Example 1 with WebAuthnAuthenticatorsList
use of org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList in project keycloak by keycloak.
the class WebAuthnRegisterAndLoginTest method registerUserSuccess.
@Test
public void registerUserSuccess() throws IOException {
String username = "registerUserSuccess";
String password = "password";
String email = "registerUserSuccess@email";
String userId = null;
try (RealmAttributeUpdater rau = updateRealmWithDefaultWebAuthnSettings(testRealm()).update()) {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
String authenticatorLabel = SecretGenerator.getInstance().randomString(24);
registerPage.register("firstName", "lastName", email, username, password, password);
// User was registered. Now he needs to register WebAuthn credential
webAuthnRegisterPage.assertCurrent();
webAuthnRegisterPage.clickRegister();
webAuthnRegisterPage.registerWebAuthnCredential(authenticatorLabel);
appPage.assertCurrent();
assertThat(appPage.getRequestType(), is(RequestType.AUTH_RESPONSE));
appPage.openAccount();
// confirm that registration is successfully completed
userId = events.expectRegister(username, email).assertEvent().getUserId();
// confirm registration event
EventRepresentation eventRep = events.expectRequiredAction(CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, authenticatorLabel).detail(WebAuthnConstants.PUBKEY_CRED_AAGUID_ATTR, ALL_ZERO_AAGUID).assertEvent();
String regPubKeyCredentialId = eventRep.getDetails().get(WebAuthnConstants.PUBKEY_CRED_ID_ATTR);
// confirm login event
String sessionId = events.expectLogin().user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, authenticatorLabel).assertEvent().getSessionId();
// confirm user registered
assertUserRegistered(userId, username.toLowerCase(), email.toLowerCase());
assertRegisteredCredentials(userId, ALL_ZERO_AAGUID, "none");
events.clear();
// logout by user
appPage.logout();
// confirm logout event
events.expectLogout(sessionId).user(userId).assertEvent();
// login by user
loginPage.open();
loginPage.login(username, password);
webAuthnLoginPage.assertCurrent();
final WebAuthnAuthenticatorsList authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(1));
assertThat(authenticators.getLabels(), Matchers.contains(authenticatorLabel));
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
assertThat(appPage.getRequestType(), is(RequestType.AUTH_RESPONSE));
appPage.openAccount();
// confirm login event
sessionId = events.expectLogin().user(userId).detail(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, regPubKeyCredentialId).detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, Boolean.FALSE.toString()).assertEvent().getSessionId();
events.clear();
// logout by user
appPage.logout();
// confirm logout event
events.expectLogout(sessionId).user(userId).assertEvent();
} finally {
removeFirstCredentialForUser(userId, WebAuthnCredentialModel.TYPE_TWOFACTOR);
}
}
Also used :
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
EventRepresentation(org.keycloak.representations.idm.EventRepresentation)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
Example 2 with WebAuthnAuthenticatorsList
use of org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList in project keycloak by keycloak.
the class WebAuthnRegisterAndLoginTest method webAuthnPasswordlessAlternativeWithWebAuthnAndPassword.
@Test
public void webAuthnPasswordlessAlternativeWithWebAuthnAndPassword() throws IOException {
String userId = null;
final String WEBAUTHN_LABEL = "webauthn";
final String PASSWORDLESS_LABEL = "passwordless";
try (RealmAttributeUpdater rau = new RealmAttributeUpdater(testRealm()).setBrowserFlow(webAuthnTogetherPasswordlessFlow()).update()) {
UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "test-user@localhost");
assertThat(user, notNullValue());
user.getRequiredActions().add(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID);
UserResource userResource = testRealm().users().get(user.getId());
assertThat(userResource, notNullValue());
userResource.update(user);
user = userResource.toRepresentation();
assertThat(user, notNullValue());
assertThat(user.getRequiredActions(), hasItem(WebAuthnPasswordlessRegisterFactory.PROVIDER_ID));
userId = user.getId();
loginUsernamePage.open();
loginUsernamePage.login("test-user@localhost");
passwordPage.assertCurrent();
passwordPage.login("password");
events.clear();
webAuthnRegisterPage.assertCurrent();
webAuthnRegisterPage.clickRegister();
webAuthnRegisterPage.registerWebAuthnCredential(PASSWORDLESS_LABEL);
webAuthnRegisterPage.assertCurrent();
webAuthnRegisterPage.clickRegister();
webAuthnRegisterPage.registerWebAuthnCredential(WEBAUTHN_LABEL);
appPage.assertCurrent();
events.expectRequiredAction(CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnPasswordlessRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, PASSWORDLESS_LABEL).assertEvent();
events.expectRequiredAction(CUSTOM_REQUIRED_ACTION).user(userId).detail(Details.CUSTOM_REQUIRED_ACTION, WebAuthnRegisterFactory.PROVIDER_ID).detail(WebAuthnConstants.PUBKEY_CRED_LABEL_ATTR, WEBAUTHN_LABEL).assertEvent();
final String sessionID = events.expectLogin().user(userId).assertEvent().getSessionId();
events.clear();
appPage.logout();
events.expectLogout(sessionID).user(userId).assertEvent();
// Password + WebAuthn security key
loginUsernamePage.open();
loginUsernamePage.assertCurrent();
loginUsernamePage.login("test-user@localhost");
passwordPage.assertCurrent();
passwordPage.login("password");
webAuthnLoginPage.assertCurrent();
final WebAuthnAuthenticatorsList authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(1));
assertThat(authenticators.getLabels(), Matchers.contains(WEBAUTHN_LABEL));
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
appPage.logout();
// Only passwordless login
loginUsernamePage.open();
loginUsernamePage.login("test-user@localhost");
passwordPage.assertCurrent();
passwordPage.assertTryAnotherWayLinkAvailability(true);
passwordPage.clickTryAnotherWayLink();
selectAuthenticatorPage.assertCurrent();
assertThat(selectAuthenticatorPage.getLoginMethodHelpText(SelectAuthenticatorPage.SECURITY_KEY), is("Use your security key for passwordless sign in."));
selectAuthenticatorPage.selectLoginMethod(SelectAuthenticatorPage.SECURITY_KEY);
webAuthnLoginPage.assertCurrent();
assertThat(webAuthnLoginPage.getAuthenticators().getCount(), is(0));
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
appPage.logout();
} finally {
removeFirstCredentialForUser(userId, WebAuthnCredentialModel.TYPE_TWOFACTOR, WEBAUTHN_LABEL);
removeFirstCredentialForUser(userId, WebAuthnCredentialModel.TYPE_PASSWORDLESS, PASSWORDLESS_LABEL);
}
}
Also used :
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
UserResource(org.keycloak.admin.client.resource.UserResource)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
UserRepresentation(org.keycloak.representations.idm.UserRepresentation)
AbstractAdminTest(org.keycloak.testsuite.admin.AbstractAdminTest)
Test(org.junit.Test)
Example 3 with WebAuthnAuthenticatorsList
use of org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList in project keycloak by keycloak.
the class WebAuthnSigningInTest method availableAuthenticatorsAfterRemove.
@Test
public void availableAuthenticatorsAfterRemove() {
addWebAuthnCredential("authenticator#1");
addWebAuthnCredential("authenticator#2");
final int webAuthnCount = webAuthnCredentialType.getUserCredentialsCount();
assertThat(webAuthnCount, is(2));
setUpWebAuthnFlow("webAuthnFlow");
logout();
signingInPage.navigateTo();
loginToAccount();
webAuthnLoginPage.assertCurrent();
WebAuthnAuthenticatorsList authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(2));
assertThat(authenticators.getLabels(), Matchers.contains("authenticator#1", "authenticator#2"));
final String credentialId = testUserResource().credentials().stream().filter(Objects::nonNull).filter(f -> WebAuthnCredentialModel.TYPE_TWOFACTOR.equals(f.getType())).map(CredentialRepresentation::getId).findFirst().orElse(null);
assertThat(credentialId, notNullValue());
testUserResource().removeCredential(credentialId);
driver.navigate().refresh();
webAuthnLoginPage.assertCurrent();
authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(1));
webAuthnLoginPage.clickAuthenticate();
signingInPage.assertCurrent();
}
Also used :
CoreMatchers.is(org.hamcrest.CoreMatchers.is)
Date(java.util.Date)
CoreMatchers.not(org.hamcrest.CoreMatchers.not)
Page(org.jboss.arquillian.graphene.page.Page)
ArrayList(java.util.ArrayList)
CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue)
DateTimeFormatterUtil(org.keycloak.theme.DateTimeFormatterUtil)
Locale(java.util.Locale)
SigningInPageUtils.testSetUpLink(org.keycloak.testsuite.ui.account2.page.utils.SigningInPageUtils.testSetUpLink)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
Matchers.hasSize(org.hamcrest.Matchers.hasSize)
UIUtils.refreshPageAndWaitForLoad(org.keycloak.testsuite.util.UIUtils.refreshPageAndWaitForLoad)
WebAuthnPasswordlessRegisterFactory(org.keycloak.authentication.requiredactions.WebAuthnPasswordlessRegisterFactory)
WebAuthnLoginPage(org.keycloak.testsuite.webauthn.pages.WebAuthnLoginPage)
MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat)
UserResource(org.keycloak.admin.client.resource.UserResource)
WebAuthnCredentialModel(org.keycloak.models.credential.WebAuthnCredentialModel)
ParseException(java.text.ParseException)
DateFormat(java.text.DateFormat)
SigningInPageUtils.assertUserCredential(org.keycloak.testsuite.ui.account2.page.utils.SigningInPageUtils.assertUserCredential)
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
Matchers.empty(org.hamcrest.Matchers.empty)
Collections.emptyList(java.util.Collections.emptyList)
Matchers(org.hamcrest.Matchers)
RequiredActionProviderRepresentation(org.keycloak.representations.idm.RequiredActionProviderRepresentation)
Test(org.junit.Test)
IOException(java.io.IOException)
SigningInPage(org.keycloak.testsuite.ui.account2.page.SigningInPage)
Collectors(java.util.stream.Collectors)
WaitUtils.waitForPageToLoad(org.keycloak.testsuite.util.WaitUtils.waitForPageToLoad)
Objects(java.util.Objects)
Consumer(java.util.function.Consumer)
List(java.util.List)
Closeable(java.io.Closeable)
WebAuthnRegisterFactory(org.keycloak.authentication.requiredactions.WebAuthnRegisterFactory)
CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation)
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
Objects(java.util.Objects)
Test(org.junit.Test)
Example 4 with WebAuthnAuthenticatorsList
use of org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList in project keycloak by keycloak.
the class WebAuthnTransportsTest method assertTransport.
private void assertTransport(VirtualAuthenticatorOptions authenticator, String transportName) {
getVirtualAuthManager().useAuthenticator(authenticator);
registerDefaultUser();
logout();
loginPage.open();
loginPage.assertCurrent();
loginPage.login(USERNAME, PASSWORD);
webAuthnLoginPage.assertCurrent();
WebAuthnAuthenticatorsList authenticatorsList = webAuthnLoginPage.getAuthenticators();
assertThat(authenticatorsList, notNullValue());
List<WebAuthnAuthenticatorsList.WebAuthnAuthenticatorItem> items = authenticatorsList.getItems();
assertThat(items, notNullValue());
assertThat(items.size(), is(1));
assertThat(items.get(0).getTransport(), is(transportName));
}
Also used :
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
Example 5 with WebAuthnAuthenticatorsList
use of org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList in project keycloak by keycloak.
the class WebAuthnErrorTest method errorPageWithTimeout.
@Test
@IgnoreBrowserDriver(FirefoxDriver.class)
public void errorPageWithTimeout() throws IOException {
final int timeoutSec = 3;
final String authenticatorLabel = "authenticator";
addWebAuthnCredential(authenticatorLabel);
try (RealmAttributeUpdater u = new WebAuthnRealmAttributeUpdater(testRealmResource()).setWebAuthnPolicyCreateTimeout(timeoutSec).update()) {
RealmRepresentation realm = testRealmResource().toRepresentation();
assertThat(realm, notNullValue());
assertThat(realm.getWebAuthnPolicyCreateTimeout(), is(timeoutSec));
final int webAuthnCount = webAuthnCredentialType.getUserCredentialsCount();
assertThat(webAuthnCount, is(1));
getWebAuthnManager().getCurrent().getAuthenticator().removeAllCredentials();
setUpWebAuthnFlow("webAuthnFlow");
logout();
signingInPage.navigateTo();
loginToAccount();
webAuthnLoginPage.assertCurrent();
final WebAuthnAuthenticatorsList authenticators = webAuthnLoginPage.getAuthenticators();
assertThat(authenticators.getCount(), is(1));
assertThat(authenticators.getLabels(), Matchers.contains(authenticatorLabel));
webAuthnLoginPage.clickAuthenticate();
// Should fail after this time
WaitUtils.pause((timeoutSec + 1) * 1000);
webAuthnErrorPage.assertCurrent();
assertThat(webAuthnErrorPage.getError(), is("Failed to authenticate by the Security key."));
}
}
Also used :
WebAuthnAuthenticatorsList(org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmRepresentation(org.keycloak.representations.idm.RealmRepresentation)
WebAuthnRealmAttributeUpdater(org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)
RealmAttributeUpdater(org.keycloak.testsuite.updaters.RealmAttributeUpdater)
Test(org.junit.Test)
IgnoreBrowserDriver(org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver)
Aggregations
WebAuthnAuthenticatorsList (org.keycloak.testsuite.webauthn.pages.WebAuthnAuthenticatorsList)11
Test (org.junit.Test)10
Closeable (java.io.Closeable)5
IOException (java.io.IOException)4
List (java.util.List)4
Locale (java.util.Locale)4
Consumer (java.util.function.Consumer)4
CoreMatchers.is (org.hamcrest.CoreMatchers.is)4
CoreMatchers.notNullValue (org.hamcrest.CoreMatchers.notNullValue)4
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)4
Matchers (org.hamcrest.Matchers)4
DateFormat (java.text.DateFormat)3
Date (java.util.Date)3
UserResource (org.keycloak.admin.client.resource.UserResource)3
CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)3
IgnoreBrowserDriver (org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver)3
RealmAttributeUpdater (org.keycloak.testsuite.updaters.RealmAttributeUpdater)3
WebAuthnRealmAttributeUpdater (org.keycloak.testsuite.webauthn.updaters.WebAuthnRealmAttributeUpdater)3
ParseException (java.text.ParseException)2
ArrayList (java.util.ArrayList)2
