSessionStateDuringArtifactBindingLogoutWithOneClient() {
    ClientRepresentation salesRep = adminClient.realm(REALM_NAME).clients().findByClientId(SAML_CLIENT_ID_SALES_POST).get(0);
    final String clientId = salesRep.getId();
    getCleanup().addCleanup(ClientAttributeUpdater.forClient(adminClient, REALM_NAME, SAML_CLIENT_ID_SALES_POST).setAttribute(SamlConfigAttributes.SAML_ARTIFACT_BINDING, "true").setAttribute(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_ARTIFACT_ATTRIBUTE, "http://url").setFrontchannelLogout(true).update());
    AtomicReference<String> userSessionId = new AtomicReference<>();
    SAMLDocumentHolder response = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, POST).build().login().user(bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(testingClient.server()).storeUserSessionId(userSessionId).expectedState(UserSessionModel.State.LOGGED_IN).expectedClientSession(clientId).consumeUserSession(userSessionModel -> assertThat(userSessionModel, notNullValue())).consumeClientSession(clientId, userSessionModel -> assertThat(userSessionModel, notNullValue()))).build().logoutRequest(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST, POST).build().handleArtifact(getAuthServerSamlEndpoint(REALM_NAME), SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(testingClient.server()).expectedUserSession(userSessionId).expectedState(UserSessionModel.State.LOGGED_OUT_UNCONFIRMED).expectedNumberOfClientSessions(1).expectedAction(clientId, CommonClientSessionModel.Action.LOGGING_OUT)).setAfterStepChecks(new SessionStateChecker(testingClient.server()).consumeUserSession(userSessionModel -> assertThat(userSessionModel, nullValue())).setUserSessionProvider(session -> userSessionId.get())).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
    assertThat(response.getSamlObject(), instanceOf(ArtifactResponseType.class));
    ArtifactResponseType artifactResponse = (ArtifactResponseType) response.getSamlObject();
    assertThat(artifactResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    assertThat(artifactResponse.getSignature(), nullValue());
    assertThat(artifactResponse.getAny(), not(instanceOf(ResponseType.class)));
    assertThat(artifactResponse.getAny(), not(instanceOf(ArtifactResponseType.class)));
    assertThat(artifactResponse.getAny(), not(instanceOf(NameIDMappingResponseType.class)));
    assertThat(artifactResponse.getAny(), instanceOf(StatusResponseType.class));
    StatusResponseType samlResponse = (StatusResponseType) artifactResponse.getAny();
    assertThat(samlResponse, isSamlStatusResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
}
Also used : SamlProtocolUtils(org.keycloak.protocol.saml.SamlProtocolUtils) AssertionUtil(org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil) ClientAttributeUpdater(org.keycloak.testsuite.updaters.ClientAttributeUpdater) Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) URISyntaxException(java.net.URISyntaxException) Matchers.not(org.hamcrest.Matchers.not) ARTIFACT_RESPONSE(org.keycloak.testsuite.util.SamlClient.Binding.ARTIFACT_RESPONSE) POST(org.keycloak.testsuite.util.SamlClient.Binding.POST) SAML2LogoutResponseBuilder(org.keycloak.saml.SAML2LogoutResponseBuilder) Matchers.isSamlLogoutRequest(org.keycloak.testsuite.util.Matchers.isSamlLogoutRequest) HandleArtifactStepBuilder(org.keycloak.testsuite.util.saml.HandleArtifactStepBuilder) EntityUtils(org.apache.http.util.EntityUtils) InfinispanTestTimeServiceRule(org.keycloak.testsuite.util.InfinispanTestTimeServiceRule) SAML2Object(org.keycloak.dom.saml.v2.SAML2Object) Matcher(java.util.regex.Matcher) ByteArrayInputStream(java.io.ByteArrayInputStream) Document(org.w3c.dom.Document) NameIDMappingResponseType(org.keycloak.dom.saml.v2.protocol.NameIDMappingResponseType) Matchers.nullValue(org.hamcrest.Matchers.nullValue) SamlClient(org.keycloak.testsuite.util.SamlClient) SamlUtils(org.keycloak.testsuite.util.SamlUtils) URI(java.net.URI) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Awaitility.await(org.awaitility.Awaitility.await) Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse) Matchers.notNullValue(org.hamcrest.Matchers.notNullValue) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) SamlProtocol(org.keycloak.protocol.saml.SamlProtocol) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) IOUtil(org.keycloak.testsuite.utils.io.IOUtil) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Matchers.instanceOf(org.hamcrest.Matchers.instanceOf) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) Base64(java.util.Base64) Response(javax.ws.rs.core.Response) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) Matchers.equalTo(org.hamcrest.Matchers.equalTo) Matchers.isSamlStatusResponse(org.keycloak.testsuite.util.Matchers.isSamlStatusResponse) SamlMessageReceiver(org.keycloak.testsuite.util.saml.SamlMessageReceiver) Matchers.is(org.hamcrest.Matchers.is) Pattern(java.util.regex.Pattern) Matchers.containsString(org.hamcrest.Matchers.containsString) SamlUtils.getSPInstallationDescriptor(org.keycloak.testsuite.util.SamlUtils.getSPInstallationDescriptor) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) DOMSource(javax.xml.transform.dom.DOMSource) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) MessageDigest(java.security.MessageDigest) GeneralConstants(org.keycloak.saml.common.constants.GeneralConstants) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SamlConfigAttributes(org.keycloak.protocol.saml.SamlConfigAttributes) Matchers.bodyHC(org.keycloak.testsuite.util.Matchers.bodyHC) AtomicReference(java.util.concurrent.atomic.AtomicReference) ArtifactBindingUtils(org.keycloak.protocol.saml.util.ArtifactBindingUtils) REDIRECT(org.keycloak.testsuite.util.SamlClient.Binding.REDIRECT) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CommonClientSessionModel(org.keycloak.sessions.CommonClientSessionModel) Soap(org.keycloak.protocol.saml.profile.util.Soap) Charsets(com.google.common.base.Charsets) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) IOException(java.io.IOException) UserSessionModel(org.keycloak.models.UserSessionModel) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) TimeUnit(java.util.concurrent.TimeUnit) Rule(org.junit.Rule) SamlDeployment(org.keycloak.adapters.saml.SamlDeployment) SessionStateChecker(org.keycloak.testsuite.util.saml.SessionStateChecker) LogoutRequestType(org.keycloak.dom.saml.v2.protocol.LogoutRequestType) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AtomicReference(java.util.concurrent.atomic.AtomicReference) ArtifactResponseType(org.keycloak.dom.saml.v2.protocol.ArtifactResponseType) Matchers.isEmptyOrNullString(org.hamcrest.Matchers.isEmptyOrNullString) Matchers.containsString(org.hamcrest.Matchers.containsString) SessionStateChecker(org.keycloak.testsuite.util.saml.SessionStateChecker) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Aggregations

Test (org.junit.Test)108 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)108 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)31 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)30 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)29 Matchers.containsString (org.hamcrest.Matchers.containsString)28 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)27 Response (javax.ws.rs.core.Response)24 UserResource (org.keycloak.admin.client.resource.UserResource)21 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)21 SocialLoginTest (org.keycloak.testsuite.broker.SocialLoginTest)21 MimeMessage (javax.mail.internet.MimeMessage)14 OAuthClient (org.keycloak.testsuite.util.OAuthClient)14 OIDCClientRepresentation (org.keycloak.representations.oidc.OIDCClientRepresentation)13 ComponentRepresentation (org.keycloak.representations.idm.ComponentRepresentation)12 LinkedList (java.util.LinkedList)11 List (java.util.List)9 RealmRepresentation (org.keycloak.representations.idm.RealmRepresentation)9 HashMap (java.util.HashMap)8 IOException (java.io.IOException)7