use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class LoginTest method loginRememberMeExpiredIdle.
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void loginRememberMeExpiredIdle() throws Exception {
try (Closeable c = new RealmAttributeUpdater(adminClient.realm("test")).setSsoSessionIdleTimeoutRememberMe(1).setRememberMe(true).update()) {
// login form shown after redirect from app
oauth.clientId("test-app");
oauth.redirectUri(OAuthClient.APP_ROOT + "/auth");
oauth.openLoginForm();
assertTrue(loginPage.isCurrent());
loginPage.setRememberMe(true);
loginPage.login("test-user@localhost", "password");
// sucessful login - app page should be on display.
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
appPage.assertCurrent();
// expire idle timeout using the timeout window.
setTimeOffset(2 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
// trying to open the account page with an expired idle timeout should redirect back to the login page.
appPage.openAccount();
loginPage.assertCurrent();
}
}
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class ResetPasswordTest method resetPasswordLink.
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void resetPasswordLink() throws IOException, MessagingException {
String username = "login-test";
String resetUri = oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials";
driver.navigate().to(resetUri);
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword(username);
loginPage.assertCurrent();
assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/account/").client("account").detail(Details.USERNAME, username).detail(Details.EMAIL, "login@test.com").session((String) null).assertEvent();
assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
driver.navigate().to(changePasswordUrl.trim());
updatePasswordPage.assertCurrent();
updatePasswordPage.changePassword("resetPassword", "resetPassword");
events.expectRequiredAction(EventType.UPDATE_PASSWORD).detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/account/").client("account").user(userId).detail(Details.USERNAME, username).assertEvent();
String sessionId = events.expectLogin().user(userId).detail(Details.USERNAME, username).detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/account/").client("account").assertEvent().getSessionId();
oauth.openLogout();
events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
loginPage.open();
loginPage.login("login-test", "resetPassword");
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class ResetPasswordTest method resetPasswordLinkNewTabAndProperRedirectAccount.
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void resetPasswordLinkNewTabAndProperRedirectAccount() throws IOException {
final String REQUIRED_URI = OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account/applications";
final String REDIRECT_URI = getAccountRedirectUrl() + "?path=applications";
final String CLIENT_ID = "account";
final String ACCOUNT_MANAGEMENT_TITLE = getProjectName() + " Account Management";
try (BrowserTabUtil tabUtil = BrowserTabUtil.getInstanceAndSetEnv(driver)) {
assertThat(tabUtil.getCountOfTabs(), Matchers.is(1));
driver.navigate().to(REQUIRED_URI);
resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, false, REDIRECT_URI, REQUIRED_URI);
assertThat(driver.getTitle(), Matchers.equalTo(ACCOUNT_MANAGEMENT_TITLE));
oauth.openLogout();
driver.navigate().to(REQUIRED_URI);
resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, true, REDIRECT_URI, REQUIRED_URI);
assertThat(driver.getTitle(), Matchers.equalTo(ACCOUNT_MANAGEMENT_TITLE));
}
}
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class SSOTest method loginSuccess.
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void loginSuccess() {
loginPage.open();
loginPage.login("test-user@localhost", "password");
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
EventRepresentation loginEvent = events.expectLogin().assertEvent();
String sessionId = loginEvent.getSessionId();
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
Assert.assertEquals("1", idToken.getAcr());
Long authTime = idToken.getAuth_time();
appPage.open();
oauth.openLoginForm();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
loginEvent = events.expectLogin().removeDetail(Details.USERNAME).client("test-app").assertEvent();
String sessionId2 = loginEvent.getSessionId();
assertEquals(sessionId, sessionId2);
// acr is 0 as we authenticated through SSO cookie
idToken = sendTokenRequestAndGetIDToken(loginEvent);
Assert.assertEquals("0", idToken.getAcr());
// auth time hasn't changed as we authenticated through SSO cookie
Assert.assertEquals(authTime, idToken.getAuth_time());
profilePage.open();
assertTrue(profilePage.isCurrent());
// Expire session
testingClient.testing().removeUserSession("test", sessionId);
oauth.doLogin("test-user@localhost", "password");
String sessionId4 = events.expectLogin().assertEvent().getSessionId();
assertNotEquals(sessionId, sessionId4);
events.clear();
}
use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.
the class OIDCAdvancedRequestParamsTest method promptNoneConsentRequired.
// Prompt=none with consent required for client
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void promptNoneConsentRequired() throws Exception {
// Require consent
ClientManager.realm(adminClient.realm("test")).clientId("test-app").consentRequired(true);
try {
// login to account mgmt.
profilePage.open();
assertTrue(loginPage.isCurrent());
loginPage.login("test-user@localhost", "password");
profilePage.assertCurrent();
events.expectLogin().client(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).removeDetail(Details.REDIRECT_URI).detail(Details.USERNAME, "test-user@localhost").assertEvent();
// Assert error shown when trying prompt=none and consent not yet retrieved
driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=none");
assertTrue(appPage.isCurrent());
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertNull(resp.getCode());
Assert.assertEquals(OAuthErrorException.INTERACTION_REQUIRED, resp.getError());
// Confirm consent
driver.navigate().to(oauth.getLoginFormUrl());
grantPage.assertCurrent();
grantPage.accept();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
// Consent not required anymore. Login with prompt=none should success
driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=none");
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
Assert.assertNotNull(resp.getCode());
Assert.assertNull(resp.getError());
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT).assertEvent();
} finally {
// Revert consent
UserResource user = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
user.revokeConsent("test-app");
// revert require consent
ClientManager.realm(adminClient.realm("test")).clientId("test-app").consentRequired(false);
}
}
Aggregations