Example 26 with TokenUtil
use of org.keycloak.testsuite.util.TokenUtil in project keycloak by keycloak.
the class AccountRestServiceTest method listApplicationsThirdParty.
@Test
public void listApplicationsThirdParty() throws Exception {
String appId = "third-party";
TokenUtil token = new TokenUtil("view-applications-access", "password");
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
SimpleHttp.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient).header("Accept", "application/json").json(requestedConsent).auth(token.getToken()).asJson(ConsentRepresentation.class);
List<ClientRepresentation> applications = SimpleHttp.doGet(getAccountUrl("applications"), httpClient).header("Accept", "application/json").auth(token.getToken()).asJson(new TypeReference<List<ClientRepresentation>>() {
});
assertFalse(applications.isEmpty());
SimpleHttp.doDelete(getAccountUrl("applications/" + appId + "/consent"), httpClient).header("Accept", "application/json").auth(token.getToken()).asResponse();
Map<String, ClientRepresentation> apps = applications.stream().collect(Collectors.toMap(x -> x.getClientId(), x -> x));
Assert.assertThat(apps.keySet(), containsInAnyOrder(appId, "always-display-client", "direct-grant"));
ClientRepresentation app = apps.get(appId);
assertClientRep(app, null, "A third party application", true, false, false, null, "http://localhost:8180/auth/realms/master/app/auth");
assertFalse(app.getConsent().getGrantedScopes().isEmpty());
ConsentScopeRepresentation grantedScope = app.getConsent().getGrantedScopes().get(0);
assertEquals(clientScopeRepresentation.getId(), grantedScope.getId());
assertEquals(clientScopeRepresentation.getName(), grantedScope.getName());
}
Also used :
ConsentRepresentation(org.keycloak.representations.account.ConsentRepresentation)
AssertEvents(org.keycloak.testsuite.AssertEvents)
UserRepresentation(org.keycloak.representations.account.UserRepresentation)
Messages(org.keycloak.services.messages.Messages)
DefaultAuthenticationFlows(org.keycloak.models.utils.DefaultAuthenticationFlows)
ResolveRelative(org.keycloak.services.util.ResolveRelative)
OAuthClient(org.keycloak.testsuite.util.OAuthClient)
Assert.assertThat(org.junit.Assert.assertThat)
SimpleHttp(org.keycloak.broker.provider.util.SimpleHttp)
Map(java.util.Map)
AuthenticationExecutionRepresentation(org.keycloak.representations.idm.AuthenticationExecutionRepresentation)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
TypeReference(com.fasterxml.jackson.core.type.TypeReference)
WebAuthnCredentialModel(org.keycloak.models.credential.WebAuthnCredentialModel)
SessionRepresentation(org.keycloak.representations.account.SessionRepresentation)
UserProfileAttributeMetadata(org.keycloak.representations.account.UserProfileAttributeMetadata)
Collectors(java.util.stream.Collectors)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation)
AccountCredentialResource(org.keycloak.services.resources.account.AccountCredentialResource)
List(java.util.List)
Response(javax.ws.rs.core.Response)
Details(org.keycloak.events.Details)
Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder)
Assert.assertFalse(org.junit.Assert.assertFalse)
ClientRepresentation(org.keycloak.representations.account.ClientRepresentation)
ConsentRepresentation(org.keycloak.representations.account.ConsentRepresentation)
EmailValidator(org.keycloak.validate.validators.EmailValidator)
WebAuthnRegisterFactory(org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory)
OAuth2Constants(org.keycloak.OAuth2Constants)
Profile(org.keycloak.common.Profile)
AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)
ConsentScopeRepresentation(org.keycloak.representations.account.ConsentScopeRepresentation)
AccountRestApiVersion(org.keycloak.common.enums.AccountRestApiVersion)
HashMap(java.util.HashMap)
ObjectUtil(org.keycloak.common.util.ObjectUtil)
ErrorRepresentation(org.keycloak.representations.idm.ErrorRepresentation)
AuthenticationExecutionInfoRepresentation(org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation)
WebAuthnAuthenticatorFactory(org.keycloak.authentication.authenticators.browser.WebAuthnAuthenticatorFactory)
UserModel(org.keycloak.models.UserModel)
EnableFeature(org.keycloak.testsuite.arquillian.annotation.EnableFeature)
AuthenticationExecutionModel(org.keycloak.models.AuthenticationExecutionModel)
UserBuilder(org.keycloak.testsuite.util.UserBuilder)
AuthenticationFlowRepresentation(org.keycloak.representations.idm.AuthenticationFlowRepresentation)
WebAuthnPasswordlessRegisterFactory(org.keycloak.authentication.requiredactions.WebAuthnPasswordlessRegisterFactory)
UserResource(org.keycloak.admin.client.resource.UserResource)
AuthServer(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude.AuthServer)
RequiredActionProviderSimpleRepresentation(org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation)
TokenUtil(org.keycloak.testsuite.util.TokenUtil)
ApiUtil(org.keycloak.testsuite.admin.ApiUtil)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation)
Assert.assertTrue(org.junit.Assert.assertTrue)
Test(org.junit.Test)
WebAuthnPasswordlessAuthenticatorFactory(org.keycloak.authentication.authenticators.browser.WebAuthnPasswordlessAuthenticatorFactory)
EventType(org.keycloak.events.EventType)
IOException(java.io.IOException)
OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel)
AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)
Rule(org.junit.Rule)
Assert.assertNull(org.junit.Assert.assertNull)
PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel)
UserProfileContext(org.keycloak.userprofile.UserProfileContext)
CredentialTypeMetadata(org.keycloak.credential.CredentialTypeMetadata)
Assert(org.junit.Assert)
Collections(java.util.Collections)
Assert.assertEquals(org.junit.Assert.assertEquals)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ConsentScopeRepresentation(org.keycloak.representations.account.ConsentScopeRepresentation)
TokenUtil(org.keycloak.testsuite.util.TokenUtil)
List(java.util.List)
ClientRepresentation(org.keycloak.representations.account.ClientRepresentation)
Test(org.junit.Test)
AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)
Example 27 with TokenUtil
use of org.keycloak.testsuite.util.TokenUtil in project keycloak by keycloak.
the class ResourcesRestServiceTest method testEndpointPermissions.
@Test
public void testEndpointPermissions() throws Exception {
// resource for view-account-access
String resourceId;
ResourceRepresentation resource = new ResourceRepresentation();
resource.setOwnerManagedAccess(true);
resource.setOwner(findUser("view-account-access").getId());
resource.setName("Resource view-account-access");
resource.setDisplayName("Display Name view-account-access");
resource.setIconUri("Icon Uri view-account-access");
resource.addScope("Scope A", "Scope B", "Scope C", "Scope D");
resource.setUri("http://resourceServer.com/resources/view-account-access");
try (Response response1 = getResourceServer().authorization().resources().create(resource)) {
resourceId = response1.readEntity(ResourceRepresentation.class).getId();
}
final String resourcesUrl = getAccountUrl("resources");
final String sharedWithOthersUrl = resourcesUrl + "/shared-with-others";
final String sharedWithMeUrl = resourcesUrl + "/shared-with-me";
final String resourceUrl = resourcesUrl + "/" + resourceId;
final String permissionsUrl = resourceUrl + "/permissions";
final String requestsUrl = resourceUrl + "/permissions/requests";
TokenUtil viewProfileTokenUtil = new TokenUtil("view-account-access", "password");
TokenUtil noAccessTokenUtil = new TokenUtil("no-account-access", "password");
// test read access
for (String url : Arrays.asList(resourcesUrl, sharedWithOthersUrl, sharedWithMeUrl, resourceUrl, permissionsUrl, requestsUrl)) {
assertEquals("no-account-access GET " + url, 403, SimpleHttp.doGet(url, httpClient).acceptJson().auth(noAccessTokenUtil.getToken()).asStatus());
assertEquals("view-account-access GET " + url, 200, SimpleHttp.doGet(url, httpClient).acceptJson().auth(viewProfileTokenUtil.getToken()).asStatus());
}
// test write access
assertEquals("no-account-access PUT " + permissionsUrl, 403, SimpleHttp.doPut(permissionsUrl, httpClient).acceptJson().auth(noAccessTokenUtil.getToken()).json(Collections.emptyList()).asStatus());
assertEquals("view-account-access PUT " + permissionsUrl, 403, SimpleHttp.doPut(permissionsUrl, httpClient).acceptJson().auth(viewProfileTokenUtil.getToken()).json(Collections.emptyList()).asStatus());
}
Also used :
Response(javax.ws.rs.core.Response)
TokenUtil(org.keycloak.testsuite.util.TokenUtil)
ResourceRepresentation(org.keycloak.representations.idm.authorization.ResourceRepresentation)
Test(org.junit.Test)
Example 28 with TokenUtil
use of org.keycloak.testsuite.util.TokenUtil in project keycloak by keycloak.
the class AccountRestServiceTest method createConsentForClient.
@Test
public void createConsentForClient() throws IOException {
TokenUtil token = new TokenUtil("manage-consent-access", "password");
String appId = "security-admin-console";
ClientScopeRepresentation clientScopeRepresentation = testRealm().clientScopes().findAll().get(0);
ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
consentScopeRepresentation.setId(clientScopeRepresentation.getId());
ConsentRepresentation requestedConsent = new ConsentRepresentation();
requestedConsent.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
ConsentRepresentation consentRepresentation = SimpleHttp.doPost(getAccountUrl("applications/" + appId + "/consent"), httpClient).header("Accept", "application/json").json(requestedConsent).auth(token.getToken()).asJson(ConsentRepresentation.class);
assertTrue(consentRepresentation.getCreatedDate() > 0);
assertTrue(consentRepresentation.getLastUpdatedDate() > 0);
assertEquals(1, consentRepresentation.getGrantedScopes().size());
assertEquals(consentScopeRepresentation.getId(), consentRepresentation.getGrantedScopes().get(0).getId());
}
Also used :
ConsentRepresentation(org.keycloak.representations.account.ConsentRepresentation)
ClientScopeRepresentation(org.keycloak.representations.idm.ClientScopeRepresentation)
ConsentScopeRepresentation(org.keycloak.representations.account.ConsentScopeRepresentation)
TokenUtil(org.keycloak.testsuite.util.TokenUtil)
Test(org.junit.Test)
AbstractAuthenticationTest(org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)
Example 29 with TokenUtil
use of org.keycloak.testsuite.util.TokenUtil in project keycloak by keycloak.
the class SessionRestServiceTest method testProfilePreviewPermissions.
@Test
public void testProfilePreviewPermissions() throws IOException {
TokenUtil noaccessToken = new TokenUtil("no-account-access", "password");
TokenUtil viewToken = new TokenUtil("view-account-access", "password");
// Read sessions with no access
assertEquals(403, SimpleHttp.doGet(getAccountUrl("sessions"), httpClient).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus());
// Delete all sessions with no access
assertEquals(403, SimpleHttp.doDelete(getAccountUrl("sessions"), httpClient).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus());
// Delete all sessions with read only
assertEquals(403, SimpleHttp.doDelete(getAccountUrl("sessions"), httpClient).header("Accept", "application/json").auth(viewToken.getToken()).asStatus());
// Delete single session with no access
assertEquals(403, SimpleHttp.doDelete(getAccountUrl("sessions/bogusId"), httpClient).header("Accept", "application/json").auth(noaccessToken.getToken()).asStatus());
// Delete single session with read only
assertEquals(403, SimpleHttp.doDelete(getAccountUrl("sessions/bogusId"), httpClient).header("Accept", "application/json").auth(viewToken.getToken()).asStatus());
}Aggregations
TokenUtil (org.keycloak.testsuite.util.TokenUtil)29
Test (org.junit.Test)28
AbstractAuthenticationTest (org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest)25
SimpleHttp (org.keycloak.broker.provider.util.SimpleHttp)18
ConsentRepresentation (org.keycloak.representations.account.ConsentRepresentation)16
ConsentScopeRepresentation (org.keycloak.representations.account.ConsentScopeRepresentation)16
ClientScopeRepresentation (org.keycloak.representations.idm.ClientScopeRepresentation)16
SessionRepresentation (org.keycloak.representations.account.SessionRepresentation)8
TypeReference (com.fasterxml.jackson.core.type.TypeReference)7
List (java.util.List)7
Response (javax.ws.rs.core.Response)7
IOException (java.io.IOException)6
Collections (java.util.Collections)6
HashMap (java.util.HashMap)6
Map (java.util.Map)6
Collectors (java.util.stream.Collectors)6
Matchers.containsInAnyOrder (org.hamcrest.Matchers.containsInAnyOrder)6
Assert (org.junit.Assert)6
Assert.assertEquals (org.junit.Assert.assertEquals)6
Assert.assertFalse (org.junit.Assert.assertFalse)6
