Examples with EnableFeature org.keycloak.testsuite.arquillian.annotation.EnableFeature used on opensource projects

Example 11 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ExecutionTest method testRequirementsInExecution.

@Test
@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRequirementsInExecution() {
    HashMap<String, String> params = new HashMap<>();
    String newBrowserFlow = "new-exec-flow";
    params.put("newName", newBrowserFlow);
    try (Response response = authMgmtResource.copy("browser", params)) {
        assertAdminEvents.assertEvent(REALM_NAME, OperationType.CREATE, AdminEventPaths.authCopyFlowPath("browser"), params, ResourceType.AUTH_FLOW);
        Assert.assertEquals("Copy flow", 201, response.getStatus());
    }
    addExecutionCheckReq(newBrowserFlow, UsernameFormFactory.PROVIDER_ID, params, REQUIRED);
    addExecutionCheckReq(newBrowserFlow, WebAuthnAuthenticatorFactory.PROVIDER_ID, params, DISABLED);
    addExecutionCheckReq(newBrowserFlow, NoCookieFlowRedirectAuthenticatorFactory.PROVIDER_ID, params, REQUIRED);
    AuthenticationFlowRepresentation rep = findFlowByAlias(newBrowserFlow, authMgmtResource.getFlows());
    Assert.assertNotNull(rep);
    authMgmtResource.deleteFlow(rep.getId());
    assertAdminEvents.assertEvent(REALM_NAME, OperationType.DELETE, AdminEventPaths.authFlowPath(rep.getId()), ResourceType.AUTH_FLOW);
}

Example 12 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method testCreateNonDynamicScopeWithFeatureEnabled.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateNonDynamicScopeWithFeatureEnabled() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("non-dynamic-scope-def");
    scopeRep.setProtocol("openid-connect");
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "false");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "");
        }
    });
    String scopeDefId = createClientScope(scopeRep);
    getCleanup().addClientScopeId(scopeDefId);
    // Assert updated attributes
    scopeRep = clientScopes().get(scopeDefId).toRepresentation();
    assertEquals("non-dynamic-scope-def", scopeRep.getName());
    assertEquals("false", scopeRep.getAttributes().get(ClientScopeModel.IS_DYNAMIC_SCOPE));
    assertEquals("", scopeRep.getAttributes().get(ClientScopeModel.DYNAMIC_SCOPE_REGEXP));
}

Example 13 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method updateAssignedDefaultClientScopeToDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void updateAssignedDefaultClientScopeToDynamicScope() {
    ClientRepresentation clientRep = new ClientRepresentation();
    clientRep.setClientId("dyn-scope-client");
    clientRep.setProtocol("openid-connect");
    String clientUuid = createClient(clientRep);
    getCleanup().addClientUuid(clientUuid);
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("dynamic-scope-def");
    scopeRep.setProtocol("openid-connect");
    String scopeDefId = createClientScope(scopeRep);
    getCleanup().addClientScopeId(scopeDefId);
    testRealmResource().clients().get(clientUuid).addDefaultClientScope(scopeDefId);
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*:*");
        }
    });
    try {
        clientScopes().get(scopeDefId).update(scopeRep);
        Assert.fail("This update should fail");
    } catch (ClientErrorException ex) {
        MatcherAssert.assertThat(ex.getResponse(), Matchers.statusCodeIs(Status.BAD_REQUEST));
    }
}

Example 14 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class ClientScopeTest method testCreateInvalidRegexpDynamicScope.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void testCreateInvalidRegexpDynamicScope() {
    ClientScopeRepresentation scopeRep = new ClientScopeRepresentation();
    scopeRep.setName("dynamic-scope-def4");
    scopeRep.setProtocol("openid-connect");
    scopeRep.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "dynamic-scope-def:*:*");
        }
    });
    handleExpectedCreateFailure(scopeRep, 400, "Invalid format for the Dynamic Scope regexp dynamic-scope-def:*:*");
}

Example 15 with EnableFeature

use of org.keycloak.testsuite.arquillian.annotation.EnableFeature in project keycloak by keycloak.

the class OAuthGrantTest method oauthGrantDynamicScopeParamRequired.

@Test
@EnableFeature(value = Profile.Feature.DYNAMIC_SCOPES, skipRestart = true)
public void oauthGrantDynamicScopeParamRequired() {
    RealmResource appRealm = adminClient.realm(REALM_NAME);
    ClientResource thirdParty = findClientByClientId(appRealm, THIRD_PARTY_APP);
    // Create clientScope
    ClientScopeRepresentation scope = new ClientScopeRepresentation();
    scope.setName("foo-dynamic-scope");
    scope.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL);
    scope.setAttributes(new HashMap<String, String>() {

        {
            put(ClientScopeModel.IS_DYNAMIC_SCOPE, "true");
            put(ClientScopeModel.DYNAMIC_SCOPE_REGEXP, "foo-dynamic-scope:*");
        }
    });
    Response response = appRealm.clientScopes().create(scope);
    String dynamicFooScopeId = ApiUtil.getCreatedId(response);
    response.close();
    getCleanup().addClientScopeId(dynamicFooScopeId);
    // Add clientScope as optional to client
    thirdParty.addOptionalClientScope(dynamicFooScopeId);
    // Assert clientScope not on grant screen when not requested
    oauth.clientId(THIRD_PARTY_APP);
    oauth.scope("foo-dynamic-scope:withparam");
    oauth.doLogin("test-user@localhost", "password");
    grantPage.assertCurrent();
    List<String> grants = grantPage.getDisplayedGrants();
    Assert.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
    grantPage.accept();
    EventRepresentation loginEvent = events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    String code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode();
    OAuthClient.AccessTokenResponse res = oauth.doAccessTokenRequest(code, "password");
    events.expectCodeToToken(loginEvent.getDetails().get(Details.CODE_ID), loginEvent.getSessionId()).client(THIRD_PARTY_APP).assertEvent();
    oauth.openLogout();
    events.expectLogout(loginEvent.getSessionId()).assertEvent();
    // login again to check whether the Dynamic scope and only the dynamic scope is requested again
    oauth.scope("foo-dynamic-scope:withparam");
    oauth.doLogin("test-user@localhost", "password");
    grantPage.assertCurrent();
    grants = grantPage.getDisplayedGrants();
    Assert.assertEquals(1, grants.size());
    Assert.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
    grantPage.accept();
    events.expectLogin().client(THIRD_PARTY_APP).detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).assertEvent();
    // Revoke
    accountAppsPage.open();
    accountAppsPage.revokeGrant(THIRD_PARTY_APP);
    events.expect(EventType.REVOKE_GRANT).client("account").detail(Details.REVOKED_CLIENT, THIRD_PARTY_APP).assertEvent();
    // cleanup
    oauth.scope(null);
    thirdParty.removeOptionalClientScope(dynamicFooScopeId);
}