Search in sources :

Example 6 with DisableFeature

use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.

the class LoginTest method loginRememberMeExpiredIdle.

@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void loginRememberMeExpiredIdle() throws Exception {
    try (Closeable c = new RealmAttributeUpdater(adminClient.realm("test")).setSsoSessionIdleTimeoutRememberMe(1).setRememberMe(true).update()) {
        // login form shown after redirect from app
        oauth.clientId("test-app");
        oauth.redirectUri(OAuthClient.APP_ROOT + "/auth");
        oauth.openLoginForm();
        assertTrue(loginPage.isCurrent());
        loginPage.setRememberMe(true);
        loginPage.login("test-user@localhost", "password");
        // sucessful login - app page should be on display.
        events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
        appPage.assertCurrent();
        // expire idle timeout using the timeout window.
        setTimeOffset(2 + SessionTimeoutHelper.IDLE_TIMEOUT_WINDOW_SECONDS);
        // trying to open the account page with an expired idle timeout should redirect back to the login page.
        appPage.openAccount();
        loginPage.assertCurrent();
    }
}
Also used : Closeable(java.io.Closeable) RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 7 with DisableFeature

use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.

the class ResetPasswordTest method resetPasswordLink.

@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void resetPasswordLink() throws IOException, MessagingException {
    String username = "login-test";
    String resetUri = oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials";
    driver.navigate().to(resetUri);
    resetPasswordPage.assertCurrent();
    resetPasswordPage.changePassword(username);
    loginPage.assertCurrent();
    assertEquals("You should receive an email shortly with further instructions.", loginPage.getSuccessMessage());
    events.expectRequiredAction(EventType.SEND_RESET_PASSWORD).user(userId).detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/account/").client("account").detail(Details.USERNAME, username).detail(Details.EMAIL, "login@test.com").session((String) null).assertEvent();
    assertEquals(1, greenMail.getReceivedMessages().length);
    MimeMessage message = greenMail.getReceivedMessages()[0];
    String changePasswordUrl = MailUtils.getPasswordResetEmailLink(message);
    driver.navigate().to(changePasswordUrl.trim());
    updatePasswordPage.assertCurrent();
    updatePasswordPage.changePassword("resetPassword", "resetPassword");
    events.expectRequiredAction(EventType.UPDATE_PASSWORD).detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/account/").client("account").user(userId).detail(Details.USERNAME, username).assertEvent();
    String sessionId = events.expectLogin().user(userId).detail(Details.USERNAME, username).detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/account/").client("account").assertEvent().getSessionId();
    oauth.openLogout();
    events.expectLogout(sessionId).user(userId).session(sessionId).assertEvent();
    loginPage.open();
    loginPage.login("login-test", "resetPassword");
    events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
Also used : MimeMessage(javax.mail.internet.MimeMessage) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) AbstractKerberosTest(org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 8 with DisableFeature

use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.

the class ResetPasswordTest method resetPasswordLinkNewTabAndProperRedirectAccount.

@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void resetPasswordLinkNewTabAndProperRedirectAccount() throws IOException {
    final String REQUIRED_URI = OAuthClient.AUTH_SERVER_ROOT + "/realms/test/account/applications";
    final String REDIRECT_URI = getAccountRedirectUrl() + "?path=applications";
    final String CLIENT_ID = "account";
    final String ACCOUNT_MANAGEMENT_TITLE = getProjectName() + " Account Management";
    try (BrowserTabUtil tabUtil = BrowserTabUtil.getInstanceAndSetEnv(driver)) {
        assertThat(tabUtil.getCountOfTabs(), Matchers.is(1));
        driver.navigate().to(REQUIRED_URI);
        resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, false, REDIRECT_URI, REQUIRED_URI);
        assertThat(driver.getTitle(), Matchers.equalTo(ACCOUNT_MANAGEMENT_TITLE));
        oauth.openLogout();
        driver.navigate().to(REQUIRED_URI);
        resetPasswordTwiceInNewTab(defaultUser, CLIENT_ID, true, REDIRECT_URI, REQUIRED_URI);
        assertThat(driver.getTitle(), Matchers.equalTo(ACCOUNT_MANAGEMENT_TITLE));
    }
}
Also used : BrowserTabUtil(org.keycloak.testsuite.util.BrowserTabUtil) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) AbstractKerberosTest(org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 9 with DisableFeature

use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.

the class SSOTest method loginSuccess.

@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void loginSuccess() {
    loginPage.open();
    loginPage.login("test-user@localhost", "password");
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
    EventRepresentation loginEvent = events.expectLogin().assertEvent();
    String sessionId = loginEvent.getSessionId();
    IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
    Assert.assertEquals("1", idToken.getAcr());
    Long authTime = idToken.getAuth_time();
    appPage.open();
    oauth.openLoginForm();
    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
    loginEvent = events.expectLogin().removeDetail(Details.USERNAME).client("test-app").assertEvent();
    String sessionId2 = loginEvent.getSessionId();
    assertEquals(sessionId, sessionId2);
    // acr is 0 as we authenticated through SSO cookie
    idToken = sendTokenRequestAndGetIDToken(loginEvent);
    Assert.assertEquals("0", idToken.getAcr());
    // auth time hasn't changed as we authenticated through SSO cookie
    Assert.assertEquals(authTime, idToken.getAuth_time());
    profilePage.open();
    assertTrue(profilePage.isCurrent());
    // Expire session
    testingClient.testing().removeUserSession("test", sessionId);
    oauth.doLogin("test-user@localhost", "password");
    String sessionId4 = events.expectLogin().assertEvent().getSessionId();
    assertNotEquals(sessionId, sessionId4);
    events.clear();
}
Also used : EventRepresentation(org.keycloak.representations.idm.EventRepresentation) IDToken(org.keycloak.representations.IDToken) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 10 with DisableFeature

use of org.keycloak.testsuite.arquillian.annotation.DisableFeature in project keycloak by keycloak.

the class OIDCAdvancedRequestParamsTest method promptNoneConsentRequired.

// Prompt=none with consent required for client
@Test
// TODO remove this (KEYCLOAK-16228)
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
public void promptNoneConsentRequired() throws Exception {
    // Require consent
    ClientManager.realm(adminClient.realm("test")).clientId("test-app").consentRequired(true);
    try {
        // login to account mgmt.
        profilePage.open();
        assertTrue(loginPage.isCurrent());
        loginPage.login("test-user@localhost", "password");
        profilePage.assertCurrent();
        events.expectLogin().client(Constants.ACCOUNT_MANAGEMENT_CLIENT_ID).removeDetail(Details.REDIRECT_URI).detail(Details.USERNAME, "test-user@localhost").assertEvent();
        // Assert error shown when trying prompt=none and consent not yet retrieved
        driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=none");
        assertTrue(appPage.isCurrent());
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
        OAuthClient.AuthorizationEndpointResponse resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
        Assert.assertNull(resp.getCode());
        Assert.assertEquals(OAuthErrorException.INTERACTION_REQUIRED, resp.getError());
        // Confirm consent
        driver.navigate().to(oauth.getLoginFormUrl());
        grantPage.assertCurrent();
        grantPage.accept();
        events.expectLogin().detail(Details.USERNAME, "test-user@localhost").detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
        // Consent not required anymore. Login with prompt=none should success
        driver.navigate().to(oauth.getLoginFormUrl() + "&prompt=none");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
        resp = new OAuthClient.AuthorizationEndpointResponse(oauth);
        Assert.assertNotNull(resp.getCode());
        Assert.assertNull(resp.getError());
        events.expectLogin().detail(Details.USERNAME, "test-user@localhost").detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT).assertEvent();
    } finally {
        // Revert consent
        UserResource user = ApiUtil.findUserByUsernameId(adminClient.realm("test"), "test-user@localhost");
        user.revokeConsent("test-app");
        // revert require consent
        ClientManager.realm(adminClient.realm("test")).clientId("test-app").consentRequired(false);
    }
}
Also used : OAuthClient(org.keycloak.testsuite.util.OAuthClient) UserResource(org.keycloak.admin.client.resource.UserResource) DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature) AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

DisableFeature (org.keycloak.testsuite.arquillian.annotation.DisableFeature)23 Test (org.junit.Test)21 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)11 OAuthClient (org.keycloak.testsuite.util.OAuthClient)4 Matchers.containsString (org.hamcrest.Matchers.containsString)3 RealmResource (org.keycloak.admin.client.resource.RealmResource)3 UserResource (org.keycloak.admin.client.resource.UserResource)3 EventRepresentation (org.keycloak.representations.idm.EventRepresentation)3 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)3 Closeable (java.io.Closeable)2 ClientResource (org.keycloak.admin.client.resource.ClientResource)2 PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)2 RefreshToken (org.keycloak.representations.RefreshToken)2 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)2 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)2 RequiredActionProviderRepresentation (org.keycloak.representations.idm.RequiredActionProviderRepresentation)2 AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)2 AbstractKerberosTest (org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest)2 WebElement (org.openqa.selenium.WebElement)2 Arrays (java.util.Arrays)1