use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.
the class ExecutionTest method testRequirementsInExecution.
@Test
@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRequirementsInExecution() {
HashMap<String, String> params = new HashMap<>();
String newBrowserFlow = "new-exec-flow";
params.put("newName", newBrowserFlow);
try (Response response = authMgmtResource.copy("browser", params)) {
assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
Assert.assertEquals("Copy flow", 201, response.getStatus());
}
addExecutionCheckReq(newBrowserFlow, UsernameFormFactory.PROVIDER_ID, params, REQUIRED);
addExecutionCheckReq(newBrowserFlow, WebAuthnAuthenticatorFactory.PROVIDER_ID, params, DISABLED);
addExecutionCheckReq(newBrowserFlow, NoCookieFlowRedirectAuthenticatorFactory.PROVIDER_ID, params, REQUIRED);
AuthenticationFlowRepresentation rep = findFlowByAlias(newBrowserFlow, authMgmtResource.getFlows());
Assert.assertNotNull(rep);
authMgmtResource.deleteFlow(rep.getId());
assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()), ResourceType.AUTH_FLOW);
}
use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.
the class ClientScopeTest method testCreateNonDynamicScopeWithFeatureEnabled.
@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateNonDynamicScopeWithFeatureEnabled() {
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("non-dynamic-scope-def");
scopeRep.setProtocol("openid-connect");
scopeRep.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "false");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "");
}
});
String scopeDefId = createClientScope(scopeRep);
getCleanup().addClientScopeId(scopeDefId);
// Assert updated attributes
scopeRep = clientScopes().get(scopeDefId).toRepresentation();
assertEquals("non-dynamic-scope-def", scopeRep.getName());
assertEquals("false", scopeRep.getAttributes().get(ClientScopeModel.IS_DYNAMIC_SCOPE));
assertEquals("", scopeRep.getAttributes().get(ClientScopeModel.DYNAMIC_SCOPE_REGEXP));
}
use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.
the class ClientScopeTest method updateAssignedDefaultClientScopeToDynamicScope.
@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void updateAssignedDefaultClientScopeToDynamicScope() {
ClientRepresentation clientRep = new ClientRepresentation();
clientRep.setClientId("dyn-scope-client");
clientRep.setProtocol("openid-connect");
String clientUuid = createClient(clientRep);
getCleanup().addClientUuid(clientUuid);
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("dynamic-scope-def");
scopeRep.setProtocol("openid-connect");
String scopeDefId = createClientScope(scopeRep);
getCleanup().addClientScopeId(scopeDefId);
testRealmResource().clients().get(clientUuid).addDefaultClientScope(scopeDefId);
scopeRep.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*:*");
}
});
try {
clientScopes().get(scopeDefId).update(scopeRep);
Assert.fail("This update should fail");
} catch (ClientErrorException ex) {
MatcherAssert.assertThat(ex.getResponse(), Matchers.statusCodeIs(Status.BAD_REQUEST));
}
}
use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.
the class ClientScopeTest method testCreateInvalidRegexpDynamicScope.
@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateInvalidRegexpDynamicScope() {
ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
scopeRep.setName("dynamic-scope-def4");
scopeRep.setProtocol("openid-connect");
scopeRep.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*:*");
}
});
handleExpectedCreateFailure(scopeRep, 400, "Invalid format for the Dynamic Scope regexp dynamic-scope-def:*:*");
}
use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.
the class OAuthGrantTest method oauthGrantDynamicScopeParamRequired.
@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void oauthGrantDynamicScopeParamRequired() {
RealmResource appRealm = adminClient.realm(REALM_NAME);
ClientResource thirdParty = findClientByClientId(appRealm, THIRD_PARTY_APP);
// Create clientScope
ClientScopeRepresentation scope = new ClientScopeRepresentation();
scope.setName("foo-dynamic-scope");
scope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
scope.setAttributes(new HashMap<String, String>() {
{
put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "foo-dynamic-scope:*");
}
});
Response response = appRealm.clientScopes().create(scope);
String dynamicFooScopeId = ApiUtil.getCreatedId(response);
response.close();
getCleanup().addClientScopeId(dynamicFooScopeId);
// Add clientScope as optional to client
thirdParty.addOptionalClientScope(dynamicFooScopeId);
// Assert clientScope not on grant screen when not requested
oauth.clientId(THIRD_PARTY_APP);
oauth.scope("foo-dynamic-scope:withparam");
oauth.doLogin("test-user@localhost", "password");
grantPage.assertCurrent();
List<String> grants = grantPage.getDisplayedGrants();
Assert.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
grantPage.accept();
EventRepresentation loginEvent = events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
String code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode();
OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, "password");
events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).client(THIRD_PARTY_APP).assertEvent();
oauth.openLogout();
events.expectLogout(loginEvent.getSessionId()).assertEvent();
// login again to check whether the Dynamic scope and only the dynamic scope is requested again
oauth.scope("foo-dynamic-scope:withparam");
oauth.doLogin("test-user@localhost", "password");
grantPage.assertCurrent();
grants = grantPage.getDisplayedGrants();
Assert.assertEquals(1, grants.size());
Assert.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
grantPage.accept();
events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
// Revoke
accountAppsPage.open();
accountAppsPage.revokeGrant(THIRD_PARTY_APP);
events.expect(EventType.REVOKE_GRANT).client("account").detail(Details.REVOKED_CLIENT, THIRD_PARTY_APP).assertEvent();
// cleanup
oauth.scope(null);
thirdParty.removeOptionalClientScope(dynamicFooScopeId);
}
Aggregations