use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class KcSamlSignedBrokerTest method testWithExpiredBrokerCertificate.
@Test
public void testWithExpiredBrokerCertificate() throws Exception {
try (Closeable idpUpdater = new IdentityProviderAttributeUpdater(identityProviderResource).setAttribute(SAMLIdentityProviderConfig.VALIDATE_SIGNATURE, Boolean.toString(true)).setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_SIGNED, Boolean.toString(true)).setAttribute(SAMLIdentityProviderConfig.WANT_ASSERTIONS_ENCRYPTED, Boolean.toString(false)).setAttribute(SAMLIdentityProviderConfig.WANT_AUTHN_REQUESTS_SIGNED, "true").setAttribute(SAMLIdentityProviderConfig.SIGNING_CERTIFICATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_CERTIFICATE).update();
Closeable clientUpdater = ClientAttributeUpdater.forClient(adminClient, bc.providerRealmName(), bc.getIDPClientIdInProviderRealm()).setAttribute(SamlConfigAttributes.SAML_ENCRYPT, Boolean.toString(false)).setAttribute(SamlConfigAttributes.SAML_SERVER_SIGNATURE, "true").setAttribute(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, Boolean.toString(true)).setAttribute(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, "false").update();
Closeable realmUpdater = new RealmAttributeUpdater(adminClient.realm(bc.providerRealmName())).setPublicKey(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PUBLIC_KEY).setPrivateKey(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PRIVATE_KEY).update()) {
AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
Document doc = SAML2Request.convert(loginRep);
new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().assertResponse(org.keycloak.testsuite.util.Matchers.statusCodeIsHC(Status.BAD_REQUEST));
}
}
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class IdentityProviderTest method failUpdateInvalidUrl.
@Test
public void failUpdateInvalidUrl() throws Exception {
try (RealmAttributeUpdater rau = new RealmAttributeUpdater(realm).updateWith(r -> r.setSslRequired(SslRequired.ALL.name())).update()) {
IdentityProviderRepresentation representation = createRep(UUID.randomUUID().toString(), "oidc");
representation.getConfig().put("clientId", "clientId");
representation.getConfig().put("clientSecret", "some secret value");
try (Response response = realm.identityProviders().create(representation)) {
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
}
IdentityProviderResource resource = this.realm.identityProviders().get(representation.getAlias());
representation = resource.toRepresentation();
OIDCIdentityProviderConfigRep oidcConfig = new OIDCIdentityProviderConfigRep(representation);
oidcConfig.setAuthorizationUrl("invalid://test");
try {
resource.update(representation);
fail("Invalid URL");
} catch (Exception e) {
assertTrue(e instanceof ClientErrorException);
Response response = ClientErrorException.class.cast(e).getResponse();
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
assertEquals("The url [authorization_url] is malformed", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl("http://test");
try {
resource.update(representation);
fail("Invalid URL");
} catch (Exception e) {
assertTrue(e instanceof ClientErrorException);
Response response = ClientErrorException.class.cast(e).getResponse();
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
assertEquals("The url [token_url] requires secure connections", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl(null);
oidcConfig.setJwksUrl("http://test");
try {
resource.update(representation);
fail("Invalid URL");
} catch (Exception e) {
assertTrue(e instanceof ClientErrorException);
Response response = ClientErrorException.class.cast(e).getResponse();
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
assertEquals("The url [jwks_url] requires secure connections", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl(null);
oidcConfig.setJwksUrl(null);
oidcConfig.setLogoutUrl("http://test");
try {
resource.update(representation);
fail("Invalid URL");
} catch (Exception e) {
assertTrue(e instanceof ClientErrorException);
Response response = ClientErrorException.class.cast(e).getResponse();
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
assertEquals("The url [logout_url] requires secure connections", error.getErrorMessage());
}
oidcConfig.setAuthorizationUrl(null);
oidcConfig.setTokenUrl(null);
oidcConfig.setJwksUrl(null);
oidcConfig.setLogoutUrl(null);
oidcConfig.setUserInfoUrl("http://localhost");
try {
resource.update(representation);
fail("Invalid URL");
} catch (Exception e) {
assertTrue(e instanceof ClientErrorException);
Response response = ClientErrorException.class.cast(e).getResponse();
assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
ErrorRepresentation error = ((ClientErrorException) e).getResponse().readEntity(ErrorRepresentation.class);
assertEquals("The url [userinfo_url] requires secure connections", error.getErrorMessage());
}
rau.updateWith(r -> r.setSslRequired(SslRequired.EXTERNAL.name())).update();
resource.update(representation);
}
}
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class UserStorageTest method testRegisterWithRequiredEmail.
@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void testRegisterWithRequiredEmail() throws Exception {
try (AutoCloseable c = new RealmAttributeUpdater(testRealmResource()).updateWith(r -> {
Map<String, String> config = new HashMap<>();
config.put("from", "auto@keycloak.org");
config.put("host", "localhost");
config.put("port", "3025");
r.setSmtpServer(config);
r.setRegistrationAllowed(true);
r.setVerifyEmail(true);
}).update()) {
testRealmAccountPage.navigateTo();
loginPage.clickRegister();
registerPage.register("firstName", "lastName", "email@mail.com", "verifyEmail", "password", "password");
verifyEmailPage.assertCurrent();
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String verificationUrl = getPasswordResetEmailLink(message);
driver.navigate().to(verificationUrl.trim());
testRealmAccountPage.assertCurrent();
}
}
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class RegisterTest method registerPasswordPolicy.
@Test
public void registerPasswordPolicy() throws IOException {
try (RealmAttributeUpdater rau = getRealmAttributeUpdater().setPasswordPolicy("length").update()) {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register("firstName", "lastName", "registerPasswordPolicy@email", "registerPasswordPolicy", "pass", "pass");
registerPage.assertCurrent();
assertEquals("Invalid password: minimum length 8.", registerPage.getInputPasswordErrors().getPasswordError());
events.expectRegister("registerPasswordPolicy", "registerPasswordPolicy@email").removeDetail(Details.USERNAME).removeDetail(Details.EMAIL).user((String) null).error("invalid_registration").assertEvent();
registerPage.register("firstName", "lastName", "registerPasswordPolicy@email", "registerPasswordPolicy", "password", "password");
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId = events.expectRegister("registerPasswordPolicy", "registerPasswordPolicy@email").assertEvent().getUserId();
events.expectLogin().user(userId).detail(Details.USERNAME, "registerpasswordpolicy").assertEvent();
}
}
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class RegisterTest method registerExistingEmailAllowed.
@Test
public void registerExistingEmailAllowed() throws IOException {
try (RealmAttributeUpdater rau = setDuplicateEmailsAllowed(true).update()) {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register("firstName", "lastName", "test-user@localhost", "registerExistingEmailUser", "password", "password");
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId = events.expectRegister("registerExistingEmailUser", "test-user@localhost").assertEvent().getUserId();
events.expectLogin().detail("username", "registerexistingemailuser").user(userId).assertEvent();
assertUserBasicRegisterAttributes(userId, "registerexistingemailuser", "test-user@localhost", "firstName", "lastName");
testRealm().users().get(userId).remove();
}
}
Aggregations