From 27719565ae257426e13ae012aa8adeb8d6bbe0a2 Mon Sep 17 00:00:00 2001 From: mposolda Date: Thu, 26 Jul 2018 11:28:42 +0200 Subject: [PATCH] KEYCLOAK-4298 Migrate LDAP tests to the new testsuite --- misc/Testsuite.md | 4 + .../rest/TestingResourceProvider.java | 13 + .../rest/resource/TestLDAPResource.java | 164 +++ .../testsuite/util}/LDAPTestUtils.java | 66 +- .../main/module.xml | 1 + .../client/KeycloakTestingClient.java | 2 +- .../client/resources/TestingLDAPResource.java | 56 + .../client/resources/TestingResource.java | 4 + .../org/keycloak/testsuite/util/LDAPRule.java | 24 +- .../federation/ldap/AbstractLDAPTest.java | 110 ++ .../ldap/LDAPBinaryAttributesTest.java | 145 +- .../ldap/LDAPGroupMapper2WaySyncTest.java | 194 +-- .../ldap/LDAPGroupMapperSyncTest.java | 232 ++- .../federation}/ldap/LDAPGroupMapperTest.java | 441 +++--- .../federation/ldap/LDAPLegacyImportTest.java | 147 ++ .../ldap/LDAPMSADFullNameTest.java | 265 ++-- .../federation/ldap/LDAPMSADMapperTest.java | 163 +++ .../ldap/LDAPMultipleAttributesTest.java | 247 ++++ .../federation}/ldap/LDAPNoMSADTest.java | 133 +- .../ldap/LDAPProvidersIntegrationTest.java | 1089 ++++++++++++++ .../ldap/LDAPRoleMappingsTest.java | 330 ++--- .../ldap/LDAPSpecialCharsTest.java | 159 +- .../federation/ldap/LDAPSyncTest.java | 358 +++++ .../federation/ldap/LDAPTestAsserts.java | 64 + .../federation/ldap/LDAPTestContext.java | 62 + .../noimport/LDAPGroupMapperNoImportTest.java | 57 + .../LDAPMultipleAttributesNoImportTest.java | 61 + .../LDAPProvidersIntegrationNoImportTest.java | 246 ++++ .../LDAPRoleMappingsNoImportTest.java | 209 ++- .../resources/ldap/fed-provider-export.json | 12 + .../base/src/test/resources/ldap/users.ldif | 5 + ...n-on-server-jboss-deployment-structure.xml | 1 + testsuite/integration-deprecated/pom.xml | 36 - .../ldap/LDAPTestConfiguration.java | 151 -- .../storage/ldap/LDAPExampleServlet.java | 63 - .../storage/ldap/LDAPLegacyImportTest.java | 166 --- .../storage/ldap/LDAPMSADMapperTest.java | 176 --- .../ldap/LDAPMultipleAttributesTest.java | 270 ---- .../ldap/LDAPProvidersIntegrationTest.java | 1294 ----------------- .../federation/storage/ldap/LDAPSyncTest.java | 381 ----- .../noimport/LDAPGroupMapperNoImportTest.java | 378 ----- .../LDAPMultipleAttributesNoImportTest.java | 112 -- .../LDAPProvidersIntegrationNoImportTest.java | 989 ------------- .../org/keycloak/testsuite/rule/LDAPRule.java | 140 -- .../resources/ldap/ldap-app-keycloak.json | 10 - .../resources/ldap/ldap-connection.properties | 26 - .../src/test/resources/ldap/users.ldif | 25 - testsuite/utils/pom.xml | 30 + .../util/ldap/LDAPEmbeddedServer.java | 13 +- 49 files changed, 3896 insertions(+), 5428 deletions(-) create mode 100644 testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestLDAPResource.java rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap => integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util}/LDAPTestUtils.java (83%) create mode 100644 testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingLDAPResource.java create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/AbstractLDAPTest.java rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPBinaryAttributesTest.java (74%) rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPGroupMapper2WaySyncTest.java (62%) rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPGroupMapperSyncTest.java (68%) rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPGroupMapperTest.java (57%) create mode 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPMSADFullNameTest.java (51%) create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADMapperTest.java create mode 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPNoMSADTest.java (51%) create mode 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPRoleMappingsTest.java (68%) rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/LDAPSpecialCharsTest.java (59%) create mode 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSyncTest.java create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestAsserts.java create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestContext.java create mode 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPGroupMapperNoImportTest.java create mode 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPMultipleAttributesNoImportTest.java create mode 100755 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java rename testsuite/{integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage => integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation}/ldap/noimport/LDAPRoleMappingsNoImportTest.java (69%) rename testsuite/{integration-deprecated => integration-arquillian/tests/base}/src/test/resources/ldap/fed-provider-export.json (98%) delete mode 100644 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java delete mode 100644 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java delete mode 100644 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java delete mode 100755 testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java delete mode 100644 testsuite/integration-deprecated/src/test/resources/ldap/ldap-app-keycloak.json delete mode 100644 testsuite/integration-deprecated/src/test/resources/ldap/ldap-connection.properties delete mode 100644 testsuite/integration-deprecated/src/test/resources/ldap/users.ldif diff --git a/misc/Testsuite.md b/misc/Testsuite.md index ad7f61d028f..df7bfc697a4 100644 --- a/misc/Testsuite.md +++ b/misc/Testsuite.md @@ -16,6 +16,10 @@ By default the testsuite uses an embedded H2 database to test with other databas Test utils ========== +All the utils can be executed from the directory testsuite/utils: + + cd testsuite/utils + Keycloak server --------------- diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java index 1e5b9ab50b8..7ea49d2b51b 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/TestingResourceProvider.java @@ -20,6 +20,7 @@ package org.keycloak.testsuite.rest; import org.jboss.resteasy.annotations.cache.NoCache; import org.jboss.resteasy.spi.BadRequestException; import org.jboss.resteasy.spi.HttpRequest; +import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.common.util.Time; import org.keycloak.component.ComponentModel; import org.keycloak.events.Event; @@ -35,6 +36,7 @@ import org.keycloak.models.AuthenticationFlowModel; import org.keycloak.models.ClientModel; import org.keycloak.models.FederatedIdentityModel; import org.keycloak.models.KeycloakSession; +import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; import org.keycloak.models.RealmProvider; import org.keycloak.models.UserCredentialModel; @@ -54,6 +56,8 @@ import org.keycloak.services.managers.RealmManager; import org.keycloak.services.resource.RealmResourceProvider; import org.keycloak.services.scheduled.ClearExpiredUserSessions; import org.keycloak.storage.UserStorageProvider; +import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.testsuite.components.TestProvider; import org.keycloak.testsuite.components.TestProviderFactory; import org.keycloak.testsuite.events.EventsListenerProvider; @@ -63,6 +67,7 @@ import org.keycloak.testsuite.forms.PassThroughClientAuthenticator; import org.keycloak.testsuite.rest.representation.AuthenticatorState; import org.keycloak.testsuite.rest.resource.TestCacheResource; import org.keycloak.testsuite.rest.resource.TestJavascriptResource; +import org.keycloak.testsuite.rest.resource.TestLDAPResource; import org.keycloak.testsuite.rest.resource.TestingExportImportResource; import org.keycloak.testsuite.runonserver.ModuleUtil; import org.keycloak.testsuite.runonserver.FetchOnServer; @@ -572,6 +577,13 @@ public class TestingResourceProvider implements RealmResourceProvider { } + @Path("/ldap/{realm}") + public TestLDAPResource ldap(@PathParam("realm") final String realmName) { + RealmModel realm = session.realms().getRealmByName(realmName); + return new TestLDAPResource(session, realm); + } + + @Override public void close() { } @@ -682,6 +694,7 @@ public class TestingResourceProvider implements RealmResourceProvider { return reps; } + @GET @Path("/identity-config") @Produces(MediaType.APPLICATION_JSON) diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestLDAPResource.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestLDAPResource.java new file mode 100644 index 00000000000..bae7cbecd65 --- /dev/null +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/rest/resource/TestLDAPResource.java @@ -0,0 +1,164 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.rest.resource; + +import java.util.Map; + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; + +import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.component.ComponentModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.LDAPConstants; +import org.keycloak.models.RealmModel; +import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.storage.UserStorageProvider; +import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.LDAPStorageProviderFactory; +import org.keycloak.storage.ldap.LDAPUtils; +import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; +import org.keycloak.storage.ldap.mappers.membership.MembershipType; +import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; +import org.keycloak.testsuite.util.LDAPTestUtils; +import org.keycloak.utils.MediaType; + +import static org.keycloak.testsuite.util.LDAPTestUtils.getGroupDescriptionLDAPAttrName; + +/** + * @author Marek Posolda + */ +public class TestLDAPResource { + + private final KeycloakSession session; + private final RealmModel realm; + + public TestLDAPResource(KeycloakSession session, RealmModel realm) { + this.session = session; + this.realm = realm; + } + + + /** + * @param ldapCfg configuration of LDAP provider + * @param importEnabled specify if LDAP provider will have import enabled + * @return ID of newly created provider + */ + @POST + @Path("/create-ldap-provider") + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + public String createLDAPProvider(Map ldapCfg, @QueryParam("import") boolean importEnabled) { + MultivaluedHashMap ldapConfig = toComponentConfig(ldapCfg); + ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); + ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); + + UserStorageProviderModel model = new UserStorageProviderModel(); + model.setLastSync(0); + model.setChangedSyncPeriod(-1); + model.setFullSyncPeriod(-1); + model.setName("test-ldap"); + model.setPriority(0); + model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); + model.setConfig(ldapConfig); + + model.setImportEnabled(importEnabled); + + model.setCachePolicy(UserStorageProviderModel.CachePolicy.MAX_LIFESPAN); + model.setMaxLifespan(600000); // Lifetime is 10 minutes + + ComponentModel ldapModel = realm.addComponentModel(model); + return ldapModel.getId(); + } + + + private static MultivaluedHashMap toComponentConfig(Map ldapConfig) { + MultivaluedHashMap config = new MultivaluedHashMap<>(); + for (Map.Entry entry : ldapConfig.entrySet()) { + config.add(entry.getKey(), entry.getValue()); + + } + return config; + } + + + /** + * Prepare groups LDAP tests. Creates some LDAP mappers as well as some built-in GRoups and users in LDAP + */ + @POST + @Path("/configure-groups") + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + public void prepareGroupsLDAPTest() { + LDAPTestUtils.addLocalUser(session, realm, "mary", "mary@test.com", "password-app"); + LDAPTestUtils.addLocalUser(session, realm, "john", "john@test.com", "password-app"); + + ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(session, realm); + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + String descriptionAttrName = getGroupDescriptionLDAPAttrName(ldapFedProvider); + + // Add group mapper + LDAPTestUtils.addOrUpdateGroupMapper(realm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName); + + // Remove all LDAP groups + LDAPTestUtils.removeAllLDAPGroups(session, realm, ldapModel, "groupsMapper"); + + // Add some groups for testing + LDAPObject group1 = LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "group1", descriptionAttrName, "group1 - description"); + LDAPObject group11 = LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "group11"); + LDAPObject group12 = LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "group12", descriptionAttrName, "group12 - description"); + + LDAPObject defaultGroup1 = LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "defaultGroup1", descriptionAttrName, "Default Group1 - description"); + LDAPObject defaultGroup11 = LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "defaultGroup11"); + LDAPObject defaultGroup12 = LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "defaultGroup12", descriptionAttrName, "Default Group12 - description"); + + LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group11, false); + LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group12, true); + + LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup11, false); + LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup12, true); + + // Sync LDAP groups to Keycloak DB + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ldapModel, "groupsMapper"); + new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); + + realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(realm, "/defaultGroup1/defaultGroup11")); + realm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(realm, "/defaultGroup1/defaultGroup12")); + + // Delete all LDAP users + LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, realm); + + // Add some LDAP users for testing + LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); + + LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678"); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1"); + + LDAPObject rob = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910"); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1"); + + LDAPObject james = LDAPTestUtils.addLDAPUser(ldapFedProvider, realm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910"); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1"); + } +} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/LDAPTestUtils.java similarity index 83% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java rename to testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/LDAPTestUtils.java index 83a3498d59a..bbec67342b7 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPTestUtils.java +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/java/org/keycloak/testsuite/util/LDAPTestUtils.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,21 +15,17 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.util; -import org.junit.Assert; -import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.component.ComponentModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; import org.keycloak.models.UserCredentialModel; import org.keycloak.models.UserModel; -import org.keycloak.models.UserProvider; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.models.utils.UserModelDelegate; import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.representations.idm.SynchronizationResultRepresentation; import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.ldap.LDAPStorageProvider; import org.keycloak.storage.ldap.LDAPConfig; @@ -47,8 +43,6 @@ import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper; import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.membership.role.RoleMapperConfig; -import org.keycloak.storage.user.SynchronizationResult; -import org.keycloak.testsuite.rule.LDAPRule; import java.util.Arrays; import java.util.Collections; @@ -61,21 +55,6 @@ import java.util.Set; * @author Marek Posolda */ public class LDAPTestUtils { - public static MultivaluedHashMap getLdapRuleConfig(LDAPRule ldapRule) { - Map ldapConfig = ldapRule.getConfig(); - return toComponentConfig(ldapConfig); - - } - - public static MultivaluedHashMap toComponentConfig(Map ldapConfig) { - MultivaluedHashMap config = new MultivaluedHashMap<>(); - for (Map.Entry entry : ldapConfig.entrySet()) { - config.add(entry.getKey(), entry.getValue()); - - } - return config; - } - public static UserModel addLocalUser(KeycloakSession session, RealmModel realm, String username, String email, String password) { UserModel user = session.userLocalStorage().addUser(realm, username); @@ -138,28 +117,20 @@ public class LDAPTestUtils { } } + public static ComponentModel getLdapProviderModel(KeycloakSession session, RealmModel realm) { + List components = realm.getComponents(realm.getId(), UserStorageProvider.class.getName()); + for (ComponentModel component : components) { + if ("test-ldap".equals(component.getName())) { + return component; + } + } + return null; + } + public static LDAPStorageProvider getLdapProvider(KeycloakSession keycloakSession, ComponentModel ldapFedModel) { return (LDAPStorageProvider)keycloakSession.getProvider(UserStorageProvider.class, ldapFedModel); } - public static UserModel assertUserImported(UserProvider userProvider, RealmModel realm, String username, String expectedFirstName, String expectedLastName, String expectedEmail, String expectedPostalCode) { - UserModel user = userProvider.getUserByUsername(username, realm); - Assert.assertNotNull(user); - Assert.assertEquals(expectedFirstName, user.getFirstName()); - Assert.assertEquals(expectedLastName, user.getLastName()); - Assert.assertEquals(expectedEmail, user.getEmail()); - Assert.assertEquals(expectedPostalCode, user.getFirstAttribute("postal_code")); - return user; - } - - public static void assertLoaded(UserModel user, String username, String expectedFirstName, String expectedLastName, String expectedEmail, String expectedPostalCode) { - Assert.assertNotNull(user); - Assert.assertEquals(expectedFirstName, user.getFirstName()); - Assert.assertEquals(expectedLastName, user.getLastName()); - Assert.assertEquals(expectedEmail, user.getEmail()); - Assert.assertEquals(expectedPostalCode, user.getFirstAttribute("postal_code")); - } - // CRUD model mappers @@ -327,16 +298,7 @@ public class LDAPTestUtils { } - public static void assertSyncEquals(SynchronizationResult syncResult, int expectedAdded, int expectedUpdated, int expectedRemoved, int expectedFailed) { - Assert.assertEquals(expectedAdded, syncResult.getAdded()); - Assert.assertEquals(expectedUpdated, syncResult.getUpdated()); - Assert.assertEquals(expectedRemoved, syncResult.getRemoved()); - Assert.assertEquals(expectedFailed, syncResult.getFailed()); - } - public static void assertSyncEquals(SynchronizationResultRepresentation syncResult, int expectedAdded, int expectedUpdated, int expectedRemoved, int expectedFailed) { - Assert.assertEquals(expectedAdded, syncResult.getAdded()); - Assert.assertEquals(expectedUpdated, syncResult.getUpdated()); - Assert.assertEquals(expectedRemoved, syncResult.getRemoved()); - Assert.assertEquals(expectedFailed, syncResult.getFailed()); + public static String getGroupDescriptionLDAPAttrName(LDAPStorageProvider ldapProvider) { + return ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description"; } } diff --git a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml index 467601a3f92..9d818c38c57 100644 --- a/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml +++ b/testsuite/integration-arquillian/servers/auth-server/services/testsuite-providers/src/main/resources/org/keycloak/testsuite/integration-arquillian-testsuite-providers/main/module.xml @@ -32,6 +32,7 @@ + diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java index 09c280bcda3..92c71fbeeca 100755 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/KeycloakTestingClient.java @@ -97,7 +97,7 @@ public class KeycloakTestingClient { public T fetch(FetchOnServer function, Class clazz) throws RunOnServerException { try { String s = fetchString(function); - return JsonSerialization.readValue(s, clazz); + return s==null ? null : JsonSerialization.readValue(s, clazz); } catch (Exception e) { throw new RuntimeException(e); } diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingLDAPResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingLDAPResource.java new file mode 100644 index 00000000000..4eb45a1e799 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingLDAPResource.java @@ -0,0 +1,56 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.client.resources; + +import java.util.Map; + +import javax.ws.rs.Consumes; +import javax.ws.rs.POST; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; + +import org.keycloak.utils.MediaType; + +/** + * @author Marek Posolda + */ +public interface TestingLDAPResource { + + + /** + * @param ldapCfg configuration of LDAP provider + * @param importEnabled specify if LDAP provider will have import enabled + * @return ID of newly created provider + */ + @POST + @Path("/create-ldap-provider") + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + String createLDAPProvider(Map ldapCfg, @QueryParam("import") boolean importEnabled); + + + /** + * Prepare groups LDAP tests. Creates some LDAP mappers as well as some built-in GRoups and users in LDAP + */ + @POST + @Path("/configure-groups") + @Produces(MediaType.APPLICATION_JSON) + @Consumes(MediaType.APPLICATION_JSON) + void prepareGroupsLDAPTest(); +} diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java index 04daf8da81a..a217ec133a1 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/client/resources/TestingResource.java @@ -204,6 +204,9 @@ public interface TestingResource { @Path("/cache/{cache}") TestingCacheResource cache(@PathParam("cache") String cacheName); + @Path("/ldap/{realm}") + TestingLDAPResource ldap(@PathParam("realm") final String realmName); + @POST @Path("/update-pass-through-auth-state") @Produces(MediaType.APPLICATION_JSON) @@ -251,6 +254,7 @@ public interface TestingResource { @Produces(MediaType.APPLICATION_JSON) Map getTestComponentDetails(); + @GET @Path("/identity-config") @Produces(MediaType.APPLICATION_JSON) diff --git a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/LDAPRule.java b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/LDAPRule.java index 7aef684350a..1b9a4c66589 100644 --- a/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/LDAPRule.java +++ b/testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/util/LDAPRule.java @@ -17,6 +17,7 @@ package org.keycloak.testsuite.util; +import org.junit.Assume; import org.junit.rules.ExternalResource; import org.keycloak.models.LDAPConstants; import org.keycloak.util.ldap.LDAPEmbeddedServer; @@ -39,14 +40,23 @@ public class LDAPRule extends ExternalResource { private static final String PROPERTY_CERTIFICATE_PASSWORD = "certificatePassword"; - protected LDAPTestConfiguration ldapTestConfiguration; - protected LDAPEmbeddedServer ldapEmbeddedServer; + LDAPTestConfiguration ldapTestConfiguration; + private LDAPEmbeddedServer ldapEmbeddedServer; + private LDAPAssume assume; + + public LDAPRule assumeTrue(LDAPAssume assume) { + this.assume = assume; + return this; + } + @Override protected void before() throws Throwable { String connectionPropsLocation = getConnectionPropertiesLocation(); ldapTestConfiguration = LDAPTestConfiguration.readConfiguration(connectionPropsLocation); + Assume.assumeTrue("Assumption in LDAPRule is false. Skiping the test", assume==null || assume.assumeTrue(ldapTestConfiguration)); + if (ldapTestConfiguration.isStartEmbeddedLdapServer()) { ldapEmbeddedServer = createServer(); ldapEmbeddedServer.init(); @@ -75,8 +85,6 @@ public class LDAPRule extends ExternalResource { Properties defaultProperties = new Properties(); defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_DSF, LDAPEmbeddedServer.DSF_INMEMORY); defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_LDIF_FILE, "classpath:ldap/users.ldif"); - defaultProperties.setProperty(LDAPConstants.CONNECTION_URL, "ldaps://localhost:10636"); - defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_BIND_PORT, "10636"); defaultProperties.setProperty(PROPERTY_ENABLE_SSL, "true"); defaultProperties.setProperty(PROPERTY_CERTIFICATE_PASSWORD, "secret"); defaultProperties.setProperty(PROPERTY_KEYSTORE_FILE, this.getClass().getClassLoader().getResource(LDAPRule.PRIVATE_KEY).getFile()); @@ -91,4 +99,12 @@ public class LDAPRule extends ExternalResource { public int getSleepTime() { return ldapTestConfiguration.getSleepTime(); } + + + /** Allows to run particular LDAP test just under specific conditions (eg. some test running just on Active Directory) **/ + public interface LDAPAssume { + + boolean assumeTrue(LDAPTestConfiguration ldapConfig); + + } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/AbstractLDAPTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/AbstractLDAPTest.java new file mode 100644 index 00000000000..8b7edd7182d --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/AbstractLDAPTest.java @@ -0,0 +1,110 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import java.util.List; +import java.util.Map; + +import org.jboss.arquillian.graphene.page.Page; +import org.keycloak.models.RealmModel; +import org.keycloak.representations.idm.ComponentRepresentation; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; +import org.keycloak.testsuite.AbstractTestRealmKeycloakTest; +import org.keycloak.testsuite.pages.AccountPasswordPage; +import org.keycloak.testsuite.pages.AccountUpdateProfilePage; +import org.keycloak.testsuite.pages.AppPage; +import org.keycloak.testsuite.pages.LoginPage; +import org.keycloak.testsuite.pages.OAuthGrantPage; +import org.keycloak.testsuite.pages.RegisterPage; +import org.keycloak.testsuite.util.LDAPRule; + +/** + * @author Marek Posolda + */ +public abstract class AbstractLDAPTest extends AbstractTestRealmKeycloakTest { + + static final String TEST_REALM_NAME = "test"; + + protected static String ldapModelId; + + @Page + protected AppPage appPage; + + @Page + protected LoginPage loginPage; + + @Page + protected RegisterPage registerPage; + + @Page + protected AccountPasswordPage changePasswordPage; + + @Page + protected AccountUpdateProfilePage profilePage; + + @Page + protected OAuthGrantPage grantPage; + + + + @Override + public void configureTestRealm(RealmRepresentation testRealm) { + } + + + @Override + public void importTestRealms() { + super.importTestRealms(); + log.infof("Test realms imported"); + + createLDAPProvider(); + + afterImportTestRealm(); + } + + + protected void createLDAPProvider() { + Map cfg = getLDAPRule().getConfig(); + ldapModelId = testingClient.testing().ldap(TEST_REALM_NAME).createLDAPProvider(cfg, isImportEnabled()); + log.infof("LDAP Provider created"); + } + + + protected boolean isImportEnabled() { + return true; + } + + /** + * Executed once per class. It is executed after the test realm is imported + */ + protected abstract void afterImportTestRealm(); + + protected abstract LDAPRule getLDAPRule(); + + + protected ComponentRepresentation findMapperRepByName(String name) { + List mappers = testRealm().components().query(ldapModelId, LDAPStorageMapper.class.getName()); + for (ComponentRepresentation mapper : mappers) { + if (mapper.getName().equals(name)) { + return mapper; + } + } + return null; + } +} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPBinaryAttributesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPBinaryAttributesTest.java similarity index 74% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPBinaryAttributesTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPBinaryAttributesTest.java index 66924d173c7..bf048f6bc10 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPBinaryAttributesTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPBinaryAttributesTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,7 +15,7 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.federation.ldap; import java.util.Arrays; import java.util.Collections; @@ -24,76 +24,70 @@ import java.util.List; import javax.ws.rs.ClientErrorException; import javax.ws.rs.core.Response; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.After; import org.junit.Assert; -import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; -import org.keycloak.admin.client.Keycloak; -import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; import org.keycloak.component.ComponentValidationException; -import org.keycloak.models.Constants; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; -import org.keycloak.models.RealmProvider; import org.keycloak.models.UserModel; import org.keycloak.models.utils.UserModelDelegate; import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.LDAPUtils; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; +import org.keycloak.testsuite.client.KeycloakTestingClient; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER; -import static org.keycloak.models.AdminRoles.ADMIN; -import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; /** * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPBinaryAttributesTest { +public class LDAPBinaryAttributesTest extends AbstractLDAPTest { - private static LDAPRule ldapRule = new LDAPRule(); + @ClassRule + public static LDAPRule ldapRule = new LDAPRule(); - private static ComponentModel ldapModel = null; + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - ldapModel = appRealm.addComponentModel(model); - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); + LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ctx.getLdapModel()); // Delete all LDAP users and add some new for testing - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); // LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); @@ -102,44 +96,31 @@ public class LDAPBinaryAttributesTest { // LDAPObject existing = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678"); appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); - } - }); - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); + }); + } + + private static final String JPEG_PHOTO_BASE64 = "/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAMDAwMDAwQEBAQFBQUFBQcHBgYHBwsICQgJCAsRCwwLCwwLEQ8SDw4PEg8bFRMTFRsfGhkaHyYiIiYwLTA+PlQBAwMDAwMDBAQEBAUFBQUFBwcGBgcHCwgJCAkICxELDAsLDAsRDxIPDg8SDxsVExMVGx8aGRofJiIiJjAtMD4+VP/CABEIAFIAWAMBIgACEQEDEQH/xAAdAAACAgMBAQEAAAAAAAAAAAAGCAUHAwQJAgAB/9oACAEBAAAAAElmzK1aOaraUmpiktrD10DayAIMkKunPQdk+hrZwkUNkMrM88VDtt7r7C1KCJtprbSBP2J6K+VDqUlwErkDnOm/HF9IPDaWQ+cP85sXS7OCj1Iybjj2zVvJA0b91BqJ1JuQDYfkuSWrGdFzsMsWkaIUGHh4IuY1glqtWrK8G89YeJk+ldfT1pHz9//EABoBAAIDAQEAAAAAAAAAAAAAAAUHAwYIBAD/2gAIAQIQAAAApKICefJOj5haleI6vyhC1+FEa9UydaFaD7hDLtU9jttBsCJni6f/xAAaAQADAQEBAQAAAAAAAAAAAAAFBgcDBAII/9oACAEDEAAAAF5+Mdc4X6LUuz2kyGquiYYI/PzvUctR8d5289ghjS48fuOK/wD/xAA5EAABAwIEBAMGAwcFAAAAAAABAgMEABEFBhIhEzFBURQiMgdCYXGBwSOhsRUkM3KCkdFSU2J04f/aAAgBAQABPwGHLbkIVbmjmPhSF60BSL2VUPDhLYLjL4KuotyP0NQPZq5iWBmUiWPGFarIV/DIHS/MGpeC4lhrnh5MdxLgJBuna/wPWsFyW2/kVaH2/wB7dK5LSyPMDbb6KtWD+zqBKypKTIZQJ89q4dPNG10f+1GydizuAPSSgstwlHiawQVnVby/LrTrfBOkqF6gyWmEJQSoKvfVYUiawVbrubc6bQEr4qSkKpDj/iEMKSdLoDYSm/XkRWSco+Bg4dORxo8lCyJcd1NgqxI68tjSG2Wm/wAFKUi97DYVi2GRcZh8F+9goLSR0IpC02TakqA2rE4acSgPw9WgPJ0qPYE71mL2fQJLanYiOGmJh5DKEep125IualtvxJDrDo0OtLKFjsQd6U8tJ2686deDa/Ii1/STvWU8KwDOOVoaZ8VPioV2VLQdC0WNwQRSU2QEk3sNyetPExzq9zr8KEwpulXTrTWJx0OLQp5IOskC/Sm5iFpSpCr3A/S9IeF9zQJPI2r2g5Tw3AWFS0uPOPzpay3q9KE8zc9Tvzpxv6HrWUcCh5hnmC/iQiv6bskp18XvbcVlXJE3K0xbrOJJfadFnGi2U/UG5peocqxPEmYrCtak3I2FTcckBwp1q9PIck87Hbn3oLllYWTvzvUbFpkE7XIv1+FYFizOIM60W18inqmmeIrnXtTaxmW82p2I61CYFkL2Ui6upI5XrhKS0nWL6VadQ95J7VkzKcZzEor4lsHgkL4KwSrWO1ulJdWbeUHbcjaluqAPkX+VZjxMLkur07Nk7cjYdjyvTSzJcceWLFe4+9Mt6x5eQNOBCiR8enSsqylxcSLSdR1g7X273pmVYedJT9Kx7L+G5mjBp911sp9KkqOx+KTsazDl+Rl3EBHcktvNKuptSFbEfEdCKyEGHNi+OKhZUGFNg/1JJ3BoSU99/lTuzZUs2FutZhaSZT5SggJVcG29r9bU1p8OhQuRalyHgBa4TyriWTfqayjEck4kp1CiA0j63VyplTqPKtQV89qnfsl5jhzyzw1/7igP7XrPOF4fgmMNrg4ozIjSFH8BCwtbI7E9u1ZCwvCpjrcyRKQHW3PLG1WJ+N/8U65o3sBSWCs8R3c9B2rN2BGWy7ISQDpsRb86SuRC1IlNLQb9ep+B60ZUbYnaokOXijwaYQdJ5q90bd6wDBF4JESlJC7+Zdhvc00W3htWbZmHYVhi3J8PxUVR0rb06t+l+3zrFXMLU6VQUvJJcWVBQ0pSOiUi6jt3Jpryea52r2c+KxKap9995TEVvyjWbFajtfvWsL+VKW1iBJQoKZbV03uof4qThEWWyriNJWee++9R8uYTH06YrYIH+kU9BaCNKU2t6aw93iJ0KO6axfFIOFSW1OSEsFwn1GwJHOsdbYzhlybEgy21ugC4QoG+nfSfnU6MAtY9JR7vfferqPQmsOzTOw9bDMdTLZTfhtcklZFrnufnWLe0HM+JLMbi+FSfIpDW3zuedZXQzGyxh/IDw4Wf6/Mo1h8pqbCaktnyOi6T8L1PxlqFj0OE5sJLK7fzDkKOlbYVWM4yzl7FY63dmJKTqI90o62r2pQXnDExpg8aK4gNmytkHoR8DTMx6MVLYdW2u1uo/NNL1JSt3UFq08qCVN+pR2pS9SiR32oyPElp824iLIc/5dlUjOstvLyMKCAAEFBdJ9y/Kms2QMNyvBjofC3ww2opQb8/MAfvWPY/IxzFvFqUW9B/BsfSByFSfaGpzAm+E4WZrTyF2725/Q9qx7NT+ZHY7i20t8JrTpBvc33NSJkzgmKH3THJ1cLUdN/lQTtvUSO2664FXA0LWr6C9KJJNConrP8AIaRzXTPo/t+tO/f71J9X0H6U1T1L+1QNncQ/6n3Ff//EACQQAQEAAgICAQQDAQAAAAAAAAERACExQVGBYXGRobEQwfDR/9oACAEBAAE/EFxCJHa+QcvGUwhESkN9fiYHv0VpOm0o9OFKc/OP0nyMqyNS7O0x2FTnAH6HHF+oMkQP6cPbVCpqdHusdzBsTjjKJKrAZwN411hOmhN3Q+OdYFicQWN6QTJzrwEHC7aJwbcdwysS/AW7GNhVpxF5hwesFHQhHh77IyY3UAIHQHgwuHXP36x4apQUBQcWcXJmcwJakbelduaVYQKsBS3eAVJyB+cQnvn1w6o9ZDI6pnUIiPfdxG9iCBQRXreNy18f2PjFCeB0fH3MMVGwtGz1hMB2JKPunWGBO9cLh1omlDTJZj6GlAPSm3RMCgLAgSfWedY3okyFyEYQWneraZLkQPZNfjHeyDpVdBP7dYuNwjIibANNDHmgaDAeXRptkBMDpGVE6Hqjvltx4aCVkJq9o4gOA4y6pRz7bXiMrUKoBArI5ZdacH0tDvKBFDsjg3oRL8G/tceEiW1Y6UAXW0jxK47AXAL0gOg3HkF1MeStC2JfnHWoCStw/wDe804AlIhCOmmMAu7jZ+Fw0B2U6H2hTGAuDJHQLuYV1xK4W0jhBExMKEcCV+5m01yqkMRn8VrZVUN24oNBOeYF1eI6cEGRpvfJrB+GQLVd9ZIRJROhHod4eCYNA8PTGhag8kNPJivYOADUtVxNVsC44dbHxjhJe2AYOXuc16+cQODu1ej3TF3gwCyreivI5JUksX4fesSG1rUxOwRWcCuJY2pBRrL0AQyrY62UfZjjgyEKuhQpIYLK9dtHzfVC4V2Gib2vOsI+EqqQI4gFwY1Py185FplUDmj8LU84jKWQGhYb+GYoKQdBVa8fLgkXPHI8s+uWSNh+pzh6/EJ6CF0MduPBMS2w88OjhgEW0VUC+Ht6xbrYBeevOWtwmrpdV6RSGDx83G9WqMDRe3oFCj2uUoN4FoGLoFWobz7guMGnj2W4jCzVWD1RwXq8VTsWxxafUEV2R2WOBoHSEnGyczAFEcmv43hrndLdMA4GT4cJ8xi4mEFtpKDrTMB0WxjaWEKwJpfaeX95xkQjKxHJ5FgWWx4WjvAwAztJmx6tsUyaoEOUrgVl3jsSC8V1lgV0fwbzc/pzg9R17zkOp+jGh6Z5/wDGuf2M4nvOf+9ZxOos/wD/xAAvEQABAwMCBQMDAwUAAAAAAAACAQMEAAUREiEGBxMxQSJRcSMzYRQygRUXQpGy/9oACAECAQE/AHIDLhl0i0+VQvHvXF3MCTaZ7kW0voatv+o1FP8ABcKBfhavPM+dcbZESOCsSQki49pzj0dk+Fqy81r3FkSBkfUbkzAdQjVS6I9lQUqw8SWzi6GRRjVSHTrBdiHPaisAEuUNa5mXmBDgLFC4lBubGHmCRDFT8YQsYwtQmHpkpBFOorpepPfPmoPAIq0RPvCCGKYRKv3B71pZV8fqte6ePmuVEmaxxMLDUkWmDTL45RNenslA5lNiT/aVzPmzJt7EHzJ1GQwKKONOd65cxYz9wdUw3ANqfaOQaiC6UHbHxVxYaGzTlfX6aNL37ZqG49CurT0UnWzE8obKay/hPNWtXpdqhSFdV7qsoqmrStqq+cj4WuYPB5SVfu7twJWmAXDKhnT7COKslxnW6cMtvIg0qIW22Pav7i2hwOq7EdF3VujZJiuI+MnrzDVuO30owEmtvuq/lVrh+2G1dbZLfbkDBceDW4iEmlM99SVFVhY7e6l6e5KhLTtmjXAFafQTbwuyjsua454JC4223QLXHajNhJQnhBNO2MZ/NWLl0/Luk39Q2rcQeu2Cki6s9gJK4e5ZXNqUSzxT9KXWbcHOC2T0qlcPWz+k2dmC+YPi1kQXTjLefShJ7pTUiO2pAaIqpjG2MJQft/irl+9Ka+4XwtJ9qmu4/NF99z4D/mv/xAAsEQACAQMCBAUDBQAAAAAAAAABAgMABBEFEgYhMUETFCIycVFSYRUzNGJy/9oACAEDAQE/AE09bmQ+F8kNWhcIsrs9wAYmHp+vMVYcIx291cO+JInQqoPXJ61c8MWzW6Rx5HhoQP7HHKtZ0W5tMJMMhjkN8V5B/uFcM2EodZDAjxMNpY9qtoRyIxtHUVLNawYyBQEM6+nGcVxVFB5F96bmHsI7ZokZ61wdEP0pJcDdJzPqzSnZESprWricTAktWgtNtBfJJ7GtRtYZonWRAQQeXatdsXtr90VNoxyAbIrhDXbaJYrKO1IZurA5yfqajYk7GwAwqWxikOSVNJFHbx5BBP4q9uikEojdC/hnCEg1LNHM5Zwuc9xWnRywSq8UrJjmDitP4ha2neS6kYnwiFB+7NXvFFtawxEOrTPtJUdgetapxVBDZFrdwZPSy5/PUGtS1iO7n8xEGQuPUuT1qEhgx25yerVb9Kv/AHU/8l/8VcftrSe5fmovYK//2Q=="; - protected Keycloak adminClient; - - - @Before - public void before() { - adminClient = Keycloak.getInstance(AUTH_SERVER_ROOT, MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID); - } - @After public void after() { - ComponentRepresentation jpegMapper = adminClient.realm("test").components().query(ldapModel.getId(), LDAPStorageMapper.class.getName(), "jpeg-mapper").get(0); + ComponentRepresentation jpegMapper = adminClient.realm("test").components().query(ldapModelId, LDAPStorageMapper.class.getName(), "jpeg-mapper").get(0); adminClient.realm("test").components().component(jpegMapper.getId()).remove(); - - adminClient.close(); } // Test invalid mapper configuration - validation exception thrown @Test public void test01InvalidMapperConfiguration() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - ComponentModel ldapComponentMapper = LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "jpeg-mapper", LDAPConstants.JPEG_PHOTO, LDAPConstants.JPEG_PHOTO); + ComponentModel ldapComponentMapper = LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "jpeg-mapper", LDAPConstants.JPEG_PHOTO, LDAPConstants.JPEG_PHOTO); ldapComponentMapper.put(UserAttributeLDAPStorageMapper.IS_BINARY_ATTRIBUTE, true); try { @@ -149,32 +130,27 @@ public class LDAPBinaryAttributesTest { // Expected } - } finally { - keycloakRule.stopSession(session, true); - } + }); } @Test public void test02ReadOnly() { - String mapperId = addPhotoMapper(); + String mapperId = addPhotoMapper(testingClient); - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); // Add user directly to LDAP - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); addLDAPUser(ldapFedProvider, appRealm, "johnphoto", "John", "Photo", "john@photo.org", JPEG_PHOTO_BASE64); // Set mapper to be read-only ComponentModel ldapComponentMapper = appRealm.getComponent(mapperId); ldapComponentMapper.put(UserAttributeLDAPStorageMapper.READ_ONLY, true); appRealm.updateComponent(ldapComponentMapper); - } finally { - keycloakRule.stopSession(session, true); - } + }); // Assert john found getUserAndAssertPhoto("johnphoto", true); @@ -183,7 +159,7 @@ public class LDAPBinaryAttributesTest { @Test public void test03WritableMapper() { - String mapperId = addPhotoMapper(); + String mapperId = addPhotoMapper(testingClient); // Create user joe with jpegPHoto UserRepresentation joe = new UserRepresentation(); @@ -202,10 +178,6 @@ public class LDAPBinaryAttributesTest { try { joe.getAttributes().put("someOtherPhoto", Arrays.asList(JPEG_PHOTO_BASE64)); adminClient.realm("test").users().get(joe.getId()).update(joe); - - KeycloakSession session = keycloakRule.startSession(); - String realmProviderId = session.getKeycloakSessionFactory().getProviderFactory(RealmProvider.class).getId(); - keycloakRule.stopSession(session, false); Assert.fail("Not expected to successfully update user"); } catch (ClientErrorException cee) { // Expected @@ -219,25 +191,22 @@ public class LDAPBinaryAttributesTest { } - private String addPhotoMapper() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + private static String addPhotoMapper(KeycloakTestingClient testingClient) { + return testingClient.server().fetch(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - ComponentModel ldapComponentMapper = LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "jpeg-mapper", LDAPConstants.JPEG_PHOTO, LDAPConstants.JPEG_PHOTO); + ComponentModel ldapComponentMapper = LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "jpeg-mapper", LDAPConstants.JPEG_PHOTO, LDAPConstants.JPEG_PHOTO); ldapComponentMapper.put(UserAttributeLDAPStorageMapper.IS_BINARY_ATTRIBUTE, true); ldapComponentMapper.put(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, true); appRealm.updateComponent(ldapComponentMapper); return ldapComponentMapper.getId(); - } finally { - keycloakRule.stopSession(session, true); - } + }, String.class); } - private LDAPObject addLDAPUser(LDAPStorageProvider ldapProvider, RealmModel realm, final String username, + private static LDAPObject addLDAPUser(LDAPStorageProvider ldapProvider, RealmModel realm, final String username, final String firstName, final String lastName, final String email, String jpegPhoto) { UserModel helperUser = new UserModelDelegate(null) { diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java similarity index 62% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java index 6cc66a3dc1a..ff13657dddd 100755 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapper2WaySyncTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapper2WaySyncTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,21 +15,29 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.federation.ldap; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; +import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Rule; import org.junit.Test; import org.junit.runners.MethodSorters; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.common.util.MultivaluedHashMap; import org.keycloak.component.ComponentModel; import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.ldap.LDAPStorageProvider; import org.keycloak.storage.ldap.LDAPStorageProviderFactory; +import org.keycloak.storage.ldap.LDAPUtils; +import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; +import org.keycloak.storage.ldap.mappers.membership.MembershipType; import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; import org.keycloak.models.GroupModel; @@ -37,50 +45,63 @@ import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.services.managers.RealmManager; import org.keycloak.storage.user.SynchronizationResult; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; + +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; /** * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPGroupMapper2WaySyncTest { +public class LDAPGroupMapper2WaySyncTest extends AbstractLDAPTest { + @ClassRule public static LDAPRule ldapRule = new LDAPRule(); - private static ComponentModel ldapModel = null; - private static String descriptionAttrName = null; + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } - @Rule - public KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - ldapConfig.putSingle(LDAPConstants.BATCH_SIZE_FOR_SYNC, "4"); // Issues with pagination on ApacheDS - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } - ldapModel = appRealm.addComponentModel(model); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - descriptionAttrName = ldapFedProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description"; + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().put(LDAPConstants.BATCH_SIZE_FOR_SYNC, "4"); // Issues with pagination on ApacheDS + appRealm.updateComponent(ctx.getLdapModel()); + }); + } + + + @Before + public void before() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); // Add group mapper - LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName); + LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName); // Remove all LDAP groups - LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ldapModel, "groupsMapper"); + LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ctx.getLdapModel(), "groupsMapper"); // Add some groups for testing into Keycloak removeAllModelGroups(appRealm); @@ -98,17 +119,19 @@ public class LDAPGroupMapper2WaySyncTest { GroupModel group2 = appRealm.createGroup("group2"); appRealm.moveGroup(group2, null); - } - }); + + }); + } @Test public void test01_syncNoPreserveGroupInheritance() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); // Update group mapper to skip preserve inheritance and check it will pass now LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "false"); @@ -116,35 +139,34 @@ public class LDAPGroupMapper2WaySyncTest { // Sync from Keycloak into LDAP SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); - } finally { - keycloakRule.stopSession(session, true); - } + LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0); + }); - session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); // Delete all KC groups now removeAllModelGroups(realm); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2")); - } finally { - keycloakRule.stopSession(session, true); - } + }); - session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); + + String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); // Sync from LDAP back into Keycloak SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); + LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0); // Assert groups are imported to keycloak. All are at top level GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); @@ -160,55 +182,53 @@ public class LDAPGroupMapper2WaySyncTest { Assert.assertNull(kcGroup2.getFirstAttribute(descriptionAttrName)); // test drop non-existing works - testDropNonExisting(session, realm, mapperModel, ldapProvider); - } finally { - keycloakRule.stopSession(session, true); - } + testDropNonExisting(session, ctx, mapperModel); + }); } @Test public void test02_syncWithGroupInheritance() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); // Update group mapper to skip preserve inheritance and check it will pass now LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "true"); + LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "false"); realm.updateComponent(mapperModel); // Sync from Keycloak into LDAP SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); - } finally { - keycloakRule.stopSession(session, true); - } + LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0); + }); - session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); // Delete all KC groups now removeAllModelGroups(realm); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group11")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group2")); - } finally { - keycloakRule.stopSession(session, true); - } + }); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); - session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); + + String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); // Sync from LDAP back into Keycloak SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 4, 0, 0, 0); + LDAPTestAsserts.assertSyncEquals(syncResult, 4, 0, 0, 0); // Assert groups are imported to keycloak. All are at top level GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); @@ -224,10 +244,8 @@ public class LDAPGroupMapper2WaySyncTest { Assert.assertNull(kcGroup2.getFirstAttribute(descriptionAttrName)); // test drop non-existing works - testDropNonExisting(session, realm, mapperModel, ldapProvider); - } finally { - keycloakRule.stopSession(session, true); - } + testDropNonExisting(session, ctx, mapperModel); + }); } @@ -237,14 +255,16 @@ public class LDAPGroupMapper2WaySyncTest { } } - private void testDropNonExisting(KeycloakSession session, RealmModel realm, ComponentModel mapperModel, LDAPStorageProvider ldapProvider) { + private static void testDropNonExisting(KeycloakSession session, LDAPTestContext ctx, ComponentModel mapperModel) { + RealmModel realm = ctx.getRealm(); + // Put some group directly to LDAP - LDAPTestUtils.createLDAPGroup(session, realm, ldapModel, "group3"); + LDAPTestUtils.createLDAPGroup(session, realm, ctx.getLdapModel(), "group3"); // Sync and assert our group is still in LDAP SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 0, 4, 0, 0); - Assert.assertNotNull(LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm).loadLDAPGroupByName("group3")); + LDAPTestAsserts.assertSyncEquals(syncResult, 0, 4, 0, 0); + Assert.assertNotNull(LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), realm).loadLDAPGroupByName("group3")); // Change config to drop non-existing groups LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.DROP_NON_EXISTING_GROUPS_DURING_SYNC, "true"); @@ -252,7 +272,7 @@ public class LDAPGroupMapper2WaySyncTest { // Sync and assert group removed from LDAP syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromKeycloakToFederationProvider(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 0, 4, 1, 0); - Assert.assertNull(LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm).loadLDAPGroupByName("group3")); + LDAPTestAsserts.assertSyncEquals(syncResult, 0, 4, 1, 0); + Assert.assertNull(LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), realm).loadLDAPGroupByName("group3")); } } diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java similarity index 68% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java index 51f8fddd84d..25e783cbe07 100755 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperSyncTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperSyncTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,25 +15,22 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.federation.ldap; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; -import org.keycloak.admin.client.Keycloak; -import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; -import org.keycloak.models.Constants; +import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.representations.idm.SynchronizationResultRepresentation; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.LDAPUtils; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; @@ -42,103 +39,97 @@ import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.ModelException; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.services.managers.RealmManager; import org.keycloak.storage.user.SynchronizationResult; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; import javax.ws.rs.BadRequestException; import java.util.List; import java.util.Set; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER; -import static org.keycloak.models.AdminRoles.ADMIN; -import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; /** * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPGroupMapperSyncTest { +public class LDAPGroupMapperSyncTest extends AbstractLDAPTest { - private static LDAPRule ldapRule = new LDAPRule(); - - private static ComponentModel ldapModel = null; - private static String descriptionAttrName = null; - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - - ldapModel = appRealm.addComponentModel(model); - - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - descriptionAttrName = ldapFedProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description"; - - // Add group mapper - LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName); - - // Remove all LDAP groups - LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ldapModel, "groupsMapper"); - - // Add some groups for testing - LDAPObject group1 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group1", descriptionAttrName, "group1 - description"); - LDAPObject group11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group11"); - LDAPObject group12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group12", descriptionAttrName, "group12 - description"); - - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group11, false); - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group12, true); - } - }); @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); + public static LDAPRule ldapRule = new LDAPRule(); + + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } + + + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); + + // Add group mapper + LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName); + + // Remove all LDAP groups + LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ctx.getLdapModel(), "groupsMapper"); + + // Add some groups for testing + LDAPObject group1 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group1", descriptionAttrName, "group1 - description"); + LDAPObject group11 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group11"); + LDAPObject group12 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group12", descriptionAttrName, "group12 - description"); + + LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group11, false); + LDAPUtils.addMember(ctx.getLdapProvider(), MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group12, true); + + }); + } + - protected Keycloak adminClient; @Before public void before() { - adminClient = Keycloak.getInstance(AUTH_SERVER_ROOT, MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); List kcGroups = realm.getTopLevelGroups(); for (GroupModel kcGroup : kcGroups) { realm.removeGroup(kcGroup); } - } finally { - keycloakRule.stopSession(session, true); - } + }); } @Test public void test01_syncNoPreserveGroupInheritance() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); + + String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm); // Add recursive group mapping to LDAP. Check that sync with preserve group inheritance will fail @@ -173,41 +164,29 @@ public class LDAPGroupMapperSyncTest { // Cleanup - remove recursive mapping in LDAP LDAPUtils.deleteMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group12, group1); - } finally { - keycloakRule.stopSession(session, false); - } + // Cleanup - revert group mapper config + LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.PRESERVE_GROUP_INHERITANCE, "true"); + realm.updateComponent(mapperModel); + + }); } - @Test - public void testSyncRestAPI() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - try { - // testing KEYCLOAK-3980 which threw an NPE because I was looking up the factory wrong. - SynchronizationResultRepresentation syncResultRep = adminClient.realm("test").userStorage().syncMapperData(ldapModel.getId(), mapperModel.getId(), "error"); - Assert.fail("Should throw 400"); - } catch (BadRequestException e) { - } - } finally { - keycloakRule.stopSession(session, false); - } - - } @Test public void test02_syncWithGroupInheritance() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); + + String descriptionAttrName = LDAPTestUtils.getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm); // Sync groups with inheritance SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 3, 0, 0, 0); + LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0); // Assert groups are imported to keycloak including their inheritance from LDAP GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); @@ -233,29 +212,28 @@ public class LDAPGroupMapperSyncTest { // Sync and assert groups updated syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 0, 3, 0, 0); + LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0); // Assert attributes changed in keycloak kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); kcGroup12 = KeycloakModelUtils.findGroupByPath(realm, "/group1/group12"); Assert.assertEquals("group1 - changed description", kcGroup1.getFirstAttribute(descriptionAttrName)); Assert.assertNull(kcGroup12.getFirstAttribute(descriptionAttrName)); - } finally { - keycloakRule.stopSession(session, false); - } + }); } @Test public void test03_syncWithDropNonExistingGroups() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); // Sync groups with inheritance SynchronizationResult syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 3, 0, 0, 0); + LDAPTestAsserts.assertSyncEquals(syncResult, 3, 0, 0, 0); // Assert groups are imported to keycloak including their inheritance from LDAP GroupModel kcGroup1 = KeycloakModelUtils.findGroupByPath(realm, "/group1"); @@ -272,7 +250,7 @@ public class LDAPGroupMapperSyncTest { // Sync groups again from LDAP. Nothing deleted syncResult = new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(realm); - LDAPTestUtils.assertSyncEquals(syncResult, 0, 3, 0, 0); + LDAPTestAsserts.assertSyncEquals(syncResult, 0, 3, 0, 0); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group11")); Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12")); @@ -293,20 +271,19 @@ public class LDAPGroupMapperSyncTest { Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/group12")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/model1")); Assert.assertNull(KeycloakModelUtils.findGroupByPath(realm, "/group1/model2")); - } finally { - keycloakRule.stopSession(session, false); - } + }); } @Test public void test04_syncNoPreserveGroupInheritanceWithLazySync() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel realm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm,ldapModel, "groupsMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel realm = ctx.getRealm(); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(realm, ctx.getLdapModel(), "groupsMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, realm); // Update group mapper to skip preserve inheritance @@ -346,8 +323,19 @@ public class LDAPGroupMapperSyncTest { // Delete group mapping john.leaveGroup(group11); - } finally { - keycloakRule.stopSession(session, false); + }); + } + + + @Test + public void test05SyncRestAPI() { + ComponentRepresentation groupMapperRep = findMapperRepByName("groupsMapper"); + + try { + // testing KEYCLOAK-3980 which threw an NPE because I was looking up the factory wrong. + SynchronizationResultRepresentation syncResultRep = adminClient.realm("test").userStorage().syncMapperData( ldapModelId, groupMapperRep.getId(), "error"); + Assert.fail("Should throw 400"); + } catch (BadRequestException e) { } } diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java similarity index 57% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java index b1aca9371b7..beddc3a66e2 100755 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPGroupMapperTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,160 +15,87 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.federation.ldap; +import java.util.List; +import java.util.Set; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.models.GroupModel; +import org.keycloak.models.ModelException; +import org.keycloak.models.UserModel; +import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.storage.ldap.LDAPConfig; import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.LDAPUtils; import org.keycloak.storage.ldap.idm.model.LDAPDn; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; import org.keycloak.storage.ldap.mappers.membership.MembershipType; import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper; -import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; -import org.keycloak.models.ModelException; import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; +import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; -import java.util.List; -import java.util.Set; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; +import static org.keycloak.testsuite.util.LDAPTestUtils.getGroupDescriptionLDAPAttrName; /** * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPGroupMapperTest { +public class LDAPGroupMapperTest extends AbstractLDAPTest { - private static LDAPRule ldapRule = new LDAPRule(); - - private static ComponentModel ldapModel = null; - private static String descriptionAttrName = null; - - - static class GroupTestKeycloakSetup extends KeycloakRule.KeycloakSetup { - - private final LDAPRule ldapRule; - - ComponentModel ldapModel = null; - String descriptionAttrName = null; - - - public GroupTestKeycloakSetup(LDAPRule ldapRule) { - this.ldapRule = ldapRule; - } - - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app"); - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "john", "john@test.com", "password-app"); - - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - - ldapModel = appRealm.addComponentModel(model); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - descriptionAttrName = ldapFedProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description"; - - // Add group mapper - LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName); - - // Remove all LDAP groups - LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ldapModel, "groupsMapper"); - - // Add some groups for testing - LDAPObject group1 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group1", descriptionAttrName, "group1 - description"); - LDAPObject group11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group11"); - LDAPObject group12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group12", descriptionAttrName, "group12 - description"); - - LDAPObject defaultGroup1 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup1", descriptionAttrName, "Default Group1 - description"); - LDAPObject defaultGroup11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup11"); - LDAPObject defaultGroup12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup12", descriptionAttrName, "Default Group12 - description"); - - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group11, false); - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group12, true); - - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup11, false); - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup12, true); - - // Sync LDAP groups to Keycloak DB - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "groupsMapper"); - new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm); - - appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11")); - appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12")); - - // Delete all LDAP users - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - // Add some LDAP users for testing - LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); - - LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1"); - - LDAPObject rob = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1"); - - LDAPObject james = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1"); - - postSetup(appRealm, ldapFedProvider); - } - - - void postSetup(RealmModel appRealm, LDAPStorageProvider ldapProvider) { - LDAPGroupMapperTest.ldapModel = this.ldapModel; - LDAPGroupMapperTest.descriptionAttrName = this.descriptionAttrName; - } + @ClassRule + public static LDAPRule ldapRule = new LDAPRule(); + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); } - private static KeycloakRule keycloakRule = new KeycloakRule(new GroupTestKeycloakSetup(ldapRule)); + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + @Override + protected void afterImportTestRealm() { + testingClient.testing().ldap(TEST_REALM_NAME).prepareGroupsLDAPTest(); + } + - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); @Test public void test01_ldapOnlyGroupMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + test01_ldapOnlyGroupMappings(true); + } - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); + + protected void test01_ldapOnlyGroupMappings(boolean importEnabled) { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString()); appRealm.updateComponent(mapperModel); @@ -189,14 +116,32 @@ public class LDAPGroupMapperTest { GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); john.joinGroup(group12); mary.joinGroup(group12); + }); - // 2 - Check that group mappings are not in local Keycloak DB (They are in LDAP). - UserModel johnDb = session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm); - Set johnDbGroups = johnDb.getGroups(); - Assert.assertEquals(2, johnDbGroups.size()); + // 2 - Check that group mappings are not in local Keycloak DB (They are in LDAP). + if (importEnabled) { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - // 3 - Check that group mappings are in LDAP and hence available through federation + UserModel johnDb = session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm); + Set johnDbGroups = johnDb.getGroups(); + Assert.assertEquals(2, johnDbGroups.size()); + }); + } + + + // 3 - Check that group mappings are in LDAP and hence available through federation + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); + GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); + GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); + UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); Set johnGroups = john.getGroups(); Assert.assertEquals(2, johnGroups.size()); @@ -225,20 +170,22 @@ public class LDAPGroupMapperTest { johnGroups = john.getGroups(); Assert.assertEquals(0, johnGroups.size()); - - } finally { - keycloakRule.stopSession(session, false); - } + }); } @Test public void test02_readOnlyGroupMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - System.out.println("starting test02_readOnlyGroupMappings"); - RealmModel appRealm = session.realms().getRealmByName("test"); + test02_readOnlyGroupMappings(true); + } - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); + + + protected void test02_readOnlyGroupMappings(boolean importEnabled) { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.READ_ONLY.toString()); appRealm.updateComponent(mapperModel); @@ -249,10 +196,9 @@ public class LDAPGroupMapperTest { GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); // Add some group mappings directly into LDAP - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); + GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), appRealm); - LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak"); + LDAPObject maryLdap = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "marykeycloak"); groupMapper.addGroupMappingInLDAP(appRealm, group1, maryLdap); groupMapper.addGroupMappingInLDAP(appRealm, group11, maryLdap); @@ -265,16 +211,62 @@ public class LDAPGroupMapperTest { Assert.assertTrue(maryGroups.contains(group1)); Assert.assertTrue(maryGroups.contains(group11)); Assert.assertTrue(maryGroups.contains(group12)); + }); - // Assert that access through DB will have just DB mapped groups - System.out.println("******"); - UserModel maryDB = session.userLocalStorage().getUserByUsername("marykeycloak", appRealm); - Set maryDBGroups = maryDB.getGroups(); - Assert.assertFalse(maryDBGroups.contains(group1)); - Assert.assertFalse(maryDBGroups.contains(group11)); - Assert.assertTrue(maryDBGroups.contains(group12)); + // Assert that access through DB will have just DB mapped groups + if (importEnabled) { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); + GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); + GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); + + UserModel maryDB = session.userLocalStorage().getUserByUsername("marykeycloak", appRealm); + + Set maryDBGroups = maryDB.getGroups(); + Assert.assertFalse(maryDBGroups.contains(group1)); + Assert.assertFalse(maryDBGroups.contains(group11)); + Assert.assertTrue(maryDBGroups.contains(group12)); + + // Test the group mapping available for group12 + List group12Members = session.users().getGroupMembers(appRealm, group12, 0, 10); + Assert.assertEquals(1, group12Members.size()); + Assert.assertEquals("marykeycloak", group12Members.get(0).getUsername()); + + UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); + mary.leaveGroup(group12); + }); + } else { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); + + // Test the group mapping NOT available for group12 + List group12Members = session.users().getGroupMembers(appRealm, group12, 0, 10); + Assert.assertEquals(0, group12Members.size()); + }); + } + + + // Check through userProvider + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); + GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); + GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); + UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); + + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); + GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), appRealm); + LDAPObject maryLdap = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "marykeycloak"); - // Check through userProvider List group1Members = session.users().getGroupMembers(appRealm, group1, 0, 10); List group11Members = session.users().getGroupMembers(appRealm, group11, 0, 10); List group12Members = session.users().getGroupMembers(appRealm, group12, 0, 10); @@ -282,36 +274,35 @@ public class LDAPGroupMapperTest { Assert.assertEquals("marykeycloak", group1Members.get(0).getUsername()); Assert.assertEquals(1, group11Members.size()); Assert.assertEquals("marykeycloak", group11Members.get(0).getUsername()); - Assert.assertEquals(1, group12Members.size()); - Assert.assertEquals("marykeycloak", group12Members.get(0).getUsername()); - mary.leaveGroup(group12); try { mary.leaveGroup(group1); Assert.fail("It wasn't expected to successfully delete LDAP group mappings in READ_ONLY mode"); } catch (ModelException expected) { } - // Delete role mappings directly in LDAP - deleteGroupMappingsInLDAP(groupMapper, maryLdap, "group1"); - deleteGroupMappingsInLDAP(groupMapper, maryLdap, "group11"); - } finally { - keycloakRule.stopSession(session, false); - } + // Delete group mappings directly in LDAP + LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName("group1"); + groupMapper.deleteGroupMappingInLDAP(maryLdap, ldapGroup); + + ldapGroup = groupMapper.loadLDAPGroupByName("group11"); + groupMapper.deleteGroupMappingInLDAP(maryLdap, ldapGroup); + }); } + @Test public void test03_importGroupMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.IMPORT.toString()); appRealm.updateComponent(mapperModel); // Add some group mappings directly in LDAP - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); @@ -322,7 +313,7 @@ public class LDAPGroupMapperTest { groupMapper.addGroupMappingInLDAP(appRealm, group11, robLdap); groupMapper.addGroupMappingInLDAP(appRealm, group12, robLdap); - // Get user and check that he has requested groupa from LDAP + // Get user and check that he has requested groups from LDAP UserModel rob = session.users().getUserByUsername("robkeycloak", appRealm); Set robGroups = rob.getGroups(); @@ -331,8 +322,12 @@ public class LDAPGroupMapperTest { Assert.assertTrue(robGroups.contains(group12)); // Delete some group mappings in LDAP and check that it doesn't have any effect and user still has groups - deleteGroupMappingsInLDAP(groupMapper, robLdap, "group11"); - deleteGroupMappingsInLDAP(groupMapper, robLdap, "group12"); + LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName("group11"); + groupMapper.deleteGroupMappingInLDAP(robLdap, ldapGroup); + + ldapGroup = groupMapper.loadLDAPGroupByName("group12"); + groupMapper.deleteGroupMappingInLDAP(robLdap, ldapGroup); + robGroups = rob.getGroups(); Assert.assertTrue(robGroups.contains(group11)); Assert.assertTrue(robGroups.contains(group12)); @@ -342,33 +337,33 @@ public class LDAPGroupMapperTest { rob.leaveGroup(group12); robGroups = rob.getGroups(); Assert.assertEquals(2, robGroups.size()); - } finally { - keycloakRule.stopSession(session, false); - } + }); } // KEYCLOAK-2682 @Test public void test04_groupReferencingNonExistentMember() { - KeycloakSession session = keycloakRule.startSession(); - try { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + // Ignoring this test on ActiveDirectory as it's not allowed to have LDAP group referencing nonexistent member. KEYCLOAK-2682 was related to OpenLDAP TODO: Better solution than programmatic... - LDAPConfig config = LDAPTestUtils.getLdapProvider(session, ldapModel).getLdapIdentityStore().getConfig(); + LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig(); if (config.isActiveDirectory()) { return; } - RealmModel appRealm = session.realms().getRealmByName("test"); - - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString()); appRealm.updateComponent(mapperModel); + String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); + // 1 - Add some group to LDAP for testing - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); - LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ldapModel, "group2", descriptionAttrName, "group2 - description"); + LDAPObject group2 = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group2", descriptionAttrName, "group2 - description"); // 2 - Add one existing user rob to LDAP group LDAPObject jamesLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "jameskeycloak"); @@ -389,9 +384,7 @@ public class LDAPGroupMapperTest { UserModel rob = groupUsers.get(0); Assert.assertEquals("jameskeycloak", rob.getUsername()); - } finally { - keycloakRule.stopSession(session, false); - } + }); } @@ -400,38 +393,37 @@ public class LDAPGroupMapperTest { // just because it's available on all the LDAP servers @Test public void test05_getGroupsFromUserMemberOfStrategyTest() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - MultivaluedHashMap oldGroupMapperCfg; - try { - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - RealmModel appRealm = session.realms().getRealmByName("test"); + ComponentRepresentation groupMapperRep = findMapperRepByName("groupsMapper"); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); // Create street attribute mapper - LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "streetMapper", "street", LDAPConstants.STREET); + LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET); // Find DN of "group1" - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); - oldGroupMapperCfg = new MultivaluedHashMap<>(mapperModel.getConfig()); - GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); + GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ctx.getLdapProvider(), appRealm); LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName("group1"); String ldapGroupDN = ldapGroup.getDn().toString(); // Create new user in LDAP. Add him some "street" referencing existing LDAP Group - LDAPObject carlos = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "carloskeycloak", "Carlos", "Doel", "carlos.doel@email.org", ldapGroupDN, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapProvider, carlos, "Password1"); + LDAPObject carlos = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "carloskeycloak", "Carlos", "Doel", "carlos.doel@email.org", ldapGroupDN, "1234"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), carlos, "Password1"); // Update group mapper LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, GroupMapperConfig.GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE, GroupMapperConfig.MEMBEROF_LDAP_ATTRIBUTE, LDAPConstants.STREET); appRealm.updateComponent(mapperModel); - } finally { - keycloakRule.stopSession(session, true); - } + }); - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + ComponentRepresentation streetMapperRep = findMapperRepByName("streetMapper"); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); // Get user in Keycloak. Ensure that he is member of requested group UserModel carlos = session.users().getUserByUsername("carloskeycloak", appRealm); @@ -446,17 +438,12 @@ public class LDAPGroupMapperTest { Assert.assertFalse(carlosGroups.contains(group12)); Assert.assertEquals(1, carlosGroups.size()); + }); - // Revert mappers - ComponentModel streetMapper = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "streetMapper"); - appRealm.removeComponent(streetMapper); - - ComponentModel groupMapper = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); - groupMapper.setConfig(oldGroupMapperCfg); - appRealm.updateComponent(groupMapper); - } finally { - keycloakRule.stopSession(session, true); - } + // Revert mappers + testRealm().components().component(streetMapperRep.getId()).remove(); + groupMapperRep.getConfig().putSingle(GroupMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, GroupMapperConfig.LOAD_GROUPS_BY_MEMBER_ATTRIBUTE); + testRealm().components().component(groupMapperRep.getId()).update(groupMapperRep); } @@ -464,9 +451,9 @@ public class LDAPGroupMapperTest { @Test public void test06_addingUserToNewKeycloakGroup() throws Exception { // Add some groups to Keycloak - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); GroupModel group3 = appRealm.createGroup("group3"); session.realms().addTopLevelGroup(appRealm, group3); @@ -482,14 +469,12 @@ public class LDAPGroupMapperTest { GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); group1.addChild(group14); - } finally { - keycloakRule.stopSession(session, true); - } + }); // Add user to some newly created KC groups - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); @@ -504,14 +489,12 @@ public class LDAPGroupMapperTest { GroupModel group14 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group14"); john.joinGroup(group14); - } finally { - keycloakRule.stopSession(session, true); - } + }); // Check user group memberships - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); @@ -527,9 +510,7 @@ public class LDAPGroupMapperTest { Assert.assertTrue(groups.contains(group31)); Assert.assertTrue(groups.contains(group32)); Assert.assertTrue(groups.contains(group4)); - } finally { - keycloakRule.stopSession(session, true); - } + }); } @@ -537,11 +518,11 @@ public class LDAPGroupMapperTest { public void test07_newUserDefaultGroupsImportModeTest() throws Exception { // Check user group memberships - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.IMPORT.toString()); appRealm.updateComponent(mapperModel); @@ -567,13 +548,7 @@ public class LDAPGroupMapperTest { Assert.assertFalse(groups.contains(group32)); Assert.assertFalse(groups.contains(group4)); - } finally { - keycloakRule.stopSession(session, true); - } + }); } - private void deleteGroupMappingsInLDAP(GroupLDAPStorageMapper groupMapper, LDAPObject ldapUser, String groupName) { - LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName(groupName); - groupMapper.deleteGroupMappingInLDAP(ldapUser, ldapGroup); - } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java new file mode 100755 index 00000000000..717163fc4be --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPLegacyImportTest.java @@ -0,0 +1,147 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.OAuth2Constants; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.component.ComponentModel; +import org.keycloak.models.RealmModel; +import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.storage.UserStorageProvider; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.pages.AppPage; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestConfiguration; +import org.keycloak.testsuite.util.LDAPTestUtils; + +import java.util.List; + +import static org.keycloak.testsuite.admin.AbstractAdminTest.loadJson; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; + +/** + * Tests that legacy UserFederationProvider json export is converted to ComponentModel + * + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPLegacyImportTest extends AbstractLDAPTest { + + @ClassRule + public static LDAPRule ldapRule = new LDAPRule() + .assumeTrue((LDAPTestConfiguration ldapConfig) -> { + + return ldapConfig.isStartEmbeddedLdapServer(); + + }); + + + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } + + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + + @Override + public void addTestRealms(List testRealms) { + RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/ldap/fed-provider-export.json"), RealmRepresentation.class); + testRealms.add(testRealm); + configureTestRealm(testRealm); + } + + + // Overriden as we won't create LDAP provider here. It is present in the JSON file fed-provider-export.json already + @Override + protected void createLDAPProvider() { + } + + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + ComponentModel ldapModel = appRealm.getComponents(appRealm.getId(), UserStorageProvider.class.getName()).get(0); + + LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app"); + + // Delete all LDAP users and add some new for testing + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); + + LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); + + LDAPObject existing = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678"); + + appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); + }); + } + + + //@Test + public void runit() throws Exception { + Thread.sleep(10000000); + + } + + + @Test + public void loginClassic() { + loginPage.open(); + loginPage.login("marykeycloak", "password-app"); + + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); + + } + + @Test + public void loginLdap() { + loginPage.open(); + loginPage.login("johnkeycloak", "Password1"); + + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); + + profilePage.open(); + Assert.assertEquals("John", profilePage.getFirstName()); + Assert.assertEquals("Doe", profilePage.getLastName()); + Assert.assertEquals("john@email.org", profilePage.getEmail()); + } + + +} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADFullNameTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADFullNameTest.java similarity index 51% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADFullNameTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADFullNameTest.java index e893d557873..8daf9da7a41 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADFullNameTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADFullNameTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,44 +15,35 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; - -import java.util.Map; +package org.keycloak.testsuite.federation.ldap; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.ClassRule; import org.junit.FixMethodOrder; -import org.junit.Rule; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AccountPasswordPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestConfiguration; +import org.keycloak.testsuite.util.LDAPTestUtils; + +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; /** * Test for the MSAD setup with usernameAttribute=sAMAccountName, rdnAttribute=cn and fullNameMapper mapped to cn @@ -60,42 +51,49 @@ import org.openqa.selenium.WebDriver; * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPMSADFullNameTest { +public class LDAPMSADFullNameTest extends AbstractLDAPTest { // Run this test just on MSAD and just when sAMAccountName is mapped to username - private static LDAPRule ldapRule = new LDAPRule((Map ldapConfig) -> { + @ClassRule + public static LDAPRule ldapRule = new LDAPRule() + .assumeTrue((LDAPTestConfiguration ldapConfig) -> { - String vendor = ldapConfig.get(LDAPConstants.VENDOR); - if (!vendor.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY)) { - return true; - } + String vendor = ldapConfig.getLDAPConfig().get(LDAPConstants.VENDOR); + if (!vendor.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY)) { + return false; + } - String usernameAttr = ldapConfig.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); - return !usernameAttr.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME); + String usernameAttr = ldapConfig.getLDAPConfig().get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); + return usernameAttr.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME); - }); + }); - private static ComponentModel ldapModel = null; - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "marykeycloak", "mary@test.com", "password-app"); + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(1); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.getConfig().addAll(ldapConfig); + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + UserStorageProviderModel ldapModel = ctx.getLdapModel(); + + LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app"); - ldapModel = appRealm.addComponentModel(model); LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); // Delete all LDAP users and add some new for testing @@ -114,38 +112,8 @@ public class LDAPMSADFullNameTest { appRealm.addComponentModel(mapperModel); appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); - } - }); - - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected AccountUpdateProfilePage profilePage; - - @WebResource - protected AccountPasswordPage changePasswordPage; + }); + } @@ -156,31 +124,24 @@ public class LDAPMSADFullNameTest { @Test public void test01_addUserWithoutFullName() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().addUser(appRealm, "johnkeycloak"); john.setEmail("johnkeycloak@email.cz"); - } finally { - keycloakRule.stopSession(session, true); - } + }); - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); Assert.assertNotNull(john.getFederationLink()); - assertDnStartsWith(session, john, "cn=johnkeycloak"); + assertDnStartsWith(session, ctx, john, "cn=johnkeycloak"); session.users().removeUser(appRealm, john); - } finally { - keycloakRule.stopSession(session, true); - } - + }); } @@ -194,76 +155,63 @@ public class LDAPMSADFullNameTest { registerPage.register("Johny", "Anthony", "johnyanth@check.cz", "johnkeycloak", "Password1", "Password1"); Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - assertUser(session, john, "johnkeycloak", "Johny", "Anthony", true, "cn=Johny Anthony"); + assertUser(session, ctx, john, "johnkeycloak", "Johny", "Anthony", true, "cn=Johny Anthony"); session.users().removeUser(appRealm, john); - } finally { - keycloakRule.stopSession(session, true); - } + }); } @Test public void test03_addUserWithFirstNameOnly() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().addUser(appRealm, "johnkeycloak"); john.setEmail("johnkeycloak@email.cz"); john.setFirstName("Johnyyy"); john.setEnabled(true); - } finally { - keycloakRule.stopSession(session, true); - } + }); - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - assertUser(session, john, "johnkeycloak", "Johnyyy", "", true, "cn=Johnyyy"); + assertUser(session, ctx, john, "johnkeycloak", "Johnyyy", "", true, "cn=Johnyyy"); session.users().removeUser(appRealm, john); - } finally { - keycloakRule.stopSession(session, true); - } + }); } @Test public void test04_addUserWithLastNameOnly() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().addUser(appRealm, "johnkeycloak"); john.setEmail("johnkeycloak@email.cz"); john.setLastName("Anthonyy"); john.setEnabled(true); - } finally { - keycloakRule.stopSession(session, true); - } + }); - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - assertUser(session, john, "johnkeycloak", "", "Anthonyy", true, "cn=Anthonyy"); + assertUser(session, ctx, john, "johnkeycloak", "", "Anthonyy", true, "cn=Anthonyy"); session.users().removeUser(appRealm, john); - } finally { - keycloakRule.stopSession(session, true); - } + }); } @@ -277,25 +225,23 @@ public class LDAPMSADFullNameTest { registerPage.register("Jož,o", "Baříč", "johnyanth@check.cz", "johnkeycloak", "Password1", "Password1"); Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - assertUser(session, john, "johnkeycloak", "Jož,o", "Baříč", true, "cn=Jož\\,o Baříč"); + assertUser(session, ctx, john, "johnkeycloak", "Jož,o", "Baříč", true, "cn=Jož\\,o Baříč"); session.users().removeUser(appRealm, john); - } finally { - keycloakRule.stopSession(session, true); - } + }); } @Test public void test06_conflicts() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel john = session.users().addUser(appRealm, "existingkc"); john.setFirstName("John"); @@ -304,9 +250,7 @@ public class LDAPMSADFullNameTest { UserModel john2 = session.users().addUser(appRealm, "existingkc1"); john2.setEnabled(true); - } finally { - keycloakRule.stopSession(session, true); - } + }); loginPage.open(); loginPage.clickRegister(); @@ -323,47 +267,44 @@ public class LDAPMSADFullNameTest { registerPage.assertCurrent(); registerPage.register("John", "Existing", "johnyanth2@check.cz", "existingkc3", "Password1", "Password1"); - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel existingKc = session.users().getUserByUsername("existingkc", appRealm); - assertUser(session, existingKc, "existingkc", "John", "Existing", true, "cn=John Existing"); + assertUser(session, ctx, existingKc, "existingkc", "John", "Existing", true, "cn=John Existing"); UserModel existingKc1 = session.users().getUserByUsername("existingkc1", appRealm); - assertUser(session, existingKc1, "existingkc1", "", "", true, "cn=existingkc1"); + assertUser(session, ctx, existingKc1, "existingkc1", "", "", true, "cn=existingkc1"); UserModel existingKc2 = session.users().getUserByUsername("existingkc2", appRealm); - assertUser(session, existingKc2, "existingkc2", "John", "Existing", true, "cn=John Existing0"); + assertUser(session, ctx, existingKc2, "existingkc2", "John", "Existing", true, "cn=John Existing0"); UserModel existingKc3 = session.users().getUserByUsername("existingkc3", appRealm); - assertUser(session, existingKc3, "existingkc3", "John", "Existing", true, "cn=John Existing1"); + assertUser(session, ctx, existingKc3, "existingkc3", "John", "Existing", true, "cn=John Existing1"); session.users().removeUser(appRealm, existingKc); session.users().removeUser(appRealm, existingKc1); session.users().removeUser(appRealm, existingKc2); session.users().removeUser(appRealm, existingKc3); - } finally { - keycloakRule.stopSession(session, true); - } + }); } - private void assertUser(KeycloakSession session, UserModel user, String expectedUsername, String expectedFirstName, String expectedLastName, boolean expectedEnabled, String expectedDn) { + private static void assertUser(KeycloakSession session, LDAPTestContext ctx, UserModel user, String expectedUsername, String expectedFirstName, String expectedLastName, boolean expectedEnabled, String expectedDn) { Assert.assertNotNull(user); Assert.assertNotNull(user.getFederationLink()); - Assert.assertEquals(user.getFederationLink(), ldapModel.getId()); + Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId()); Assert.assertEquals(expectedUsername, user.getUsername()); Assert.assertEquals(expectedFirstName, user.getFirstName()); Assert.assertEquals(expectedLastName, user.getLastName()); Assert.assertEquals(expectedEnabled, user.isEnabled()); - assertDnStartsWith(session, user, expectedDn); + assertDnStartsWith(session, ctx, user, expectedDn); } - private void assertDnStartsWith(KeycloakSession session, UserModel user, String expectedRDn) { - String usersDn = LDAPTestUtils.getLdapProvider(session, ldapModel).getLdapIdentityStore().getConfig().getUsersDn(); + private static void assertDnStartsWith(KeycloakSession session, LDAPTestContext ctx, UserModel user, String expectedRDn) { + String usersDn = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsersDn(); String userDN = user.getFirstAttribute(LDAPConstants.LDAP_ENTRY_DN); Assert.assertTrue(userDN.equalsIgnoreCase(expectedRDn + "," + usersDn)); } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADMapperTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADMapperTest.java new file mode 100644 index 00000000000..36f4450b64a --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMSADMapperTest.java @@ -0,0 +1,163 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.arquillian.graphene.page.Page; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.pages.AppPage; +import org.keycloak.testsuite.pages.LoginPasswordUpdatePage; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestConfiguration; +import org.keycloak.testsuite.util.LDAPTestUtils; + +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; + +/** + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPMSADMapperTest extends AbstractLDAPTest { + + // Run this test just on MSAD + @ClassRule + public static LDAPRule ldapRule = new LDAPRule() + .assumeTrue((LDAPTestConfiguration ldapConfig) -> { + + // TODO: This is skipped as it requires that MSAD server is set to not allow weak passwords (There needs to be pwdProperties=1 set on MSAD side). + // TODO: Currently we can't rely on it. See KEYCLOAK-4276 + return false; + // return LDAPConstants.VENDOR_ACTIVE_DIRECTORY.equals(vendor); + + }); + + + + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } + + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app"); + + LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ctx.getLdapModel()); + + // Delete all LDAP users and add some new for testing + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); + LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); + + LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); + + appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); + }); + } + + + +// @Rule +// public WebRule webRule = new WebRule(this); +// +// @WebResource +// protected OAuthClient oauth; +// +// @WebResource +// protected WebDriver driver; +// +// @WebResource +// protected AppPage appPage; +// +// @WebResource +// protected RegisterPage registerPage; +// +// @WebResource +// protected LoginPage loginPage; +// +// @WebResource +// protected AccountUpdateProfilePage profilePage; +// +// @WebResource +// protected AccountPasswordPage changePasswordPage; +// + + @Page + protected LoginPasswordUpdatePage passwordUpdatePage; + + + @Test + public void test01RegisterUserWithWeakPasswordFirst() { + loginPage.open(); + loginPage.clickRegister(); + registerPage.assertCurrent(); + + // Weak password. This will fail to update password to MSAD due to password policy. + registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "password", "password"); + + // Another weak password + passwordUpdatePage.assertCurrent(); + passwordUpdatePage.changePassword("pass", "pass"); + Assert.assertEquals("Invalid password: new password doesn't match password policies.", passwordUpdatePage.getError()); + + // Strong password. Successfully update password and being redirected to the app + passwordUpdatePage.changePassword("Password1", "Password1"); + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); + Assert.assertNotNull(user); + Assert.assertNotNull(user.getFederationLink()); + Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId()); + Assert.assertEquals("registerusersuccess2", user.getUsername()); + Assert.assertEquals("firstName", user.getFirstName()); + Assert.assertEquals("lastName", user.getLastName()); + Assert.assertTrue(user.isEnabled()); + Assert.assertEquals(0, user.getRequiredActions().size()); + }); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java new file mode 100755 index 00000000000..a465799e175 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPMultipleAttributesTest.java @@ -0,0 +1,247 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.models.ClientModel; +import org.keycloak.models.LDAPConstants; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.protocol.oidc.OIDCLoginProtocol; +import org.keycloak.protocol.oidc.mappers.UserAttributeMapper; +import org.keycloak.representations.IDToken; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestConfiguration; +import org.keycloak.testsuite.util.LDAPTestUtils; +import org.keycloak.testsuite.util.OAuthClient; + +import java.util.Arrays; +import java.util.Collection; +import java.util.LinkedHashSet; +import java.util.LinkedList; +import java.util.List; + +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; + +/** + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPMultipleAttributesTest extends AbstractLDAPTest { + + + // Skip this test on MSAD due to lack of supported user multivalued attributes + @ClassRule + public static LDAPRule ldapRule = new LDAPRule() + .assumeTrue((LDAPTestConfiguration ldapConfig) -> { + + String vendor = ldapConfig.getLDAPConfig().get(LDAPConstants.VENDOR); + return !LDAPConstants.VENDOR_ACTIVE_DIRECTORY.equals(vendor); + + }); + + + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } + + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ctx.getLdapModel()); + LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET); + + // Remove current users and add default users + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); + LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); + + LDAPObject james = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown", "James", "Brown", "jbrown@keycloak.org", null, "88441"); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1"); + + // User for testing duplicating surname and postalCode + LDAPObject bruce = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "bwilson", "Bruce", "Wilson", "bwilson@keycloak.org", "Elm 5", "88441", "77332"); + bruce.setAttribute("sn", new LinkedHashSet<>(Arrays.asList("Wilson", "Schneider"))); + ldapFedProvider.getLdapIdentityStore().update(bruce); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, bruce, "Password1"); + + // Create ldap-portal client + ClientModel ldapClient = KeycloakModelUtils.createClient(appRealm, "ldap-portal"); + ldapClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); + ldapClient.addRedirectUri("/ldap-portal"); + ldapClient.addRedirectUri("/ldap-portal/*"); + ldapClient.setManagementUrl("/ldap-portal"); + ldapClient.addProtocolMapper(UserAttributeMapper.createClaimMapper("postalCode", "postal_code", "postal_code", "String", true, true, true)); + ldapClient.addProtocolMapper(UserAttributeMapper.createClaimMapper("street", "street", "street", "String", true, true, false)); + ldapClient.addScopeMapping(appRealm.getRole("user")); + ldapClient.setSecret("password"); + }); + } + + + @Test + public void testUserImport() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + session.userCache().clear(); + RealmModel appRealm = ctx.getRealm(); + + // Test user imported in local storage now + UserModel user = session.users().getUserByUsername("jbrown", appRealm); + Assert.assertNotNull(session.userLocalStorage().getUserById(user.getId(), appRealm)); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "jbrown", "James", "Brown", "jbrown@keycloak.org", "88441"); + }); + } + + + @Test + public void testModel() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + session.userCache().clear(); + RealmModel appRealm = ctx.getRealm(); + + UserModel user = session.users().getUserByUsername("bwilson", appRealm); + Assert.assertEquals("bwilson@keycloak.org", user.getEmail()); + Assert.assertEquals("Bruce", user.getFirstName()); + + // There are 2 lastnames in ldif + Assert.assertTrue("Wilson".equals(user.getLastName()) || "Schneider".equals(user.getLastName())); + + // Actually there are 2 postalCodes + List postalCodes = user.getAttribute("postal_code"); + assertPostalCodes(postalCodes, "88441", "77332"); + List tmp = new LinkedList<>(); + tmp.addAll(postalCodes); + postalCodes = tmp; + postalCodes.remove("77332"); + user.setAttribute("postal_code", postalCodes); + + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserModel user = session.users().getUserByUsername("bwilson", appRealm); + List postalCodes = user.getAttribute("postal_code"); + assertPostalCodes(postalCodes, "88441"); + List tmp = new LinkedList<>(); + tmp.addAll(postalCodes); + postalCodes = tmp; + postalCodes.add("77332"); + user.setAttribute("postal_code", postalCodes); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserModel user = session.users().getUserByUsername("bwilson", appRealm); + assertPostalCodes(user.getAttribute("postal_code"), "88441", "77332"); + }); + } + + private static void assertPostalCodes(List postalCodes, String... expectedPostalCodes) { + if (expectedPostalCodes == null && postalCodes.isEmpty()) { + return; + } + + + Assert.assertEquals(expectedPostalCodes.length, postalCodes.size()); + for (String expected : expectedPostalCodes) { + if (!postalCodes.contains(expected)) { + Assert.fail("postalCode '" + expected + "' not in postalCodes: " + postalCodes); + } + } + } + + @Test + public void ldapPortalEndToEndTest() { + // Login as bwilson + oauth.clientId("ldap-portal"); + oauth.redirectUri("/ldap-portal"); + + loginPage.open(); + loginPage.login("bwilson", "Password1"); + + String code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode(); + OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password"); + + Assert.assertEquals(200, response.getStatusCode()); + IDToken idToken = oauth.verifyIDToken(response.getIdToken()); + + Assert.assertEquals("Bruce Wilson", idToken.getName()); + Assert.assertEquals("Elm 5", idToken.getOtherClaims().get("street")); + Collection postalCodes = (Collection) idToken.getOtherClaims().get("postal_code"); + Assert.assertEquals(2, postalCodes.size()); + Assert.assertTrue(postalCodes.contains("88441")); + Assert.assertTrue(postalCodes.contains("77332")); + + oauth.doLogout(response.getRefreshToken(), "password"); + + // Login as jbrown + loginPage.open(); + loginPage.login("jbrown", "Password1"); + + code = new OAuthClient.AuthorizationEndpointResponse(oauth).getCode(); + response = oauth.doAccessTokenRequest(code, "password"); + + org.keycloak.testsuite.Assert.assertEquals(200, response.getStatusCode()); + idToken = oauth.verifyIDToken(response.getIdToken()); + + Assert.assertEquals("James Brown", idToken.getName()); + Assert.assertNull(idToken.getOtherClaims().get("street")); + postalCodes = (Collection) idToken.getOtherClaims().get("postal_code"); + Assert.assertEquals(1, postalCodes.size()); + Assert.assertTrue(postalCodes.contains("88441")); + Assert.assertFalse(postalCodes.contains("77332")); + + oauth.doLogout(response.getRefreshToken(), "password"); + } + + + +} + + diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPNoMSADTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPNoMSADTest.java similarity index 51% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPNoMSADTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPNoMSADTest.java index 917327ae6e5..901a0813c9f 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPNoMSADTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPNoMSADTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,34 +15,33 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.federation.ldap; import java.util.List; -import java.util.Map; -import org.jboss.logging.Logger; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.ClassRule; import org.junit.FixMethodOrder; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestConfiguration; +import org.keycloak.testsuite.util.LDAPTestUtils; + +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; /** * Test for special scenarios, which don't work on MSAD (eg. renaming user RDN to "sn=john2" ) @@ -50,45 +49,46 @@ import org.keycloak.testsuite.rule.LDAPRule; * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPNoMSADTest { - - private static final Logger log = Logger.getLogger(LDAPProvidersIntegrationTest.class); - +public class LDAPNoMSADTest extends AbstractLDAPTest { // Skip this test on MSAD - private static LDAPRule ldapRule = new LDAPRule((Map ldapConfig) -> { + @ClassRule + public static LDAPRule ldapRule = new LDAPRule() + .assumeTrue((LDAPTestConfiguration ldapConfig) -> { - String vendor = ldapConfig.get(LDAPConstants.VENDOR); - return (vendor.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY)); + String vendor = ldapConfig.getLDAPConfig().get(LDAPConstants.VENDOR); + return !LDAPConstants.VENDOR_ACTIVE_DIRECTORY.equals(vendor); - }); - - private static ComponentModel ldapModel = null; + }); - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "marykeycloak", "mary@test.com", "password-app"); + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - ldapModel = appRealm.addComponentModel(model); - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app"); + + LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ctx.getLdapModel()); // Delete all LDAP users and add some new for testing - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); @@ -97,31 +97,29 @@ public class LDAPNoMSADTest { LDAPObject existing = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678"); appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); + }); + } // KEYCLOAK-4364 @Test public void testUpdateWithUnmappedRdnAttribute() { - KeycloakSession session = keycloakRule.startSession(); - ComponentModel snMapper = null; - try { + ComponentRepresentation snMapperRep = findMapperRepByName("last name"); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + ComponentModel snMapper = null; + // Create LDAP user with "sn" attribute in RDN like "sn=johnkeycloak2,ou=People,dc=domain,dc=com" - RealmModel appRealm = session.realms().getRealmByName("test"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); LDAPObject john2 = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnkeycloak2", "john2", "Doe2", "john2@email.org", null, "4321"); john2.setRdnAttributeName("sn"); ldapProvider.getLdapIdentityStore().update(john2); // Remove "sn" mapper - List components = appRealm.getComponents(ldapModel.getId(), LDAPStorageMapper.class.getName()); + List components = appRealm.getComponents(ctx.getLdapModel().getId(), LDAPStorageMapper.class.getName()); for (ComponentModel mapper : components) { if (mapper.getName().equals("last name")) { snMapper = mapper; @@ -131,33 +129,24 @@ public class LDAPNoMSADTest { Assert.assertNotNull(snMapper); appRealm.removeComponent(snMapper); - } finally { - keycloakRule.stopSession(session, true); - } + }); // Try to update johnkeycloak2 user. It shouldn't try to update DN - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + UserModel johnkeycloak2 = session.users().getUserByUsername("johnkeycloak2", appRealm); Assert.assertNotNull(johnkeycloak2); johnkeycloak2.setFirstName("foo2"); johnkeycloak2.setLastName("foo"); - } finally { - keycloakRule.stopSession(session, true); - } + }); // Re-create "sn" mapper back - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - snMapper.setId(null); - appRealm.addComponentModel(snMapper); - } finally { - keycloakRule.stopSession(session, true); - } + snMapperRep.setId(null); + testRealm().components().add(snMapperRep); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java new file mode 100755 index 00000000000..bac2dc16d37 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java @@ -0,0 +1,1089 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; + +import java.util.List; +import java.util.Map; + +import javax.naming.AuthenticationException; +import javax.ws.rs.core.Response; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.OAuth2Constants; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.component.ComponentModel; +import org.keycloak.credential.CredentialModel; +import org.keycloak.models.GroupModel; +import org.keycloak.models.LDAPConstants; +import org.keycloak.models.ModelException; +import org.keycloak.models.RealmModel; +import org.keycloak.models.RoleModel; +import org.keycloak.models.UserCredentialModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.cache.CachedUserModel; +import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.models.utils.ModelToRepresentation; +import org.keycloak.representations.AccessToken; +import org.keycloak.representations.idm.ComponentRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.services.managers.RealmManager; +import org.keycloak.storage.ReadOnlyException; +import org.keycloak.storage.StorageId; +import org.keycloak.storage.UserStorageProvider; +import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.storage.ldap.LDAPConfig; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; +import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; +import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapper; +import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapperFactory; +import org.keycloak.storage.ldap.mappers.HardcodedLDAPGroupStorageMapper; +import org.keycloak.storage.ldap.mappers.HardcodedLDAPGroupStorageMapperFactory; +import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper; +import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory; +import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; +import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper; +import org.keycloak.testsuite.AbstractAuthTest; +import org.keycloak.testsuite.admin.ApiUtil; +import org.keycloak.testsuite.pages.AppPage; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; +import org.keycloak.testsuite.util.OAuthClient; + +/** + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPProvidersIntegrationTest extends AbstractLDAPTest { + + @ClassRule + public static LDAPRule ldapRule = new LDAPRule(); + + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } + + + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + @Override + protected void afterImportTestRealm() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app"); + + LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ctx.getLdapModel()); + + // Delete all LDAP users and add some new for testing + LDAPTestUtils.removeAllLDAPUsers(ctx.getLdapProvider(), appRealm); + + LDAPObject john = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), john, "Password1"); + + LDAPObject existing = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678"); + + appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); + + }); + } + + + +// @Test +// @Ignore +// public void runit() throws Exception { +// Thread.sleep(10000000); +// +// } + + /** + * KEYCLOAK-3986 + * + */ + @Test + public void testSyncRegistrationOff() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + ctx.getLdapModel().put(LDAPConstants.SYNC_REGISTRATIONS, "false"); + ctx.getRealm().updateComponent(ctx.getLdapModel()); + }); + + UserRepresentation newUser1 = AbstractAuthTest.createUserRepresentation("newUser1", "newUser1@email.cz", null, null, true); + Response resp = testRealm().users().create(newUser1); + String userId = ApiUtil.getCreatedId(resp); + resp.close(); + + testRealm().users().get(userId).toRepresentation(); + Assert.assertTrue(StorageId.isLocalStorage(userId)); + Assert.assertNull(newUser1.getFederationLink()); + + // Revert + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + ctx.getLdapModel().getConfig().putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); + ctx.getRealm().updateComponent(ctx.getLdapModel()); + }); + } + + + @Test + public void testRemoveImportedUsers() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + UserModel user = session.users().getUserByUsername("johnkeycloak", ctx.getRealm()); + Assert.assertEquals(ctx.getLdapModel().getId(), user.getFederationLink()); + }); + + adminClient.realm("test").userStorage().removeImportedUsers(ldapModelId); + + testingClient.server().run(session -> { + RealmManager manager = new RealmManager(session); + RealmModel appRealm = manager.getRealm("test"); + UserModel user = session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm); + Assert.assertNull(user); + }); + } + + // test name prefixed with zz to make sure it runs last as we are unlinking imported users + @Test + public void zzTestUnlinkUsers() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + UserModel user = session.users().getUserByUsername("johnkeycloak", ctx.getRealm()); + Assert.assertEquals(ctx.getLdapModel().getId(), user.getFederationLink()); + }); + + adminClient.realm("test").userStorage().unlink(ldapModelId); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + UserModel user = session.users().getUserByUsername("johnkeycloak", ctx.getRealm()); + Assert.assertNotNull(user); + Assert.assertNull(user.getFederationLink()); + }); + } + + @Test + public void caseInSensitiveImport() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + LDAPObject jbrown2 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "JBrown2", "John", "Brown2", "jbrown2@email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), jbrown2, "Password1"); + LDAPObject jbrown3 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "jbrown3", "John", "Brown3", "JBrown3@email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), jbrown3, "Password1"); + }); + + loginSuccessAndLogout("jbrown2", "Password1"); + loginSuccessAndLogout("JBrown2", "Password1"); + loginSuccessAndLogout("jbrown2@email.org", "Password1"); + loginSuccessAndLogout("JBrown2@email.org", "Password1"); + + loginSuccessAndLogout("jbrown3", "Password1"); + loginSuccessAndLogout("JBrown3", "Password1"); + loginSuccessAndLogout("jbrown3@email.org", "Password1"); + loginSuccessAndLogout("JBrown3@email.org", "Password1"); + } + + private void loginSuccessAndLogout(String username, String password) { + loginPage.open(); + loginPage.login(username, password); + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); + oauth.openLogout(); + } + + @Test + public void caseInsensitiveSearch() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + LDAPObject jbrown4 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "JBrown4", "John", "Brown4", "jbrown4@email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), jbrown4, "Password1"); + LDAPObject jbrown5 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "jbrown5", "John", "Brown5", "JBrown5@Email.org", null, "1234"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), jbrown5, "Password1"); + }); + + // search by username + List users = testRealm().users().search("JBROwn4", 0, 10); + UserRepresentation user4 = users.get(0); + Assert.assertEquals("jbrown4", user4.getUsername()); + Assert.assertEquals("jbrown4@email.org", user4.getEmail()); + + // search by email + users = testRealm().users().search("JBROwn5@eMAil.org", 0, 10); + Assert.assertEquals(1, users.size()); + UserRepresentation user5 = users.get(0); + Assert.assertEquals("jbrown5", user5.getUsername()); + Assert.assertEquals("jbrown5@email.org", user5.getEmail()); + } + + @Test + public void deleteFederationLink() throws Exception { + // KEYCLOAK-4789: Login in client, which requires consent + oauth.clientId("third-party"); + loginPage.open(); + loginPage.login("johnkeycloak", "Password1"); + + grantPage.assertCurrent(); + grantPage.accept(); + + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); + + ComponentRepresentation ldapRep = testRealm().components().component(ldapModelId).toRepresentation(); + testRealm().components().component(ldapModelId).remove(); + + // User not available once LDAP provider was removed + loginPage.open(); + loginPage.login("johnkeycloak", "Password1"); + loginPage.assertCurrent(); + + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + + // Re-add LDAP provider + Map cfg = getLDAPRule().getConfig(); + ldapModelId = testingClient.testing().ldap(TEST_REALM_NAME).createLDAPProvider(cfg, isImportEnabled()); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + LDAPTestUtils.addZipCodeLDAPMapper(ctx.getRealm(), ctx.getLdapModel()); + }); + + oauth.clientId("test-app"); + + loginLdap(); + + } + + @Test + public void loginClassic() { + loginPage.open(); + loginPage.login("marykeycloak", "password-app"); + + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); + + } + + @Test + public void loginLdap() { + loginPage.open(); + loginPage.login("johnkeycloak", "Password1"); + + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); + + profilePage.open(); + Assert.assertEquals("John", profilePage.getFirstName()); + Assert.assertEquals("Doe", profilePage.getLastName()); + Assert.assertEquals("john@email.org", profilePage.getEmail()); + } + + @Test + public void loginLdapWithDirectGrant() throws Exception { + OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", "Password1"); + Assert.assertEquals(200, response.getStatusCode()); + AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); + + response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", ""); + Assert.assertEquals(401, response.getStatusCode()); + } + + @Test + public void loginLdapWithEmail() { + loginPage.open(); + loginPage.login("john@email.org", "Password1"); + + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); + } + + @Test + public void loginLdapWithoutPassword() { + loginPage.open(); + loginPage.login("john@email.org", ""); + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + } + + @Test + public void passwordChangeLdap() throws Exception { + changePasswordPage.open(); + loginPage.login("johnkeycloak", "Password1"); + changePasswordPage.changePassword("Password1", "New-password1", "New-password1"); + + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + + changePasswordPage.logout(); + + loginPage.open(); + loginPage.login("johnkeycloak", "Bad-password1"); + Assert.assertEquals("Invalid username or password.", loginPage.getError()); + + loginPage.open(); + loginPage.login("johnkeycloak", "New-password1"); + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + // Change password back to previous value + changePasswordPage.open(); + changePasswordPage.changePassword("New-password1", "Password1", "Password1"); + Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); + } + + @Test + public void registerExistingLdapUser() { + loginPage.open(); + loginPage.clickRegister(); + registerPage.assertCurrent(); + + // check existing username + registerPage.register("firstName", "lastName", "email@mail.cz", "existing", "Password1", "Password1"); + registerPage.assertCurrent(); + Assert.assertEquals("Username already exists.", registerPage.getError()); + + // Check existing email + registerPage.register("firstName", "lastName", "existing@email.org", "nonExisting", "Password1", "Password1"); + registerPage.assertCurrent(); + Assert.assertEquals("Email already exists.", registerPage.getError()); + } + + + + // + // KEYCLOAK-4533 + // + @Test + public void testLDAPUserDeletionImport() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig(); + + // Make sure mary is gone + LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), ctx.getRealm(), config, "maryjane"); + + // Create the user in LDAP and register him + + LDAPObject mary = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "maryjane", "mary", "yram", "mj@testing.redhat.cz", null, "12398"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), mary, "Password1"); + + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig(); + + // Delete LDAP User + LDAPTestUtils.removeLDAPUserByUsername(ctx.getLdapProvider(), ctx.getRealm(), config, "maryjane"); + + // Make sure the deletion took place. + List deletedUsers = session.users().searchForUser("mary yram", ctx.getRealm()); + Assert.assertTrue(deletedUsers.isEmpty()); + + }); + } + + + @Test + public void registerUserLdapSuccess() { + loginPage.open(); + loginPage.clickRegister(); + registerPage.assertCurrent(); + + registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "Password1", "Password1"); + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + UserRepresentation user = ApiUtil.findUserByUsername(testRealm(),"registerUserSuccess2"); + Assert.assertNotNull(user); + assertFederatedUserLink(user); + Assert.assertEquals("registerusersuccess2", user.getUsername()); + Assert.assertEquals("firstName", user.getFirstName()); + Assert.assertEquals("lastName", user.getLastName()); + Assert.assertTrue(user.isEnabled()); + } + + + protected void assertFederatedUserLink(UserRepresentation user) { + Assert.assertTrue(StorageId.isLocalStorage(user.getId())); + Assert.assertNotNull(user.getFederationLink()); + Assert.assertEquals(user.getFederationLink(), ldapModelId); + } + + + @Test + public void testCaseSensitiveAttributeName() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(session, appRealm); + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPObject johnZip = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnzip", "John", "Zip", "johnzip@email.org", null, "12398"); + + // Remove default zipcode mapper and add the mapper for "POstalCode" to test case sensitivity + ComponentModel currentZipMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "zipCodeMapper"); + appRealm.removeComponent(currentZipMapper); + LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "zipCodeMapper-cs", "postal_code", "POstalCode"); + + // Fetch user from LDAP and check that postalCode is filled + UserModel user = session.users().getUserByUsername("johnzip", appRealm); + String postalCode = user.getFirstAttribute("postal_code"); + Assert.assertEquals("12398", postalCode); + + }); + } + + @Test + public void testCommaInUsername() { + Boolean skipTest = testingClient.server().fetch(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + boolean skip = false; + + // Workaround as comma is not allowed in sAMAccountName on active directory. So we will skip the test for this configuration + LDAPConfig config = ctx.getLdapProvider().getLdapIdentityStore().getConfig(); + if (config.isActiveDirectory() && config.getUsernameLdapAttribute().equals(LDAPConstants.SAM_ACCOUNT_NAME)) { + skip = true; + } + + if (!skip) { + LDAPObject johnComma = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "john,comma", "John", "Comma", "johncomma@email.org", null, "12387"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), johnComma, "Password1"); + + LDAPObject johnPlus = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "john+plus,comma", "John", "Plus", "johnplus@email.org", null, "12387"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), johnPlus, "Password1"); + } + + return skip; + + }, Boolean.class); + + if (!skipTest) { + // Try to import the user with comma in username into Keycloak + loginSuccessAndLogout("john,comma", "Password1"); + loginSuccessAndLogout("john+plus,comma", "Password1"); + } + } + + + // TODO: Rather separate test class for fullNameMapper to better test all the possibilities + @Test + public void testFullNameMapper() { + + ComponentRepresentation firstNameMapperRep = testingClient.server().fetch(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + // assert that user "fullnameUser" is not in local DB + Assert.assertNull(session.users().getUserByUsername("fullname", appRealm)); + + // Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName) + ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(session, appRealm); + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", null, "4578"); + + // add fullname mapper to the provider and remove "firstNameMapper". For this test, we will simply map full name to the LDAP attribute, which was before firstName ( "givenName" on active directory, "cn" on other LDAP servers) + ComponentModel firstNameMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "first name"); + String ldapFirstNameAttributeName = firstNameMapper.getConfig().getFirst(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE); + appRealm.removeComponent(firstNameMapper); + + ComponentRepresentation firstNameMapperRepp = ModelToRepresentation.toRepresentation(session, firstNameMapper, true); + + ComponentModel fullNameMapperModel = KeycloakModelUtils.createComponentModel("full name", ldapModel.getId(), FullNameLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), + FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE, ldapFirstNameAttributeName, + FullNameLDAPStorageMapper.READ_ONLY, "false"); + appRealm.addComponentModel(fullNameMapperModel); + + return firstNameMapperRepp; + }, ComponentRepresentation.class); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName + LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578"); + }); + + // Assert user will be changed in LDAP too + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); + fullnameUser.setFirstName("James2"); + fullnameUser.setLastName("Dee2"); + }); + + + // Assert changed user available in Keycloak + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName + LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", "James2", "Dee2", "fullname@email.org", "4578"); + + // Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state + UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); + session.users().removeUser(appRealm, fullnameUser); + + // Revert mappers + ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "full name"); + appRealm.removeComponent(fullNameMapperModel); + }); + + firstNameMapperRep.setId(null); + Response response = testRealm().components().add(firstNameMapperRep); + Assert.assertEquals(201, response.getStatus()); + response.close(); + } + + + @Test + public void testHardcodedAttributeMapperTest() throws Exception { + // Create hardcoded mapper for "description" + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcodedAttr-description", ctx.getLdapModel().getId(), HardcodedLDAPAttributeMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), + HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_NAME, "description", + HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_VALUE, "some-${RANDOM}"); + ctx.getRealm().addComponentModel(hardcodedMapperModel); + }); + + // Register new user + loginPage.open(); + loginPage.clickRegister(); + registerPage.assertCurrent(); + + registerPage.register("firstName", "lastName", "email34@check.cz", "register123", "Password1", "Password1"); + Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + // See that user don't yet have any description + UserModel user = LDAPTestAsserts.assertUserImported(session.users(), appRealm, "register123", "firstName", "lastName", "email34@check.cz", null); + Assert.assertNull(user.getFirstAttribute("desc")); + Assert.assertNull(user.getFirstAttribute("description")); + + // Remove hardcoded mapper for "description" and create regular userAttribute mapper for description + ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "hardcodedAttr-description"); + appRealm.removeComponent(hardcodedMapperModel); + + ComponentModel userAttrMapper = LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "desc-attribute-mapper", "desc", "description"); + userAttrMapper.put(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "true"); + appRealm.updateComponent(userAttrMapper); + }); + + // Check that user has description on him now + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + session.userCache().evict(appRealm, session.users().getUserByUsername("register123", appRealm)); + + // See that user don't yet have any description + UserModel user = session.users().getUserByUsername("register123", appRealm); + Assert.assertNull(user.getFirstAttribute("description")); + Assert.assertNotNull(user.getFirstAttribute("desc")); + String desc = user.getFirstAttribute("desc"); + Assert.assertTrue(desc.startsWith("some-")); + Assert.assertEquals(35, desc.length()); + + // Remove mapper for "description" + ComponentModel userAttrMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "desc-attribute-mapper"); + appRealm.removeComponent(userAttrMapper); + }); + } + + + @Test + public void testHardcodedRoleMapper() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + RoleModel hardcodedRole = appRealm.addRole("hardcoded-role"); + + // assert that user "johnkeycloak" doesn't have hardcoded role + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); + Assert.assertFalse(john.hasRole(hardcodedRole)); + + ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded role", ctx.getLdapModel().getId(), + HardcodedLDAPRoleStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), + HardcodedLDAPRoleStorageMapper.ROLE, "hardcoded-role"); + appRealm.addComponentModel(hardcodedMapperModel); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + RoleModel hardcodedRole = appRealm.getRole("hardcoded-role"); + + // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); + Assert.assertTrue(john.hasRole(hardcodedRole)); + + // Can't remove user from hardcoded role + try { + john.deleteRoleMapping(hardcodedRole); + Assert.fail("Didn't expected to remove role mapping"); + } catch (ModelException expected) { + } + + // Revert mappers + ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "hardcoded role"); + appRealm.removeComponent(hardcodedMapperModel); + }); + } + + @Test + public void testHardcodedGroupMapper() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + GroupModel hardcodedGroup = appRealm.createGroup("hardcoded-group", "hardcoded-group"); + + // assert that user "johnkeycloak" doesn't have hardcoded group + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); + Assert.assertFalse(john.isMemberOf(hardcodedGroup)); + + ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded group", + ctx.getLdapModel().getId(), HardcodedLDAPGroupStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), + HardcodedLDAPGroupStorageMapper.GROUP, "hardcoded-group"); + appRealm.addComponentModel(hardcodedMapperModel); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + GroupModel hardcodedGroup = appRealm.getGroupById("hardcoded-group"); + + // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); + Assert.assertTrue(john.isMemberOf(hardcodedGroup)); + + // Can't remove user from hardcoded role + try { + john.leaveGroup(hardcodedGroup); + Assert.fail("Didn't expected to leave group"); + } catch (ModelException expected) { + } + + // Revert mappers + ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "hardcoded group"); + appRealm.removeComponent(hardcodedMapperModel); + }); + } + + @Test + public void testImportExistingUserFromLDAP() throws Exception { + // Add LDAP user with same email like existing model user + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "marykeycloak", "Mary1", "Kelly1", "mary1@email.org", null, "123"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "mary-duplicatemail", "Mary2", "Kelly2", "mary@test.com", null, "123"); + LDAPObject marynoemail = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "marynoemail", "Mary1", "Kelly1", null, null, "123"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), marynoemail, "Password1"); + }); + + + // Try to import the duplicated LDAP user into Keycloak + loginPage.open(); + loginPage.login("mary-duplicatemail", "password"); + Assert.assertEquals("Email already exists.", loginPage.getError()); + + loginPage.login("mary1@email.org", "password"); + Assert.assertEquals("Username already exists.", loginPage.getError()); + + loginSuccessAndLogout("marynoemail", "Password1"); + } + + @Test + public void testReadonly() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString()); + appRealm.updateComponent(ctx.getLdapModel()); + }); + + UserRepresentation userRep = ApiUtil.findUserByUsername(testRealm(), "johnkeycloak"); + assertFederatedUserLink(userRep); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); + Assert.assertNotNull(user); + try { + user.setEmail("error@error.com"); + Assert.fail("should fail"); + } catch (ReadOnlyException e) { + + } + try { + user.setLastName("Berk"); + Assert.fail("should fail"); + } catch (ReadOnlyException e) { + + } + try { + user.setFirstName("Bilbo"); + Assert.fail("should fail"); + } catch (ReadOnlyException e) { + + } + try { + UserCredentialModel cred = UserCredentialModel.password("PoopyPoop1", true); + session.userCredentialManager().updateCredential(appRealm, user, cred); + Assert.fail("should fail"); + } catch (ReadOnlyException e) { + + } + + Assert.assertTrue(session.users().removeUser(appRealm, user)); + }); + + // Revert + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().put(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); + appRealm.updateComponent(ctx.getLdapModel()); + + Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), + appRealm.getComponent(ctx.getLdapModel().getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE)); + }); + } + + @Test + public void testRemoveFederatedUser() { + UserRepresentation user = ApiUtil.findUserByUsername(testRealm(), "registerusersuccess2"); + + // Case when this test was executed "alone" (User "registerusersuccess2" is registered inside registerUserLdapSuccess) + if (user == null) { + registerUserLdapSuccess(); + user = ApiUtil.findUserByUsername(testRealm(), "registerusersuccess2"); + } + + assertFederatedUserLink(user); + testRealm().users().get(user.getId()).remove(); + user = ApiUtil.findUserByUsername(testRealm(), "registerusersuccess2"); + Assert.assertNull(user); + } + + @Test + public void testSearch() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username1", "John1", "Doel1", "user1@email.org", null, "121"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username2", "John2", "Doel2", "user2@email.org", null, "122"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username3", "John3", "Doel3", "user3@email.org", null, "123"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username4", "John4", "Doel4", "user4@email.org", null, "124"); + + // Users are not at local store at this moment + Assert.assertNull(session.userLocalStorage().getUserByUsername("username1", appRealm)); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username2", appRealm)); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username3", appRealm)); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username4", appRealm)); + + // search by username + session.users().searchForUser("username1", appRealm); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username1", "John1", "Doel1", "user1@email.org", "121"); + + // search by email + session.users().searchForUser("user2@email.org", appRealm); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username2", "John2", "Doel2", "user2@email.org", "122"); + + // search by lastName + session.users().searchForUser("Doel3", appRealm); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username3", "John3", "Doel3", "user3@email.org", "123"); + + // search by firstName + lastName + session.users().searchForUser("John4 Doel4", appRealm); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username4", "John4", "Doel4", "user4@email.org", "124"); + }); + } + + @Test + public void testSearchWithCustomLDAPFilter() { + // Add custom filter for searching users + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))"); + appRealm.updateComponent(ctx.getLdapModel()); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username5", "John5", "Doel5", "user5@email.org", null, "125"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username6", "John6", "Doel6", "user6@email.org", null, "126"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username7", "John7", "Doel7", "user7@email.org", null, "127"); + + // search by email + List list = session.users().searchForUser("user5@email.org", appRealm); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username5", "John5", "Doel5", "user5@email.org", "125"); + + session.users().searchForUser("John6 Doel6", appRealm); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username6", "John6", "Doel6", "user6@email.org", "126"); + + session.users().searchForUser("user7@email.org", appRealm); + session.users().searchForUser("John7 Doel7", appRealm); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username7", appRealm)); + + // Remove custom filter + ctx.getLdapModel().getConfig().remove(LDAPConstants.CUSTOM_USER_SEARCH_FILTER); + appRealm.updateComponent(ctx.getLdapModel()); + }); + } + + @Test + public void testUnsynced() throws Exception { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserStorageProviderModel model = new UserStorageProviderModel(ctx.getLdapModel()); + model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString()); + appRealm.updateComponent(model); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); + Assert.assertNotNull(user); + Assert.assertNotNull(user.getFederationLink()); + Assert.assertEquals(user.getFederationLink(), ctx.getLdapModel().getId()); + + UserCredentialModel cred = UserCredentialModel.password("Candycand1", true); + session.userCredentialManager().updateCredential(appRealm, user, cred); + CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByType(appRealm, user, CredentialModel.PASSWORD).get(0); + Assert.assertEquals(UserCredentialModel.PASSWORD, userCredentialValueModel.getType()); + Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred)); + + // LDAP password is still unchanged + try { + LDAPObject ldapUser = ctx.getLdapProvider().loadLDAPUserByUsername(appRealm, "johnkeycloak"); + ctx.getLdapProvider().getLdapIdentityStore().validatePassword(ldapUser, "Password1"); + } catch (AuthenticationException ex) { + throw new RuntimeException(ex); + } + + // User is deleted just locally + Assert.assertTrue(session.users().removeUser(appRealm, user)); + + // Assert user not available locally, but will be reimported from LDAP once searched + Assert.assertNull(session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm)); + Assert.assertNotNull(session.users().getUserByUsername("johnkeycloak", appRealm)); + }); + + // Revert + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); + + appRealm.updateComponent(ctx.getLdapModel()); + + Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ctx.getLdapModel().getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE)); + }); + } + + + @Test + public void testSearchByAttributes() { + testingClient.server().run(session -> { + final String ATTRIBUTE = "postal_code"; + final String ATTRIBUTE_VALUE = "80330340"; + + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username8", "John8", "Doel8", "user8@email.org", null, ATTRIBUTE_VALUE); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username9", "John9", "Doel9", "user9@email.org", null, ATTRIBUTE_VALUE); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username10", "John10", "Doel10", "user10@email.org", null, "1210"); + + // Users are not at local store at this moment + Assert.assertNull(session.userLocalStorage().getUserByUsername("username8", appRealm)); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username9", appRealm)); + Assert.assertNull(session.userLocalStorage().getUserByUsername("username10", appRealm)); + + // search for user by attribute + List users = ctx.getLdapProvider().searchForUserByUserAttribute(ATTRIBUTE, ATTRIBUTE_VALUE, appRealm); + assertEquals(2, users.size()); + assertNotNull(users.get(0).getAttribute(ATTRIBUTE)); + assertEquals(1, users.get(0).getAttribute(ATTRIBUTE).size()); + assertEquals(ATTRIBUTE_VALUE, users.get(0).getAttribute(ATTRIBUTE).get(0)); + + assertNotNull(users.get(1).getAttribute(ATTRIBUTE)); + assertEquals(1, users.get(1).getAttribute(ATTRIBUTE).size()); + assertEquals(ATTRIBUTE_VALUE, users.get(1).getAttribute(ATTRIBUTE).get(0)); + + // user are now imported to local store + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username8", "John8", "Doel8", "user8@email.org", ATTRIBUTE_VALUE); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), appRealm, "username9", "John9", "Doel9", "user9@email.org", ATTRIBUTE_VALUE); + // but the one not looked up is not + Assert.assertNull(session.userLocalStorage().getUserByUsername("username10", appRealm)); + + }); + } + + @Test + public void testLDAPUserRefreshCache() { + testingClient.server().run(session -> { + session.userCache().clear(); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); + LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "1234"); + + // Fetch user from LDAP and check that postalCode is filled + UserModel user = session.users().getUserByUsername("johndirect", appRealm); + String postalCode = user.getFirstAttribute("postal_code"); + Assert.assertEquals("1234", postalCode); + + LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, ldapProvider.getLdapIdentityStore().getConfig(), "johndirect"); + }); + + setTimeOffset(60 * 5); // 5 minutes in future, user should be cached still + + testingClient.server().run(session -> { + RealmModel appRealm = new RealmManager(session).getRealmByName("test"); + CachedUserModel user = (CachedUserModel) session.users().getUserByUsername("johndirect", appRealm); + String postalCode = user.getFirstAttribute("postal_code"); + String email = user.getEmail(); + Assert.assertEquals("1234", postalCode); + Assert.assertEquals("johndirect@email.org", email); + }); + + setTimeOffset(60 * 20); // 20 minutes into future, cache will be invalidated + + testingClient.server().run(session -> { + RealmModel appRealm = new RealmManager(session).getRealmByName("test"); + UserModel user = session.users().getUserByUsername("johndirect", appRealm); + Assert.assertNull(user); + }); + + setTimeOffset(0); + } + + @Test + public void testCacheUser() { + String userId = testingClient.server().fetch(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + ctx.getLdapModel().setCachePolicy(UserStorageProviderModel.CachePolicy.NO_CACHE); + ctx.getRealm().updateComponent(ctx.getLdapModel()); + + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "testCacheUser", "John", "Cached", "johndirect@test.com", null, "1234"); + + // Fetch user from LDAP and check that postalCode is filled + UserModel testedUser = session.users().getUserByUsername("testCacheUser", ctx.getRealm()); + + String usserId = testedUser.getId(); + Assert.assertNotNull(usserId); + Assert.assertFalse(usserId.isEmpty()); + + return usserId; + }, String.class); + + testingClient.server().run(session -> { + + RealmModel appRealm = session.realms().getRealmByName(TEST_REALM_NAME); + UserModel testedUser = session.users().getUserById(userId, appRealm); + Assert.assertFalse(testedUser instanceof CachedUserModel); + }); + + // restore default cache policy + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + ctx.getLdapModel().setCachePolicy(UserStorageProviderModel.CachePolicy.MAX_LIFESPAN); + ctx.getLdapModel().setMaxLifespan(600000); // Lifetime is 10 minutes + ctx.getRealm().updateComponent(ctx.getLdapModel()); + }); + + + testingClient.server().run(session -> { + RealmModel appRealm = session.realms().getRealmByName(TEST_REALM_NAME); + UserModel testedUser = session.users().getUserById(userId, appRealm); + Assert.assertTrue(testedUser instanceof CachedUserModel); + }); + + setTimeOffset(60 * 5); // 5 minutes in future, should be cached still + testingClient.server().run(session -> { + RealmModel appRealm = session.realms().getRealmByName(TEST_REALM_NAME); + UserModel testedUser = session.users().getUserById(userId, appRealm); + Assert.assertTrue(testedUser instanceof CachedUserModel); + }); + + setTimeOffset(60 * 10); // 10 minutes into future, cache will be invalidated + testingClient.server().run(session -> { + RealmModel appRealm = session.realms().getRealmByName(TEST_REALM_NAME); + UserModel testedUser = session.users().getUserByUsername("thor", appRealm); + Assert.assertFalse(testedUser instanceof CachedUserModel); + }); + + setTimeOffset(0); + } +} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPRoleMappingsTest.java similarity index 68% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPRoleMappingsTest.java index 278986db1e6..a4cab153f6e 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPRoleMappingsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPRoleMappingsTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,85 +15,89 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.federation.ldap; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.ClassRule; import org.junit.FixMethodOrder; -import org.junit.Rule; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; -import org.keycloak.models.GroupModel; -import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.models.ModelException; +import org.keycloak.representations.idm.ComponentRepresentation; import org.keycloak.services.managers.UserStorageSyncManager; -import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; import org.keycloak.models.AccountRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; -import org.keycloak.models.ModelException; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper; -import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper; import org.keycloak.storage.ldap.mappers.membership.role.RoleMapperConfig; import org.keycloak.storage.user.SynchronizationResult; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; import java.util.Set; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; + /** * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPRoleMappingsTest { - - private static LDAPRule ldapRule = new LDAPRule(); - - private static ComponentModel ldapModel = null; - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app"); - - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.remove(LDAPConstants.PAGINATION); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - model.setImportEnabled(true); +public class LDAPRoleMappingsTest extends AbstractLDAPTest { - ldapModel = appRealm.addComponentModel(model); + @ClassRule + public static LDAPRule ldapRule = new LDAPRule(); + + + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } + + + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + + @Override + protected void afterImportTestRealm() { + // Disable pagination + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().put(LDAPConstants.PAGINATION, "false"); + appRealm.updateComponent(ctx.getLdapModel()); + + }); + + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + UserStorageProviderModel ldapModel = ctx.getLdapModel(); + + LDAPTestUtils.addLocalUser(session, appRealm, "mary", "mary@test.com", "password-app"); // Delete all LDAP users LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); @@ -104,8 +108,8 @@ public class LDAPRoleMappingsTest { // Delete all LDAP roles LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY); - LDAPTestUtils.removeAllLDAPRoles(manager.getSession(), appRealm, ldapModel, "realmRolesMapper"); - LDAPTestUtils.removeAllLDAPRoles(manager.getSession(), appRealm, ldapModel, "financeRolesMapper"); + LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "realmRolesMapper"); + LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "financeRolesMapper"); // Add some users for testing LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); @@ -118,42 +122,26 @@ public class LDAPRoleMappingsTest { LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1"); // Add some roles for testing - LDAPTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "realmRolesMapper", "realmRole1"); - LDAPTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "realmRolesMapper", "realmRole2"); - LDAPTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "financeRolesMapper", "financeRole1"); + LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole1"); + LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole2"); + LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "financeRolesMapper", "financeRole1"); // Sync LDAP roles to Keycloak DB LDAPTestUtils.syncRolesFromLDAP(appRealm, ldapFedProvider, ldapModel); - } - }); + }); - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - @Rule - public WebRule webRule = new WebRule(this); + } - @WebResource - protected OAuthClient oauth; - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected LoginPage loginPage; @Test public void test01_ldapOnlyRoleMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY); + LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY); UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); @@ -234,18 +222,17 @@ public class LDAPRoleMappingsTest { mary.deleteRoleMapping(realmRole2); mary.deleteRoleMapping(realmRole3); john.grantRole(manageAccountRole); - } finally { - keycloakRule.stopSession(session, false); - } + }); } + @Test public void test02_readOnlyRoleMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.READ_ONLY); + LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.READ_ONLY); UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); @@ -257,8 +244,8 @@ public class LDAPRoleMappingsTest { } // Add some role mappings directly into LDAP - ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm); LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak"); @@ -291,13 +278,12 @@ public class LDAPRoleMappingsTest { // Delete role mappings directly in LDAP deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole1"); deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole2"); - } finally { - keycloakRule.stopSession(session, false); - } + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); // Assert role mappings is not available @@ -305,22 +291,21 @@ public class LDAPRoleMappingsTest { Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole1"))); Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole2"))); Assert.assertFalse(maryRoles.contains(appRealm.getRole("realmRole3"))); - } finally { - keycloakRule.stopSession(session, false); - } + }); } + @Test public void test03_importRoleMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.IMPORT); + LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.IMPORT); // Add some role mappings directly in LDAP - ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm); LDAPObject robLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "robkeycloak"); @@ -360,54 +345,53 @@ public class LDAPRoleMappingsTest { Assert.assertFalse(robRoles.contains(realmRole1)); Assert.assertFalse(robRoles.contains(realmRole2)); Assert.assertFalse(robRoles.contains(realmRole3)); - } finally { - keycloakRule.stopSession(session, false); - } + }); } - private void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObject ldapUser, String roleName) { + + private static void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObject ldapUser, String roleName) { LDAPObject ldapRole1 = roleMapper.loadLDAPRoleByName(roleName); roleMapper.deleteRoleMappingInLDAP(ldapUser, ldapRole1); } + /** * KEYCLOAK-5698 */ @Test public void test04_syncRoleMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); LDAPObject john = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johnrolemapper", "John", "RoleMapper", "johnrolemapper@email.org", null, "1234"); LDAPTestUtils.updateLDAPPassword(ldapProvider, john, "Password1"); - LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY); + LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY); UserStorageSyncManager usersSyncManager = new UserStorageSyncManager(); - SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ldapModel)); + SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), + appRealm.getId(), new UserStorageProviderModel(ctx.getLdapModel())); syncResult.getAdded(); - } finally { - keycloakRule.stopSession(session, true); - } + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - session = keycloakRule.startSession(); - try { // make sure user is cached. - RealmModel appRealm = session.realms().getRealmByName("test"); UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm); Assert.assertNotNull(johnRoleMapper); Assert.assertEquals(0, johnRoleMapper.getRealmRoleMappings().size()); - } finally { - keycloakRule.stopSession(session, true); - } + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); // Add some role mappings directly in LDAP - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); + ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper"); RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm); LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper"); @@ -422,19 +406,15 @@ public class LDAPRoleMappingsTest { Set johnRoles = johnRoleMapper.getRealmRoleMappings(); Assert.assertFalse(johnRoles.contains(realmRole1)); Assert.assertFalse(johnRoles.contains(realmRole2)); + }); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); // Add some role mappings directly in LDAP - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); + ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper"); RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm); LDAPObject johnLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "johnrolemapper"); @@ -442,14 +422,14 @@ public class LDAPRoleMappingsTest { roleMapper.addRoleMappingInLDAP("realmRole2", johnLdap); UserStorageSyncManager usersSyncManager = new UserStorageSyncManager(); - SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), appRealm.getId(), new UserStorageProviderModel(ldapModel)); - } finally { - keycloakRule.stopSession(session, true); - } + SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(session.getKeycloakSessionFactory(), + appRealm.getId(), new UserStorageProviderModel(ctx.getLdapModel())); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); // Get user and check that he has requested roles from LDAP UserModel johnRoleMapper = session.users().getUserByUsername("johnrolemapper", appRealm); RoleModel realmRole1 = appRealm.getRole("realmRole1"); @@ -458,12 +438,7 @@ public class LDAPRoleMappingsTest { Set johnRoles = johnRoleMapper.getRealmRoleMappings(); Assert.assertTrue(johnRoles.contains(realmRole1)); Assert.assertTrue(johnRoles.contains(realmRole2)); - - - - } finally { - keycloakRule.stopSession(session, true); - } + }); } @@ -473,38 +448,37 @@ public class LDAPRoleMappingsTest { // just because it's available on all the LDAP servers @Test public void test05_getRolesFromUserMemberOfStrategyTest() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - MultivaluedHashMap oldRoleMapperCfg; - try { - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - RealmModel appRealm = session.realms().getRealmByName("test"); + ComponentRepresentation realmRoleMapper = findMapperRepByName("realmRolesMapper"); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); // Create street attribute mapper - LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "streetMapper", "street", LDAPConstants.STREET); + LDAPTestUtils.addUserAttributeMapper(appRealm, ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET); // Find DN of "group1" - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "realmRolesMapper"); - oldRoleMapperCfg = new MultivaluedHashMap<>(mapperModel.getConfig()); - RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(mapperModel, ldapProvider, appRealm); + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper"); + RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(mapperModel, ctx.getLdapProvider(), appRealm); LDAPObject ldapRole = roleMapper.loadLDAPRoleByName("realmRole1"); String ldapRoleDN = ldapRole.getDn().toString(); // Create new user in LDAP. Add him some "street" referencing existing LDAP Group - LDAPObject carlos = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "carloskeycloak", "Carlos", "Doel", "carlos.doel@email.org", ldapRoleDN, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapProvider, carlos, "Password1"); + LDAPObject carlos = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "carloskeycloak", "Carlos", "Doel", "carlos.doel@email.org", ldapRoleDN, "1234"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), carlos, "Password1"); // Update group mapper LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, RoleMapperConfig.USER_ROLES_RETRIEVE_STRATEGY, RoleMapperConfig.GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE, RoleMapperConfig.MEMBEROF_LDAP_ATTRIBUTE, LDAPConstants.STREET); appRealm.updateComponent(mapperModel); - } finally { - keycloakRule.stopSession(session, true); - } + }); - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + ComponentRepresentation streetMapper = findMapperRepByName("streetMapper"); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); // Get user in Keycloak. Ensure that he is member of requested group UserModel carlos = session.users().getUserByUsername("carloskeycloak", appRealm); @@ -515,26 +489,20 @@ public class LDAPRoleMappingsTest { Assert.assertTrue(carlosRoles.contains(realmRole1)); Assert.assertFalse(carlosRoles.contains(realmRole2)); + }); - // Revert mappers - ComponentModel streetMapper = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "streetMapper"); - appRealm.removeComponent(streetMapper); - - ComponentModel roleMapper = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "realmRolesMapper"); - roleMapper.setConfig(oldRoleMapperCfg); - appRealm.updateComponent(roleMapper); - } finally { - keycloakRule.stopSession(session, true); - } + // Revert mappers + testRealm().components().component(streetMapper.getId()).remove(); + testRealm().components().component(realmRoleMapper.getId()).remove(); + realmRoleMapper.setId(null); + testRealm().components().add(realmRoleMapper); } @Test public void test06_newUserDefaultRolesImportModeTest() throws Exception { - - // Check user group memberships - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); // Set a default role on the realm appRealm.addDefaultRole("realmRole1"); @@ -552,8 +520,6 @@ public class LDAPRoleMappingsTest { Assert.assertTrue(davidRoles.contains(defaultRole)); Assert.assertFalse(davidRoles.contains(realmRole2)); - } finally { - keycloakRule.stopSession(session, true); - } + }); } } diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSpecialCharsTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java similarity index 59% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSpecialCharsTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java index 8d31030f6a4..68ba17a580c 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSpecialCharsTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSpecialCharsTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,128 +15,96 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap; +package org.keycloak.testsuite.federation.ldap; import java.util.List; -import java.util.Map; import java.util.Set; -import org.junit.After; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; -import org.junit.Before; import org.junit.ClassRule; import org.junit.FixMethodOrder; -import org.junit.Rule; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; import org.keycloak.OAuth2Constants; -import org.keycloak.admin.client.Keycloak; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; -import org.keycloak.models.Constants; import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; import org.keycloak.models.RealmModel; import org.keycloak.models.UserModel; import org.keycloak.models.utils.KeycloakModelUtils; import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.storage.ldap.LDAPStorageProvider; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; -import org.keycloak.testsuite.OAuthClient; import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestConfiguration; +import org.keycloak.testsuite.util.LDAPTestUtils; -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER; -import static org.keycloak.models.AdminRoles.ADMIN; -import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; +import static org.keycloak.testsuite.util.LDAPTestUtils.getGroupDescriptionLDAPAttrName; /** * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPSpecialCharsTest { +public class LDAPSpecialCharsTest extends AbstractLDAPTest { // Skip this test for MSAD with sAMAccountName as it is not allowed to use specialCharacters in sAMAccountName attribute - private static LDAPRule ldapRule = new LDAPRule((Map ldapConfig) -> { - - String vendor = ldapConfig.get(LDAPConstants.VENDOR); - String usernameAttr = ldapConfig.get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); - - return (vendor.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY) && usernameAttr.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)); - - }); - - static ComponentModel ldapModel = null; - static String descriptionAttrName = null; - - - private static KeycloakRule keycloakRule = new KeycloakRule(new LDAPGroupMapperTest.GroupTestKeycloakSetup(ldapRule) { - - @Override - protected void postSetup(RealmModel appRealm, LDAPStorageProvider ldapProvider) { - LDAPSpecialCharsTest.ldapModel = this.ldapModel; - LDAPSpecialCharsTest.descriptionAttrName = this.descriptionAttrName; - - LDAPObject groupSpecialCharacters = LDAPTestUtils.createLDAPGroup(session, appRealm, ldapModel, "group-spec,ia*l_characžter)s", descriptionAttrName, "group-special-characters"); - - // Resync LDAP groups to Keycloak DB - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "groupsMapper"); - new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm); - - LDAPObject james2 = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "jamees,key*cložak)ppp", "James2", "Brown2", "james2@email.org", null, "89102"); - LDAPTestUtils.updateLDAPPassword(ldapProvider, james2, "Password1"); - } - - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); + public static LDAPRule ldapRule = new LDAPRule() + .assumeTrue((LDAPTestConfiguration ldapConfig) -> { + + String vendor = ldapConfig.getLDAPConfig().get(LDAPConstants.VENDOR); + String usernameAttr = ldapConfig.getLDAPConfig().get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); + + boolean skip = (vendor.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY) && usernameAttr.equalsIgnoreCase(LDAPConstants.SAM_ACCOUNT_NAME)); + return !skip; + + }); - protected Keycloak adminClient; - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected LoginPage loginPage; - - - @Before - public void before() { - adminClient = Keycloak.getInstance(AUTH_SERVER_ROOT, MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID); + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); } - @After - public void after() { - adminClient.close(); + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + + @Override + protected void afterImportTestRealm() { + testingClient.testing().ldap(TEST_REALM_NAME).prepareGroupsLDAPTest(); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + String descriptionAttrName = getGroupDescriptionLDAPAttrName(ctx.getLdapProvider()); + + LDAPObject groupSpecialCharacters = LDAPTestUtils.createLDAPGroup(session, appRealm, ctx.getLdapModel(), "group-spec,ia*l_characžter)s", descriptionAttrName, "group-special-characters"); + + // Resync LDAP groups to Keycloak DB + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); + new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm); + + LDAPObject james2 = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "jamees,key*cložak)ppp", "James2", "Brown2", "james2@email.org", null, "89102"); + LDAPTestUtils.updateLDAPPassword(ctx.getLdapProvider(), james2, "Password1"); + }); } @@ -149,6 +117,7 @@ public class LDAPSpecialCharsTest { assertContainsUsername(users, "johnkeycloak"); } + private void assertContainsUsername(List users, String username) { boolean found = users.stream().filter((UserRepresentation user) -> { @@ -182,11 +151,11 @@ public class LDAPSpecialCharsTest { @Test public void test03_specialCharUserJoiningSpecialCharGroup() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); + ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "groupsMapper"); LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString()); appRealm.updateComponent(mapperModel); @@ -201,13 +170,13 @@ public class LDAPSpecialCharsTest { specialUser.joinGroup(specialGroup); - // 3 - Check that group mappings are in LDAP and hence available through federation + // 2 - Check that group mappings are in LDAP and hence available through federation Set userGroups = specialUser.getGroups(); Assert.assertEquals(1, userGroups.size()); Assert.assertTrue(userGroups.contains(specialGroup)); - // 4 - Check through userProvider + // 3 - Check through userProvider List groupMembers = session.users().getGroupMembers(appRealm, specialGroup, 0, 10); Assert.assertEquals(1, groupMembers.size()); @@ -220,9 +189,7 @@ public class LDAPSpecialCharsTest { userGroups = specialUser.getGroups(); Assert.assertEquals(0, userGroups.size()); - } finally { - keycloakRule.stopSession(session, false); - } + }); } } diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSyncTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSyncTest.java new file mode 100755 index 00000000000..c48507b7b69 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPSyncTest.java @@ -0,0 +1,358 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; +import org.junit.Assert; +import org.junit.ClassRule; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.admin.client.resource.UserResource; +import org.keycloak.component.ComponentModel; +import org.keycloak.representations.idm.ComponentRepresentation; +import org.keycloak.services.managers.UserStorageSyncManager; +import org.keycloak.storage.ldap.idm.model.LDAPObject; +import org.keycloak.models.KeycloakSessionFactory; +import org.keycloak.models.LDAPConstants; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.UserProvider; +import org.keycloak.models.cache.UserCache; +import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.LDAPStorageProviderFactory; +import org.keycloak.storage.user.SynchronizationResult; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; +import org.keycloak.testsuite.util.WaitUtils; + +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; + +/** + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPSyncTest extends AbstractLDAPTest { + + @ClassRule + public static LDAPRule ldapRule = new LDAPRule(); + + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap"); + } + + + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + @Override + protected void afterImportTestRealm() { + // Don't sync registrations in this test + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(session, appRealm); + ldapModel.put(LDAPConstants.SYNC_REGISTRATIONS, "false"); + appRealm.updateComponent(ldapModel); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLocalUser(session, appRealm, "marykeycloak", "mary@test.com", "password-app"); + + ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(session, appRealm); + + LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); + + // Delete all LDAP users and add 5 new users for testing + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); + + for (int i=1 ; i<=5 ; i++) { + LDAPObject ldapUser = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "user" + i, "User" + i + "FN", "User" + i + "LN", "user" + i + "@email.org", null, "12" + i); + LDAPTestUtils.updateLDAPPassword(ldapFedProvider, ldapUser, "Password1"); + } + + }); + } + + +// @Test +// public void test01runit() throws Exception { +// Thread.sleep(10000000); +// } + + @Test + public void test01LDAPSync() { + // wait a bit + WaitUtils.pause(ldapRule.getSleepTime()); + + // Sync 5 users from LDAP + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + UserStorageSyncManager usersSyncManager = new UserStorageSyncManager(); + KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); + SynchronizationResult syncResult = usersSyncManager.syncAllUsers(sessionFactory, "test", ctx.getLdapModel()); + LDAPTestAsserts.assertSyncEquals(syncResult, 5, 0, 0, 0); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel testRealm = ctx.getRealm(); + UserProvider userProvider = session.userLocalStorage(); + + // Assert users imported + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user1", "User1FN", "User1LN", "user1@email.org", "121"); + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user2", "User2FN", "User2LN", "user2@email.org", "122"); + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user3", "User3FN", "User3LN", "user3@email.org", "123"); + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user4", "User4FN", "User4LN", "user4@email.org", "124"); + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125"); + + // Assert lastSync time updated + Assert.assertTrue(ctx.getLdapModel().getLastSync() > 0); + for (UserStorageProviderModel persistentFedModel : testRealm.getUserStorageProviders()) { + if (LDAPStorageProviderFactory.PROVIDER_NAME.equals(persistentFedModel.getProviderId())) { + Assert.assertTrue(persistentFedModel.getLastSync() > 0); + } else { + // Dummy provider has still 0 + Assert.assertEquals(0, persistentFedModel.getLastSync()); + } + } + }); + + // wait a bit + WaitUtils.pause(ldapRule.getSleepTime()); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel testRealm = ctx.getRealm(); + UserProvider userProvider = session.userLocalStorage(); + UserStorageSyncManager usersSyncManager = new UserStorageSyncManager(); + + // Add user to LDAP and update 'user5' in LDAP + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), testRealm, "user6", "User6FN", "User6LN", "user6@email.org", null, "126"); + LDAPObject ldapUser5 = ctx.getLdapProvider().loadLDAPUserByUsername(testRealm, "user5"); + // NOTE: Changing LDAP attributes directly here + ldapUser5.setSingleAttribute(LDAPConstants.EMAIL, "user5Updated@email.org"); + ldapUser5.setSingleAttribute(LDAPConstants.POSTAL_CODE, "521"); + ctx.getLdapProvider().getLdapIdentityStore().update(ldapUser5); + + // Assert still old users in local provider + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125"); + Assert.assertNull(userProvider.getUserByUsername("user6", testRealm)); + + // Trigger partial sync + KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); + SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ctx.getLdapModel()); + LDAPTestAsserts.assertSyncEquals(syncResult, 1, 1, 0, 0); + }); + + testingClient.server().run(session -> { + RealmModel testRealm = session.realms().getRealm("test"); + UserProvider userProvider = session.userLocalStorage(); + // Assert users updated in local provider + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5updated@email.org", "521"); + LDAPTestAsserts.assertUserImported(userProvider, testRealm, "user6", "User6FN", "User6LN", "user6@email.org", "126"); + }); + } + + + @Test + public void test02duplicateUsernameAndEmailSync() { + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + LDAPTestUtils.addLocalUser(session, ctx.getRealm(), "user7", "user7@email.org", "password"); + + // Add user to LDAP with duplicated username "user7" + LDAPObject duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user7", "User7FN", "User7LN", "user7-something@email.org", null, "126"); + + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + // Assert syncing from LDAP fails due to duplicated username + SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel()); + Assert.assertEquals(1, result.getFailed()); + + // Remove "user7" from LDAP + LDAPObject duplicatedLdapUser = ctx.getLdapProvider().loadLDAPUserByUsername(ctx.getRealm(), "user7"); + ctx.getLdapProvider().getLdapIdentityStore().remove(duplicatedLdapUser); + + // Add user to LDAP with duplicated email "user7@email.org" + duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user7-something", "User7FNN", "User7LNL", "user7@email.org", null, "126"); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + // Assert syncing from LDAP fails due to duplicated email + SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel()); + Assert.assertEquals(1, result.getFailed()); + Assert.assertNull(session.userLocalStorage().getUserByUsername("user7-something", ctx.getRealm())); + + // Update LDAP user to avoid duplicated email + LDAPObject duplicatedLdapUser = ctx.getLdapProvider().loadLDAPUserByUsername(ctx.getRealm(), "user7-something"); + duplicatedLdapUser.setSingleAttribute(LDAPConstants.EMAIL, "user7-changed@email.org"); + ctx.getLdapProvider().getLdapIdentityStore().update(duplicatedLdapUser); + + // Assert user successfully synced now + result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ctx.getLdapModel()); + Assert.assertEquals(0, result.getFailed()); + }); + + // Assert user was imported. Use another transaction for that + testingClient.server().run(session -> { + RealmModel testRealm = session.realms().getRealm("test"); + LDAPTestAsserts.assertUserImported(session.userLocalStorage(), testRealm, "user7-something", "User7FNN", "User7LNL", "user7-changed@email.org", "126"); + }); + } + + + // KEYCLOAK-1571 + @Test + public void test03SameUUIDAndUsernameSync() { + String origUuidAttrName = testingClient.server().fetch(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + // Remove all users from model + for (UserModel user : session.userLocalStorage().getUsers(ctx.getRealm(), true)) { + session.userLocalStorage().removeUser(ctx.getRealm(), user); + } + + // Change name of UUID attribute to same like usernameAttribute + String uidAttrName = ctx.getLdapProvider().getLdapIdentityStore().getConfig().getUsernameLdapAttribute(); + String origUuidAttrNamee = ctx.getLdapModel().get(LDAPConstants.UUID_LDAP_ATTRIBUTE); + ctx.getLdapModel().put(LDAPConstants.UUID_LDAP_ATTRIBUTE, uidAttrName); + + // Need to change this due to ApacheDS pagination bug (For other LDAP servers, pagination works fine) TODO: Remove once ApacheDS upgraded and pagination is fixed + ctx.getLdapModel().put(LDAPConstants.BATCH_SIZE_FOR_SYNC, "10"); + ctx.getRealm().updateComponent(ctx.getLdapModel()); + + return origUuidAttrNamee; + + }, String.class); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); + SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel()); + Assert.assertEquals(0, syncResult.getFailed()); + + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + // Assert users imported with correct LDAP_ID + LDAPTestAsserts.assertUserImported(session.users(), ctx.getRealm(), "user1", "User1FN", "User1LN", "user1@email.org", "121"); + LDAPTestAsserts.assertUserImported(session.users(), ctx.getRealm(), "user2", "User2FN", "User2LN", "user2@email.org", "122"); + UserModel user1 = session.users().getUserByUsername("user1", ctx.getRealm()); + Assert.assertEquals("user1", user1.getFirstAttribute(LDAPConstants.LDAP_ID)); + }); + + // Revert config changes + ComponentRepresentation ldapRep = testRealm().components().component(ldapModelId).toRepresentation(); + if (origUuidAttrName == null) { + ldapRep.getConfig().remove(LDAPConstants.UUID_LDAP_ATTRIBUTE); + } else { + ldapRep.getConfig().putSingle(LDAPConstants.UUID_LDAP_ATTRIBUTE, origUuidAttrName); + } + testRealm().components().component(ldapModelId).update(ldapRep); + } + + + // KEYCLOAK-1728 + @Test + public void test04MissingLDAPUsernameSync() { + String origUsernameAttrName = testingClient.server().fetch(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + // Remove all users from model + for (UserModel user : session.userLocalStorage().getUsers(ctx.getRealm(), true)) { + System.out.println("trying to delete user: " + user.getUsername()); + UserCache userCache = session.userCache(); + if (userCache != null) { + userCache.evict(ctx.getRealm(), user); + } + session.userLocalStorage().removeUser(ctx.getRealm(), user); + } + + // Add street mapper and add some user including street + ComponentModel streetMapper = LDAPTestUtils.addUserAttributeMapper(ctx.getRealm(), ctx.getLdapModel(), "streetMapper", "street", LDAPConstants.STREET); + LDAPObject streetUser = LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), ctx.getRealm(), "user8", "User8FN", "User8LN", "user8@email.org", "user8street", "126"); + + // Change name of username attribute name to street + String origUsernameAttrNamee = ctx.getLdapModel().get(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); + ctx.getLdapModel().getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, "street"); + + // Need to change this due to ApacheDS pagination bug (For other LDAP servers, pagination works fine) TODO: Remove once ApacheDS upgraded and pagination is fixed + ctx.getLdapModel().put(LDAPConstants.BATCH_SIZE_FOR_SYNC, "10"); + ctx.getRealm().updateComponent(ctx.getLdapModel()); + + return origUsernameAttrNamee; + + }, String.class); + + // Just user8 synced. All others failed to sync + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); + SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", ctx.getLdapModel()); + Assert.assertEquals(1, syncResult.getAdded()); + Assert.assertTrue(syncResult.getFailed() > 0); + }); + + // Revert config changes + ComponentRepresentation ldapRep = testRealm().components().component(ldapModelId).toRepresentation(); + if (origUsernameAttrName == null) { + ldapRep.getConfig().remove(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); + } else { + ldapRep.getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, origUsernameAttrName); + } + testRealm().components().component(ldapModelId).update(ldapRep); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + + // Revert config changes + ComponentModel streetMapper = LDAPTestUtils.getSubcomponentByName(ctx.getRealm(), ctx.getLdapModel(), "streetMapper"); + ctx.getRealm().removeComponent(streetMapper); + }); + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestAsserts.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestAsserts.java new file mode 100644 index 00000000000..51250799f8c --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestAsserts.java @@ -0,0 +1,64 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import org.junit.Assert; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.UserProvider; +import org.keycloak.representations.idm.SynchronizationResultRepresentation; +import org.keycloak.storage.user.SynchronizationResult; + +/** + * Common LDAP asserts + * + * @author Marek Posolda + */ +public class LDAPTestAsserts { + + public static UserModel assertUserImported(UserProvider userProvider, RealmModel realm, String username, String expectedFirstName, String expectedLastName, String expectedEmail, String expectedPostalCode) { + UserModel user = userProvider.getUserByUsername(username, realm); + assertLoaded(user, username, expectedFirstName, expectedLastName, expectedEmail, expectedPostalCode); + return user; + } + + + public static void assertLoaded(UserModel user, String username, String expectedFirstName, String expectedLastName, String expectedEmail, String expectedPostalCode) { + Assert.assertNotNull(user); + Assert.assertEquals(expectedFirstName, user.getFirstName()); + Assert.assertEquals(expectedLastName, user.getLastName()); + Assert.assertEquals(expectedEmail, user.getEmail()); + Assert.assertEquals(expectedPostalCode, user.getFirstAttribute("postal_code")); + } + + + public static void assertSyncEquals(SynchronizationResult syncResult, int expectedAdded, int expectedUpdated, int expectedRemoved, int expectedFailed) { + Assert.assertEquals(expectedAdded, syncResult.getAdded()); + Assert.assertEquals(expectedUpdated, syncResult.getUpdated()); + Assert.assertEquals(expectedRemoved, syncResult.getRemoved()); + Assert.assertEquals(expectedFailed, syncResult.getFailed()); + } + + + public static void assertSyncEquals(SynchronizationResultRepresentation syncResult, int expectedAdded, int expectedUpdated, int expectedRemoved, int expectedFailed) { + Assert.assertEquals(expectedAdded, syncResult.getAdded()); + Assert.assertEquals(expectedUpdated, syncResult.getUpdated()); + Assert.assertEquals(expectedRemoved, syncResult.getRemoved()); + Assert.assertEquals(expectedFailed, syncResult.getFailed()); + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestContext.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestContext.java new file mode 100644 index 00000000000..7f0863317b0 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestContext.java @@ -0,0 +1,62 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap; + +import org.keycloak.component.ComponentModel; +import org.keycloak.models.KeycloakSession; +import org.keycloak.models.RealmModel; +import org.keycloak.storage.UserStorageProviderModel; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.testsuite.util.LDAPTestUtils; + +/** + * @author Marek Posolda + */ +public class LDAPTestContext { + + private final RealmModel realm; + private final UserStorageProviderModel ldapModel; + private final LDAPStorageProvider ldapProvider; + + public static LDAPTestContext init(KeycloakSession session) { + RealmModel testRealm = session.realms().getRealm(AbstractLDAPTest.TEST_REALM_NAME); + ComponentModel ldapCompModel = LDAPTestUtils.getLdapProviderModel(session, testRealm); + UserStorageProviderModel ldapModel = new UserStorageProviderModel(ldapCompModel); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + return new LDAPTestContext(testRealm, ldapModel, ldapProvider); + } + + private LDAPTestContext(RealmModel realm, UserStorageProviderModel ldapModel, LDAPStorageProvider ldapProvider) { + this.realm = realm; + this.ldapModel = ldapModel; + this.ldapProvider = ldapProvider; + } + + + public RealmModel getRealm() { + return realm; + } + + public UserStorageProviderModel getLdapModel() { + return ldapModel; + } + + public LDAPStorageProvider getLdapProvider() { + return ldapProvider; + } +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPGroupMapperNoImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPGroupMapperNoImportTest.java new file mode 100755 index 00000000000..e09726aac4c --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPGroupMapperNoImportTest.java @@ -0,0 +1,57 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap.noimport; + +import org.junit.FixMethodOrder; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.testsuite.federation.ldap.LDAPGroupMapperTest; + +/** + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPGroupMapperNoImportTest extends LDAPGroupMapperTest { + + + @Override + protected boolean isImportEnabled() { + return false; + } + + + @Test + @Override + public void test01_ldapOnlyGroupMappings() { + test01_ldapOnlyGroupMappings(false); + } + + @Test + @Override + public void test02_readOnlyGroupMappings() { + test02_readOnlyGroupMappings(false); + } + + @Test + @Override + @Ignore + public void test03_importGroupMappings() { + } + +} diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPMultipleAttributesNoImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPMultipleAttributesNoImportTest.java new file mode 100755 index 00000000000..2505df89461 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPMultipleAttributesNoImportTest.java @@ -0,0 +1,61 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap.noimport; + +import org.junit.Assert; +import org.junit.FixMethodOrder; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.testsuite.federation.ldap.LDAPMultipleAttributesTest; +import org.keycloak.testsuite.federation.ldap.LDAPTestAsserts; +import org.keycloak.testsuite.federation.ldap.LDAPTestContext; + +/** + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPMultipleAttributesNoImportTest extends LDAPMultipleAttributesTest { + + + @Override + protected boolean isImportEnabled() { + return false; + } + + + @Test + public void testUserImport() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + session.userCache().clear(); + RealmModel appRealm = ctx.getRealm(); + + // Test user NOT imported in local storage now. He is available just through "session.users()" + UserModel user = session.users().getUserByUsername("jbrown", appRealm); + Assert.assertNotNull(user); + Assert.assertNull(session.userLocalStorage().getUserById(user.getId(), appRealm)); + LDAPTestAsserts.assertUserImported(session.users(), appRealm, "jbrown", "James", "Brown", "jbrown@keycloak.org", "88441"); + }); + } + + +} + + diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java new file mode 100755 index 00000000000..f105f05d812 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java @@ -0,0 +1,246 @@ +/* + * Copyright 2017 Red Hat, Inc. and/or its affiliates + * and other contributors as indicated by the @author tags. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.keycloak.testsuite.federation.ldap.noimport; + +import javax.ws.rs.core.Response; + +import org.junit.Assert; +import org.junit.FixMethodOrder; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runners.MethodSorters; +import org.keycloak.component.ComponentModel; +import org.keycloak.models.LDAPConstants; +import org.keycloak.models.RealmModel; +import org.keycloak.models.UserModel; +import org.keycloak.models.utils.KeycloakModelUtils; +import org.keycloak.models.utils.ModelToRepresentation; +import org.keycloak.representations.idm.ComponentRepresentation; +import org.keycloak.representations.idm.UserRepresentation; +import org.keycloak.storage.StorageId; +import org.keycloak.storage.ldap.LDAPStorageProvider; +import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; +import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; +import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; +import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper; +import org.keycloak.testsuite.federation.ldap.LDAPProvidersIntegrationTest; +import org.keycloak.testsuite.federation.ldap.LDAPTestAsserts; +import org.keycloak.testsuite.federation.ldap.LDAPTestContext; +import org.keycloak.testsuite.util.LDAPTestUtils; + + +/** + * @author Marek Posolda + */ +@FixMethodOrder(MethodSorters.NAME_ASCENDING) +public class LDAPProvidersIntegrationNoImportTest extends LDAPProvidersIntegrationTest { + + + @Override + protected boolean isImportEnabled() { + return false; + } + + + @Override + protected void assertFederatedUserLink(UserRepresentation user) { + StorageId storageId = new StorageId(user.getId()); + Assert.assertFalse(storageId.isLocal()); + Assert.assertEquals(ldapModelId, storageId.getProviderId()); + + // TODO: It should be possibly LDAP_ID (LDAP UUID) used as an externalId inside storageId... + Assert.assertEquals(storageId.getExternalId(), user.getUsername()); + Assert.assertNull(user.getFederationLink()); + } + + + // No sense to test this in no-import mode + @Test + @Ignore + @Override + public void testRemoveImportedUsers() { + } + + + @Test + @Override + public void testSearch() { + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username1", "John1", "Doel1", "user1@email.org", null, "121"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username2", "John2", "Doel2", "user2@email.org", null, "122"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username3", "John3", "Doel3", "user3@email.org", null, "123"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username4", "John4", "Doel4", "user4@email.org", null, "124"); + + // search by username + UserModel user = session.users().searchForUser("username1", appRealm).get(0); + LDAPTestAsserts.assertLoaded(user, "username1", "John1", "Doel1", "user1@email.org", "121"); + + // search by email + user = session.users().searchForUser("user2@email.org", appRealm).get(0); + LDAPTestAsserts.assertLoaded(user, "username2", "John2", "Doel2", "user2@email.org", "122"); + + // search by lastName + user = session.users().searchForUser("Doel3", appRealm).get(0); + LDAPTestAsserts.assertLoaded(user, "username3", "John3", "Doel3", "user3@email.org", "123"); + + // search by firstName + lastName + user = session.users().searchForUser("John4 Doel4", appRealm).get(0); + LDAPTestAsserts.assertLoaded(user, "username4", "John4", "Doel4", "user4@email.org", "124"); + }); + } + + + // No need to test this in no-import mode. There won't be any users in localStorage after LDAP search + @Test + @Ignore + @Override + public void testSearchByAttributes() { + } + + + @Test + @Override + public void testSearchWithCustomLDAPFilter() { + // Add custom filter for searching users + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))"); + appRealm.updateComponent(ctx.getLdapModel()); + }); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username5", "John5", "Doel5", "user5@email.org", null, "125"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username6", "John6", "Doel6", "user6@email.org", null, "126"); + LDAPTestUtils.addLDAPUser(ctx.getLdapProvider(), appRealm, "username7", "John7", "Doel7", "user7@email.org", null, "127"); + + // search by email + UserModel user = session.users().searchForUser("user5@email.org", appRealm).get(0); + LDAPTestAsserts.assertLoaded(user, "username5", "John5", "Doel5", "user5@email.org", "125"); + + user = session.users().searchForUser("John6 Doel6", appRealm).get(0); + LDAPTestAsserts.assertLoaded(user, "username6", "John6", "Doel6", "user6@email.org", "126"); + + Assert.assertTrue(session.users().searchForUser("user7@email.org", appRealm).isEmpty()); + Assert.assertTrue(session.users().searchForUser("John7 Doel7", appRealm).isEmpty()); + + // Remove custom filter + ctx.getLdapModel().getConfig().remove(LDAPConstants.CUSTOM_USER_SEARCH_FILTER); + appRealm.updateComponent(ctx.getLdapModel()); + }); + } + + + @Test + @Override + @Ignore // Unsynced mode doesn't have much sense in no-import + public void testUnsynced() throws Exception { + } + + + @Test + @Override + @Ignore // Unlinking users doesn't have much sense in no-import + public void zzTestUnlinkUsers() { + } + + + @Test + public void testFullNameMapperWriteOnly() { + ComponentRepresentation firstNameMapperRep = testingClient.server().fetch(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + // assert that user "fullnameUser" is not in local DB + Assert.assertNull(session.users().getUserByUsername("fullname", appRealm)); + + // Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName) + ComponentModel ldapModel = LDAPTestUtils.getLdapProviderModel(session, appRealm); + LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", null, "4578"); + + // add fullname mapper to the provider and remove "firstNameMapper". For this test, we will simply map full name to the LDAP attribute, which was before firstName ( "givenName" on active directory, "cn" on other LDAP servers) + ComponentModel firstNameMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "first name"); + String ldapFirstNameAttributeName = firstNameMapper.getConfig().getFirst(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE); + appRealm.removeComponent(firstNameMapper); + + ComponentRepresentation firstNameMapperRepp = ModelToRepresentation.toRepresentation(session, firstNameMapper, true); + + ComponentModel fullNameMapperModel = KeycloakModelUtils.createComponentModel("full name", ldapModel.getId(), FullNameLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), + FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE, ldapFirstNameAttributeName, + FullNameLDAPStorageMapper.READ_ONLY, "false"); + appRealm.addComponentModel(fullNameMapperModel); + + return firstNameMapperRepp; + }, ComponentRepresentation.class); + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName + LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578"); + + // change mapper to writeOnly + ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "full name"); + fullNameMapperModel.getConfig().putSingle(FullNameLDAPStorageMapper.WRITE_ONLY, "true"); + appRealm.updateComponent(fullNameMapperModel); + }); + + // User will be changed in LDAP too + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); + fullnameUser.setFirstName("James2"); + fullnameUser.setLastName("Dee2"); + }); + + + // Assert changed user available in Keycloak, but his firstName is null (due the fullnameMapper is write-only and firstName mapper is removed) + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName + LDAPTestAsserts.assertUserImported(session.users(), appRealm, "fullname", null, "Dee2", "fullname@email.org", "4578"); + + // Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state + UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); + session.users().removeUser(appRealm, fullnameUser); + + // Revert mappers + ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "full name"); + appRealm.removeComponent(fullNameMapperModel); + }); + + firstNameMapperRep.setId(null); + Response response = testRealm().components().add(firstNameMapperRep); + Assert.assertEquals(201, response.getStatus()); + response.close(); + } + +} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPRoleMappingsNoImportTest.java similarity index 69% rename from testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java rename to testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPRoleMappingsNoImportTest.java index ce4709835aa..e9bcba3beac 100644 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPRoleMappingsNoImportTest.java +++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/noimport/LDAPRoleMappingsNoImportTest.java @@ -1,5 +1,5 @@ /* - * Copyright 2016 Red Hat, Inc. and/or its affiliates + * Copyright 2017 Red Hat, Inc. and/or its affiliates * and other contributors as indicated by the @author tags. * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,77 +15,93 @@ * limitations under the License. */ -package org.keycloak.testsuite.federation.storage.ldap.noimport; +package org.keycloak.testsuite.federation.ldap.noimport; +import org.jboss.arquillian.container.test.api.Deployment; +import org.jboss.arquillian.container.test.api.TargetsContainer; +import org.jboss.shrinkwrap.api.spec.WebArchive; import org.junit.Assert; import org.junit.ClassRule; import org.junit.FixMethodOrder; -import org.junit.Rule; import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; +import org.keycloak.admin.client.resource.UserResource; import org.keycloak.component.ComponentModel; import org.keycloak.models.AccountRoles; import org.keycloak.models.ClientModel; import org.keycloak.models.Constants; -import org.keycloak.models.KeycloakSession; import org.keycloak.models.LDAPConstants; -import org.keycloak.models.ModelException; import org.keycloak.models.RealmModel; import org.keycloak.models.RoleModel; import org.keycloak.models.UserModel; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; import org.keycloak.storage.UserStorageProviderModel; import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; import org.keycloak.storage.ldap.idm.model.LDAPObject; import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; import org.keycloak.storage.ldap.mappers.membership.role.RoleLDAPStorageMapper; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.federation.storage.ldap.LDAPTestUtils; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; +import org.keycloak.testsuite.federation.ldap.AbstractLDAPTest; +import org.keycloak.testsuite.federation.ldap.LDAPTestContext; +import org.keycloak.testsuite.runonserver.RunOnServerDeployment; +import org.keycloak.testsuite.util.LDAPRule; +import org.keycloak.testsuite.util.LDAPTestUtils; import java.util.Set; +import static org.keycloak.testsuite.arquillian.DeploymentTargetModifier.AUTH_SERVER_CURRENT; + /** * @author Marek Posolda */ @FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPRoleMappingsNoImportTest { +public class LDAPRoleMappingsNoImportTest extends AbstractLDAPTest { - private static LDAPRule ldapRule = new LDAPRule(); - private static ComponentModel ldapModel = null; + @ClassRule + public static LDAPRule ldapRule = new LDAPRule(); - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app"); + @Deployment + @TargetsContainer(AUTH_SERVER_CURRENT) + public static WebArchive deploy() { + return RunOnServerDeployment.create(UserResource.class, AbstractLDAPTest.class) + .addPackages(true, + "org.keycloak.testsuite", + "org.keycloak.testsuite.federation.ldap", + "org.keycloak.testsuite.federation.ldap.noimport"); + } - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - model.setImportEnabled(false); - ldapModel = appRealm.addComponentModel(model); + @Override + protected LDAPRule getLDAPRule() { + return ldapRule; + } + + + @Override + protected boolean isImportEnabled() { + return false; + } + + @Override + protected void afterImportTestRealm() { + // Disable pagination + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + + ctx.getLdapModel().put(LDAPConstants.PAGINATION, "false"); + appRealm.updateComponent(ctx.getLdapModel()); + + }); + + + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + UserStorageProviderModel ldapModel = ctx.getLdapModel(); + + LDAPTestUtils.addLocalUser(session, appRealm, "mary", "mary@test.com", "password-app"); + // Delete all LDAP users LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); @@ -96,8 +112,8 @@ public class LDAPRoleMappingsNoImportTest { // Delete all LDAP roles LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY); - LDAPTestUtils.removeAllLDAPRoles(manager.getSession(), appRealm, ldapModel, "realmRolesMapper"); - LDAPTestUtils.removeAllLDAPRoles(manager.getSession(), appRealm, ldapModel, "financeRolesMapper"); + LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "realmRolesMapper"); + LDAPTestUtils.removeAllLDAPRoles(session, appRealm, ldapModel, "financeRolesMapper"); // Add some users for testing LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); @@ -110,57 +126,40 @@ public class LDAPRoleMappingsNoImportTest { LDAPTestUtils.updateLDAPPassword(ldapFedProvider, rob, "Password1"); // Add some roles for testing - LDAPTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "realmRolesMapper", "realmRole1"); - LDAPTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "realmRolesMapper", "realmRole2"); - LDAPTestUtils.createLDAPRole(manager.getSession(), appRealm, ldapModel, "financeRolesMapper", "financeRole1"); + LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole1"); + LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "realmRolesMapper", "realmRole2"); + LDAPTestUtils.createLDAPRole(session, appRealm, ldapModel, "financeRolesMapper", "financeRole1"); // Sync LDAP roles to Keycloak DB LDAPTestUtils.syncRolesFromLDAP(appRealm, ldapFedProvider, ldapModel); - } - }); + }); - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - @Rule - public WebRule webRule = new WebRule(this); + } - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected LoginPage loginPage; @Test public void test01ReadMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY); + testingClient.server().run(session -> { + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY); + + ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm); LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak"); roleMapper.addRoleMappingInLDAP("realmRole1", maryLdap); roleMapper.addRoleMappingInLDAP("realmRole2", maryLdap); - } finally { - keycloakRule.stopSession(session, true); - } - session = keycloakRule.startSession(); - try { + } ); + + testingClient.server().run(session -> { session.userCache().clear(); - RealmModel appRealm = session.realms().getRealmByName("test"); + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); // make sure we are in no-import mode! @@ -177,20 +176,19 @@ public class LDAPRoleMappingsNoImportTest { Assert.assertTrue(maryRoles.contains(realmRole2)); // Add some role mappings directly into LDAP - ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "realmRolesMapper"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); + ComponentModel roleMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ctx.getLdapModel(), "realmRolesMapper"); + LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ctx.getLdapModel()); RoleLDAPStorageMapper roleMapper = LDAPTestUtils.getRoleMapper(roleMapperModel, ldapProvider, appRealm); LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak"); deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole1"); deleteRoleMappingsInLDAP(roleMapper, maryLdap, "realmRole2"); - } finally { - keycloakRule.stopSession(session, true); - } - session = keycloakRule.startSession(); - try { + }); + + testingClient.server().run(session -> { session.userCache().clear(); - RealmModel appRealm = session.realms().getRealmByName("test"); + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); // This role should already exists as it was imported from LDAP @@ -202,19 +200,18 @@ public class LDAPRoleMappingsNoImportTest { Set maryRoles = mary.getRealmRoleMappings(); Assert.assertFalse(maryRoles.contains(realmRole1)); Assert.assertFalse(maryRoles.contains(realmRole2)); - } finally { - keycloakRule.stopSession(session, true); - } + }); } + @Test public void test02WriteMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { + testingClient.server().run(session -> { session.userCache().clear(); - RealmModel appRealm = session.realms().getRealmByName("test"); + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY); + LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY); UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); @@ -249,14 +246,13 @@ public class LDAPRoleMappingsNoImportTest { RoleModel financeRole1 = financeApp.getRole("financeRole1"); john.grantRole(financeRole1); session.userCache().clear(); - } finally { - keycloakRule.stopSession(session, true); - } + }); - session = keycloakRule.startSession(); - try { + testingClient.server().run(session -> { session.userCache().clear(); - RealmModel appRealm = session.realms().getRealmByName("test"); + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); + UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); @@ -310,21 +306,20 @@ public class LDAPRoleMappingsNoImportTest { mary.deleteRoleMapping(realmRole2); mary.deleteRoleMapping(realmRole3); session.userCache().clear(); - } finally { - keycloakRule.stopSession(session, false); - } + }); } + @Test public void test03_newUserDefaultRolesNoImportModeTest() throws Exception { // Check user group memberships - KeycloakSession session = keycloakRule.startSession(); - try { + testingClient.server().run(session -> { session.userCache().clear(); - RealmModel appRealm = session.realms().getRealmByName("test"); + LDAPTestContext ctx = LDAPTestContext.init(session); + RealmModel appRealm = ctx.getRealm(); - LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY); + LDAPTestUtils.addOrUpdateRoleLDAPMappers(appRealm, ctx.getLdapModel(), LDAPGroupMapperMode.LDAP_ONLY); // Set a default role on the realm appRealm.addDefaultRole("realmRole1"); @@ -350,12 +345,10 @@ public class LDAPRoleMappingsNoImportTest { Set johnRoles = john.getRealmRoleMappings(); Assert.assertFalse(johnRoles.contains(defaultRole)); - } finally { - keycloakRule.stopSession(session, true); - } + }); } - private void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObject ldapUser, String roleName) { + private static void deleteRoleMappingsInLDAP(RoleLDAPStorageMapper roleMapper, LDAPObject ldapUser, String roleName) { LDAPObject ldapRole1 = roleMapper.loadLDAPRoleByName(roleName); roleMapper.deleteRoleMappingInLDAP(ldapUser, ldapRole1); } diff --git a/testsuite/integration-deprecated/src/test/resources/ldap/fed-provider-export.json b/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/fed-provider-export.json similarity index 98% rename from testsuite/integration-deprecated/src/test/resources/ldap/fed-provider-export.json rename to testsuite/integration-arquillian/tests/base/src/test/resources/ldap/fed-provider-export.json index 9fdd5c088a8..06d5999bbfa 100644 --- a/testsuite/integration-deprecated/src/test/resources/ldap/fed-provider-export.json +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/fed-provider-export.json @@ -63,6 +63,18 @@ ] } ], + "clients": [ + { + "clientId": "test-app", + "enabled": true, + "baseUrl": "http://localhost:8180/auth/realms/master/app/auth", + "redirectUris": [ + "http://localhost:8180/auth/realms/master/app/auth/*" + ], + "adminUrl": "http://localhost:8180/auth/realms/master/app/admin", + "secret": "password" + } + ], "defaultRoles": [ "user", "offline_access", diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/users.ldif b/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/users.ldif index 176e19b81aa..4df8b5e61a6 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/users.ldif +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/ldap/users.ldif @@ -18,3 +18,8 @@ dn: ou=FinanceRoles,dc=keycloak,dc=org objectclass: top objectclass: organizationalUnit ou: FinanceRoles + +dn: ou=Groups,dc=keycloak,dc=org +objectclass: top +objectclass: organizationalUnit +ou: Groups diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/run-on-server-jboss-deployment-structure.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/run-on-server-jboss-deployment-structure.xml index 5ffd9a148d2..034e0b6b3cc 100644 --- a/testsuite/integration-arquillian/tests/base/src/test/resources/run-on-server-jboss-deployment-structure.xml +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/run-on-server-jboss-deployment-structure.xml @@ -10,6 +10,7 @@ + \ No newline at end of file diff --git a/testsuite/integration-deprecated/pom.xml b/testsuite/integration-deprecated/pom.xml index 5f2e77d7c63..20e7d18d091 100755 --- a/testsuite/integration-deprecated/pom.xml +++ b/testsuite/integration-deprecated/pom.xml @@ -249,12 +249,6 @@ selenium-chrome-driver - - - org.keycloak - keycloak-util-embedded-ldap - - org.picketlink picketlink-wildfly-common @@ -351,36 +345,6 @@ - - ldap - - - - org.codehaus.mojo - exec-maven-plugin - - org.keycloak.util.ldap.LDAPEmbeddedServer - test - - - - - - - kerberos - - - - org.codehaus.mojo - exec-maven-plugin - - org.keycloak.util.ldap.KerberosEmbeddedServer - test - - - - - jpa diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java deleted file mode 100644 index ba47fca448c..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPTestConfiguration.java +++ /dev/null @@ -1,151 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.ldap; - -import org.jboss.logging.Logger; -import org.keycloak.common.constants.KerberosConstants; -import org.keycloak.models.LDAPConstants; -import org.keycloak.storage.UserStorageProvider; - -import java.io.File; -import java.io.InputStream; -import java.net.URL; -import java.util.HashMap; -import java.util.Map; -import java.util.Properties; - -/** - * @author Marek Posolda - */ -public class LDAPTestConfiguration { - - private static final Logger log = Logger.getLogger(LDAPTestConfiguration.class); - - private String connectionPropertiesLocation; - private int sleepTime; - private boolean startEmbeddedLdapServer = true; - private Map config; - - protected static final Map PROP_MAPPINGS = new HashMap(); - - protected static final Map DEFAULT_VALUES = new HashMap(); - - static { - PROP_MAPPINGS.put(LDAPConstants.CONNECTION_URL, "idm.test.ldap.connection.url"); - PROP_MAPPINGS.put(LDAPConstants.BASE_DN, "idm.test.ldap.base.dn"); - PROP_MAPPINGS.put(LDAPConstants.USERS_DN, "idm.test.ldap.user.dn.suffix"); - PROP_MAPPINGS.put(LDAPConstants.BIND_DN, "idm.test.ldap.bind.dn"); - PROP_MAPPINGS.put(LDAPConstants.BIND_CREDENTIAL, "idm.test.ldap.bind.credential"); - PROP_MAPPINGS.put(LDAPConstants.VENDOR, "idm.test.ldap.vendor"); - PROP_MAPPINGS.put(LDAPConstants.CONNECTION_POOLING, "idm.test.ldap.connection.pooling"); - PROP_MAPPINGS.put(LDAPConstants.PAGINATION, "idm.test.ldap.pagination"); - PROP_MAPPINGS.put(LDAPConstants.BATCH_SIZE_FOR_SYNC, "idm.test.ldap.batch.size.for.sync"); - PROP_MAPPINGS.put(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, "idm.test.ldap.username.ldap.attribute"); - PROP_MAPPINGS.put(LDAPConstants.RDN_LDAP_ATTRIBUTE, "idm.test.ldap.rdn.ldap.attribute"); - PROP_MAPPINGS.put(LDAPConstants.USER_OBJECT_CLASSES, "idm.test.ldap.user.object.classes"); - PROP_MAPPINGS.put(LDAPConstants.EDIT_MODE, "idm.test.ldap.edit.mode"); - - PROP_MAPPINGS.put(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "idm.test.kerberos.allow.kerberos.authentication"); - PROP_MAPPINGS.put(KerberosConstants.KERBEROS_REALM, "idm.test.kerberos.realm"); - PROP_MAPPINGS.put(KerberosConstants.SERVER_PRINCIPAL, "idm.test.kerberos.server.principal"); - PROP_MAPPINGS.put(KerberosConstants.KEYTAB, "idm.test.kerberos.keytab"); - PROP_MAPPINGS.put(KerberosConstants.DEBUG, "idm.test.kerberos.debug"); - PROP_MAPPINGS.put(KerberosConstants.ALLOW_PASSWORD_AUTHENTICATION, "idm.test.kerberos.allow.password.authentication"); - PROP_MAPPINGS.put(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN, "idm.test.kerberos.update.profile.first.login"); - PROP_MAPPINGS.put(KerberosConstants.USE_KERBEROS_FOR_PASSWORD_AUTHENTICATION, "idm.test.kerberos.use.kerberos.for.password.authentication"); - - DEFAULT_VALUES.put(LDAPConstants.CONNECTION_URL, "ldap://localhost:10389"); - DEFAULT_VALUES.put(LDAPConstants.BASE_DN, "dc=keycloak,dc=org"); - DEFAULT_VALUES.put(LDAPConstants.USERS_DN, "ou=People,dc=keycloak,dc=org"); - DEFAULT_VALUES.put(LDAPConstants.BIND_DN, "uid=admin,ou=system"); - DEFAULT_VALUES.put(LDAPConstants.BIND_CREDENTIAL, "secret"); - DEFAULT_VALUES.put(LDAPConstants.VENDOR, LDAPConstants.VENDOR_OTHER); - DEFAULT_VALUES.put(LDAPConstants.CONNECTION_POOLING, "true"); - DEFAULT_VALUES.put(LDAPConstants.PAGINATION, "true"); - DEFAULT_VALUES.put(LDAPConstants.BATCH_SIZE_FOR_SYNC, String.valueOf(LDAPConstants.DEFAULT_BATCH_SIZE_FOR_SYNC)); - DEFAULT_VALUES.put(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, null); - DEFAULT_VALUES.put(LDAPConstants.USER_OBJECT_CLASSES, null); - DEFAULT_VALUES.put(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString()); - - DEFAULT_VALUES.put(KerberosConstants.ALLOW_KERBEROS_AUTHENTICATION, "false"); - DEFAULT_VALUES.put(KerberosConstants.KERBEROS_REALM, "KEYCLOAK.ORG"); - DEFAULT_VALUES.put(KerberosConstants.SERVER_PRINCIPAL, "HTTP/localhost@KEYCLOAK.ORG"); -// URL keytabUrl = LDAPTestConfiguration.class.getResource("/kerberos/http.keytab"); -// String keyTabPath = new File(keytabUrl.getFile()).getAbsolutePath(); -// DEFAULT_VALUES.put(KerberosConstants.KEYTAB, keyTabPath); - DEFAULT_VALUES.put(KerberosConstants.DEBUG, "true"); - DEFAULT_VALUES.put(KerberosConstants.ALLOW_PASSWORD_AUTHENTICATION, "true"); - DEFAULT_VALUES.put(KerberosConstants.UPDATE_PROFILE_FIRST_LOGIN, "true"); - DEFAULT_VALUES.put(KerberosConstants.USE_KERBEROS_FOR_PASSWORD_AUTHENTICATION, "false"); - } - - public static LDAPTestConfiguration readConfiguration(String connectionPropertiesLocation) { - LDAPTestConfiguration ldapTestConfiguration = new LDAPTestConfiguration(); - ldapTestConfiguration.setConnectionPropertiesLocation(connectionPropertiesLocation); - ldapTestConfiguration.loadConnectionProperties(); - return ldapTestConfiguration; - } - - protected void loadConnectionProperties() { - Properties p = new Properties(); - try { - log.info("Reading LDAP configuration from: " + connectionPropertiesLocation); - InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(connectionPropertiesLocation); - p.load(is); - } - catch (Exception e) { - throw new RuntimeException(e); - } - - config = new HashMap(); - for (Map.Entry property : PROP_MAPPINGS.entrySet()) { - String propertyName = property.getKey(); - String configName = property.getValue(); - - String value = (String) p.get(configName); - if (value == null) { - value = DEFAULT_VALUES.get(propertyName); - } - - config.put(propertyName, value); - } - - startEmbeddedLdapServer = Boolean.parseBoolean(p.getProperty("idm.test.ldap.start.embedded.ldap.server", "true")); - sleepTime = Integer.parseInt(p.getProperty("idm.test.ldap.sleepTime", "1000")); - config.put("startEmbeddedLdapServer", Boolean.toString(startEmbeddedLdapServer)); - log.info("Start embedded server: " + startEmbeddedLdapServer); - log.info("Read config: " + config); - } - - public Map getLDAPConfig() { - return config; - } - - public void setConnectionPropertiesLocation(String connectionPropertiesLocation) { - this.connectionPropertiesLocation = connectionPropertiesLocation; - } - - public boolean isStartEmbeddedLdapServer() { - return startEmbeddedLdapServer; - } - - public int getSleepTime() { - return sleepTime; - } - -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java deleted file mode 100644 index f154b47a5d6..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPExampleServlet.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap; - -import org.keycloak.KeycloakSecurityContext; -import org.keycloak.representations.IDToken; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.io.PrintWriter; -import java.util.Map; - -/** - * @author Marek Posolda - */ -public class LDAPExampleServlet extends HttpServlet { - - - @Override - protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { - KeycloakSecurityContext securityContext = (KeycloakSecurityContext) req.getAttribute(KeycloakSecurityContext.class.getName()); - IDToken idToken = securityContext.getIdToken(); - - PrintWriter out = resp.getWriter(); - out.println("LDAP Portal"); - out.println(""); - - out.printf("", "preferred_username", idToken.getPreferredUsername()); - out.println(); - out.printf("", "name", idToken.getName()); - out.println(); - out.printf("", "email", idToken.getEmail()); - out.println(); - - for (Map.Entry claim : idToken.getOtherClaims().entrySet()) { - String value = claim.getValue().toString(); - out.printf("", claim.getKey(), value); - out.println(); - } - - out.println("
Attribute nameAttribute values
%s%s
%s%s
%s%s
%s%s
"); - out.flush(); - } - -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java deleted file mode 100755 index 49e06215471..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPLegacyImportTest.java +++ /dev/null @@ -1,166 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.OAuth2Constants; -import org.keycloak.component.ComponentModel; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.RealmModel; -import org.keycloak.models.utils.RepresentationToModel; -import org.keycloak.representations.idm.RealmRepresentation; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AccountPasswordPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.keycloak.util.JsonSerialization; -import org.openqa.selenium.WebDriver; - -import java.io.IOException; -import java.util.Map; - -/** - * Tests that legacy UserFederationProvider json export is converted to ComponentModel - * - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPLegacyImportTest { - - // This test is executed just for the embedded LDAP server - private static LDAPRule ldapRule = new LDAPRule((Map ldapConfig) -> { - return !Boolean.parseBoolean(ldapConfig.get("startEmbeddedLdapServer")); - }); - - private static ComponentModel ldapModel = null; - - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "marykeycloak", "mary@test.com", "password-app"); - - RealmRepresentation imported = null; - try { - imported = JsonSerialization.readValue(getClass().getResourceAsStream("/ldap/fed-provider-export.json"), RealmRepresentation.class); - } catch (IOException e) { - throw new RuntimeException(e); - } - RepresentationToModel.importUserFederationProvidersAndMappers(session, imported, appRealm); - ldapModel = appRealm.getComponents(appRealm.getId(), UserStorageProvider.class.getName()).get(0); - // Delete all LDAP users and add some new for testing - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); - - LDAPObject existing = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678"); - - appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected AccountUpdateProfilePage profilePage; - - @WebResource - protected AccountPasswordPage changePasswordPage; - - //@Test - public void runit() throws Exception { - Thread.sleep(10000000); - - } - - private void loginSuccessAndLogout(String username, String password) { - loginPage.open(); - loginPage.login(username, password); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - oauth.openLogout(); - } - - - @Test - public void loginClassic() { - loginPage.open(); - loginPage.login("marykeycloak", "password-app"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - } - - @Test - public void loginLdap() { - loginPage.open(); - loginPage.login("johnkeycloak", "Password1"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - profilePage.open(); - Assert.assertEquals("John", profilePage.getFirstName()); - Assert.assertEquals("Doe", profilePage.getLastName()); - Assert.assertEquals("john@email.org", profilePage.getEmail()); - } - - -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java deleted file mode 100644 index 17388929ba7..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMSADMapperTest.java +++ /dev/null @@ -1,176 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap; - -import java.util.Map; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; -import org.keycloak.component.ComponentModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AccountPasswordPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.LoginPasswordUpdatePage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPMSADMapperTest { - - // Run this test just on MSAD - private static LDAPRule ldapRule = new LDAPRule((Map ldapConfig) -> { - - String vendor = ldapConfig.get(LDAPConstants.VENDOR); - - // TODO: This is skipped as it requires that MSAD server is set to not allow weak passwords (There needs to be pwdProperties=1 set on MSAD side). - // TODO: Currently we can't rely on it. See KEYCLOAK-4276 - return true; - // return !(vendor.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY)); - - }); - - - private static ComponentModel ldapModel = null; - - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "marykeycloak", "mary@test.com", "password-app"); - - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - - ldapModel = appRealm.addComponentModel(model); - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); - - // Delete all LDAP users and add some new for testing - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); - - appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected AccountUpdateProfilePage profilePage; - - @WebResource - protected AccountPasswordPage changePasswordPage; - - @WebResource - protected LoginPasswordUpdatePage passwordUpdatePage; - - - @Test - public void test01RegisterUserWithWeakPasswordFirst() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - // Weak password. This will fail to update password to MSAD due to password policy. - registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "password", "password"); - - // Another weak password - passwordUpdatePage.assertCurrent(); - passwordUpdatePage.changePassword("pass", "pass"); - Assert.assertEquals("Invalid password: new password doesn't match password policies.", passwordUpdatePage.getError()); - - // Strong password. Successfully update password and being redirected to the app - passwordUpdatePage.changePassword("Password1", "Password1"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); - Assert.assertNotNull(user); - Assert.assertNotNull(user.getFederationLink()); - Assert.assertEquals(user.getFederationLink(), ldapModel.getId()); - Assert.assertEquals("registerusersuccess2", user.getUsername()); - Assert.assertEquals("firstName", user.getFirstName()); - Assert.assertEquals("lastName", user.getLastName()); - Assert.assertTrue(user.isEnabled()); - Assert.assertEquals(0, user.getRequiredActions().size()); - } finally { - keycloakRule.stopSession(session, false); - } - } -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java deleted file mode 100755 index 3f8618a32af..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPMultipleAttributesTest.java +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.OAuth2Constants; -import org.keycloak.common.util.MultivaluedHashMap; -import org.keycloak.component.ComponentModel; -import org.keycloak.models.ClientModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.protocol.oidc.OIDCLoginProtocol; -import org.keycloak.protocol.oidc.OIDCLoginProtocolService; -import org.keycloak.protocol.oidc.mappers.UserAttributeMapper; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; - -import javax.ws.rs.core.UriBuilder; -import java.net.URL; -import java.util.Arrays; -import java.util.LinkedHashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPMultipleAttributesTest { - - protected String APP_SERVER_BASE_URL = "http://localhost:8081"; - protected String LOGIN_URL = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(APP_SERVER_BASE_URL + "/auth")).build("test").toString(); - - - // Skip this test on MSAD due to lack of supported user multivalued attributes - private static LDAPRule ldapRule = new LDAPRule((Map ldapConfig) -> { - - String vendor = ldapConfig.get(LDAPConstants.VENDOR); - return (vendor.equals(LDAPConstants.VENDOR_ACTIVE_DIRECTORY)); - - }); - - - public static UserStorageProviderModel ldapModel = null; - - public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - ldapModel = new UserStorageProviderModel(appRealm.addComponentModel(model)); - - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); - LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "streetMapper", "street", LDAPConstants.STREET); - - // Remove current users and add default users - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - LDAPObject james = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown", "James", "Brown", "jbrown@keycloak.org", null, "88441"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, james, "Password1"); - - // User for testing duplicating surname and postalCode - LDAPObject bruce = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "bwilson", "Bruce", "Wilson", "bwilson@keycloak.org", "Elm 5", "88441", "77332"); - bruce.setAttribute("sn", new LinkedHashSet<>(Arrays.asList("Wilson", "Schneider"))); - ldapFedProvider.getLdapIdentityStore().update(bruce); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, bruce, "Password1"); - - // Create ldap-portal client - ClientModel ldapClient = KeycloakModelUtils.createClient(appRealm, "ldap-portal"); - ldapClient.setProtocol(OIDCLoginProtocol.LOGIN_PROTOCOL); - ldapClient.addRedirectUri("/ldap-portal"); - ldapClient.addRedirectUri("/ldap-portal/*"); - ldapClient.setManagementUrl("/ldap-portal"); - ldapClient.addProtocolMapper(UserAttributeMapper.createClaimMapper("postalCode", "postal_code", "postal_code", "String", true, true, true)); - ldapClient.addProtocolMapper(UserAttributeMapper.createClaimMapper("street", "street", "street", "String", true, true, false)); - ldapClient.addScopeMapping(appRealm.getRole("user")); - ldapClient.setSecret("password"); - - // Deploy ldap-portal client - URL url = getClass().getResource("/ldap/ldap-app-keycloak.json"); - keycloakRule.createApplicationDeployment() - .name("ldap-portal").contextPath("/ldap-portal") - .servletClass(LDAPExampleServlet.class).adapterConfigPath(url.getPath()) - .role("user").deployApplication(); - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected WebDriver driver; - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected LoginPage loginPage; - - protected void checkUserAndImportMode(KeycloakSession session, RealmModel realm, String username, String expectedFirstName, String expectedLastName, String expectedEmail, String expectedPostalCode) { - LDAPTestUtils.assertUserImported(session.userLocalStorage(), realm, "jbrown", "James", "Brown", "jbrown@keycloak.org", "88441"); - } - - protected void checkImportMode(KeycloakSession session, RealmModel realm, UserModel user) { - Assert.assertNotNull(session.userLocalStorage().getUserById(user.getId(), realm)); - - } - - - @Test - public void testModel() { - KeycloakSession session = keycloakRule.startSession(); - try { - session.userCache().clear(); - RealmModel appRealm = session.realms().getRealmByName("test"); - - checkUserAndImportMode(session, appRealm, "jbrown", "James", "Brown", "jbrown@keycloak.org", "88441"); - - UserModel user = session.users().getUserByUsername("bwilson", appRealm); - checkImportMode(session, appRealm, user); - Assert.assertEquals("bwilson@keycloak.org", user.getEmail()); - Assert.assertEquals("Bruce", user.getFirstName()); - - // There are 2 lastnames in ldif - Assert.assertTrue("Wilson".equals(user.getLastName()) || "Schneider".equals(user.getLastName())); - - // Actually there are 2 postalCodes - List postalCodes = user.getAttribute("postal_code"); - assertPostalCodes(postalCodes, "88441", "77332"); - List tmp = new LinkedList<>(); - tmp.addAll(postalCodes); - postalCodes = tmp; - postalCodes.remove("77332"); - user.setAttribute("postal_code", postalCodes); - - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("bwilson", appRealm); - List postalCodes = user.getAttribute("postal_code"); - assertPostalCodes(postalCodes, "88441"); - List tmp = new LinkedList<>(); - tmp.addAll(postalCodes); - postalCodes = tmp; - postalCodes.add("77332"); - user.setAttribute("postal_code", postalCodes); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("bwilson", appRealm); - assertPostalCodes(user.getAttribute("postal_code"), "88441", "77332"); - } finally { - keycloakRule.stopSession(session, true); - } - } - - private void assertPostalCodes(List postalCodes, String... expectedPostalCodes) { - if (expectedPostalCodes == null && postalCodes.isEmpty()) { - return; - } - - - Assert.assertEquals(expectedPostalCodes.length, postalCodes.size()); - for (String expected : expectedPostalCodes) { - if (!postalCodes.contains(expected)) { - Assert.fail("postalCode '" + expected + "' not in postalCodes: " + postalCodes); - } - } - } - - @Test - public void ldapPortalEndToEndTest() { - // Login as bwilson - driver.navigate().to(APP_SERVER_BASE_URL + "/ldap-portal"); - Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL)); - loginPage.login("bwilson", "Password1"); - Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/ldap-portal")); - String pageSource = driver.getPageSource(); - System.out.println(pageSource); - Assert.assertTrue(pageSource.contains("bwilson") && pageSource.contains("Bruce")); - Assert.assertTrue(pageSource.contains("street") && pageSource.contains("Elm 5")); - Assert.assertTrue(pageSource.contains("postal_code") && pageSource.contains("88441") && pageSource.contains("77332")); - - // Logout - String logoutUri = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(APP_SERVER_BASE_URL + "/auth")) - .queryParam(OAuth2Constants.REDIRECT_URI, APP_SERVER_BASE_URL + "/ldap-portal").build("test").toString(); - driver.navigate().to(logoutUri); - - // Login as jbrown - driver.navigate().to(APP_SERVER_BASE_URL + "/ldap-portal"); - Assert.assertTrue(driver.getCurrentUrl().startsWith(LOGIN_URL)); - loginPage.login("jbrown", "Password1"); - Assert.assertTrue(driver.getCurrentUrl().startsWith(APP_SERVER_BASE_URL + "/ldap-portal")); - pageSource = driver.getPageSource(); - System.out.println(pageSource); - Assert.assertTrue(pageSource.contains("jbrown") && pageSource.contains("James Brown")); - Assert.assertFalse(pageSource.contains("street")); - Assert.assertTrue(pageSource.contains("postal_code") && pageSource.contains("88441")); - Assert.assertFalse(pageSource.contains("77332")); - - // Logout - driver.navigate().to(logoutUri); - } - - - -} - - diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java deleted file mode 100755 index 4f3897d8381..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPProvidersIntegrationTest.java +++ /dev/null @@ -1,1294 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap; - -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.keycloak.models.AdminRoles.ADMIN; -import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT; - -import java.util.List; - -import org.apache.commons.lang.StringUtils; -import org.jboss.logging.Logger; -import org.junit.Assert; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.OAuth2Constants; -import org.keycloak.admin.client.Keycloak; -import org.keycloak.common.util.MultivaluedHashMap; -import org.keycloak.common.util.Time; -import org.keycloak.component.ComponentModel; -import org.keycloak.credential.CredentialModel; -import org.keycloak.models.Constants; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.ModelException; -import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.cache.CachedUserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.representations.AccessToken; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.ReadOnlyException; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPConfig; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; -import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapper; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPAttributeMapperFactory; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPGroupStorageMapper; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPGroupStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; -import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.pages.AccountPasswordPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.OAuthGrantPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPProvidersIntegrationTest { - - private static final Logger log = Logger.getLogger(LDAPProvidersIntegrationTest.class); - - private static LDAPRule ldapRule = new LDAPRule(); - - private static ComponentModel ldapModel = null; - - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "marykeycloak", "mary@test.com", "password-app"); - - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - - ldapModel = appRealm.addComponentModel(model); - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); - - // Delete all LDAP users and add some new for testing - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); - - LDAPObject existing = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678"); - - appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected AccountUpdateProfilePage profilePage; - - @WebResource - protected AccountPasswordPage changePasswordPage; - - @WebResource - protected OAuthGrantPage grantPage; - -// @Test -// @Ignore -// public void runit() throws Exception { -// Thread.sleep(10000000); -// -// } - - /** - * KEYCLOAK-3986 - * - */ - @Test - public void testSyncRegistrationOff() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - UserStorageProviderModel newModel = new UserStorageProviderModel(ldapModel); - newModel.getConfig().putSingle(LDAPConstants.SYNC_REGISTRATIONS, "false"); - appRealm.updateComponent(newModel); - UserModel newUser1 = session.users().addUser(appRealm, "newUser1"); - Assert.assertNull(newUser1.getFederationLink()); - } finally { - keycloakRule.stopSession(session, false); - } - - - } - - - private Keycloak adminClient; - - @Before - public void onBefore() { - adminClient = Keycloak.getInstance(AUTH_SERVER_ROOT, MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID); - UserStorageProviderModel model = new UserStorageProviderModel(ldapModel); - model.setCachePolicy(UserStorageProviderModel.CachePolicy.MAX_LIFESPAN); - model.setMaxLifespan(600000); // Lifetime is 10 minutes - KeycloakSession session = keycloakRule.startSession(); - RealmModel realm = session.realms().getRealmByName("test"); - realm.updateComponent(model); - keycloakRule.stopSession(session, true); - } - - @Test - public void testRemoveImportedUsers() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertEquals(ldapModel.getId(), user.getFederationLink()); - } finally { - keycloakRule.stopSession(session, true); - } - - adminClient.realm("test").userStorage().removeImportedUsers(ldapModel.getId()); - - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - UserModel user = session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm); - Assert.assertNull(user); - } finally { - keycloakRule.stopSession(session, true); - } - } - - // test name prefixed with zz to make sure it runs last as we are unlinking imported users - @Test - public void zzTestUnlinkUsers() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertEquals(ldapModel.getId(), user.getFederationLink()); - } finally { - keycloakRule.stopSession(session, true); - } - - adminClient.realm("test").userStorage().unlink(ldapModel.getId()); - - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertNotNull(user); - Assert.assertNull(user.getFederationLink()); - - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void caseInSensitiveImport() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject jbrown2 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown2", "John", "Brown2", "jbrown2@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown2, "Password1"); - LDAPObject jbrown3 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown3", "John", "Brown3", "JBrown3@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown3, "Password1"); - } finally { - keycloakRule.stopSession(session, true); - } - - loginSuccessAndLogout("jbrown2", "Password1"); - loginSuccessAndLogout("JBrown2", "Password1"); - loginSuccessAndLogout("jbrown2@email.org", "Password1"); - loginSuccessAndLogout("JBrown2@email.org", "Password1"); - - loginSuccessAndLogout("jbrown3", "Password1"); - loginSuccessAndLogout("JBrown3", "Password1"); - loginSuccessAndLogout("jbrown3@email.org", "Password1"); - loginSuccessAndLogout("JBrown3@email.org", "Password1"); - } - - private void loginSuccessAndLogout(String username, String password) { - loginPage.open(); - loginPage.login(username, password); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - oauth.openLogout(); - } - - @Test - public void caseInsensitiveSearch() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject jbrown4 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown4", "John", "Brown4", "jbrown4@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown4, "Password1"); - LDAPObject jbrown5 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown5", "John", "Brown5", "JBrown5@Email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown5, "Password1"); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - - // search by username - List users = session.users().searchForUser("JBROwn4", appRealm); - Assert.assertEquals(1, users.size()); - UserModel user4 = users.get(0); - Assert.assertEquals("jbrown4", user4.getUsername()); - Assert.assertEquals("jbrown4@email.org", user4.getEmail()); - - // search by email - users = session.users().searchForUser("JBROwn5@eMAil.org", appRealm); - Assert.assertEquals(1, users.size()); - UserModel user5 = users.get(0); - Assert.assertEquals("jbrown5", user5.getUsername()); - Assert.assertEquals("jbrown5@email.org", user5.getEmail()); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void deleteFederationLink() throws Exception { - // KEYCLOAK-4789: Login in client, which requires consent - oauth.clientId("third-party"); - loginPage.open(); - loginPage.login("johnkeycloak", "Password1"); - - grantPage.assertCurrent(); - grantPage.accept(); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - - RealmModel appRealm = manager.getRealm("test"); - appRealm.removeComponent(ldapModel); - Assert.assertEquals(0, appRealm.getComponents(appRealm.getId(), UserStorageProvider.class.getName()).size()); - } finally { - keycloakRule.stopSession(session, true); - } - } - loginPage.open(); - loginPage.login("johnkeycloak", "Password1"); - loginPage.assertCurrent(); - - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - - RealmModel appRealm = manager.getRealm("test"); - ldapModel.setId(null); - ldapModel = appRealm.addComponentModel(ldapModel); - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - oauth.clientId("test-app"); - - loginLdap(); - - } - - @Test - public void loginClassic() { - loginPage.open(); - loginPage.login("marykeycloak", "password-app"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - } - - @Test - public void loginLdap() { - loginPage.open(); - loginPage.login("johnkeycloak", "Password1"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - profilePage.open(); - Assert.assertEquals("John", profilePage.getFirstName()); - Assert.assertEquals("Doe", profilePage.getLastName()); - Assert.assertEquals("john@email.org", profilePage.getEmail()); - } - - @Test - public void loginLdapWithDirectGrant() throws Exception { - OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", "Password1"); - assertEquals(200, response.getStatusCode()); - AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); - - response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", ""); - assertEquals(401, response.getStatusCode()); - } - - @Test - public void loginLdapWithEmail() { - loginPage.open(); - loginPage.login("john@email.org", "Password1"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - } - - @Test - public void loginLdapWithoutPassword() { - loginPage.open(); - loginPage.login("john@email.org", ""); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - } - - @Test - public void passwordChangeLdap() throws Exception { - changePasswordPage.open(); - loginPage.login("johnkeycloak", "Password1"); - changePasswordPage.changePassword("Password1", "New-password1", "New-password1"); - - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - - changePasswordPage.logout(); - - loginPage.open(); - loginPage.login("johnkeycloak", "Bad-password1"); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - loginPage.open(); - loginPage.login("johnkeycloak", "New-password1"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - // Change password back to previous value - changePasswordPage.open(); - changePasswordPage.changePassword("New-password1", "Password1", "Password1"); - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - } - - @Test - public void registerExistingLdapUser() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - // check existing username - registerPage.register("firstName", "lastName", "email@mail.cz", "existing", "Password1", "Password1"); - registerPage.assertCurrent(); - Assert.assertEquals("Username already exists.", registerPage.getError()); - - // Check existing email - registerPage.register("firstName", "lastName", "existing@email.org", "nonExisting", "Password1", "Password1"); - registerPage.assertCurrent(); - Assert.assertEquals("Email already exists.", registerPage.getError()); - } - - - - // - // KEYCLOAK-4533 - // - @Test - public void testLDAPUserDeletionImport() { - - KeycloakSession session = keycloakRule.startSession(); - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPConfig config = ldapProvider.getLdapIdentityStore().getConfig(); - - // Make sure mary is gone - LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, config, "maryjane"); - - // Create the user in LDAP and register him - - LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "maryjane", "mary", "yram", "mj@testing.redhat.cz", null, "12398"); - LDAPTestUtils.updateLDAPPassword(ldapProvider, mary, "Password1"); - - try { - - // Log in and out of the user - loginSuccessAndLogout("maryjane", "Password1"); - - // Delete LDAP User - LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, config, "maryjane"); - - // Make sure the deletion took place. - List deletedUsers = session.users().searchForUser("mary yram", appRealm); - Assert.assertTrue(deletedUsers.isEmpty()); - - } finally { - keycloakRule.stopSession(session, false); - } - } - @Test - public void registerUserLdapSuccess() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "Password1", "Password1"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); - Assert.assertNotNull(user); - Assert.assertNotNull(user.getFederationLink()); - Assert.assertEquals(user.getFederationLink(), ldapModel.getId()); - Assert.assertEquals("registerusersuccess2", user.getUsername()); - Assert.assertEquals("firstName", user.getFirstName()); - Assert.assertEquals("lastName", user.getLastName()); - Assert.assertTrue(user.isEnabled()); - } finally { - keycloakRule.stopSession(session, false); - } - } - - @Test - public void testCaseSensitiveAttributeName() { - KeycloakSession session = keycloakRule.startSession(); - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject johnZip = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnzip", "John", "Zip", "johnzip@email.org", null, "12398"); - - // Remove default zipcode mapper and add the mapper for "POstalCode" to test case sensitivity - ComponentModel currentZipMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "zipCodeMapper"); - appRealm.removeComponent(currentZipMapper); - LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "zipCodeMapper-cs", "postal_code", "POstalCode"); - - // Fetch user from LDAP and check that postalCode is filled - UserModel user = session.users().getUserByUsername("johnzip", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12398", postalCode); - - } finally { - keycloakRule.stopSession(session, false); - } - } - - @Test - public void testCommaInUsername() { - KeycloakSession session = keycloakRule.startSession(); - boolean skip = false; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - - // Workaround as comma is not allowed in sAMAccountName on active directory. So we will skip the test for this configuration - LDAPConfig config = ldapFedProvider.getLdapIdentityStore().getConfig(); - if (config.isActiveDirectory() && config.getUsernameLdapAttribute().equals(LDAPConstants.SAM_ACCOUNT_NAME)) { - skip = true; - } - - if (!skip) { - LDAPObject johnComma = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,comma", "John", "Comma", "johncomma@email.org", null, "12387"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, johnComma, "Password1"); - - LDAPObject johnPlus = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john+plus,comma", "John", "Plus", "johnplus@email.org", null, "12387"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, johnPlus, "Password1"); - } - } finally { - keycloakRule.stopSession(session, false); - } - - if (!skip) { - // Try to import the user with comma in username into Keycloak - loginSuccessAndLogout("john,comma", "Password1"); - loginSuccessAndLogout("john+plus,comma", "Password1"); - } - } - - //@Test // don't think we should support this, bburke - public void testDirectLDAPUpdate() { - KeycloakSession session = keycloakRule.startSession(); - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject johnDirect = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "12399"); - - // Fetch user from LDAP and check that postalCode is filled - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12399", postalCode); - - // Directly update user in LDAP - johnDirect.setSingleAttribute(LDAPConstants.POSTAL_CODE, "12400"); - johnDirect.setSingleAttribute(LDAPConstants.SN, "DirectLDAPUpdated"); - ldapFedProvider.getLdapIdentityStore().update(johnDirect); - - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - - // Verify that postalCode is still the same as we read it's value from Keycloak DB - user = session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12399", postalCode); - - // Check user.getAttributes() - postalCode = user.getAttributes().get("postal_code").get(0); - Assert.assertEquals("12399", postalCode); - - // LastName is new as lastName mapper will read the value from LDAP - String lastName = user.getLastName(); - Assert.assertEquals("DirectLDAPUpdated", lastName); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // Update postalCode mapper to always read the value from LDAP - ComponentModel zipMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "zipCodeMapper"); - zipMapper.getConfig().putSingle(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "true"); - appRealm.updateComponent(zipMapper); - - // Update lastName mapper to read the value from Keycloak DB - ComponentModel lastNameMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "last name"); - lastNameMapper.getConfig().putSingle(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false"); - appRealm.updateComponent(lastNameMapper); - - // Verify that postalCode is read from LDAP now - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12400", postalCode); - - // Check user.getAttributes() - postalCode = user.getAttributes().get("postal_code").get(0); - Assert.assertEquals("12400", postalCode); - - Assert.assertFalse(user.getAttributes().containsKey(UserModel.LAST_NAME)); - - // lastName is read from Keycloak DB now - String lastName = user.getLastName(); - Assert.assertEquals("Direct", lastName); - - } finally { - keycloakRule.stopSession(session, false); - } - } - - - // TODO: Rather separate test for fullNameMapper to better test all the possibilities - @Test - public void testFullNameMapper() { - KeycloakSession session = keycloakRule.startSession(); - ComponentModel firstNameMapper = null; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // assert that user "fullnameUser" is not in local DB - Assert.assertNull(session.users().getUserByUsername("fullname", appRealm)); - - // Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName) - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", null, "4578"); - - // add fullname mapper to the provider and remove "firstNameMapper". For this test, we will simply map full name to the LDAP attribute, which was before firstName ( "givenName" on active directory, "cn" on other LDAP servers) - firstNameMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "first name"); - String ldapFirstNameAttributeName = firstNameMapper.getConfig().getFirst(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE); - appRealm.removeComponent(firstNameMapper); - - ComponentModel fullNameMapperModel = KeycloakModelUtils.createComponentModel("full name", ldapModel.getId(), FullNameLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), - FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE, ldapFirstNameAttributeName, - FullNameLDAPStorageMapper.READ_ONLY, "false"); - appRealm.addComponentModel(fullNameMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - LDAPTestUtils.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578"); - - // change mapper to writeOnly - ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "full name"); - fullNameMapperModel.getConfig().putSingle(FullNameLDAPStorageMapper.WRITE_ONLY, "true"); - appRealm.updateComponent(fullNameMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - - // Assert changing user in Keycloak will change him in LDAP too... - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); - fullnameUser.setFirstName("James2"); - fullnameUser.setLastName("Dee2"); - } finally { - keycloakRule.stopSession(session, true); - } - - - // Assert changed user available in Keycloak - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - LDAPTestUtils.assertUserImported(session.users(), appRealm, "fullname", "James2", "Dee2", "fullname@email.org", "4578"); - - // Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state - UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); - session.users().removeUser(appRealm, fullnameUser); - - // Revert mappers - ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "full name"); - appRealm.removeComponent(fullNameMapperModel); - - firstNameMapper.setId(null); - appRealm.addComponentModel(firstNameMapper); - } finally { - keycloakRule.stopSession(session, true); - } - } - - - @Test - public void testHardcodedAttributeMapperTest() throws Exception { - // Create hardcoded mapper for "description" - KeycloakSession session = keycloakRule.startSession(); - ComponentModel hardcodedMapperModel = null; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcodedAttr-description", ldapModel.getId(), HardcodedLDAPAttributeMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), - HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_NAME, "description", - HardcodedLDAPAttributeMapper.LDAP_ATTRIBUTE_VALUE, "some-${RANDOM}"); - appRealm.addComponentModel(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - // Register new user - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - registerPage.register("firstName", "lastName", "email34@check.cz", "register123", "Password1", "Password1"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - - - session = keycloakRule.startSession(); - ComponentModel userAttrMapper = null; - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // See that user don't yet have any description - UserModel user = LDAPTestUtils.assertUserImported(session.users(), appRealm, "register123", "firstName", "lastName", "email34@check.cz", null); - Assert.assertNull(user.getFirstAttribute("desc")); - Assert.assertNull(user.getFirstAttribute("description")); - - // Remove hardcoded mapper for "description" and create regular userAttribute mapper for description - appRealm.removeComponent(hardcodedMapperModel); - - userAttrMapper = LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "desc-attribute-mapper", "desc", "description"); - userAttrMapper.put(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "true"); - appRealm.updateComponent(userAttrMapper); - } finally { - keycloakRule.stopSession(session, true); - } - - - - // Check that user has description on him now - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - session.userCache().evict(appRealm, session.users().getUserByUsername("register123", appRealm)); - - // See that user don't yet have any description - UserModel user = session.users().getUserByUsername("register123", appRealm); - Assert.assertNull(user.getFirstAttribute("description")); - Assert.assertNotNull(user.getFirstAttribute("desc")); - String desc = user.getFirstAttribute("desc"); - Assert.assertTrue(desc.startsWith("some-")); - Assert.assertEquals(35, desc.length()); - - // Remove mapper for "description" - appRealm.removeComponent(userAttrMapper); - } finally { - keycloakRule.stopSession(session, true); - } - } - - - @Test - public void testHardcodedRoleMapper() { - KeycloakSession session = keycloakRule.startSession(); - ComponentModel firstNameMapper = null; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - RoleModel hardcodedRole = appRealm.addRole("hardcoded-role"); - - // assert that user "johnkeycloak" doesn't have hardcoded role - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertFalse(john.hasRole(hardcodedRole)); - - ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded role", ldapModel.getId(), HardcodedLDAPRoleStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), - HardcodedLDAPRoleStorageMapper.ROLE, "hardcoded-role"); - appRealm.addComponentModel(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - RoleModel hardcodedRole = appRealm.getRole("hardcoded-role"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertTrue(john.hasRole(hardcodedRole)); - - // Can't remove user from hardcoded role - try { - john.deleteRoleMapping(hardcodedRole); - Assert.fail("Didn't expected to remove role mapping"); - } catch (ModelException expected) { - } - - // Revert mappers - ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "hardcoded role"); - appRealm.removeComponent(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testHardcodedGroupMapper() { - KeycloakSession session = keycloakRule.startSession(); - ComponentModel firstNameMapper = null; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - GroupModel hardcodedGroup = appRealm.createGroup("hardcoded-group", "hardcoded-group"); - - // assert that user "johnkeycloak" doesn't have hardcoded group - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertFalse(john.isMemberOf(hardcodedGroup)); - - ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded group", ldapModel.getId(), HardcodedLDAPGroupStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), - HardcodedLDAPGroupStorageMapper.GROUP, "hardcoded-group"); - appRealm.addComponentModel(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - GroupModel hardcodedGroup = appRealm.getGroupById("hardcoded-group"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertTrue(john.isMemberOf(hardcodedGroup)); - - // Can't remove user from hardcoded role - try { - john.leaveGroup(hardcodedGroup); - Assert.fail("Didn't expected to leave group"); - } catch (ModelException expected) { - } - - // Revert mappers - ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "hardcoded group"); - appRealm.removeComponent(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testImportExistingUserFromLDAP() throws Exception { - // Add LDAP user with same email like existing model user - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary1", "Kelly1", "mary1@email.org", null, "123"); - LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "mary-duplicatemail", "Mary2", "Kelly2", "mary@test.com", null, "123"); - LDAPObject marynoemail = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marynoemail", "Mary1", "Kelly1", null, null, "123"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, marynoemail, "Password1"); - } - - }); - - // Try to import the duplicated LDAP user into Keycloak - loginPage.open(); - loginPage.login("mary-duplicatemail", "password"); - Assert.assertEquals("Email already exists.", loginPage.getError()); - - loginPage.login("mary1@email.org", "password"); - Assert.assertEquals("Username already exists.", loginPage.getError()); - - loginSuccessAndLogout("marynoemail", "Password1"); - } - - @Test - public void testReadonly() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - - UserStorageProviderModel model = new UserStorageProviderModel(ldapModel); - model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString()); - appRealm.updateComponent(model); - UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertNotNull(user); - Assert.assertNotNull(user.getFederationLink()); - Assert.assertEquals(user.getFederationLink(), ldapModel.getId()); - try { - user.setEmail("error@error.com"); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - try { - user.setLastName("Berk"); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - try { - user.setFirstName("Bilbo"); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - try { - UserCredentialModel cred = UserCredentialModel.password("PoopyPoop1", true); - session.userCredentialManager().updateCredential(appRealm, user, cred); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - - Assert.assertTrue(session.users().removeUser(appRealm, user)); - } finally { - keycloakRule.stopSession(session, false); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ldapModel.getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE)); - } finally { - keycloakRule.stopSession(session, false); - } - } - - @Test - public void testRemoveFederatedUser() { - /* - { - KeycloakSession session = keycloakRule.startSession(); - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); - keycloakRule.stopSession(session, true); - if (user == null) { - registerUserLdapSuccess(); - } - } - */ - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); - Assert.assertNotNull(user); - Assert.assertNotNull(user.getFederationLink()); - Assert.assertEquals(user.getFederationLink(), ldapModel.getId()); - - Assert.assertTrue(session.users().removeUser(appRealm, user)); - Assert.assertNull(session.users().getUserByUsername("registerUserSuccess2", appRealm)); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testSearch() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username1", "John1", "Doel1", "user1@email.org", null, "121"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username2", "John2", "Doel2", "user2@email.org", null, "122"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username3", "John3", "Doel3", "user3@email.org", null, "123"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username4", "John4", "Doel4", "user4@email.org", null, "124"); - - // Users are not at local store at this moment - Assert.assertNull(session.userLocalStorage().getUserByUsername("username1", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username2", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username3", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username4", appRealm)); - - // search by username - session.users().searchForUser("username1", appRealm); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username1", "John1", "Doel1", "user1@email.org", "121"); - - // search by email - session.users().searchForUser("user2@email.org", appRealm); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username2", "John2", "Doel2", "user2@email.org", "122"); - - // search by lastName - session.users().searchForUser("Doel3", appRealm); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username3", "John3", "Doel3", "user3@email.org", "123"); - - // search by firstName + lastName - session.users().searchForUser("John4 Doel4", appRealm); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username4", "John4", "Doel4", "user4@email.org", "124"); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testSearchWithCustomLDAPFilter() { - // Add custom filter for searching users - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - ldapModel.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))"); - appRealm.updateComponent(ldapModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - RealmModel appRealm = session.realms().getRealmByName("test"); - - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username5", "John5", "Doel5", "user5@email.org", null, "125"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username6", "John6", "Doel6", "user6@email.org", null, "126"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username7", "John7", "Doel7", "user7@email.org", null, "127"); - - // search by email - List list = session.users().searchForUser("user5@email.org", appRealm); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username5", "John5", "Doel5", "user5@email.org", "125"); - - session.users().searchForUser("John6 Doel6", appRealm); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username6", "John6", "Doel6", "user6@email.org", "126"); - - session.users().searchForUser("user7@email.org", appRealm); - session.users().searchForUser("John7 Doel7", appRealm); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username7", appRealm)); - - // Remove custom filter - ldapModel.getConfig().remove(LDAPConstants.CUSTOM_USER_SEARCH_FILTER); - appRealm.updateComponent(ldapModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testUnsynced() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - - UserStorageProviderModel model = new UserStorageProviderModel(ldapModel); - model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.UNSYNCED.toString()); - appRealm.updateComponent(model); - UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertNotNull(user); - Assert.assertNotNull(user.getFederationLink()); - Assert.assertEquals(user.getFederationLink(), ldapModel.getId()); - - UserCredentialModel cred = UserCredentialModel.password("Candycand1", true); - session.userCredentialManager().updateCredential(appRealm, user, cred); - CredentialModel userCredentialValueModel = session.userCredentialManager().getStoredCredentialsByType(appRealm, user, CredentialModel.PASSWORD).get(0); - Assert.assertEquals(UserCredentialModel.PASSWORD, userCredentialValueModel.getType()); - Assert.assertTrue(session.userCredentialManager().isValid(appRealm, user, cred)); - - // LDAP password is still unchanged - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, model); - LDAPObject ldapUser = ldapProvider.loadLDAPUserByUsername(appRealm, "johnkeycloak"); - ldapProvider.getLdapIdentityStore().validatePassword(ldapUser, "Password1"); - - // User is deleted just locally - Assert.assertTrue(session.users().removeUser(appRealm, user)); - - // Assert user not available locally, but will be reimported from LDAP once searched - Assert.assertNull(session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm)); - Assert.assertNotNull(session.users().getUserByUsername("johnkeycloak", appRealm)); - } finally { - keycloakRule.stopSession(session, false); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ldapModel.getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE)); - } finally { - keycloakRule.stopSession(session, false); - } - } - - - @Test - public void testSearchByAttributes() { - KeycloakSession session = keycloakRule.startSession(); - final String ATTRIBUTE = "postal_code"; - final String ATTRIBUTE_VALUE = "80330340"; - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username8", "John8", "Doel8", "user8@email.org", null, ATTRIBUTE_VALUE); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username9", "John9", "Doel9", "user9@email.org", null, ATTRIBUTE_VALUE); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username10", "John10", "Doel10", "user10@email.org", null, "1210"); - - // Users are not at local store at this moment - Assert.assertNull(session.userLocalStorage().getUserByUsername("username8", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username9", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username10", appRealm)); - - // search for user by attribute - List users = ldapProvider.searchForUserByUserAttribute(ATTRIBUTE, ATTRIBUTE_VALUE, appRealm); - assertEquals(2, users.size()); - assertNotNull(users.get(0).getAttribute(ATTRIBUTE)); - assertEquals(1, users.get(0).getAttribute(ATTRIBUTE).size()); - assertEquals(ATTRIBUTE_VALUE, users.get(0).getAttribute(ATTRIBUTE).get(0)); - - assertNotNull(users.get(1).getAttribute(ATTRIBUTE)); - assertEquals(1, users.get(1).getAttribute(ATTRIBUTE).size()); - assertEquals(ATTRIBUTE_VALUE, users.get(1).getAttribute(ATTRIBUTE).get(0)); - - // user are now imported to local store - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username8", "John8", "Doel8", "user8@email.org", ATTRIBUTE_VALUE); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), appRealm, "username9", "John9", "Doel9", "user9@email.org", ATTRIBUTE_VALUE); - // but the one not looked up is not - Assert.assertNull(session.userLocalStorage().getUserByUsername("username10", appRealm)); - - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testLDAPUserRefreshCache() { - KeycloakSession session = keycloakRule.startSession(); - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "1234"); - - // Fetch user from LDAP and check that postalCode is filled - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("1234", postalCode); - - LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, ldapProvider.getLdapIdentityStore().getConfig(), "johndirect"); - } finally { - keycloakRule.stopSession(session, true); - } - - Time.setOffset(60 * 5); // 5 minutes in future, user should be cached still - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - CachedUserModel user = (CachedUserModel) session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - String email = user.getEmail(); - Assert.assertEquals("1234", postalCode); - Assert.assertEquals("johndirect@email.org", email); - } finally { - keycloakRule.stopSession(session, true); - } - - Time.setOffset(60 * 20); // 20 minutes into future, cache will be invalidated - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - Assert.assertNull(user); - } finally { - keycloakRule.stopSession(session, true); - Time.setOffset(0); - } - } - - @Test - public void testCacheUser() { - UserStorageProviderModel model = new UserStorageProviderModel(ldapModel); - model.setCachePolicy(UserStorageProviderModel.CachePolicy.NO_CACHE); - KeycloakSession session = keycloakRule.startSession(); - RealmModel appRealm = session.realms().getRealmByName("test"); - appRealm.updateComponent(model); - - String userId = null; - UserModel testedUser = null; - try { - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "testCacheUser", "John", "Cached", "johndirect@test.com", null, "1234"); - - // Fetch user from LDAP and check that postalCode is filled - testedUser = session.users().getUserByUsername("testCacheUser", appRealm); - userId = testedUser.getId(); - - Assert.assertNotNull(userId); - Assert.assertTrue(StringUtils.isNotBlank(userId)); - - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - appRealm = session.realms().getRealmByName("test"); - - testedUser = session.users().getUserById(userId, appRealm); - Assert.assertFalse(testedUser instanceof CachedUserModel); - keycloakRule.stopSession(session, false); - - // restore default cache policy - onBefore(); - - session = keycloakRule.startSession(); - appRealm = session.realms().getRealmByName("test"); - // initial get for cache - testedUser = session.users().getUserById(userId, appRealm); - Assert.assertTrue(testedUser instanceof CachedUserModel); - keycloakRule.stopSession(session, false); - - Time.setOffset(60 * 5); // 5 minutes in future, should be cached still - session = keycloakRule.startSession(); - appRealm = session.realms().getRealmByName("test"); - testedUser = session.users().getUserById(userId, appRealm); - Assert.assertTrue(testedUser instanceof CachedUserModel); - keycloakRule.stopSession(session, false); - - Time.setOffset(60 * 10); // 10 minutes into future, cache will be invalidated - session = keycloakRule.startSession(); - appRealm = session.realms().getRealmByName("test"); - testedUser = session.users().getUserByUsername("thor", appRealm); - Assert.assertFalse(testedUser instanceof CachedUserModel); - keycloakRule.stopSession(session, false); - - Time.setOffset(0); - } -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java deleted file mode 100755 index ed9f8b67976..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/LDAPSyncTest.java +++ /dev/null @@ -1,381 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; -import org.keycloak.common.util.Time; -import org.keycloak.component.ComponentModel; -import org.keycloak.services.managers.UserStorageSyncManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.UserProvider; -import org.keycloak.models.cache.UserCache; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.user.SynchronizationResult; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPSyncTest { - - private static LDAPRule ldapRule = new LDAPRule(); - - private static UserStorageProviderModel ldapModel = null; - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - // Other tests may left Time offset uncleared, which could cause issues - Time.setOffset(0); - - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "false"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - - ldapModel = new UserStorageProviderModel(appRealm.addComponentModel(model)); - - - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); - - // Delete all LDAP users and add 5 new users for testing - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - for (int i=1 ; i<=5 ; i++) { - LDAPObject ldapUser = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "user" + i, "User" + i + "FN", "User" + i + "LN", "user" + i + "@email.org", null, "12" + i); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, ldapUser, "Password1"); - } - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - -// @Test -// public void test01runit() throws Exception { -// Thread.sleep(10000000); -// } - - @Test - public void test01LDAPSync() { - UserStorageSyncManager usersSyncManager = new UserStorageSyncManager(); - - // wait a bit - sleep(ldapRule.getSleepTime()); - - KeycloakSession session = keycloakRule.startSession(); - try { - KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); - SynchronizationResult syncResult = usersSyncManager.syncAllUsers(sessionFactory, "test", ldapModel); - LDAPTestUtils.assertSyncEquals(syncResult, 5, 0, 0, 0); - } finally { - keycloakRule.stopSession(session, false); - } - - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - UserProvider userProvider = session.userLocalStorage(); - // Assert users imported - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user1", "User1FN", "User1LN", "user1@email.org", "121"); - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user2", "User2FN", "User2LN", "user2@email.org", "122"); - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user3", "User3FN", "User3LN", "user3@email.org", "123"); - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user4", "User4FN", "User4LN", "user4@email.org", "124"); - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125"); - - // Assert lastSync time updated - Assert.assertTrue(ldapModel.getLastSync() > 0); - for (UserStorageProviderModel persistentFedModel : testRealm.getUserStorageProviders()) { - if (LDAPStorageProviderFactory.PROVIDER_NAME.equals(persistentFedModel.getProviderId())) { - Assert.assertTrue(persistentFedModel.getLastSync() > 0); - } else { - // Dummy provider has still 0 - Assert.assertEquals(0, persistentFedModel.getLastSync()); - } - } - - // wait a bit - sleep(ldapRule.getSleepTime()); - - // Add user to LDAP and update 'user5' in LDAP - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.addLDAPUser(ldapFedProvider, testRealm, "user6", "User6FN", "User6LN", "user6@email.org", null, "126"); - LDAPObject ldapUser5 = ldapFedProvider.loadLDAPUserByUsername(testRealm, "user5"); - // NOTE: Changing LDAP attributes directly here - ldapUser5.setSingleAttribute(LDAPConstants.EMAIL, "user5Updated@email.org"); - ldapUser5.setSingleAttribute(LDAPConstants.POSTAL_CODE, "521"); - ldapFedProvider.getLdapIdentityStore().update(ldapUser5); - - // Assert still old users in local provider - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5@email.org", "125"); - Assert.assertNull(userProvider.getUserByUsername("user6", testRealm)); - - // Trigger partial sync - KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); - SynchronizationResult syncResult = usersSyncManager.syncChangedUsers(sessionFactory, "test", ldapModel); - LDAPTestUtils.assertSyncEquals(syncResult, 1, 1, 0, 0); - } finally { - keycloakRule.stopSession(session, false); - } - - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - UserProvider userProvider = session.userLocalStorage(); - // Assert users updated in local provider - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user5", "User5FN", "User5LN", "user5updated@email.org", "521"); - LDAPTestUtils.assertUserImported(userProvider, testRealm, "user6", "User6FN", "User6LN", "user6@email.org", "126"); - } finally { - keycloakRule.stopSession(session, false); - } - } - - @Test - public void test02duplicateUsernameAndEmailSync() { - LDAPObject duplicatedLdapUser; - - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - - LDAPTestUtils.addLocalUser(session, testRealm, "user7", "user7@email.org", "password"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - - // Add user to LDAP with duplicated username "user7" - duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ldapFedProvider, testRealm, "user7", "User7FN", "User7LN", "user7-something@email.org", null, "126"); - - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - - // Assert syncing from LDAP fails due to duplicated username - SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ldapModel); - Assert.assertEquals(1, result.getFailed()); - - // Remove "user7" from LDAP - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - ldapFedProvider.getLdapIdentityStore().remove(duplicatedLdapUser); - - // Add user to LDAP with duplicated email "user7@email.org" - duplicatedLdapUser = LDAPTestUtils.addLDAPUser(ldapFedProvider, testRealm, "user7-something", "User7FNN", "User7LNL", "user7@email.org", null, "126"); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - - // Assert syncing from LDAP fails due to duplicated email - SynchronizationResult result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ldapModel); - Assert.assertEquals(1, result.getFailed()); - Assert.assertNull(session.userLocalStorage().getUserByUsername("user7-something", testRealm)); - - // Update LDAP user to avoid duplicated email - duplicatedLdapUser.setSingleAttribute(LDAPConstants.EMAIL, "user7-changed@email.org"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - ldapFedProvider.getLdapIdentityStore().update(duplicatedLdapUser); - - // Assert user successfully synced now - result = new UserStorageSyncManager().syncAllUsers(session.getKeycloakSessionFactory(), "test", ldapModel); - Assert.assertEquals(0, result.getFailed()); - } finally { - keycloakRule.stopSession(session, true); - } - - // Assert user imported in another transaction - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - LDAPTestUtils.assertUserImported(session.userLocalStorage(), testRealm, "user7-something", "User7FNN", "User7LNL", "user7-changed@email.org", "126"); - } finally { - keycloakRule.stopSession(session, false); - } - } - - // KEYCLOAK-1571 - @Test - public void test03SameUUIDAndUsernameSync() { - KeycloakSession session = keycloakRule.startSession(); - String origUuidAttrName; - - try { - RealmModel testRealm = session.realms().getRealm("test"); - - // Remove all users from model - for (UserModel user : session.userLocalStorage().getUsers(testRealm, true)) { - session.userLocalStorage().removeUser(testRealm, user); - } - - UserStorageProviderModel providerModel = KeycloakModelUtils.findUserStorageProviderByName(ldapModel.getName(), testRealm); - - // Change name of UUID attribute to same like usernameAttribute - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - String uidAttrName = ldapFedProvider.getLdapIdentityStore().getConfig().getUsernameLdapAttribute(); - origUuidAttrName = providerModel.getConfig().getFirst(LDAPConstants.UUID_LDAP_ATTRIBUTE); - providerModel.getConfig().putSingle(LDAPConstants.UUID_LDAP_ATTRIBUTE, uidAttrName); - - // Need to change this due to ApacheDS pagination bug (For other LDAP servers, pagination works fine) TODO: Remove once ApacheDS upgraded and pagination is fixed - providerModel.getConfig().putSingle(LDAPConstants.BATCH_SIZE_FOR_SYNC, "10"); - testRealm.updateComponent(providerModel); - - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - UserStorageProviderModel providerModel = KeycloakModelUtils.findUserStorageProviderByName(ldapModel.getName(), testRealm); - - KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); - SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", providerModel); - Assert.assertEquals(0, syncResult.getFailed()); - - } finally { - keycloakRule.stopSession(session, false); - } - - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - - // Assert users imported with correct LDAP_ID - LDAPTestUtils.assertUserImported(session.users(), testRealm, "user1", "User1FN", "User1LN", "user1@email.org", "121"); - LDAPTestUtils.assertUserImported(session.users(), testRealm, "user2", "User2FN", "User2LN", "user2@email.org", "122"); - UserModel user1 = session.users().getUserByUsername("user1", testRealm); - Assert.assertEquals("user1", user1.getFirstAttribute(LDAPConstants.LDAP_ID)); - - // Revert config changes - UserStorageProviderModel providerModel = KeycloakModelUtils.findUserStorageProviderByName(ldapModel.getName(), testRealm); - providerModel.getConfig().putSingle(LDAPConstants.UUID_LDAP_ATTRIBUTE, origUuidAttrName); - testRealm.updateComponent(providerModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - // KEYCLOAK-1728 - @Test - public void test04MissingLDAPUsernameSync() { - KeycloakSession session = keycloakRule.startSession(); - String origUsernameAttrName; - - try { - RealmModel testRealm = session.realms().getRealm("test"); - - // Remove all users from model - for (UserModel user : session.userLocalStorage().getUsers(testRealm, true)) { - System.out.println("trying to delete user: " + user.getUsername()); - UserCache userCache = session.userCache(); - if (userCache != null) { - userCache.evict(testRealm, user); - } - session.userLocalStorage().removeUser(testRealm, user); - } - - UserStorageProviderModel providerModel = KeycloakModelUtils.findUserStorageProviderByName(ldapModel.getName(), testRealm); - - // Add street mapper and add some user including street - ComponentModel streetMapper = LDAPTestUtils.addUserAttributeMapper(testRealm, ldapModel, "streetMapper", "street", LDAPConstants.STREET); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject streetUser = LDAPTestUtils.addLDAPUser(ldapFedProvider, testRealm, "user8", "User8FN", "User8LN", "user8@email.org", "user8street", "126"); - - // Change name of username attribute name to street - origUsernameAttrName = providerModel.getConfig().getFirst(LDAPConstants.USERNAME_LDAP_ATTRIBUTE); - providerModel.getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, "street"); - - // Need to change this due to ApacheDS pagination bug (For other LDAP servers, pagination works fine) TODO: Remove once ApacheDS upgraded and pagination is fixed - providerModel.getConfig().putSingle(LDAPConstants.BATCH_SIZE_FOR_SYNC, "10"); - testRealm.updateComponent(providerModel); - - } finally { - keycloakRule.stopSession(session, true); - } - - // Just user8 synced. All others failed to sync - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - UserStorageProviderModel providerModel = KeycloakModelUtils.findUserStorageProviderByName(ldapModel.getName(), testRealm); - - KeycloakSessionFactory sessionFactory = session.getKeycloakSessionFactory(); - SynchronizationResult syncResult = new UserStorageSyncManager().syncAllUsers(sessionFactory, "test", providerModel); - Assert.assertEquals(1, syncResult.getAdded()); - Assert.assertTrue(syncResult.getFailed() > 0); - } finally { - keycloakRule.stopSession(session, false); - } - - session = keycloakRule.startSession(); - try { - RealmModel testRealm = session.realms().getRealm("test"); - - // Revert config changes - UserStorageProviderModel providerModel = KeycloakModelUtils.findUserStorageProviderByName(ldapModel.getName(), testRealm); - providerModel.getConfig().putSingle(LDAPConstants.USERNAME_LDAP_ATTRIBUTE, origUsernameAttrName); - testRealm.updateComponent(providerModel); - ComponentModel streetMapper = LDAPTestUtils.getSubcomponentByName(testRealm, providerModel, "streetMapper"); - testRealm.removeComponent(streetMapper); - } finally { - keycloakRule.stopSession(session, true); - } - } - - private void sleep(int time) { - try { - Thread.sleep(time); - } catch (InterruptedException ie) { - throw new RuntimeException(ie); - } - } -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java deleted file mode 100755 index 1f930bd7302..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPGroupMapperNoImportTest.java +++ /dev/null @@ -1,378 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap.noimport; - -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.common.util.MultivaluedHashMap; -import org.keycloak.component.ComponentModel; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.ModelException; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPConfig; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.ldap.LDAPUtils; -import org.keycloak.storage.ldap.idm.model.LDAPDn; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.storage.ldap.mappers.membership.LDAPGroupMapperMode; -import org.keycloak.storage.ldap.mappers.membership.MembershipType; -import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper; -import org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.membership.group.GroupMapperConfig; -import org.keycloak.testsuite.federation.storage.ldap.LDAPTestUtils; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; - -import java.util.List; -import java.util.Set; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPGroupMapperNoImportTest { - - private static LDAPRule ldapRule = new LDAPRule(); - - private static ComponentModel ldapModel = null; - private static String descriptionAttrName = null; - - - static class GroupTestKeycloakSetup extends KeycloakRule.KeycloakSetup { - - private final LDAPRule ldapRule; - - ComponentModel ldapModel = null; - String descriptionAttrName = null; - - - public GroupTestKeycloakSetup(LDAPRule ldapRule) { - this.ldapRule = ldapRule; - } - - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "mary", "mary@test.com", "password-app"); - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "john", "john@test.com", "password-app"); - - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - model.setImportEnabled(false); - - ldapModel = appRealm.addComponentModel(model); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - descriptionAttrName = ldapFedProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description"; - - // Add group mapper - LDAPTestUtils.addOrUpdateGroupMapper(appRealm, ldapModel, LDAPGroupMapperMode.LDAP_ONLY, descriptionAttrName); - - // Remove all LDAP groups - LDAPTestUtils.removeAllLDAPGroups(session, appRealm, ldapModel, "groupsMapper"); - - // Add some groups for testing - LDAPObject group1 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group1", descriptionAttrName, "group1 - description"); - LDAPObject group11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group11"); - LDAPObject group12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "group12", descriptionAttrName, "group12 - description"); - - LDAPObject defaultGroup1 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup1", descriptionAttrName, "Default Group1 - description"); - LDAPObject defaultGroup11 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup11"); - LDAPObject defaultGroup12 = LDAPTestUtils.createLDAPGroup(manager.getSession(), appRealm, ldapModel, "defaultGroup12", descriptionAttrName, "Default Group12 - description"); - - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group11, false); - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group1, group12, true); - - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup11, false); - LDAPUtils.addMember(ldapFedProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", defaultGroup1, defaultGroup12, true); - - // Sync LDAP groups to Keycloak DB - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "groupsMapper"); - new GroupLDAPStorageMapperFactory().create(session, mapperModel).syncDataFromFederationProviderToKeycloak(appRealm); - - appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11")); - appRealm.addDefaultGroup(KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12")); - - // Delete all LDAP users - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - // Add some LDAP users for testing (because these are added directly to LDAP, they will not be added to the default groups defined above) - LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); - - LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, mary, "Password1"); - - postSetup(appRealm, ldapFedProvider); - } - - - void postSetup(RealmModel appRealm, LDAPStorageProvider ldapProvider) { - LDAPGroupMapperNoImportTest.ldapModel = this.ldapModel; - LDAPGroupMapperNoImportTest.descriptionAttrName = this.descriptionAttrName; - } - - } - - - private static KeycloakRule keycloakRule = new KeycloakRule(new GroupTestKeycloakSetup(ldapRule)); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Test - public void test01ReadGroupMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "groupsMapper"); - LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString()); - appRealm.updateComponent(mapperModel); - - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); - - LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak"); - groupMapper.addGroupMappingInLDAP(appRealm, KeycloakModelUtils.findGroupByPath(appRealm, "/group1"), maryLdap); - groupMapper.addGroupMappingInLDAP(appRealm, KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"), maryLdap); - } finally { - keycloakRule.stopSession(session, true); - } - session = keycloakRule.startSession(); - try { - session.userCache().clear(); - System.out.println("starting test01ReadGroupMappings"); - RealmModel appRealm = session.realms().getRealmByName("test"); - - GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); - Assert.assertNotNull(group1); - GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); - Assert.assertNotNull(group11); - GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); - Assert.assertNotNull(group12); - - - UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); - // make sure we are in no-import mode - Assert.assertNull(session.userLocalStorage().getUserByUsername("marykeycloak", appRealm)); - // Assert that mary has both LDAP and DB mapped groups - Set maryGroups = mary.getGroups(); - Assert.assertEquals(2, maryGroups.size()); - Assert.assertTrue(maryGroups.contains(group1)); - Assert.assertTrue(maryGroups.contains(group11)); - - // Check through userProvider - List group1Members = session.users().getGroupMembers(appRealm, group1, 0, 10); - List group11Members = session.users().getGroupMembers(appRealm, group11, 0, 10); - Assert.assertEquals(1, group1Members.size()); - Assert.assertEquals("marykeycloak", group1Members.get(0).getUsername()); - Assert.assertEquals(1, group11Members.size()); - Assert.assertEquals("marykeycloak", group11Members.get(0).getUsername()); - - // Delete role mappings directly in LDAP - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm,ldapModel, "groupsMapper"); - GroupLDAPStorageMapper groupMapper = LDAPTestUtils.getGroupMapper(mapperModel, ldapProvider, appRealm); - LDAPObject maryLdap = ldapProvider.loadLDAPUserByUsername(appRealm, "marykeycloak"); - deleteGroupMappingsInLDAP(groupMapper, maryLdap, "group1"); - deleteGroupMappingsInLDAP(groupMapper, maryLdap, "group11"); - } finally { - keycloakRule.stopSession(session, true); - } - - } - - @Test - public void test02WriteGroupMappings() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - - ComponentModel mapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "groupsMapper"); - LDAPTestUtils.updateGroupMapperConfigOptions(mapperModel, GroupMapperConfig.MODE, LDAPGroupMapperMode.LDAP_ONLY.toString()); - appRealm.updateComponent(mapperModel); - - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); - - // make sure we are in no-import mode - Assert.assertNull(session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("marykeycloak", appRealm)); - - // 1 - Grant some groups in LDAP - - // This group should already exists as it was imported from LDAP - GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); - john.joinGroup(group1); - - // This group should already exists as it was imported from LDAP - GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); - mary.joinGroup(group11); - - // This group should already exists as it was imported from LDAP - GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); - john.joinGroup(group12); - mary.joinGroup(group12); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - session.userCache().clear(); // clear cache to make sure we're reloading from LDAP. - RealmModel appRealm = session.realms().getRealmByName("test"); - GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); - GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); - GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); - - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); - - // make sure we are in no-import mode - Assert.assertNull(session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("marykeycloak", appRealm)); - - // 3 - Check that group mappings are in LDAP and hence available through federation - - Set johnGroups = john.getGroups(); - Assert.assertEquals(2, johnGroups.size()); - Assert.assertTrue(johnGroups.contains(group1)); - Assert.assertFalse(johnGroups.contains(group11)); - Assert.assertTrue(johnGroups.contains(group12)); - - // 4 - Check through userProvider - List group1Members = session.users().getGroupMembers(appRealm, group1, 0, 10); - List group11Members = session.users().getGroupMembers(appRealm, group11, 0, 10); - List group12Members = session.users().getGroupMembers(appRealm, group12, 0, 10); - - Assert.assertEquals(1, group1Members.size()); - Assert.assertEquals("johnkeycloak", group1Members.get(0).getUsername()); - Assert.assertEquals(1, group11Members.size()); - Assert.assertEquals("marykeycloak", group11Members.get(0).getUsername()); - Assert.assertEquals(2, group12Members.size()); - - // 4 - Delete some group mappings and check they are deleted - - john.leaveGroup(group1); - john.leaveGroup(group12); - - mary.leaveGroup(group1); - mary.leaveGroup(group11); - mary.leaveGroup(group12); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - session.userCache().clear(); // clear cache to make sure we're reloading from LDAP. - RealmModel appRealm = session.realms().getRealmByName("test"); - - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - UserModel mary = session.users().getUserByUsername("marykeycloak", appRealm); - - // make sure we are in no-import mode - Assert.assertNull(session.userLocalStorage().getUserByUsername("johnkeycloak", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("marykeycloak", appRealm)); - session.userCache().clear(); // clear cache to make sure we're reloading from LDAP. - Set johnGroups = john.getGroups(); - Assert.assertEquals(0, johnGroups.size()); - Set maryGroups = mary.getGroups(); - Assert.assertEquals(0, maryGroups.size()); - - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void test03_newUserDefaultGroupsNoImportModeTest() throws Exception { - - // Check user group memberships - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - - UserModel rob = session.users().addUser(appRealm, "robkeycloak"); - // make sure we are in no-import mode - Assert.assertNull(session.userLocalStorage().getUserByUsername("robkeycloak", appRealm)); - - GroupModel defaultGroup11 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup11"); - Assert.assertNotNull(defaultGroup11); - - GroupModel defaultGroup12 = KeycloakModelUtils.findGroupByPath(appRealm, "/defaultGroup1/defaultGroup12"); - Assert.assertNotNull(defaultGroup12); - - GroupModel group1 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1"); - Assert.assertNotNull(group1); - GroupModel group11 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group11"); - Assert.assertNotNull(group11); - GroupModel group12 = KeycloakModelUtils.findGroupByPath(appRealm, "/group1/group12"); - Assert.assertNotNull(group12); - - // 4 - Check through userProvider - List defaultGroup11Members = session.users().getGroupMembers(appRealm, defaultGroup11, 0, 10); - List defaultGroup12Members = session.users().getGroupMembers(appRealm, defaultGroup12, 0, 10); - - Assert.assertEquals(1, defaultGroup11Members.size()); - Assert.assertEquals("robkeycloak", defaultGroup11Members.get(0).getUsername()); - Assert.assertEquals(1, defaultGroup12Members.size()); - Assert.assertEquals("robkeycloak", defaultGroup12Members.get(0).getUsername()); - - - Set groups = rob.getGroups(); - Assert.assertTrue(groups.contains(defaultGroup11)); - Assert.assertTrue(groups.contains(defaultGroup12)); - Assert.assertFalse(groups.contains(group1)); - Assert.assertFalse(groups.contains(group11)); - Assert.assertFalse(groups.contains(group12)); - } finally { - keycloakRule.stopSession(session, true); - } - } - - - - private void deleteGroupMappingsInLDAP(GroupLDAPStorageMapper groupMapper, LDAPObject ldapUser, String groupName) { - LDAPObject ldapGroup = groupMapper.loadLDAPGroupByName(groupName); - groupMapper.deleteGroupMappingInLDAP(ldapUser, ldapGroup); - } -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java deleted file mode 100755 index ca3344df3dc..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPMultipleAttributesNoImportTest.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap.noimport; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.OAuth2Constants; -import org.keycloak.common.util.MultivaluedHashMap; -import org.keycloak.component.ComponentModel; -import org.keycloak.models.ClientModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.RealmModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.protocol.oidc.OIDCLoginProtocolService; -import org.keycloak.protocol.oidc.mappers.UserAttributeMapper; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.federation.storage.ldap.LDAPExampleServlet; -import org.keycloak.testsuite.federation.storage.ldap.LDAPMultipleAttributesTest; -import org.keycloak.testsuite.federation.storage.ldap.LDAPTestUtils; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; - -import javax.ws.rs.core.UriBuilder; -import java.net.URL; -import java.util.Arrays; -import java.util.LinkedHashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPMultipleAttributesNoImportTest extends LDAPMultipleAttributesTest { - - @Override - protected void checkUserAndImportMode(KeycloakSession session, RealmModel realm, String username, String expectedFirstName, String expectedLastName, String expectedEmail, String expectedPostalCode) { - UserModel user = session.users().getUserByUsername(username, realm); - Assert.assertNull(session.userLocalStorage().getUserByUsername(username, realm)); - LDAPTestUtils.assertLoaded(user, username, expectedFirstName, expectedLastName, expectedEmail, expectedPostalCode); - } - - @Override - protected void checkImportMode(KeycloakSession session, RealmModel realm, UserModel user) { - Assert.assertNull(session.userLocalStorage().getUserById(user.getId(), realm)); - - } - - @Before - public void setNoImportMode() throws Exception { - KeycloakSession session = keycloakRule.startSession(); - try { - session.userCache().clear(); - RealmModel appRealm = session.realms().getRealmByName("test"); - ldapModel.setImportEnabled(false); - appRealm.updateComponent(ldapModel); - - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testModel() { - super.testModel(); - } - - @Test - public void ldapPortalEndToEndTest() { - super.ldapPortalEndToEndTest(); - } - - - -} - - diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java deleted file mode 100755 index 73ca4ae97bd..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/federation/storage/ldap/noimport/LDAPProvidersIntegrationNoImportTest.java +++ /dev/null @@ -1,989 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.federation.storage.ldap.noimport; - -import org.jboss.logging.Logger; -import org.junit.Assert; -import org.junit.ClassRule; -import org.junit.FixMethodOrder; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.RuleChain; -import org.junit.rules.TestRule; -import org.junit.runners.MethodSorters; -import org.keycloak.OAuth2Constants; -import org.keycloak.admin.client.Keycloak; -import org.keycloak.admin.client.resource.RealmResource; -import org.keycloak.common.util.MultivaluedHashMap; -import org.keycloak.component.ComponentModel; -import org.keycloak.credential.CredentialModel; -import org.keycloak.models.Constants; -import org.keycloak.models.GroupModel; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.LDAPConstants; -import org.keycloak.models.ModelException; -import org.keycloak.models.RealmModel; -import org.keycloak.models.RoleModel; -import org.keycloak.models.UserCredentialModel; -import org.keycloak.models.UserModel; -import org.keycloak.models.utils.KeycloakModelUtils; -import org.keycloak.representations.AccessToken; -import org.keycloak.representations.idm.CredentialRepresentation; -import org.keycloak.representations.idm.UserRepresentation; -import org.keycloak.services.managers.RealmManager; -import org.keycloak.storage.ReadOnlyException; -import org.keycloak.storage.StorageId; -import org.keycloak.storage.UserStorageProvider; -import org.keycloak.storage.UserStorageProviderModel; -import org.keycloak.storage.ldap.LDAPConfig; -import org.keycloak.storage.ldap.LDAPStorageProvider; -import org.keycloak.storage.ldap.LDAPStorageProviderFactory; -import org.keycloak.storage.ldap.idm.model.LDAPObject; -import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapper; -import org.keycloak.storage.ldap.mappers.FullNameLDAPStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPGroupStorageMapper; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPGroupStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper; -import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory; -import org.keycloak.storage.ldap.mappers.LDAPStorageMapper; -import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper; -import org.keycloak.testsuite.ApiUtil; -import org.keycloak.testsuite.OAuthClient; -import org.keycloak.testsuite.federation.storage.ldap.LDAPTestUtils; -import org.keycloak.testsuite.pages.AccountPasswordPage; -import org.keycloak.testsuite.pages.AccountUpdateProfilePage; -import org.keycloak.testsuite.pages.AppPage; -import org.keycloak.testsuite.pages.LoginPage; -import org.keycloak.testsuite.pages.RegisterPage; -import org.keycloak.testsuite.rule.KeycloakRule; -import org.keycloak.testsuite.rule.LDAPRule; -import org.keycloak.testsuite.rule.WebResource; -import org.keycloak.testsuite.rule.WebRule; -import org.openqa.selenium.WebDriver; - -import javax.ws.rs.core.Response; -import java.util.LinkedList; -import java.util.List; - -import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.MASTER; -import static org.junit.Assert.assertEquals; -import static org.keycloak.models.AdminRoles.ADMIN; -import static org.keycloak.testsuite.Constants.AUTH_SERVER_ROOT; - -/** - * @author Marek Posolda - */ -@FixMethodOrder(MethodSorters.NAME_ASCENDING) -public class LDAPProvidersIntegrationNoImportTest { - - private static final Logger log = Logger.getLogger(LDAPProvidersIntegrationNoImportTest.class); - - private static LDAPRule ldapRule = new LDAPRule(); - - private static ComponentModel ldapModel = null; - - - private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPTestUtils.addLocalUser(manager.getSession(), appRealm, "marykeycloak", "mary@test.com", "password-app"); - - MultivaluedHashMap ldapConfig = LDAPTestUtils.getLdapRuleConfig(ldapRule); - ldapConfig.putSingle(LDAPConstants.SYNC_REGISTRATIONS, "true"); - ldapConfig.putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.WRITABLE.toString()); - UserStorageProviderModel model = new UserStorageProviderModel(); - model.setLastSync(0); - model.setChangedSyncPeriod(-1); - model.setFullSyncPeriod(-1); - model.setName("test-ldap"); - model.setPriority(0); - model.setProviderId(LDAPStorageProviderFactory.PROVIDER_NAME); - model.setConfig(ldapConfig); - model.setImportEnabled(false); - - ldapModel = appRealm.addComponentModel(model); - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); - - // Delete all LDAP users and add some new for testing - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.removeAllLDAPUsers(ldapFedProvider, appRealm); - - LDAPObject john = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, john, "Password1"); - - LDAPObject existing = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "existing", "Existing", "Foo", "existing@email.org", null, "5678"); - - appRealm.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true); - } - }); - - @ClassRule - public static TestRule chain = RuleChain - .outerRule(ldapRule) - .around(keycloakRule); - - @Rule - public WebRule webRule = new WebRule(this); - - @WebResource - protected OAuthClient oauth; - - @WebResource - protected WebDriver driver; - - @WebResource - protected AppPage appPage; - - @WebResource - protected RegisterPage registerPage; - - @WebResource - protected LoginPage loginPage; - - @WebResource - protected AccountUpdateProfilePage profilePage; - - @WebResource - protected AccountPasswordPage changePasswordPage; - -// @Test -// @Ignore -// public void runit() throws Exception { -// Thread.sleep(10000000); -// -// } - - /** - * KEYCLOAK-3986 - * - */ - @Test - public void testSyncRegistrationOff() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - UserStorageProviderModel newModel = new UserStorageProviderModel(ldapModel); - newModel.getConfig().putSingle(LDAPConstants.SYNC_REGISTRATIONS, "false"); - appRealm.updateComponent(newModel); - UserModel newUser1 = session.users().addUser(appRealm, "newUser1"); - Assert.assertTrue(StorageId.isLocalStorage(newUser1)); - } finally { - keycloakRule.stopSession(session, false); - } - - - } - - @Test - public void caseInSensitiveImport() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject jbrown2 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown2", "John", "Brown2", "jbrown2@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown2, "Password1"); - LDAPObject jbrown3 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown3", "John", "Brown3", "JBrown3@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown3, "Password1"); - } finally { - keycloakRule.stopSession(session, true); - } - - loginSuccessAndLogout("jbrown2", "Password1"); - loginSuccessAndLogout("JBrown2", "Password1"); - loginSuccessAndLogout("jbrown2@email.org", "Password1"); - loginSuccessAndLogout("JBrown2@email.org", "Password1"); - - loginSuccessAndLogout("jbrown3", "Password1"); - loginSuccessAndLogout("JBrown3", "Password1"); - loginSuccessAndLogout("jbrown3@email.org", "Password1"); - loginSuccessAndLogout("JBrown3@email.org", "Password1"); - } - - private void loginSuccessAndLogout(String username, String password) { - loginPage.open(); - loginPage.login(username, password); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - oauth.openLogout(); - } - - - @Test - public void testLDAPUserImportOnCreationOrLogin() { - - KeycloakSession session = keycloakRule.startSession(); - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPConfig config = ldapProvider.getLdapIdentityStore().getConfig(); - - // Make sure mary is gone - LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, config, "maryjane"); - - - // Create the user in LDAP and register him - // - LDAPObject mary = LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "maryjane", "mary", "yram", "mj@testing.redhat.cz", null, "12398"); - LDAPTestUtils.updateLDAPPassword(ldapProvider, mary, "Password1"); - - try { - - // Log in and out of the user - loginSuccessAndLogout("maryjane", "Password1"); - - // Delete LDAP User - LDAPTestUtils.removeLDAPUserByUsername(ldapProvider, appRealm, config, "maryjane"); - - // Make sure the deletion took place. - List deletedUsers = session.users().searchForUser("mary yram", appRealm); - Assert.assertTrue(deletedUsers.isEmpty()); - - } finally { - keycloakRule.stopSession(session, false); - } - } - - - - - - @Test - public void caseInsensitiveSearch() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject jbrown4 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "JBrown4", "John", "Brown4", "jbrown4@email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown4, "Password1"); - LDAPObject jbrown5 = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "jbrown5", "John", "Brown5", "JBrown5@Email.org", null, "1234"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, jbrown5, "Password1"); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - RealmModel appRealm = manager.getRealm("test"); - - // search by username - List users = session.users().searchForUser("JBROwn4", appRealm); - Assert.assertEquals(1, users.size()); - UserModel user4 = users.get(0); - Assert.assertEquals("jbrown4", user4.getUsername()); - Assert.assertEquals("jbrown4@email.org", user4.getEmail()); - - // search by email - users = session.users().searchForUser("JBROwn5@eMAil.org", appRealm); - Assert.assertEquals(1, users.size()); - UserModel user5 = users.get(0); - Assert.assertEquals("jbrown5", user5.getUsername()); - Assert.assertEquals("jbrown5@email.org", user5.getEmail()); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void deleteFederationLink() { - loginLdap(); - { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - - RealmModel appRealm = manager.getRealm("test"); - appRealm.removeComponent(ldapModel); - Assert.assertEquals(0, appRealm.getComponents(appRealm.getId(), UserStorageProvider.class.getName()).size()); - } finally { - keycloakRule.stopSession(session, true); - } - } - loginPage.open(); - loginPage.login("johnkeycloak", "Password1"); - loginPage.assertCurrent(); - - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmManager manager = new RealmManager(session); - - RealmModel appRealm = manager.getRealm("test"); - ldapModel.setId(null); - ldapModel = appRealm.addComponentModel(ldapModel); - LDAPTestUtils.addZipCodeLDAPMapper(appRealm, ldapModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - loginLdap(); - - } - - @Test - public void loginClassic() { - loginPage.open(); - loginPage.login("marykeycloak", "password-app"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - } - - @Test - public void loginLdap() { - loginPage.open(); - loginPage.login("johnkeycloak", "Password1"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - - profilePage.open(); - Assert.assertEquals("John", profilePage.getFirstName()); - Assert.assertEquals("Doe", profilePage.getLastName()); - Assert.assertEquals("john@email.org", profilePage.getEmail()); - } - - @Test - public void loginLdapWithDirectGrant() throws Exception { - OAuthClient.AccessTokenResponse response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", "Password1"); - assertEquals(200, response.getStatusCode()); - AccessToken accessToken = oauth.verifyToken(response.getAccessToken()); - - response = oauth.doGrantAccessTokenRequest("password", "johnkeycloak", ""); - assertEquals(401, response.getStatusCode()); - } - - @Test - public void loginLdapWithEmail() { - loginPage.open(); - loginPage.login("john@email.org", "Password1"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - } - - @Test - public void loginLdapWithoutPassword() { - loginPage.open(); - loginPage.login("john@email.org", ""); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - } - - @Test - public void passwordChangeLdap() throws Exception { - changePasswordPage.open(); - loginPage.login("johnkeycloak", "Password1"); - changePasswordPage.changePassword("Password1", "New-password1", "New-password1"); - - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - - changePasswordPage.logout(); - - loginPage.open(); - loginPage.login("johnkeycloak", "Bad-password1"); - Assert.assertEquals("Invalid username or password.", loginPage.getError()); - - loginPage.open(); - loginPage.login("johnkeycloak", "New-password1"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - // Change password back to previous value - changePasswordPage.open(); - changePasswordPage.changePassword("New-password1", "Password1", "Password1"); - Assert.assertEquals("Your password has been updated.", profilePage.getSuccess()); - } - - @Test - public void registerExistingLdapUser() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - // check existing username - registerPage.register("firstName", "lastName", "email@mail.cz", "existing", "Password1", "Password1"); - registerPage.assertCurrent(); - Assert.assertEquals("Username already exists.", registerPage.getError()); - - // Check existing email - registerPage.register("firstName", "lastName", "existing@email.org", "nonExisting", "Password1", "Password1"); - registerPage.assertCurrent(); - Assert.assertEquals("Email already exists.", registerPage.getError()); - } - - @Test - public void registerUserLdapSuccess() { - loginPage.open(); - loginPage.clickRegister(); - registerPage.assertCurrent(); - - registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "Password1", "Password1"); - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); - Assert.assertNotNull(user); - Assert.assertFalse(StorageId.isLocalStorage(user)); - Assert.assertEquals(StorageId.providerId(user.getId()), ldapModel.getId()); - Assert.assertEquals("registerusersuccess2", user.getUsername()); - Assert.assertEquals("firstName", user.getFirstName()); - Assert.assertEquals("lastName", user.getLastName()); - Assert.assertTrue(user.isEnabled()); - } finally { - keycloakRule.stopSession(session, false); - } - } - - @Test - public void testCaseSensitiveAttributeName() { - KeycloakSession session = keycloakRule.startSession(); - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject johnZip = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johnzip", "John", "Zip", "johnzip@email.org", null, "12398"); - - // Remove default zipcode mapper and add the mapper for "POstalCode" to test case sensitivity - ComponentModel currentZipMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "zipCodeMapper"); - appRealm.removeComponent(currentZipMapper); - LDAPTestUtils.addUserAttributeMapper(appRealm, ldapModel, "zipCodeMapper-cs", "postal_code", "POstalCode"); - - // Fetch user from LDAP and check that postalCode is filled - UserModel user = session.users().getUserByUsername("johnzip", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12398", postalCode); - - } finally { - keycloakRule.stopSession(session, false); - } - } - - @Test - public void testCommaInUsername() { - KeycloakSession session = keycloakRule.startSession(); - boolean skip = false; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - - // Workaround as comma is not allowed in sAMAccountName on active directory. So we will skip the test for this configuration - LDAPConfig config = ldapFedProvider.getLdapIdentityStore().getConfig(); - if (config.isActiveDirectory() && config.getUsernameLdapAttribute().equals(LDAPConstants.SAM_ACCOUNT_NAME)) { - skip = true; - } - - if (!skip) { - LDAPObject johnComma = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john,comma", "John", "Comma", "johncomma@email.org", null, "12387"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, johnComma, "Password1"); - - LDAPObject johnPlus = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "john+plus,comma", "John", "Plus", "johnplus@email.org", null, "12387"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, johnPlus, "Password1"); - } - } finally { - keycloakRule.stopSession(session, false); - } - - if (!skip) { - // Try to import the user with comma in username into Keycloak - loginSuccessAndLogout("john,comma", "Password1"); - loginSuccessAndLogout("john+plus,comma", "Password1"); - } - } - - //@Test // don't think we should support this, bburke - public void testDirectLDAPUpdate() { - KeycloakSession session = keycloakRule.startSession(); - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPObject johnDirect = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "johndirect", "John", "Direct", "johndirect@email.org", null, "12399"); - - // Fetch user from LDAP and check that postalCode is filled - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12399", postalCode); - - // Directly update user in LDAP - johnDirect.setSingleAttribute(LDAPConstants.POSTAL_CODE, "12400"); - johnDirect.setSingleAttribute(LDAPConstants.SN, "DirectLDAPUpdated"); - ldapFedProvider.getLdapIdentityStore().update(johnDirect); - - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - - // Verify that postalCode is still the same as we read it's value from Keycloak DB - user = session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12399", postalCode); - - // Check user.getAttributes() - postalCode = user.getAttributes().get("postal_code").get(0); - Assert.assertEquals("12399", postalCode); - - // LastName is new as lastName mapper will read the value from LDAP - String lastName = user.getLastName(); - Assert.assertEquals("DirectLDAPUpdated", lastName); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // Update postalCode mapper to always read the value from LDAP - ComponentModel zipMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "zipCodeMapper"); - zipMapper.getConfig().putSingle(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "true"); - appRealm.updateComponent(zipMapper); - - // Update lastName mapper to read the value from Keycloak DB - ComponentModel lastNameMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "last name"); - lastNameMapper.getConfig().putSingle(UserAttributeLDAPStorageMapper.ALWAYS_READ_VALUE_FROM_LDAP, "false"); - appRealm.updateComponent(lastNameMapper); - - // Verify that postalCode is read from LDAP now - UserModel user = session.users().getUserByUsername("johndirect", appRealm); - String postalCode = user.getFirstAttribute("postal_code"); - Assert.assertEquals("12400", postalCode); - - // Check user.getAttributes() - postalCode = user.getAttributes().get("postal_code").get(0); - Assert.assertEquals("12400", postalCode); - - Assert.assertFalse(user.getAttributes().containsKey(UserModel.LAST_NAME)); - - // lastName is read from Keycloak DB now - String lastName = user.getLastName(); - Assert.assertEquals("Direct", lastName); - - } finally { - keycloakRule.stopSession(session, false); - } - } - - - // TODO: Rather separate test for fullNameMapper to better test all the possibilities - @Test - public void testFullNameMapper() { - KeycloakSession session = keycloakRule.startSession(); - ComponentModel firstNameMapper = null; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // assert that user "fullnameUser" is not in local DB - Assert.assertNull(session.users().getUserByUsername("fullname", appRealm)); - - // Add the user with some fullName into LDAP directly. Ensure that fullName is saved into "cn" attribute in LDAP (currently mapped to model firstName) - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "fullname", "James Dee", "Dee", "fullname@email.org", null, "4578"); - - // add fullname mapper to the provider and remove "firstNameMapper". For this test, we will simply map full name to the LDAP attribute, which was before firstName ( "givenName" on active directory, "cn" on other LDAP servers) - firstNameMapper = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "first name"); - String ldapFirstNameAttributeName = firstNameMapper.getConfig().getFirst(UserAttributeLDAPStorageMapper.LDAP_ATTRIBUTE); - appRealm.removeComponent(firstNameMapper); - - ComponentModel fullNameMapperModel = KeycloakModelUtils.createComponentModel("full name", ldapModel.getId(), FullNameLDAPStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), - FullNameLDAPStorageMapper.LDAP_FULL_NAME_ATTRIBUTE, ldapFirstNameAttributeName, - FullNameLDAPStorageMapper.READ_ONLY, "false"); - appRealm.addComponentModel(fullNameMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - LDAPTestUtils.assertUserImported(session.users(), appRealm, "fullname", "James", "Dee", "fullname@email.org", "4578"); - - } finally { - keycloakRule.stopSession(session, true); - } - - - // Assert changing user in Keycloak will change him in LDAP too... - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); - fullnameUser.setFirstName("James2"); - fullnameUser.setLastName("Dee2"); - } finally { - keycloakRule.stopSession(session, true); - } - - - // Assert changed user available in Keycloak - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - LDAPTestUtils.assertUserImported(session.users(), appRealm, "fullname", "James2", "Dee2", "fullname@email.org", "4578"); - - // Remove "fullnameUser" to assert he is removed from LDAP. Revert mappers to previous state - UserModel fullnameUser = session.users().getUserByUsername("fullname", appRealm); - session.users().removeUser(appRealm, fullnameUser); - - // Revert mappers - ComponentModel fullNameMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "full name"); - appRealm.removeComponent(fullNameMapperModel); - - firstNameMapper.setId(null); - appRealm.addComponentModel(firstNameMapper); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testHardcodedRoleMapper() { - KeycloakSession session = keycloakRule.startSession(); - ComponentModel firstNameMapper = null; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - RoleModel hardcodedRole = appRealm.addRole("hardcoded-role"); - - // assert that user "johnkeycloak" doesn't have hardcoded role - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertFalse(john.hasRole(hardcodedRole)); - - ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded role", ldapModel.getId(), HardcodedLDAPRoleStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), - HardcodedLDAPRoleStorageMapper.ROLE, "hardcoded-role"); - appRealm.addComponentModel(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - RoleModel hardcodedRole = appRealm.getRole("hardcoded-role"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertTrue(john.hasRole(hardcodedRole)); - - // Can't remove user from hardcoded role - try { - john.deleteRoleMapping(hardcodedRole); - Assert.fail("Didn't expected to remove role mapping"); - } catch (ModelException expected) { - } - - // Revert mappers - ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "hardcoded role"); - appRealm.removeComponent(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testHardcodedGroupMapper() { - KeycloakSession session = keycloakRule.startSession(); - ComponentModel firstNameMapper = null; - - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - GroupModel hardcodedGroup = appRealm.createGroup("hardcoded-group", "hardcoded-group"); - - // assert that user "johnkeycloak" doesn't have hardcoded group - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertFalse(john.isMemberOf(hardcodedGroup)); - - ComponentModel hardcodedMapperModel = KeycloakModelUtils.createComponentModel("hardcoded group", ldapModel.getId(), HardcodedLDAPGroupStorageMapperFactory.PROVIDER_ID, LDAPStorageMapper.class.getName(), - HardcodedLDAPGroupStorageMapper.GROUP, "hardcoded-group"); - appRealm.addComponentModel(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = new RealmManager(session).getRealmByName("test"); - GroupModel hardcodedGroup = appRealm.getGroupById("hardcoded-group"); - - // Assert user is successfully imported in Keycloak DB now with correct firstName and lastName - UserModel john = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertTrue(john.isMemberOf(hardcodedGroup)); - - // Can't remove user from hardcoded role - try { - john.leaveGroup(hardcodedGroup); - Assert.fail("Didn't expected to leave group"); - } catch (ModelException expected) { - } - - // Revert mappers - ComponentModel hardcodedMapperModel = LDAPTestUtils.getSubcomponentByName(appRealm, ldapModel, "hardcoded group"); - appRealm.removeComponent(hardcodedMapperModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testImportExistingUserFromLDAP() throws Exception { - // Add LDAP user with same email like existing model user - keycloakRule.update(new KeycloakRule.KeycloakSetup() { - - @Override - public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) { - LDAPStorageProvider ldapFedProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marykeycloak", "Mary1", "Kelly1", "mary1@email.org", null, "123"); - LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "mary-duplicatemail", "Mary2", "Kelly2", "mary@test.com", null, "123"); - LDAPObject marynoemail = LDAPTestUtils.addLDAPUser(ldapFedProvider, appRealm, "marynoemail", "Mary1", "Kelly1", null, null, "123"); - LDAPTestUtils.updateLDAPPassword(ldapFedProvider, marynoemail, "Password1"); - } - - }); - - // Try to import the duplicated LDAP user into Keycloak - loginPage.open(); - loginPage.login("mary-duplicatemail", "password"); - Assert.assertEquals("Email already exists.", loginPage.getError()); - - loginPage.login("mary1@email.org", "password"); - Assert.assertEquals("Username already exists.", loginPage.getError()); - - loginSuccessAndLogout("marynoemail", "Password1"); - } - - @Test - public void testReadonly() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - - UserStorageProviderModel model = new UserStorageProviderModel(ldapModel); - model.getConfig().putSingle(LDAPConstants.EDIT_MODE, UserStorageProvider.EditMode.READ_ONLY.toString()); - appRealm.updateComponent(model); - UserModel user = session.users().getUserByUsername("johnkeycloak", appRealm); - Assert.assertNotNull(user); - try { - user.setEmail("error@error.com"); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - try { - user.setLastName("Berk"); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - try { - user.setFirstName("Bilbo"); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - try { - UserCredentialModel cred = UserCredentialModel.password("PoopyPoop1", true); - session.userCredentialManager().updateCredential(appRealm, user, cred); - Assert.fail("should fail"); - } catch (ReadOnlyException e) { - - } - - Assert.assertTrue(session.users().removeUser(appRealm, user)); - } finally { - keycloakRule.stopSession(session, false); - } - - session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - Assert.assertEquals(UserStorageProvider.EditMode.WRITABLE.toString(), appRealm.getComponent(ldapModel.getId()).getConfig().getFirst(LDAPConstants.EDIT_MODE)); - } finally { - keycloakRule.stopSession(session, false); - } - } - - @Test - public void testRemoveFederatedUser() { - /* - { - KeycloakSession session = keycloakRule.startSession(); - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); - keycloakRule.stopSession(session, true); - if (user == null) { - registerUserLdapSuccess(); - } - } - */ - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - UserModel user = session.users().getUserByUsername("registerUserSuccess2", appRealm); - Assert.assertNotNull(user); - Assert.assertFalse(StorageId.isLocalStorage(user)); - Assert.assertEquals(StorageId.providerId(user.getId()), ldapModel.getId()); - - Assert.assertTrue(session.users().removeUser(appRealm, user)); - Assert.assertNull(session.users().getUserByUsername("registerUserSuccess2", appRealm)); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testSearch() { - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username1", "John1", "Doel1", "user1@email.org", null, "121"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username2", "John2", "Doel2", "user2@email.org", null, "122"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username3", "John3", "Doel3", "user3@email.org", null, "123"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username4", "John4", "Doel4", "user4@email.org", null, "124"); - - // Users are not at local store at this moment - Assert.assertNull(session.userLocalStorage().getUserByUsername("username1", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username2", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username3", appRealm)); - Assert.assertNull(session.userLocalStorage().getUserByUsername("username4", appRealm)); - - UserModel user; - // search by username - user = session.users().searchForUser("username1", appRealm).get(0); - LDAPTestUtils.assertLoaded(user, "username1", "John1", "Doel1", "user1@email.org", "121"); - - // search by email - user = session.users().searchForUser("user2@email.org", appRealm).get(0); - LDAPTestUtils.assertLoaded(user, "username2", "John2", "Doel2", "user2@email.org", "122"); - - // search by lastName - user = session.users().searchForUser("Doel3", appRealm).get(0); - LDAPTestUtils.assertLoaded(user, "username3", "John3", "Doel3", "user3@email.org", "123"); - - // search by firstName + lastName - user = session.users().searchForUser("John4 Doel4", appRealm).get(0); - LDAPTestUtils.assertLoaded(user, "username4", "John4", "Doel4", "user4@email.org", "124"); - } finally { - keycloakRule.stopSession(session, true); - } - } - - @Test - public void testSearchWithCustomLDAPFilter() { - // Add custom filter for searching users - KeycloakSession session = keycloakRule.startSession(); - try { - RealmModel appRealm = session.realms().getRealmByName("test"); - ldapModel.getConfig().putSingle(LDAPConstants.CUSTOM_USER_SEARCH_FILTER, "(|(mail=user5@email.org)(mail=user6@email.org))"); - appRealm.updateComponent(ldapModel); - } finally { - keycloakRule.stopSession(session, true); - } - - session = keycloakRule.startSession(); - try { - LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(session, ldapModel); - RealmModel appRealm = session.realms().getRealmByName("test"); - - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username5", "John5", "Doel5", "user5@email.org", null, "125"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username6", "John6", "Doel6", "user6@email.org", null, "126"); - LDAPTestUtils.addLDAPUser(ldapProvider, appRealm, "username7", "John7", "Doel7", "user7@email.org", null, "127"); - - UserModel user; - // search by email - user = session.users().searchForUser("user5@email.org", appRealm).get(0); - LDAPTestUtils.assertLoaded(user, "username5", "John5", "Doel5", "user5@email.org", "125"); - - user = session.users().searchForUser("John6 Doel6", appRealm).get(0); - LDAPTestUtils.assertLoaded(user, "username6", "John6", "Doel6", "user6@email.org", "126"); - - Assert.assertTrue(session.users().searchForUser("user7@email.org", appRealm).isEmpty()); - - // Remove custom filter - ldapModel.getConfig().remove(LDAPConstants.CUSTOM_USER_SEARCH_FILTER); - appRealm.updateComponent(ldapModel); - } finally { - keycloakRule.stopSession(session, true); - } - } - - - // KEYCLOAK-5383 - @Test - public void addUserThroughAdmin() { - Keycloak adminClient = Keycloak.getInstance(AUTH_SERVER_ROOT, MASTER, ADMIN, ADMIN, Constants.ADMIN_CLI_CLIENT_ID); - - RealmResource realm = adminClient.realm("test"); - - UserRepresentation user = new UserRepresentation(); - user.setUsername("addUserThroughAdmin"); - user.setEnabled(true); - user.setCredentials(new LinkedList<>()); - - CredentialRepresentation cred = new CredentialRepresentation(); - cred.setType(CredentialRepresentation.PASSWORD); - cred.setValue("password"); - - user.getCredentials().add(cred); - - Response response = realm.users().create(user); - String userId = ApiUtil.getCreatedId(response); - - loginPage.open(); - loginPage.login("addUserThroughAdmin", "password"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - oauth.openLogout(); - - cred.setValue("password2"); - realm.users().get(userId).resetPassword(cred); - - loginPage.open(); - loginPage.login("addUserThroughAdmin", "password2"); - - Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType()); - Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE)); - oauth.openLogout(); - - adminClient.close(); - } - - -} diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java deleted file mode 100755 index 7b217b66f98..00000000000 --- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/rule/LDAPRule.java +++ /dev/null @@ -1,140 +0,0 @@ -/* - * Copyright 2016 Red Hat, Inc. and/or its affiliates - * and other contributors as indicated by the @author tags. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.keycloak.testsuite.rule; - -import org.jboss.logging.Logger; -import org.junit.rules.TestRule; -import org.junit.runner.Description; -import org.junit.runners.model.Statement; -import org.keycloak.testsuite.federation.ldap.LDAPTestConfiguration; -import org.keycloak.util.ldap.LDAPEmbeddedServer; - -import java.util.Map; -import java.util.Properties; - -/** - * This rule handles: - * - Reading of LDAP configuration from properties file - * - Eventually start+stop of LDAP embedded server. - * - Eventually allows to ignore the test if particular condition is not met. This allows to run specific tests just for some LDAP vendors - * - * @author Marek Posolda - */ -public class LDAPRule implements TestRule { - - private static final Logger logger = Logger.getLogger(LDAPRule.class); - - public static final String LDAP_CONNECTION_PROPERTIES_LOCATION = "ldap/ldap-connection.properties"; - - protected LDAPTestConfiguration ldapTestConfiguration; - protected LDAPEmbeddedServer ldapEmbeddedServer; - - private final LDAPRuleCondition condition; - - - public LDAPRule() { - this(null); - } - - public LDAPRule(LDAPRuleCondition condition) { - this.condition = condition; - } - - - @Override - public Statement apply(Statement base, Description description) { - return new Statement() { - - @Override - public void evaluate() throws Throwable { - boolean skipTest = before(); - - if (skipTest) { - logger.infof("Skip %s due to LDAPRuleCondition not met", description.getDisplayName()); - return; - } - - try { - base.evaluate(); - } finally { - after(); - } - } - }; - } - - - // Return true if test should be skipped - protected boolean before() throws Throwable { - String connectionPropsLocation = getConnectionPropertiesLocation(); - ldapTestConfiguration = LDAPTestConfiguration.readConfiguration(connectionPropsLocation); - - if (condition != null && condition.skipTest(ldapTestConfiguration.getLDAPConfig())) { - return true; - } - - if (ldapTestConfiguration.isStartEmbeddedLdapServer()) { - ldapEmbeddedServer = createServer(); - ldapEmbeddedServer.init(); - ldapEmbeddedServer.start(); - } - - return false; - } - - - protected void after() { - try { - if (ldapEmbeddedServer != null) { - ldapEmbeddedServer.stop(); - ldapEmbeddedServer = null; - ldapTestConfiguration = null; - } - } catch (Exception e) { - throw new RuntimeException("Error tearDown Embedded LDAP server.", e); - } - } - - protected String getConnectionPropertiesLocation() { - return LDAP_CONNECTION_PROPERTIES_LOCATION; - } - - protected LDAPEmbeddedServer createServer() { - Properties defaultProperties = new Properties(); - defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_DSF, LDAPEmbeddedServer.DSF_INMEMORY); - defaultProperties.setProperty(LDAPEmbeddedServer.PROPERTY_LDIF_FILE, "classpath:ldap/users.ldif"); - - return new LDAPEmbeddedServer(defaultProperties); - } - - public Map getConfig() { - return ldapTestConfiguration.getLDAPConfig(); - } - - public int getSleepTime() { - return ldapTestConfiguration.getSleepTime(); - } - - - // Allows to skip particular LDAP test just under specific conditions (eg. some test running just on Active Directory) - public interface LDAPRuleCondition { - - boolean skipTest(Map ldapConfig); - - } -} diff --git a/testsuite/integration-deprecated/src/test/resources/ldap/ldap-app-keycloak.json b/testsuite/integration-deprecated/src/test/resources/ldap/ldap-app-keycloak.json deleted file mode 100644 index e082558d2fe..00000000000 --- a/testsuite/integration-deprecated/src/test/resources/ldap/ldap-app-keycloak.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "realm": "test", - "resource": "ldap-portal", - "realm-public-key": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB", - "auth-server-url": "http://localhost:8081/auth", - "ssl-required" : "external", - "credentials": { - "secret": "password" - } -} \ No newline at end of file diff --git a/testsuite/integration-deprecated/src/test/resources/ldap/ldap-connection.properties b/testsuite/integration-deprecated/src/test/resources/ldap/ldap-connection.properties deleted file mode 100644 index 2a327ffb823..00000000000 --- a/testsuite/integration-deprecated/src/test/resources/ldap/ldap-connection.properties +++ /dev/null @@ -1,26 +0,0 @@ -# -# Copyright 2016 Red Hat, Inc. and/or its affiliates -# and other contributors as indicated by the @author tags. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -idm.test.ldap.connection.url=ldap\://localhost\:10389 -idm.test.ldap.base.dn=dc\=keycloak,dc\=org -idm.test.ldap.user.dn.suffix=ou\=People,dc\=keycloak,dc\=org -idm.test.ldap.start.embedded.ldap.server=true -idm.test.ldap.bind.dn=uid\=admin,ou\=system -idm.test.ldap.bind.credential=secret -idm.test.ldap.connection.pooling=true -idm.test.ldap.pagination=true -idm.test.ldap.batch.size.for.sync=3 diff --git a/testsuite/integration-deprecated/src/test/resources/ldap/users.ldif b/testsuite/integration-deprecated/src/test/resources/ldap/users.ldif deleted file mode 100644 index 4df8b5e61a6..00000000000 --- a/testsuite/integration-deprecated/src/test/resources/ldap/users.ldif +++ /dev/null @@ -1,25 +0,0 @@ -dn: dc=keycloak,dc=org -objectclass: dcObject -objectclass: organization -o: Keycloak -dc: Keycloak - -dn: ou=People,dc=keycloak,dc=org -objectclass: top -objectclass: organizationalUnit -ou: People - -dn: ou=RealmRoles,dc=keycloak,dc=org -objectclass: top -objectclass: organizationalUnit -ou: RealmRoles - -dn: ou=FinanceRoles,dc=keycloak,dc=org -objectclass: top -objectclass: organizationalUnit -ou: FinanceRoles - -dn: ou=Groups,dc=keycloak,dc=org -objectclass: top -objectclass: organizationalUnit -ou: Groups diff --git a/testsuite/utils/pom.xml b/testsuite/utils/pom.xml index 4c50317074c..706c0cd7041 100755 --- a/testsuite/utils/pom.xml +++ b/testsuite/utils/pom.xml @@ -324,5 +324,35 @@ + + ldap + + + + org.codehaus.mojo + exec-maven-plugin + + org.keycloak.util.ldap.LDAPEmbeddedServer + test + + + + + + + kerberos + + + + org.codehaus.mojo + exec-maven-plugin + + org.keycloak.util.ldap.KerberosEmbeddedServer + test + + + + + diff --git a/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/LDAPEmbeddedServer.java b/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/LDAPEmbeddedServer.java index 682fa9ab386..619dbf2fa83 100644 --- a/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/LDAPEmbeddedServer.java +++ b/util/embedded-ldap/src/main/java/org/keycloak/util/ldap/LDAPEmbeddedServer.java @@ -52,6 +52,7 @@ public class LDAPEmbeddedServer { public static final String PROPERTY_BASE_DN = "ldap.baseDN"; public static final String PROPERTY_BIND_HOST = "ldap.host"; public static final String PROPERTY_BIND_PORT = "ldap.port"; + public static final String PROPERTY_BIND_LDAPS_PORT = "ldaps.port"; public static final String PROPERTY_LDIF_FILE = "ldap.ldif"; public static final String PROPERTY_SASL_PRINCIPAL = "ldap.saslPrincipal"; public static final String PROPERTY_DSF = "ldap.dsf"; @@ -59,6 +60,7 @@ public class LDAPEmbeddedServer { private static final String DEFAULT_BASE_DN = "dc=keycloak,dc=org"; private static final String DEFAULT_BIND_HOST = "localhost"; private static final String DEFAULT_BIND_PORT = "10389"; + private static final String DEFAULT_BIND_LDAPS_PORT = "10636"; private static final String DEFAULT_LDIF_FILE = "classpath:ldap/default-users.ldif"; private static final String PROPERTY_ENABLE_SSL = "enableSSL"; private static final String PROPERTY_KEYSTORE_FILE = "keystoreFile"; @@ -73,6 +75,7 @@ public class LDAPEmbeddedServer { protected String baseDN; protected String bindHost; protected int bindPort; + protected int bindLdapsPort; protected String ldifFile; protected String ldapSaslPrincipal; protected String directoryServiceFactory; @@ -117,6 +120,8 @@ public class LDAPEmbeddedServer { this.bindHost = readProperty(PROPERTY_BIND_HOST, DEFAULT_BIND_HOST); String bindPort = readProperty(PROPERTY_BIND_PORT, DEFAULT_BIND_PORT); this.bindPort = Integer.parseInt(bindPort); + String bindLdapsPort = readProperty(PROPERTY_BIND_LDAPS_PORT, DEFAULT_BIND_LDAPS_PORT); + this.bindLdapsPort = Integer.parseInt(bindLdapsPort); this.ldifFile = readProperty(PROPERTY_LDIF_FILE, DEFAULT_LDIF_FILE); this.ldapSaslPrincipal = readProperty(PROPERTY_SASL_PRINCIPAL, null); this.directoryServiceFactory = readProperty(PROPERTY_DSF, DEFAULT_DSF); @@ -219,15 +224,15 @@ public class LDAPEmbeddedServer { ldapServer.setSearchBaseDn(this.baseDN); // Read the transports - Transport ldaps = new TcpTransport(this.bindHost, this.bindPort, 3, 50); + Transport ldap = new TcpTransport(this.bindHost, this.bindPort, 3, 50); + ldapServer.addTransports( ldap ); if (enableSSL) { + Transport ldaps = new TcpTransport(this.bindHost, this.bindLdapsPort, 3, 50); ldaps.setEnableSSL(true); ldapServer.setKeystoreFile(keystoreFile); ldapServer.setCertificatePassword(certPassword); - Transport ldap = new TcpTransport(this.bindHost, 10389, 3, 50); - ldapServer.addTransports( ldap ); + ldapServer.addTransports( ldaps ); } - ldapServer.addTransports( ldaps ); // Associate the DS to this LdapServer ldapServer.setDirectoryService( directoryService );