Example 46 with ModelTest
use of org.keycloak.testsuite.arquillian.annotation.ModelTest in project keycloak by keycloak.
the class UserSessionProviderTest method testCreateAndGetInSameTransaction.
@Test
@ModelTest
public void testCreateAndGetInSameTransaction(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
ClientModel client = realm.getClientByClientId("test-app");
UserSessionModel userSession = session.sessions().createUserSession(realm, session.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.2", "form", true, null, null);
AuthenticatedClientSessionModel clientSession = createClientSession(session, client, userSession, "http://redirect", "state");
UserSessionModel userSessionLoaded = session.sessions().getUserSession(realm, userSession.getId());
AuthenticatedClientSessionModel clientSessionLoaded = userSessionLoaded.getAuthenticatedClientSessions().get(client.getId());
Assert.assertNotNull(userSessionLoaded);
Assert.assertNotNull(clientSessionLoaded);
Assert.assertEquals(userSession.getId(), clientSessionLoaded.getUserSession().getId());
Assert.assertEquals(1, userSessionLoaded.getAuthenticatedClientSessions().size());
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
UserSessionModel(org.keycloak.models.UserSessionModel)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 47 with ModelTest
use of org.keycloak.testsuite.arquillian.annotation.ModelTest in project keycloak by keycloak.
the class UserStorageTest method testCredentialCRUD.
@Test
@ModelTest
public void testCredentialCRUD(KeycloakSession session) throws Exception {
AtomicReference<String> passwordId = new AtomicReference<>();
AtomicReference<String> otp1Id = new AtomicReference<>();
AtomicReference<String> otp2Id = new AtomicReference<>();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test");
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
Assert.assertFalse(StorageId.isLocalStorage(user));
Stream<CredentialModel> credentials = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user);
org.keycloak.testsuite.Assert.assertEquals(0, credentials.count());
// Create password
CredentialModel passwordCred = PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC");
passwordCred = currentSession.userCredentialManager().createCredential(realm, user, passwordCred);
passwordId.set(passwordCred.getId());
// Create Password and 2 OTP credentials (password was already created)
CredentialModel otp1 = OTPCredentialModel.createFromPolicy(realm, "secret1");
CredentialModel otp2 = OTPCredentialModel.createFromPolicy(realm, "secret2");
otp1 = currentSession.userCredentialManager().createCredential(realm, user, otp1);
otp2 = currentSession.userCredentialManager().createCredential(realm, user, otp2);
otp1Id.set(otp1.getId());
otp2Id.set(otp2.getId());
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test");
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: password, otp1, otp2
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user).collect(Collectors.toList());
assertOrder(list, passwordId.get(), otp1Id.get(), otp2Id.get());
// Assert can't move password when newPreviousCredential not found
assertFalse(currentSession.userCredentialManager().moveCredentialTo(realm, user, passwordId.get(), "not-known"));
// Assert can't move credential when not found
assertFalse(currentSession.userCredentialManager().moveCredentialTo(realm, user, "not-known", otp2Id.get()));
// Move otp2 up
assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), passwordId.get()));
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test");
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: password, otp2, otp1
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user).collect(Collectors.toList());
assertOrder(list, passwordId.get(), otp2Id.get(), otp1Id.get());
// Move otp2 to the top
org.keycloak.testsuite.Assert.assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), null));
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test");
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, password, otp1
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user).collect(Collectors.toList());
assertOrder(list, otp2Id.get(), passwordId.get(), otp1Id.get());
// Move password down
assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, passwordId.get(), otp1Id.get()));
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test");
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, otp1, password
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user).collect(Collectors.toList());
assertOrder(list, otp2Id.get(), otp1Id.get(), passwordId.get());
// Remove otp2 down two positions
assertTrue(currentSession.userCredentialManager().moveCredentialTo(realm, user, otp2Id.get(), passwordId.get()));
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test");
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, otp1, password
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user).collect(Collectors.toList());
assertOrder(list, otp1Id.get(), passwordId.get(), otp2Id.get());
// Remove password
assertTrue(currentSession.userCredentialManager().removeStoredCredential(realm, user, passwordId.get()));
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSession) -> {
RealmModel realm = currentSession.realms().getRealmByName("test");
UserModel user = currentSession.users().getUserByUsername(realm, "thor");
// Assert priorities: otp2, password
List<CredentialModel> list = currentSession.userCredentialManager().getStoredCredentialsStream(realm, user).collect(Collectors.toList());
assertOrder(list, otp1Id.get(), otp2Id.get());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
CachedUserModel(org.keycloak.models.cache.CachedUserModel)
UserModel(org.keycloak.models.UserModel)
CredentialModel(org.keycloak.credential.CredentialModel)
OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
KeycloakSession(org.keycloak.models.KeycloakSession)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
AbstractAuthTest(org.keycloak.testsuite.AbstractAuthTest)
Test(org.junit.Test)
Example 48 with ModelTest
use of org.keycloak.testsuite.arquillian.annotation.ModelTest in project keycloak by keycloak.
the class UserModelTest method testServiceAccountLink.
@Test
@ModelTest
public void testServiceAccountLink(KeycloakSession session) throws Exception {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesServiceLink1) -> {
KeycloakSession currentSession = sesServiceLink1;
RealmModel realm = currentSession.realms().getRealmByName("original");
ClientModel client = realm.addClient("foo");
UserModel user1 = currentSession.users().addUser(realm, "user1");
user1.setFirstName("John");
user1.setLastName("Doe");
UserModel user2 = currentSession.users().addUser(realm, "user2");
user2.setFirstName("John");
user2.setLastName("Doe");
// Search
Assert.assertThat(currentSession.users().getServiceAccount(client), nullValue());
List<UserModel> users = currentSession.users().searchForUserStream(realm, "John Doe").collect(Collectors.toList());
Assert.assertThat(users, hasSize(2));
Assert.assertThat(users, containsInAnyOrder(user1, user2));
// Link service account
user1.setServiceAccountClientLink(client.getId());
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesServiceLink2) -> {
KeycloakSession currentSession = sesServiceLink2;
RealmModel realm = currentSession.realms().getRealmByName("original");
UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
UserModel user2 = currentSession.users().getUserByUsername(realm, "user2");
// Search and assert service account user not found
ClientModel client = realm.getClientByClientId("foo");
UserModel searched = currentSession.users().getServiceAccount(client);
Assert.assertThat(searched, equalTo(user1));
List<UserModel> users = currentSession.users().searchForUserStream(realm, "John Doe").collect(Collectors.toList());
Assert.assertThat(users, hasSize(1));
Assert.assertThat(users, contains(user2));
users = currentSession.users().getUsersStream(realm, false).collect(Collectors.toList());
Assert.assertThat(users, hasSize(1));
Assert.assertThat(users, contains(user2));
users = currentSession.users().getUsersStream(realm, true).collect(Collectors.toList());
Assert.assertThat(users, hasSize(2));
Assert.assertThat(users, containsInAnyOrder(user1, user2));
Assert.assertThat(currentSession.users().getUsersCount(realm, true), equalTo(2));
Assert.assertThat(currentSession.users().getUsersCount(realm, false), equalTo(1));
// Remove client
RealmManager realmMgr = new RealmManager(currentSession);
ClientManager clientMgr = new ClientManager(realmMgr);
clientMgr.removeClient(realm, client);
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesServiceLink3) -> {
KeycloakSession currentSession = sesServiceLink3;
RealmModel realm = currentSession.realms().getRealmByName("original");
// Assert service account removed as well
Assert.assertThat(currentSession.users().getUserByUsername(realm, "user1"), nullValue());
});
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserModel(org.keycloak.models.UserModel)
ClientModel(org.keycloak.models.ClientModel)
KeycloakSession(org.keycloak.models.KeycloakSession)
ClientManager(org.keycloak.services.managers.ClientManager)
RealmManager(org.keycloak.services.managers.RealmManager)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 49 with ModelTest
use of org.keycloak.testsuite.arquillian.annotation.ModelTest in project keycloak by keycloak.
the class UserSessionProviderTest method testCreateClientSession.
@Test
@ModelTest
public void testCreateClientSession(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
UserSessionModel[] sessions = createSessions(session);
Map<String, AuthenticatedClientSessionModel> clientSessions = session.sessions().getUserSession(realm, sessions[0].getId()).getAuthenticatedClientSessions();
assertEquals(2, clientSessions.size());
String clientUUID = realm.getClientByClientId("test-app").getId();
AuthenticatedClientSessionModel session1 = clientSessions.get(clientUUID);
assertNull(session1.getAction());
assertEquals(realm.getClientByClientId("test-app").getClientId(), session1.getClient().getClientId());
assertEquals(sessions[0].getId(), session1.getUserSession().getId());
assertEquals("http://redirect", session1.getRedirectUri());
assertEquals("state", session1.getNote(OIDCLoginProtocol.STATE_PARAM));
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
UserSessionModel(org.keycloak.models.UserSessionModel)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 50 with ModelTest
use of org.keycloak.testsuite.arquillian.annotation.ModelTest in project keycloak by keycloak.
the class UserSessionProviderTest method testRemoveUserSessionsByExpired.
@Test
@ModelTest
public void testRemoveUserSessionsByExpired(KeycloakSession session) {
try {
RealmModel realm = session.realms().getRealmByName("test");
ClientModel client = realm.getClientByClientId("test-app");
Set<String> validUserSessions = new HashSet<>();
Set<String> validClientSessions = new HashSet<>();
Set<String> expiredUserSessions = new HashSet<>();
// create an user session that is older than the max lifespan timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
Time.setOffset(-(realm.getSsoSessionMaxLifespan() + 1));
UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
expiredUserSessions.add(userSession.getId());
AuthenticatedClientSessionModel clientSession = session1.sessions().createClientSession(realm, client, userSession);
assertEquals(userSession, clientSession.getUserSession());
});
// create an user session whose last refresh exceeds the max session idle timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
Time.setOffset(-(realm.getSsoSessionIdleTimeout() + SessionTimeoutHelper.PERIODIC_CLEANER_IDLE_TIMEOUT_WINDOW_SECONDS + 1));
UserSessionModel s = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user2"), "user2", "127.0.0.1", "form", false, null, null);
// no need to explicitly set the last refresh time - it is the same as the creation time.
expiredUserSessions.add(s.getId());
});
// create an user session and associated client session that conforms to the max lifespan and max idle timeouts.
Time.setOffset(0);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
UserSessionModel userSession = session1.sessions().createUserSession(realm, session1.users().getUserByUsername(realm, "user1"), "user1", "127.0.0.1", "form", false, null, null);
validUserSessions.add(userSession.getId());
validClientSessions.add(session1.sessions().createClientSession(realm, client, userSession).getId());
});
// remove the expired sessions - we expect the first two sessions to have been removed as they either expired the max lifespan or the session idle timeouts.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> session1.sessions().removeExpired(realm));
for (String e : expiredUserSessions) {
assertNull(session.sessions().getUserSession(realm, e));
}
for (String v : validUserSessions) {
UserSessionModel userSessionLoaded = session.sessions().getUserSession(realm, v);
assertNotNull(userSessionLoaded);
// the only valid user session should also have a valid client session that hasn't expired.
AuthenticatedClientSessionModel clientSessionModel = userSessionLoaded.getAuthenticatedClientSessions().get(client.getId());
assertNotNull(clientSessionModel);
assertTrue(validClientSessions.contains(clientSessionModel.getId()));
}
} finally {
Time.setOffset(0);
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
}
}
Also used :
RealmModel(org.keycloak.models.RealmModel)
ClientModel(org.keycloak.models.ClientModel)
UserSessionModel(org.keycloak.models.UserSessionModel)
ResetTimeOffsetEvent(org.keycloak.models.utils.ResetTimeOffsetEvent)
KeycloakSession(org.keycloak.models.KeycloakSession)
AuthenticatedClientSessionModel(org.keycloak.models.AuthenticatedClientSessionModel)
HashSet(java.util.HashSet)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
ModelTest(org.keycloak.testsuite.arquillian.annotation.ModelTest)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Aggregations
ModelTest (org.keycloak.testsuite.arquillian.annotation.ModelTest)82
Test (org.junit.Test)81
RealmModel (org.keycloak.models.RealmModel)76
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)66
KeycloakSession (org.keycloak.models.KeycloakSession)60
UserModel (org.keycloak.models.UserModel)37
ClientModel (org.keycloak.models.ClientModel)36
UserSessionModel (org.keycloak.models.UserSessionModel)26
AtomicReference (java.util.concurrent.atomic.AtomicReference)19
AbstractKeycloakTest (org.keycloak.testsuite.AbstractKeycloakTest)14
AuthenticatedClientSessionModel (org.keycloak.models.AuthenticatedClientSessionModel)12
UserConsentModel (org.keycloak.models.UserConsentModel)10
RealmManager (org.keycloak.services.managers.RealmManager)10
RoleModel (org.keycloak.models.RoleModel)9
ClientScopeModel (org.keycloak.models.ClientScopeModel)6
UserManager (org.keycloak.models.UserManager)6
HashMap (java.util.HashMap)5
HashSet (java.util.HashSet)5
ResetTimeOffsetEvent (org.keycloak.models.utils.ResetTimeOffsetEvent)5
List (java.util.List)4
