Example 1 with AUTH_SERVER_HOST
use of org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_HOST in project keycloak by keycloak.
the class CookiesPathTest method testOldCookieWithNodeInValue.
@Test
public void testOldCookieWithNodeInValue() throws IOException {
String requestURI = OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account";
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_YEAR, 1);
// create old cookie with wrong path
BasicClientCookie wrongCookie = new BasicClientCookie(AuthenticationSessionManager.AUTH_SESSION_ID, AUTH_SESSION_VALUE_NODE);
wrongCookie.setDomain(AUTH_SERVER_HOST);
wrongCookie.setPath(OLD_COOKIE_PATH);
wrongCookie.setExpiryDate(calendar.getTime());
// obtain new cookies
CookieStore cookieStore = getCorrectCookies(requestURI);
cookieStore.addCookie(wrongCookie);
Assert.assertThat(cookieStore.getCookies(), Matchers.hasSize(3));
login(requestURI, cookieStore);
// old cookie has been removed
// now we have AUTH_SESSION_ID, KEYCLOAK_IDENTITY, KEYCLOAK_SESSION, OAuth_Token_Request_State
Assert.assertThat(cookieStore.getCookies().stream().map(org.apache.http.cookie.Cookie::getName).collect(Collectors.toList()), Matchers.hasItems("AUTH_SESSION_ID", "KEYCLOAK_IDENTITY", "KEYCLOAK_SESSION"));
// does each cookie's path end with "/"
cookieStore.getCookies().stream().filter(c -> !"OAuth_Token_Request_State".equals(c.getName())).map(org.apache.http.cookie.Cookie::getPath).forEach(path -> Assert.assertThat(path, Matchers.endsWith("/")));
// KEYCLOAK_SESSION should end by AUTH_SESSION_ID value
String authSessionId = cookieStore.getCookies().stream().filter(c -> "AUTH_SESSION_ID".equals(c.getName())).findFirst().get().getValue();
String KCSessionId = cookieStore.getCookies().stream().filter(c -> "KEYCLOAK_SESSION".equals(c.getName())).findFirst().get().getValue();
String KCSessionSuffix = KCSessionId.split("/")[2];
Assert.assertThat(authSessionId, Matchers.containsString(KCSessionSuffix));
}
Also used :
BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie)
Cookie(org.openqa.selenium.Cookie)
LaxRedirectStrategy(org.apache.http.impl.client.LaxRedirectStrategy)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
HttpPost(org.apache.http.client.methods.HttpPost)
Arrays(java.util.Arrays)
Profile(org.keycloak.common.Profile)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
AdminRoles(org.keycloak.models.AdminRoles)
ContainerAssume(org.keycloak.testsuite.util.ContainerAssume)
Page(org.jboss.arquillian.graphene.page.Page)
AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
CookieStore(org.apache.http.client.CookieStore)
Calendar(java.util.Calendar)
RealmBuilder(org.keycloak.testsuite.util.RealmBuilder)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
UserBuilder(org.keycloak.testsuite.util.UserBuilder)
After(org.junit.After)
LinkedList(java.util.LinkedList)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie)
HttpRequestBase(org.apache.http.client.methods.HttpRequestBase)
Matchers(org.hamcrest.Matchers)
Set(java.util.Set)
Test(org.junit.Test)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
IOException(java.io.IOException)
AUTH_SERVER_HOST(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_HOST)
URLUtils(org.keycloak.testsuite.util.URLUtils)
HttpCoreContext(org.apache.http.protocol.HttpCoreContext)
Collectors(java.util.stream.Collectors)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
IOUtils(org.apache.commons.io.IOUtils)
List(java.util.List)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
AccountRoles(org.keycloak.models.AccountRoles)
HttpGet(org.apache.http.client.methods.HttpGet)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
LoginPage(org.keycloak.testsuite.pages.LoginPage)
Matchers.equalTo(org.hamcrest.Matchers.equalTo)
Cookie(org.openqa.selenium.Cookie)
ActionURIUtils(org.keycloak.testsuite.ActionURIUtils)
Matchers.is(org.hamcrest.Matchers.is)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
NameValuePair(org.apache.http.NameValuePair)
Assert(org.junit.Assert)
CookieStore(org.apache.http.client.CookieStore)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
Calendar(java.util.Calendar)
BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Example 2 with AUTH_SERVER_HOST
use of org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_HOST in project keycloak by keycloak.
the class CookiesPathTest method testMultipleCookies.
@Test
public void testMultipleCookies() throws IOException {
String requestURI = OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account";
Calendar calendar = Calendar.getInstance();
calendar.add(Calendar.DAY_OF_YEAR, 1);
// create old cookie with wrong path
BasicClientCookie wrongCookie = new BasicClientCookie(AuthenticationSessionManager.AUTH_SESSION_ID, AUTH_SESSION_VALUE);
wrongCookie.setDomain(AUTH_SERVER_HOST);
wrongCookie.setPath(OLD_COOKIE_PATH);
wrongCookie.setExpiryDate(calendar.getTime());
// obtain new cookies
CookieStore cookieStore = getCorrectCookies(requestURI);
cookieStore.addCookie(wrongCookie);
Assert.assertThat(cookieStore.getCookies(), Matchers.hasSize(3));
login(requestURI, cookieStore);
// old cookie has been removed
// now we have AUTH_SESSION_ID, KEYCLOAK_IDENTITY, KEYCLOAK_SESSION
Assert.assertThat(cookieStore.getCookies().stream().map(org.apache.http.cookie.Cookie::getName).collect(Collectors.toList()), Matchers.hasItems("AUTH_SESSION_ID", "KEYCLOAK_IDENTITY", "KEYCLOAK_SESSION"));
// does each cookie's path end with "/"
cookieStore.getCookies().stream().filter(c -> !"OAuth_Token_Request_State".equals(c.getName())).map(org.apache.http.cookie.Cookie::getPath).forEach(path -> Assert.assertThat(path, Matchers.endsWith("/")));
// KEYCLOAK_SESSION should end by AUTH_SESSION_ID value
String authSessionId = cookieStore.getCookies().stream().filter(c -> "AUTH_SESSION_ID".equals(c.getName())).findFirst().get().getValue();
String KCSessionId = cookieStore.getCookies().stream().filter(c -> "KEYCLOAK_SESSION".equals(c.getName())).findFirst().get().getValue();
String KCSessionSuffix = KCSessionId.split("/")[2];
Assert.assertThat(authSessionId, Matchers.containsString(KCSessionSuffix));
}
Also used :
BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie)
Cookie(org.openqa.selenium.Cookie)
LaxRedirectStrategy(org.apache.http.impl.client.LaxRedirectStrategy)
BasicNameValuePair(org.apache.http.message.BasicNameValuePair)
HttpPost(org.apache.http.client.methods.HttpPost)
Arrays(java.util.Arrays)
Profile(org.keycloak.common.Profile)
UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity)
AdminRoles(org.keycloak.models.AdminRoles)
ContainerAssume(org.keycloak.testsuite.util.ContainerAssume)
Page(org.jboss.arquillian.graphene.page.Page)
AuthenticationSessionManager(org.keycloak.services.managers.AuthenticationSessionManager)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
CookieStore(org.apache.http.client.CookieStore)
Calendar(java.util.Calendar)
RealmBuilder(org.keycloak.testsuite.util.RealmBuilder)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
UserBuilder(org.keycloak.testsuite.util.UserBuilder)
After(org.junit.After)
LinkedList(java.util.LinkedList)
CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient)
BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie)
HttpRequestBase(org.apache.http.client.methods.HttpRequestBase)
Matchers(org.hamcrest.Matchers)
Set(java.util.Set)
Test(org.junit.Test)
DisableFeature(org.keycloak.testsuite.arquillian.annotation.DisableFeature)
IOException(java.io.IOException)
AUTH_SERVER_HOST(org.keycloak.testsuite.util.ServerURLs.AUTH_SERVER_HOST)
URLUtils(org.keycloak.testsuite.util.URLUtils)
HttpCoreContext(org.apache.http.protocol.HttpCoreContext)
Collectors(java.util.stream.Collectors)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
IOUtils(org.apache.commons.io.IOUtils)
List(java.util.List)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
AccountRoles(org.keycloak.models.AccountRoles)
HttpGet(org.apache.http.client.methods.HttpGet)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
LoginPage(org.keycloak.testsuite.pages.LoginPage)
Matchers.equalTo(org.hamcrest.Matchers.equalTo)
Cookie(org.openqa.selenium.Cookie)
ActionURIUtils(org.keycloak.testsuite.ActionURIUtils)
Matchers.is(org.hamcrest.Matchers.is)
HttpClientBuilder(org.apache.http.impl.client.HttpClientBuilder)
NameValuePair(org.apache.http.NameValuePair)
Assert(org.junit.Assert)
CookieStore(org.apache.http.client.CookieStore)
BasicCookieStore(org.apache.http.impl.client.BasicCookieStore)
Calendar(java.util.Calendar)
BasicClientCookie(org.apache.http.impl.cookie.BasicClientCookie)
Test(org.junit.Test)
AbstractKeycloakTest(org.keycloak.testsuite.AbstractKeycloakTest)
Aggregations
IOException (java.io.IOException)2
Arrays (java.util.Arrays)2
Calendar (java.util.Calendar)2
LinkedList (java.util.LinkedList)2
List (java.util.List)2
Set (java.util.Set)2
Collectors (java.util.stream.Collectors)2
IOUtils (org.apache.commons.io.IOUtils)2
NameValuePair (org.apache.http.NameValuePair)2
CookieStore (org.apache.http.client.CookieStore)2
UrlEncodedFormEntity (org.apache.http.client.entity.UrlEncodedFormEntity)2
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2
HttpGet (org.apache.http.client.methods.HttpGet)2
HttpPost (org.apache.http.client.methods.HttpPost)2
HttpRequestBase (org.apache.http.client.methods.HttpRequestBase)2
BasicCookieStore (org.apache.http.impl.client.BasicCookieStore)2
CloseableHttpClient (org.apache.http.impl.client.CloseableHttpClient)2
HttpClientBuilder (org.apache.http.impl.client.HttpClientBuilder)2
LaxRedirectStrategy (org.apache.http.impl.client.LaxRedirectStrategy)2
BasicClientCookie (org.apache.http.impl.cookie.BasicClientCookie)2
