Example 1 with DisableFeature
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method promptNoneConsentRequired.
// Prompt=none with consent required for client
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void promptNoneConsentRequired() throws Exception {
// Require consent
ClientManager.realm(adminClient.realm("test")).clientId("test-app").consentRequired(true);
try {
// login to account mgmt.
profilePage.open();
assertTrue(loginPage.isCurrent());
loginPage.login("test-user@localhost", "password");
profilePage.assertCurrent();
events.expectLogin().client(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).removeDetail(Details.REDIRECT_URI).detail(Details.USERNAME, "test-user@localhost").assertEvent();
// Assert error shown when trying prompt=none and consent not yet retrieved
driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=none");
assertTrue(appPage.isCurrent());
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertNull(resp.getCode());
Assert.assertEquals(OAuthErrorException.INTERACTION_REQUIRED, resp.getError());
// Confirm consent
driver.navigate().to(oauth.getLoginFormUrl());
grantPage.assertCurrent();
grantPage.accept();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
// Consent not required anymore. Login with prompt=none should success
driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=none");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertNotNull(resp.getCode());
Assert.assertNull(resp.getError());
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT).assertEvent();
} finally {
// Revert consent
UserResource user = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
user.revokeConsent("test-app");
// revert require consent
ClientManager.realm(adminClient.realm("test")).clientId("test-app").consentRequired(false);
}
}
Also used :
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
UserResource(org.keycloak.admin.client.resource.UserResource)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 2 with DisableFeature
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class UserTest method resetUserPassword.
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void resetUserPassword() {
String userId = createUser("user1", "user1@localhost");
CredentialRepresentation cred = new CredentialRepresentation();
cred.setType(CredentialRepresentation.PASSWORD);
cred.setValue("password");
cred.setTemporary(false);
realm.users().get(userId).resetPassword(cred);
assertAdminEvents.assertEvent(realmId, OperationType.ACTION, AdminEventPaths.userResetPasswordPath(userId), ResourceType.USER);
String accountUrl = RealmsResource.accountUrl(UriBuilder.fromUri(getAuthServerRoot())).build(REALM_NAME).toString();
driver.navigate().to(accountUrl);
assertEquals("Sign in to your account", PageUtils.getPageTitle(driver));
loginPage.login("user1", "password");
assertTrue(driver.getTitle().contains("Account Management"));
}
Also used :
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
Test(org.junit.Test)
Example 3 with DisableFeature
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class DeployedScriptPolicyTest method failCreateJSPolicy.
@Test
@UncaughtServerErrorExpected
@DisableFeature(value = UPLOAD_SCRIPTS, skipRestart = true)
public void failCreateJSPolicy() {
JSPolicyRepresentation grantPolicy = new JSPolicyRepresentation();
grantPolicy.setName("JS Policy");
grantPolicy.setType("js");
grantPolicy.setCode("$evaluation.grant();");
try (Response response = getAuthorizationResource().policies().js().create(grantPolicy)) {
assertEquals(500, response.getStatus());
}
}
Also used :
Response(javax.ws.rs.core.Response)
PolicyEvaluationResponse(org.keycloak.representations.idm.authorization.PolicyEvaluationResponse)
JSPolicyRepresentation(org.keycloak.representations.idm.authorization.JSPolicyRepresentation)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
Test(org.junit.Test)
AbstractAuthzTest(org.keycloak.testsuite.authz.AbstractAuthzTest)
UncaughtServerErrorExpected(org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected)
Example 4 with DisableFeature
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class ResetCredentialsAlternativeFlowsTest method deviceNameOptionalForFirstOTPCredentialButRequiredForEachNextOne.
// KEYCLOAK-12168 Verify the 'Device Name' label is optional for the first OTP credential created
// (either via Account page or by registering new user), but required for each next created OTP credential
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void deviceNameOptionalForFirstOTPCredentialButRequiredForEachNextOne() {
// Enable 'Default Action' on 'Configure OTP' RA for the 'test' realm
RequiredActionProviderRepresentation otpRequiredAction = testRealm().flows().getRequiredAction("CONFIGURE_TOTP");
otpRequiredAction.setDefaultAction(true);
testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", otpRequiredAction);
try {
// Make a copy of the default Reset Credentials flow, but:
// * Without 'Send Reset Email' authenticator,
// * Without 'Reset Password' authenticator
final String newFlowAlias = "resetcred - KEYCLOAK-12168 - firstOTP - account - test";
configureResetCredentialsRemoveExecutionsAndBindTheFlow(newFlowAlias, Arrays.asList("reset-credential-email", "reset-password"));
/* Verify the 'Device Name' is optional when creating new OTP credential via the Account page */
// Login & set up the initial OTP code for the user
loginPage.open();
loginPage.login("login@test.com", "password");
accountTotpPage.open();
Assert.assertTrue(accountTotpPage.isCurrent());
String pageSource = driver.getPageSource();
// Check the One-time code label is followed by asterisk character (since always required)
final String oneTimeCodeLabelFollowedByAsterisk = "(?s)<label for=\"totp\"((?!</span>).)+((?=<span class=\"required\">\\*).)*";
Assert.assertTrue(Pattern.compile(oneTimeCodeLabelFollowedByAsterisk).matcher(pageSource).find());
// Check the Device Name label is not followed by asterisk character (since optional if no OTP credential defined yet)
final String asteriskPrecededByDeviceNameLabel = "(?s)((?<=<label for=\"userLabel\").)+.*<span class=\"required\">\\s+\\*";
Assert.assertFalse(Pattern.compile(asteriskPrecededByDeviceNameLabel).matcher(pageSource).find());
// Create OTP credential with empty label
final String emptyOtpLabel = "";
accountTotpPage.configure(totp.generateTOTP(accountTotpPage.getTotpSecret()), emptyOtpLabel);
// Get the updated Account TOTP page source post OTP credential creation
pageSource = driver.getPageSource();
// Check if OTP credential with empty label was created successfully
assertThat(driver.findElements(By.className("provider")).stream().map(WebElement::getText).collect(Collectors.toList()), Matchers.hasItem(""));
accountTotpPage.removeTotp();
// Logout
oauth.openLogout();
/* Verify the 'Device Name' is optional when creating the first OTP credential via the login config TOTP page */
// Register new user
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register("Bruce", "Wilson", "bwilson@keycloak.org", "bwilson", "password", "password");
Assert.assertTrue(totpPage.isCurrent());
pageSource = driver.getPageSource();
// Check the One-time code label is required
Assert.assertTrue(Pattern.compile(oneTimeCodeLabelFollowedByAsterisk).matcher(pageSource).find());
// Check the Device Name label is optional
Assert.assertFalse(Pattern.compile(asteriskPrecededByDeviceNameLabel).matcher(pageSource).find());
// Create OTP credential with empty label
totpPage.configure(totp.generateTOTP(accountTotpPage.getTotpSecret()), emptyOtpLabel);
Assert.assertNull(totpPage.getAlertError());
Assert.assertNull(totpPage.getInputCodeError());
Assert.assertNull(totpPage.getInputLabelError());
// Assert user authenticated
appPage.assertCurrent();
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
accountTotpPage.open();
Assert.assertTrue(accountTotpPage.isCurrent());
// Check if OTP credential with empty label was created successfully
assertThat(driver.findElements(By.className("provider")).stream().map(WebElement::getText).collect(Collectors.toList()), Matchers.hasItem(""));
;
// Logout
oauth.openLogout();
/* Verify the 'Device Name' is required for each next OTP credential created via the login config TOTP page */
// Click "Forgot password" to define another OTP credential
loginPage.open();
loginPage.resetPassword();
// Should be on reset password page now. Provide email of previously registered user & click Submit button
Assert.assertTrue(resetPasswordPage.isCurrent());
resetPasswordPage.changePassword("bwilson@keycloak.org");
pageSource = driver.getPageSource();
// Check the One-time code label is required
Assert.assertTrue(Pattern.compile(oneTimeCodeLabelFollowedByAsterisk).matcher(pageSource).find());
// Check the Device Name label is required (since one OTP credential already defined)
final String deviceNameLabelFollowedByAsterisk = "(?s)<label for=\"userLabel\"((?!</span>).)+((?=<span class=\"required\">\\*).)*";
Assert.assertTrue(Pattern.compile(deviceNameLabelFollowedByAsterisk).matcher(pageSource).find());
// Try to create another OTP credential with empty label again. This
// should fail with error since OTP label is required in this case already
final String deviceNameLabelRequiredErrorMessage = "Please specify device name.";
totpPage.configure(totp.generateTOTP(accountTotpPage.getTotpSecret()), emptyOtpLabel);
Assert.assertTrue(totpPage.getInputLabelError().equals(deviceNameLabelRequiredErrorMessage));
// Create 2nd OTP credential with valid (non-empty) Device Name label. This should pass
final String secondOtpLabel = "My 2nd OTP device";
totpPage.configure(totp.generateTOTP(accountTotpPage.getTotpSecret()), secondOtpLabel);
Assert.assertNull(totpPage.getAlertError());
Assert.assertNull(totpPage.getInputCodeError());
Assert.assertNull(totpPage.getInputLabelError());
// Assert user authenticated
appPage.assertCurrent();
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
accountTotpPage.open();
Assert.assertTrue(accountTotpPage.isCurrent());
// Get the updated Account TOTP page source after both the OTP credentials were created
pageSource = driver.getPageSource();
// Verify 2nd OTP credential was successfully created too
Assert.assertTrue(pageSource.contains(secondOtpLabel));
// Remove both OTP credentials
accountTotpPage.removeTotp();
accountTotpPage.removeTotp();
// Logout
oauth.openLogout();
// Undo setup changes performed within the test
} finally {
revertFlows();
// Disable 'Default Action' on 'Configure OTP' RA for the 'test' realm
otpRequiredAction.setDefaultAction(false);
testRealm().flows().updateRequiredAction("CONFIGURE_TOTP", otpRequiredAction);
// Remove the within test registered 'bwilson' user
testingClient.server("test").run(session -> {
UserManager um = new UserManager(session);
UserModel user = session.users().getUserByUsername(session.getContext().getRealm(), "bwilson");
if (user != null) {
um.removeUser(session.getContext().getRealm(), user);
}
});
}
}
Also used :
RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation)
UserModel(org.keycloak.models.UserModel)
UserManager(org.keycloak.models.UserManager)
WebElement(org.openqa.selenium.WebElement)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)
Example 5 with DisableFeature
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class RegisterTest method registerUserUmlats.
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void registerUserUmlats() {
loginPage.open();
assertTrue(loginPage.isCurrent());
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register("Äǜṳǚǘǖ", "Öṏṏ", "registeruserumlats@email", "registeruserumlats", "password", "password");
String userId = events.expectRegister("registeruserumlats", "registeruserumlats@email").assertEvent().getUserId();
events.expectLogin().detail("username", "registeruserumlats").user(userId).assertEvent();
accountPage.open();
assertTrue(accountPage.isCurrent());
UserRepresentation user = getUser(userId);
Assert.assertNotNull(user);
assertEquals("Äǜṳǚǘǖ", user.getFirstName());
assertEquals("Öṏṏ", user.getLastName());
assertEquals("Äǜṳǚǘǖ", accountPage.getFirstName());
assertEquals("Öṏṏ", accountPage.getLastName());
}
Also used :
Matchers.containsString(org.hamcrest.Matchers.containsString)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Aggregations
DisableFeature (org.keycloak.testsuite.arquillian.annotation.DisableFeature)23
Test (org.junit.Test)21
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)11
OAuthClient (org.keycloak.testsuite.util.OAuthClient)4
Matchers.containsString (org.hamcrest.Matchers.containsString)3
RealmResource (org.keycloak.admin.client.resource.RealmResource)3
UserResource (org.keycloak.admin.client.resource.UserResource)3
EventRepresentation (org.keycloak.representations.idm.EventRepresentation)3
UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3
Closeable (java.io.Closeable)2
ClientResource (org.keycloak.admin.client.resource.ClientResource)2
PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)2
RefreshToken (org.keycloak.representations.RefreshToken)2
ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)2
RequiredActionProviderRepresentation (org.keycloak.representations.idm.RequiredActionProviderRepresentation)2
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)2
AbstractKerberosTest (org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest)2
WebElement (org.openqa.selenium.WebElement)2
Arrays (java.util.Arrays)1
