Search in sources :

Example 11 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ExecutionTest method testRequirementsInExecution.

@Test
@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRequirementsInExecution() {
    HashMap<String, String> params = new HashMap<>();
    String newBrowserFlow = "new-exec-flow";
    params.put("newName", newBrowserFlow);
    try (Response response = authMgmtResource.copy("browser", params)) {
        assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
        Assert.assertEquals("Copy flow", 201, response.getStatus());
    }
    addExecutionCheckReq(newBrowserFlow, UsernameFormFactory.PROVIDER_ID, params, REQUIRED);
    addExecutionCheckReq(newBrowserFlow, WebAuthnAuthenticatorFactory.PROVIDER_ID, params, DISABLED);
    addExecutionCheckReq(newBrowserFlow, NoCookieFlowRedirectAuthenticatorFactory.PROVIDER_ID, params, REQUIRED);
    AuthenticationFlowRepresentation rep = findFlowByAlias(newBrowserFlow, authMgmtResource.getFlows());
    Assert.assertNotNull(rep);
    authMgmtResource.deleteFlow(rep.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()), ResourceType.AUTH_FLOW);
}
Also used : Response(javax.ws.rs.core.Response) HashMap(java.util.HashMap) AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)

Example 12 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method testCreateNonDynamicScopeWithFeatureEnabled.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateNonDynamicScopeWithFeatureEnabled() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("non-dynamic-scope-def");
    scopeRep.setProtocol("openid-connect");
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "false");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "");
        }
    });
    String scopeDefId = createClientScope(scopeRep);
    getCleanup().addClientScopeId(scopeDefId);
    // Assert updated attributes
    scopeRep = clientScopes().get(scopeDefId).toRepresentation();
    assertEquals("non-dynamic-scope-def", scopeRep.getName());
    assertEquals("false", scopeRep.getAttributes().get(ClientScopeModel.IS_DYNAMIC_SCOPE));
    assertEquals("", scopeRep.getAttributes().get(ClientScopeModel.DYNAMIC_SCOPE_REGEXP));
}
Also used : ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) Test(org.junit.Test) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)

Example 13 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method updateAssignedDefaultClientScopeToDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void updateAssignedDefaultClientScopeToDynamicScope() {
    ClientRepresentation clientRep = new ClientRepresentation();
    clientRep.setClientId("dyn-scope-client");
    clientRep.setProtocol("openid-connect");
    String clientUuid = createClient(clientRep);
    getCleanup().addClientUuid(clientUuid);
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("dynamic-scope-def");
    scopeRep.setProtocol("openid-connect");
    String scopeDefId = createClientScope(scopeRep);
    getCleanup().addClientScopeId(scopeDefId);
    testRealmResource().clients().get(clientUuid).addDefaultClientScope(scopeDefId);
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*:*");
        }
    });
    try {
        clientScopes().get(scopeDefId).update(scopeRep);
        Assert.fail("This update should fail");
    } catch (ClientErrorException ex) {
        MatcherAssert.assertThat(ex.getResponse(), Matchers.statusCodeIs(Status.BAD_REQUEST));
    }
}
Also used : ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) ClientErrorException(javax.ws.rs.ClientErrorException) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Test(org.junit.Test) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)

Example 14 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method testCreateInvalidRegexpDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateInvalidRegexpDynamicScope() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("dynamic-scope-def4");
    scopeRep.setProtocol("openid-connect");
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*:*");
        }
    });
    handleExpectedCreateFailure(scopeRep, 400, "Invalid format for the Dynamic Scope regexp dynamic-scope-def:*:*");
}
Also used : ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) Test(org.junit.Test) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)

Example 15 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class OAuthGrantTest method oauthGrantDynamicScopeParamRequired.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void oauthGrantDynamicScopeParamRequired() {
    RealmResource appRealm = adminClient.realm(REALM_NAME);
    ClientResource thirdParty = findClientByClientId(appRealm, THIRD_PARTY_APP);
    // Create clientScope
    ClientScopeRepresentation scope = new ClientScopeRepresentation();
    scope.setName("foo-dynamic-scope");
    scope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    scope.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "foo-dynamic-scope:*");
        }
    });
    Response response = appRealm.clientScopes().create(scope);
    String dynamicFooScopeId = ApiUtil.getCreatedId(response);
    response.close();
    getCleanup().addClientScopeId(dynamicFooScopeId);
    // Add clientScope as optional to client
    thirdParty.addOptionalClientScope(dynamicFooScopeId);
    // Assert clientScope not on grant screen when not requested
    oauth.clientId(THIRD_PARTY_APP);
    oauth.scope("foo-dynamic-scope:withparam");
    oauth.doLogin("test-user@localhost", "password");
    grantPage.assertCurrent();
    List<String> grants = grantPage.getDisplayedGrants();
    Assert.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
    grantPage.accept();
    EventRepresentation loginEvent = events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    String code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode();
    OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, "password");
    events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).client(THIRD_PARTY_APP).assertEvent();
    oauth.openLogout();
    events.expectLogout(loginEvent.getSessionId()).assertEvent();
    // login again to check whether the Dynamic scope and only the dynamic scope is requested again
    oauth.scope("foo-dynamic-scope:withparam");
    oauth.doLogin("test-user@localhost", "password");
    grantPage.assertCurrent();
    grants = grantPage.getDisplayedGrants();
    Assert.assertEquals(1, grants.size());
    Assert.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
    grantPage.accept();
    events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    // Revoke
    accountAppsPage.open();
    accountAppsPage.revokeGrant(THIRD_PARTY_APP);
    events.expect(EventType.REVOKE_GRANT).client("account").detail(Details.REVOKED_CLIENT, THIRD_PARTY_APP).assertEvent();
    // cleanup
    oauth.scope(null);
    thirdParty.removeOptionalClientScope(dynamicFooScopeId);
}
Also used : Response(javax.ws.rs.core.Response) OAuthClient(org.keycloak.testsuite.util.OAuthClient) RealmResource(org.keycloak.admin.client.resource.RealmResource) ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation) EventRepresentation(org.keycloak.representations.idm.EventRepresentation) ClientResource(org.keycloak.admin.client.resource.ClientResource) Test(org.junit.Test) AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest) EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)

Aggregations

Test (org.junit.Test)19 EnableFeature (org.keycloak.testsuite.arquillian.annotation.EnableFeature)19 ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)9 ClientResource (org.keycloak.admin.client.resource.ClientResource)7 PartialImportResults (org.keycloak.partialimport.PartialImportResults)6 ClientRepresentation (org.keycloak.representations.idm.ClientRepresentation)6 AbstractAuthTest (org.keycloak.testsuite.AbstractAuthTest)6 Response (javax.ws.rs.core.Response)5 AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)4 OAuthClient (org.keycloak.testsuite.util.OAuthClient)3 ClientErrorException (javax.ws.rs.ClientErrorException)2 RealmResource (org.keycloak.admin.client.resource.RealmResource)2 AccessToken (org.keycloak.representations.AccessToken)2 ProtocolMapperRepresentation (org.keycloak.representations.idm.ProtocolMapperRepresentation)2 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)2 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)2 HashMap (java.util.HashMap)1 HttpResponse (org.apache.http.HttpResponse)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 Matchers.isEmptyOrNullString (org.hamcrest.Matchers.isEmptyOrNullString)1