Example 11 with RealmAttributeUpdater
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class LoginTest method loginWithLongRedirectUri.
@AuthServerContainerExclude(value = { AuthServerContainerExclude.AuthServer.REMOTE }, details = "Remote testsuite: max-detail-length is set to zero in standalone.xml, proposed fix - KEYCLOAK-17659")
@Test
public void loginWithLongRedirectUri() throws Exception {
try (AutoCloseable c = new RealmAttributeUpdater(adminClient.realm("test")).updateWith(r -> r.setEventsEnabled(true)).update()) {
String randomLongString = RandomStringUtils.random(2500, true, true);
String longRedirectUri = oauth.getRedirectUri() + "?longQueryParameterValue=" + randomLongString;
UriBuilder longLoginUri = UriBuilder.fromUri(oauth.getLoginFormUrl()).replaceQueryParam(OAuth2Constants.REDIRECT_URI, longRedirectUri);
DroneUtils.getCurrentDriver().navigate().to(longLoginUri.build().toString());
loginPage.assertCurrent();
loginPage.login("login-test", "password");
events.expectLogin().user(userId).detail(OAuth2Constants.REDIRECT_URI, longRedirectUri).assertEvent();
}
}
Also used :
JavascriptBrowser(org.keycloak.testsuite.util.JavascriptBrowser)
AUTHORIZATION(org.keycloak.common.Profile.Feature.AUTHORIZATION)
Arrays(java.util.Arrays)
AssertEvents(org.keycloak.testsuite.AssertEvents)
Page(org.jboss.arquillian.graphene.page.Page)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
LoginPasswordUpdatePage(org.keycloak.testsuite.pages.LoginPasswordUpdatePage)
AdminClientUtil(org.keycloak.testsuite.util.AdminClientUtil)
BrowserSecurityHeaders(org.keycloak.models.BrowserSecurityHeaders)
AdminConsole(org.keycloak.testsuite.console.page.AdminConsole)
UriBuilder(javax.ws.rs.core.UriBuilder)
ClientResource(org.keycloak.admin.client.resource.ClientResource)
ApiUtil.findClientByClientId(org.keycloak.testsuite.admin.ApiUtil.findClientByClientId)
DYNAMIC_SCOPES(org.keycloak.common.Profile.Feature.DYNAMIC_SCOPES)
ClientScopeModel(org.keycloak.models.ClientScopeModel)
Matchers(org.keycloak.testsuite.util.Matchers)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
UUID(java.util.UUID)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation)
List(java.util.List)
Response(javax.ws.rs.core.Response)
Details(org.keycloak.events.Details)
LoginPage(org.keycloak.testsuite.pages.LoginPage)
Assert.assertFalse(org.junit.Assert.assertFalse)
SessionTimeoutHelper(org.keycloak.models.utils.SessionTimeoutHelper)
Matchers.equalTo(org.hamcrest.Matchers.equalTo)
OIDCLoginProtocol(org.keycloak.protocol.oidc.OIDCLoginProtocol)
RandomStringUtils(org.apache.commons.lang3.RandomStringUtils)
Matchers.is(org.hamcrest.Matchers.is)
Matchers.containsString(org.hamcrest.Matchers.containsString)
SERVER_ROOT(org.keycloak.testsuite.util.OAuthClient.SERVER_ROOT)
OAuth2Constants(org.keycloak.OAuth2Constants)
Profile(org.keycloak.common.Profile)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
WebDriver(org.openqa.selenium.WebDriver)
Client(javax.ws.rs.client.Client)
ContainerAssume(org.keycloak.testsuite.util.ContainerAssume)
DroneUtils(org.keycloak.testsuite.util.DroneUtils)
Algorithm(org.keycloak.crypto.Algorithm)
HashMap(java.util.HashMap)
ServerURLs.getAuthServerContextRoot(org.keycloak.testsuite.util.ServerURLs.getAuthServerContextRoot)
AccountUpdateProfilePage(org.keycloak.testsuite.pages.AccountUpdateProfilePage)
JWSInputException(org.keycloak.jose.jws.JWSInputException)
EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)
RealmBuilder(org.keycloak.testsuite.util.RealmBuilder)
Drone(org.jboss.arquillian.drone.api.annotation.Drone)
UserBuilder(org.keycloak.testsuite.util.UserBuilder)
UserResource(org.keycloak.admin.client.resource.UserResource)
OIDCLoginProtocolService(org.keycloak.protocol.oidc.OIDCLoginProtocolService)
ProfileAssume(org.keycloak.testsuite.ProfileAssume)
Retry(org.keycloak.common.util.Retry)
ApiUtil(org.keycloak.testsuite.admin.ApiUtil)
JWSInput(org.keycloak.jose.jws.JWSInput)
WaitUtils(org.keycloak.testsuite.util.WaitUtils)
AUTH_SERVER_ROOT(org.keycloak.testsuite.util.OAuthClient.AUTH_SERVER_ROOT)
AppPage(org.keycloak.testsuite.pages.AppPage)
Errors(org.keycloak.events.Errors)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
Assert.assertTrue(org.junit.Assert.assertTrue)
Test(org.junit.Test)
EventType(org.keycloak.events.EventType)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
URLAssert.assertCurrentUrlStartsWithLoginUrlOf(org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWithLoginUrlOf)
Assert.assertNotEquals(org.junit.Assert.assertNotEquals)
TimeUnit(java.util.concurrent.TimeUnit)
Rule(org.junit.Rule)
TokenSignatureUtil(org.keycloak.testsuite.util.TokenSignatureUtil)
RequestType(org.keycloak.testsuite.pages.AppPage.RequestType)
ErrorPage(org.keycloak.testsuite.pages.ErrorPage)
Closeable(java.io.Closeable)
Assert(org.junit.Assert)
Assert.assertEquals(org.junit.Assert.assertEquals)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
Matchers.containsString(org.hamcrest.Matchers.containsString)
UriBuilder(javax.ws.rs.core.UriBuilder)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
Test(org.junit.Test)
AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)
Example 12 with RealmAttributeUpdater
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class WebAuthnRegisterAndLoginTest method registerUserSuccess.
@Test
public void registerUserSuccess() throws IOException {
String username = "registerUserSuccess";
String password = "password";
String email = "registerUserSuccess@email";
String userId = null;
try (RealmAttributeUpdater rau = updateRealmWithDefaultWebAuthnSettings(testRealm()).update()) {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
String authenticatorLabel = SecretGenerator.getInstance().randomString(24);
registerPage.register("firstName", "lastName", email, username, password, password);
// User was registered. Now he needs to register WebAuthn credential
webAuthnRegisterPage.assertCurrent();
webAuthnRegisterPage.clickRegister();
webAuthnRegisterPage.registerWebAuthnCredential(authenticatorLabel);
appPage.assertCurrent();
assertThat(appPage.getRequestType(), is(RequestType.AUTH_RESPONSE));
appPage.openAccount();
// confirm that registration is successfully completed
userId = events.expectRegister(username, email).assertEvent().getUserId();
// confirm registration event
EventRepresentation eventRep = events.expectRequiredAction(CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, authenticatorLabel).detail(WebAuthnConstants.PUBKEY_CRED_AAGUID_ATTR, ALL_ZERO_AAGUID).assertEvent();
String regPubKeyCredentialId = eventRep.getDetails().get(WebAuthnConstants.PUBKEY_CRED_ID_ATTR);
// confirm login event
String sessionId = events.expectLogin().user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, authenticatorLabel).assertEvent().getSessionId();
// confirm user registered
assertUserRegistered(userId, username.toLowerCase(), email.toLowerCase());
assertRegisteredCredentials(userId, ALL_ZERO_AAGUID, "none");
events.clear();
// logout by user
appPage.logout();
// confirm logout event
events.expectLogout(sessionId).user(userId).assertEvent();
// login by user
loginPage.open();
loginPage.login(username, password);
webAuthnLoginPage.assertCurrent();
final WebAuthnAuthenticatorsList authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(1));
assertThat(authenticators.getLabels(), Matchers.contains(authenticatorLabel));
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
assertThat(appPage.getRequestType(), is(RequestType.AUTH_RESPONSE));
appPage.openAccount();
// confirm login event
sessionId = events.expectLogin().user(userId).detail(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, regPubKeyCredentialId).detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, Boolean.FALSE.toString()).assertEvent().getSessionId();
events.clear();
// logout by user
appPage.logout();
// confirm logout event
events.expectLogout(sessionId).user(userId).assertEvent();
} finally {
removeFirstCredentialForUser(userId, WebAuthnCredentialModel.TYPE_TWOFACTOR);
}
}
Also used :
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
Example 13 with RealmAttributeUpdater
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class WebAuthnRegisterAndLoginTest method webAuthnPasswordlessAlternativeWithWebAuthnAndPassword.
@Test
public void webAuthnPasswordlessAlternativeWithWebAuthnAndPassword() throws IOException {
String userId = null;
final String WEBAUTHN_LABEL = "webauthn";
final String PASSWORDLESS_LABEL = "passwordless";
try (RealmAttributeUpdater rau = new RealmAttributeUpdater(testRealm()).setBrowserFlow(webAuthnTogetherPasswordlessFlow()).update()) {
UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
assertThat(user, notNullValue());
user.getRequiredActions().add(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
UserResource userResource = testRealm().users().get(user.getId());
assertThat(userResource, notNullValue());
userResource.update(user);
user = userResource.toRepresentation();
assertThat(user, notNullValue());
assertThat(user.getRequiredActions(), hasItem(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID));
userId = user.getId();
loginUsernamePage.open();
loginUsernamePage.login("test-user@localhost");
passwordPage.assertCurrent();
passwordPage.login("password");
events.clear();
webAuthnRegisterPage.assertCurrent();
webAuthnRegisterPage.clickRegister();
webAuthnRegisterPage.registerWebAuthnCredential(PASSWORDLESS_LABEL);
webAuthnRegisterPage.assertCurrent();
webAuthnRegisterPage.clickRegister();
webAuthnRegisterPage.registerWebAuthnCredential(WEBAUTHN_LABEL);
appPage.assertCurrent();
events.expectRequiredAction(CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnPasswordlessRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, PASSWORDLESS_LABEL).assertEvent();
events.expectRequiredAction(CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, WEBAUTHN_LABEL).assertEvent();
final String sessionID = events.expectLogin().user(userId).assertEvent().getSessionId();
events.clear();
appPage.logout();
events.expectLogout(sessionID).user(userId).assertEvent();
// Password + WebAuthn security key
loginUsernamePage.open();
loginUsernamePage.assertCurrent();
loginUsernamePage.login("test-user@localhost");
passwordPage.assertCurrent();
passwordPage.login("password");
webAuthnLoginPage.assertCurrent();
final WebAuthnAuthenticatorsList authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(1));
assertThat(authenticators.getLabels(), Matchers.contains(WEBAUTHN_LABEL));
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
appPage.logout();
// Only passwordless login
loginUsernamePage.open();
loginUsernamePage.login("test-user@localhost");
passwordPage.assertCurrent();
passwordPage.assertTryAnotherWayLinkAvailability(true);
passwordPage.clickTryAnotherWayLink();
selectAuthenticatorPage.assertCurrent();
assertThat(selectAuthenticatorPage.getLoginMethodHelpText(SelectAuthenticatorPage.SECURITY_KEY), is("Use your security key for passwordless sign in."));
selectAuthenticatorPage.selectLoginMethod(SelectAuthenticatorPage.SECURITY_KEY);
webAuthnLoginPage.assertCurrent();
assertThat(webAuthnLoginPage.getAuthenticators().getCount(), is(0));
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
appPage.logout();
} finally {
removeFirstCredentialForUser(userId, WebAuthnCredentialModel.TYPE_TWOFACTOR, WEBAUTHN_LABEL);
removeFirstCredentialForUser(userId, WebAuthnCredentialModel.TYPE_PASSWORDLESS, PASSWORDLESS_LABEL);
}
}
Also used :
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
UserResource(org.keycloak.admin.client.resource.UserResource)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
Example 14 with RealmAttributeUpdater
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class WebAuthnRegisterAndLoginTest method webAuthnTwoFactorAndWebAuthnPasswordlessTogether.
@Test
public void webAuthnTwoFactorAndWebAuthnPasswordlessTogether() throws IOException {
// Change binding to browser-webauthn-passwordless. This is flow, which contains both "webauthn" and "webauthn-passwordless" authenticator
try (RealmAttributeUpdater rau = new RealmAttributeUpdater(testRealm()).setBrowserFlow("browser-webauthn-passwordless").update()) {
// Login as test-user@localhost with password
loginPage.open();
loginPage.login("test-user@localhost", "password");
errorPage.assertCurrent();
// User is not allowed to register passwordless authenticator in this flow
assertThat(events.poll().getError(), is("invalid_user_credentials"));
assertThat(errorPage.getError(), is("Cannot login, credential setup required."));
}
}
Also used :
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
Example 15 with RealmAttributeUpdater
use of org.keycloak.testsuite.updaters.RealmAttributeUpdater in project keycloak by keycloak.
the class WebAuthnErrorTest method errorPageWithTimeout.
@Test
@IgnoreBrowserDriver(FirefoxDriver.class)
public void errorPageWithTimeout() throws IOException {
final int timeoutSec = 3;
final String authenticatorLabel = "authenticator";
addWebAuthnCredential(authenticatorLabel);
try (RealmAttributeUpdater u = new WebAuthnRealmAttributeUpdater(testRealmResource()).setWebAuthnPolicyCreateTimeout(timeoutSec).update()) {
RealmRepresentation realm = testRealmResource().toRepresentation();
assertThat(realm, notNullValue());
assertThat(realm.getWebAuthnPolicyCreateTimeout(), is(timeoutSec));
final int webAuthnCount = webAuthnCredentialType.getUserCredentialsCount();
assertThat(webAuthnCount, is(1));
getWebAuthnManager().getCurrent().getAuthenticator().removeAllCredentials();
setUpWebAuthnFlow("webAuthnFlow");
logout();
signingInPage.navigateTo();
loginToAccount();
webAuthnLoginPage.assertCurrent();
final WebAuthnAuthenticatorsList authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(1));
assertThat(authenticators.getLabels(), Matchers.contains(authenticatorLabel));
webAuthnLoginPage.clickAuthenticate();
// Should fail after this time
WaitUtils.pause((timeoutSec + 1) * 1000);
webAuthnErrorPage.assertCurrent();
assertThat(webAuthnErrorPage.getError(), is("Failed to authenticate by the Security key."));
}
}
Also used :
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
Test(org.junit.Test)
IgnoreBrowserDriver(org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver)
Aggregations
Test (org.junit.Test)27
RealmAttributeUpdater (org.keycloak.testsuite.updaters.RealmAttributeUpdater)27
AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)15
Matchers.containsString (org.hamcrest.Matchers.containsString)10
List (java.util.List)5
AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)5
WebAuthnRealmAttributeUpdater (org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)5
Closeable (java.io.Closeable)4
Arrays (java.util.Arrays)4
HashMap (java.util.HashMap)4
Set (java.util.Set)4
Response (javax.ws.rs.core.Response)4
Matchers.equalTo (org.hamcrest.Matchers.equalTo)4
Assert.assertFalse (org.junit.Assert.assertFalse)4
IOException (java.io.IOException)3
URISyntaxException (java.net.URISyntaxException)3
HashSet (java.util.HashSet)3
Map (java.util.Map)3
UUID (java.util.UUID)3
MimeMessage (javax.mail.internet.MimeMessage)3
