External-Mirrors/keycloak
2
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-01-07 14:02:04 -03:30
Code Issues Packages Projects Releases Wiki Activity

Migrate parts of model package to new test framework (#45024)

Browse Source 
Part of #44983

Signed-off-by: stianst <stianst@gmail.com>
This commit is contained in:
Stian Thorgersen 2025-12-19 14:52:23 +01:00 committed by GitHub
parent 6bb586e871
commit 78274ccc5d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
27 changed files with 4967 additions and 661 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test-framework/core/src/main/java/org/keycloak/testframework/annotations/InjectRealm.java
View File

@ -15,6 +15,8 @@ public @interface InjectRealm {
Class<? extends RealmConfig> config() default DefaultRealmConfig.class;
String fromJson() default "";
LifeCycle lifecycle() default LifeCycle.CLASS;
String ref() default "";

5
test-framework/core/src/main/java/org/keycloak/testframework/realm/RealmConfigBuilder.java
View File

@ -37,6 +37,11 @@ public class RealmConfigBuilder {
return new RealmConfigBuilder(rep);
}
public RealmConfigBuilder id(String id) {
rep.setId(id);
return this;
}
public RealmConfigBuilder name(String name) {
rep.setRealm(name);
return this;

25
test-framework/core/src/main/java/org/keycloak/testframework/realm/RealmSupplier.java
View File

@ -1,5 +1,7 @@
package org.keycloak.testframework.realm;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import org.keycloak.admin.client.Keycloak;
@ -16,6 +18,8 @@ import org.keycloak.testframework.injection.Supplier;
import org.keycloak.testframework.injection.SupplierHelpers;
import org.keycloak.testframework.injection.SupplierOrder;
import org.keycloak.testframework.server.KeycloakServer;
import org.keycloak.util.JsonSerialization;
import org.keycloak.util.Strings;
public class RealmSupplier implements Supplier<ManagedRealm, InjectRealm> {
@ -36,8 +40,23 @@ public class RealmSupplier implements Supplier<ManagedRealm, InjectRealm> {
RealmRepresentation realmRepresentation;
if (managed) {
RealmConfigBuilder realmConfigBuilder;
if (!Strings.isEmpty(instanceContext.getAnnotation().fromJson())) {
try {
InputStream jsonStream = instanceContext.getRegistry().getCurrentContext().getRequiredTestClass().getResourceAsStream(instanceContext.getAnnotation().fromJson());
if (jsonStream == null) {
throw new RuntimeException("Realm JSON representation not found in classpath");
}
realmConfigBuilder = RealmConfigBuilder.update(JsonSerialization.readValue(jsonStream, RealmRepresentation.class));
} catch (IOException e) {
throw new RuntimeException(e);
}
} else {
realmConfigBuilder = RealmConfigBuilder.create();
}
RealmConfig config = SupplierHelpers.getInstance(instanceContext.getAnnotation().config());
RealmConfigBuilder realmConfigBuilder = config.configure(RealmConfigBuilder.create());
realmConfigBuilder = config.configure(realmConfigBuilder);
RealmConfigInterceptorHelper interceptor = new RealmConfigInterceptorHelper(instanceContext.getRegistry());
realmConfigBuilder = interceptor.intercept(realmConfigBuilder, instanceContext);
@ -68,7 +87,9 @@ public class RealmSupplier implements Supplier<ManagedRealm, InjectRealm> {
@Override
public boolean compatible(InstanceContext<ManagedRealm, InjectRealm> a, RequestedInstance<ManagedRealm, InjectRealm> b) {
return a.getAnnotation().config().equals(b.getAnnotation().config());
InjectRealm aa = a.getAnnotation();
InjectRealm ba = b.getAnnotation();
return aa.config().equals(ba.config()) && aa.fromJson().equals(ba.fromJson());
}
@Override

2
test-framework/remote/src/main/java/org/keycloak/testframework/remote/runonserver/TestClassServer.java
View File

@ -48,7 +48,7 @@ public class TestClassServer {
Headers respHeaders = httpExchange.getResponseHeaders();
respHeaders.set("Content-Type", "application/x-java-applet;charset=utf-8");
if (!isPermittedPackage(resource) || !resource.endsWith(".class")) {
if (!isPermittedPackage(resource) || !(resource.endsWith(".class") || resource.endsWith(".json"))) {
httpExchange.sendResponseHeaders(403, 0);
} else {
try (InputStream resourceStream = TestClassServer.class.getResourceAsStream(resource)) {

174
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/AuthenticationSessionProviderTest.java → tests/base/src/test/java/org/keycloak/tests/model/AuthenticationSessionProviderTest.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.util.concurrent.atomic.AtomicReference;
@ -25,24 +25,24 @@ import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.ResetTimeOffsetEvent;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.testframework.annotations.InjectRealm;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.injection.LifeCycle;
import org.keycloak.testframework.realm.ManagedRealm;
import org.keycloak.testframework.realm.RealmConfig;
import org.keycloak.testframework.realm.RealmConfigBuilder;
import org.keycloak.testframework.remote.annotations.TestOnServer;
import org.keycloak.testframework.remote.runonserver.InjectRunOnServer;
import org.keycloak.testframework.remote.runonserver.RunOnServerClient;
import org.keycloak.tests.utils.infinispan.InfinispanTimeUtil;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.core.Is.is;
@ -53,45 +53,16 @@ import static org.junit.Assume.assumeFalse;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloakTest {
@KeycloakIntegrationTest
public class AuthenticationSessionProviderTest {
private static String realmId;
@InjectRealm(config = AuthenticationSessionProviderRealm.class, lifecycle = LifeCycle.METHOD)
ManagedRealm realm;
@Rule
public InfinispanTestTimeServiceRule ispnTestTimeService = new InfinispanTestTimeServiceRule(this);
@InjectRunOnServer
RunOnServerClient runOnServer;
@Before
public void before() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.users().addUser(realm, "user1").setEmail("user1@localhost");
session.users().addUser(realm, "user2").setEmail("user2@localhost");
realmId = realm.getId();
});
}
@After
public void after() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealm(realmId);
session.sessions().removeUserSessions(realm);
UserModel user1 = session.users().getUserByUsername(realm, "user1");
UserModel user2 = session.users().getUserByUsername(realm, "user2");
UserManager um = new UserManager(session);
if (user1 != null) {
um.removeUser(realm, user1);
}
if (user2 != null) {
um.removeUser(realm, user2);
}
});
}
@Test
@ModelTest
@TestOnServer
public void testLoginSessionsCRUD(KeycloakSession session) {
AtomicReference<String> rootAuthSessionID = new AtomicReference<>();
AtomicReference<String> tabID = new AtomicReference<>();
@ -99,7 +70,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD1) -> {
KeycloakSession currentSession = sessionCRUD1;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app");
@ -116,7 +87,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD2) -> {
KeycloakSession currentSession = sessionCRUD2;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app");
@ -136,7 +107,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD3) -> {
KeycloakSession currentSession = sessionCRUD3;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
@ -155,7 +126,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCRUD4) -> {
KeycloakSession currentSession = sessionCRUD4;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
// Ensure currentSession was removed
@ -163,8 +134,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
});
}
@Test
@ModelTest
@TestOnServer
public void testAuthenticationSessionRestart(KeycloakSession session) {
AtomicReference<String> parentAuthSessionID = new AtomicReference<>();
AtomicReference<String> tabID = new AtomicReference<>();
@ -172,7 +142,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart1) -> {
KeycloakSession currentSession = sessionRestart1;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app");
@ -195,7 +165,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart2) -> {
KeycloakSession currentSession = sessionRestart2;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
// Test restart root authentication session
@ -207,7 +177,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRestart3) -> {
KeycloakSession currentSession = sessionRestart3;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
ClientModel client1 = realm.getClientByClientId("test-app");
@ -219,52 +189,55 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
});
}
@Test
@ModelTest
@TestOnServer
public void testExpiredAuthSessions(KeycloakSession session) {
assumeFalse(InfinispanUtils.isRemoteInfinispan());
InfinispanTimeUtil.enableTestingTimeService(session);
AtomicReference<String> authSessionID = new AtomicReference<>();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), mainSession -> {
try {
// AccessCodeLifespan = 10 ; AccessCodeLifespanUserAction = 10 ; AccessCodeLifespanLogin = 30
setAccessCodeLifespan(mainSession, 10, 10, 30);
try {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), mainSession -> {
try {
// AccessCodeLifespan = 10 ; AccessCodeLifespanUserAction = 10 ; AccessCodeLifespanLogin = 30
setAccessCodeLifespan(mainSession, 10, 10, 30);
createAuthSession(mainSession, authSessionID);
testExpiredOffset(mainSession, 25, false, authSessionID.get());
testExpiredOffset(mainSession, 35, true, authSessionID.get());
createAuthSession(mainSession, authSessionID);
testExpiredOffset(mainSession, 25, false, authSessionID.get());
testExpiredOffset(mainSession, 35, true, authSessionID.get());
// AccessCodeLifespan = Not set ; AccessCodeLifespanUserAction = 10 ; AccessCodeLifespanLogin = Not set
setAccessCodeLifespan(mainSession, -1, 40, -1);
// AccessCodeLifespan = Not set ; AccessCodeLifespanUserAction = 10 ; AccessCodeLifespanLogin = Not set
setAccessCodeLifespan(mainSession, -1, 40, -1);
createAuthSession(mainSession, authSessionID);
testExpiredOffset(mainSession, 35, false, authSessionID.get());
testExpiredOffset(mainSession, 45, true, authSessionID.get());
createAuthSession(mainSession, authSessionID);
testExpiredOffset(mainSession, 35, false, authSessionID.get());
testExpiredOffset(mainSession, 45, true, authSessionID.get());
// AccessCodeLifespan = 50 ; AccessCodeLifespanUserAction = Not set ; AccessCodeLifespanLogin = Not set
setAccessCodeLifespan(mainSession, 50, -1, -1);
// AccessCodeLifespan = 50 ; AccessCodeLifespanUserAction = Not set ; AccessCodeLifespanLogin = Not set
setAccessCodeLifespan(mainSession, 50, -1, -1);
createAuthSession(mainSession, authSessionID);
testExpiredOffset(mainSession, 45, false, authSessionID.get());
testExpiredOffset(mainSession, 55, true, authSessionID.get());
createAuthSession(mainSession, authSessionID);
testExpiredOffset(mainSession, 45, false, authSessionID.get());
testExpiredOffset(mainSession, 55, true, authSessionID.get());
} finally {
Time.setOffset(0);
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
setAccessCodeLifespan(mainSession, 60, 300, 1800);
}
});
} finally {
Time.setOffset(0);
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
setAccessCodeLifespan(mainSession, 60, 300, 1800);
}
});
} finally {
InfinispanTimeUtil.disableTestingTimeService(session);
}
}
@Test
@ModelTest
@TestOnServer
public void testOnRealmRemoved(KeycloakSession session) {
AtomicReference<String> authSessionID = new AtomicReference<>();
AtomicReference<String> authSessionID2 = new AtomicReference<>();
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
KeycloakSession currentSession = sesRealmRemoved1;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
RealmModel fooRealm = currentSession.realms().createRealm("foo-realm");
fooRealm.setDefaultRole(currentSession.roles().addRealmRole(fooRealm, Constants.DEFAULT_ROLES_ROLE_PREFIX + "-" + fooRealm.getName()));
fooRealm.setAccessCodeLifespanLogin(1800);
@ -283,7 +256,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved3) -> {
KeycloakSession currentSession = sesRealmRemoved3;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
RootAuthenticationSessionModel authSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get());
@ -292,8 +265,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
});
}
@Test
@ModelTest
@TestOnServer
public void testOnClientRemoved(KeycloakSession session) {
AtomicReference<String> tab1ID = new AtomicReference<>();
AtomicReference<String> tab2ID = new AtomicReference<>();
@ -301,7 +273,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
KeycloakSession currentSession = sesRealmRemoved1;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
authSessionID.set(currentSession.authenticationSessions().createRootAuthenticationSession(realm).getId());
@ -317,7 +289,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
KeycloakSession currentSession = sesRealmRemoved1;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get());
@ -331,7 +303,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesRealmRemoved1) -> {
KeycloakSession currentSession = sesRealmRemoved1;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
currentSession.getContext().setRealm(realm);
RootAuthenticationSessionModel rootAuthSession = currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID.get());
@ -363,7 +335,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession createAuthSession) -> {
KeycloakSession currentSession = createAuthSession;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
Time.setOffset(0);
authSessionID.set(currentSession.authenticationSessions().createRootAuthenticationSession(realm).getId());
@ -374,7 +346,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionExp) -> {
KeycloakSession currentSession = sessionExp;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
Time.setOffset(offset);
currentSession.authenticationSessions().removeExpired(realm);
@ -382,7 +354,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionExpVerify) -> {
KeycloakSession currentSession = sessionExpVerify;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
if (isSessionNull)
assertThat(currentSession.authenticationSessions().getRootAuthenticationSession(realm, authSessionID), nullValue());
@ -396,7 +368,7 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionLifespan) -> {
KeycloakSession currentSession = sessionLifespan;
RealmModel realm = currentSession.realms().getRealm(realmId);
RealmModel realm = currentSession.realms().getRealmByName("test");
if (lifespan != -1)
realm.setAccessCodeLifespan(lifespan);
@ -409,7 +381,17 @@ public class AuthenticationSessionProviderTest extends AbstractTestRealmKeycloak
});
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
private static final class AuthenticationSessionProviderRealm implements RealmConfig {
@Override
public RealmConfigBuilder configure(RealmConfigBuilder realm) {
realm.name("test");
realm.addUser("user1").email("user1@localhost");
realm.addUser("user2").email("user2@localhost");
realm.addClient("test-app");
realm.addClient("third-party");
return realm;
}
}
}

73
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/CompositeRolesModelTest.java → tests/base/src/test/java/org/keycloak/tests/model/CompositeRolesModelTest.java Executable file → Normal file
View File

@ -15,8 +15,9 @@
* limitations under the License.
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.io.IOException;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
@ -29,22 +30,23 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testframework.annotations.InjectRealm;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.realm.ManagedRealm;
import org.keycloak.testframework.remote.annotations.TestOnServer;
import org.keycloak.util.JsonSerialization;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import static org.keycloak.testsuite.AbstractAdminTest.loadJson;
import org.junit.jupiter.api.Assertions;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class CompositeRolesModelTest extends AbstractTestRealmKeycloakTest {
@Rule
public ExpectedException expectedException = ExpectedException.none();
@KeycloakIntegrationTest
public class CompositeRolesModelTest {
@InjectRealm(fromJson = "testcomposites2.json")
ManagedRealm managedRealm;
public static Set<RoleModel> getRequestedRoles(ClientModel application, UserModel user) {
@ -62,8 +64,6 @@ public class CompositeRolesModelTest extends AbstractTestRealmKeycloakTest {
return requestedRoles;
}
private static void applyScope(RoleModel role, RoleModel scope, Set<RoleModel> visited, Set<RoleModel> requested) {
if (visited.contains(scope)) return;
visited.add(scope);
@ -87,37 +87,31 @@ public class CompositeRolesModelTest extends AbstractTestRealmKeycloakTest {
private static void assertContains(RealmModel realm, String appName, String roleName, Set<RoleModel> requestedRoles) {
RoleModel expectedRole = getRole(realm, appName, roleName);
Assert.assertTrue(requestedRoles.contains(expectedRole));
Assertions.assertTrue(requestedRoles.contains(expectedRole));
// Check if requestedRole has correct role container
for (RoleModel role : requestedRoles) {
if (role.equals(expectedRole)) {
Assert.assertEquals(role.getContainer(), expectedRole.getContainer());
Assertions.assertEquals(role.getContainer(), expectedRole.getContainer());
}
}
}
@Test
@ModelTest
@TestOnServer
public void testNoClientID(KeycloakSession session) {
expectedException.expect(RuntimeException.class);
expectedException.expectMessage("Unknown client specification in scope mappings: some-client");
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
try {
//RealmManager manager = new RealmManager(session1);
RealmRepresentation rep = loadJson(getClass().getResourceAsStream("/model/testrealm-noclient-id.json"), RealmRepresentation.class);
RealmManager manager = new RealmManager(session1);
RealmRepresentation rep = JsonSerialization.readValue(getClass().getResourceAsStream("testrealm-noclient-id.json"), RealmRepresentation.class);
rep.setId("TestNoClientID");
//manager.importRealm(rep);
adminClient.realms().create(rep);
} catch (RuntimeException e) {
Assertions.assertThrows(RuntimeException.class, () -> manager.importRealm(rep), "Unknown client specification in scope mappings: some-client");
} catch (IOException e) {
throw new RuntimeException(e);
}
});
}
@Test
@ModelTest
@TestOnServer
public void testComposites(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session5) -> {
@ -127,7 +121,7 @@ public class CompositeRolesModelTest extends AbstractTestRealmKeycloakTest {
Set<RoleModel> requestedRoles = getRequestedRoles(realm.getClientByClientId("APP_COMPOSITE_APPLICATION"), session.users().getUserByUsername(realm, "APP_COMPOSITE_USER"));
Assert.assertEquals(5, requestedRoles.size());
Assertions.assertEquals(5, requestedRoles.size());
assertContains(realm, "APP_COMPOSITE_APPLICATION", "APP_COMPOSITE_ROLE", requestedRoles);
assertContains(realm, "APP_COMPOSITE_APPLICATION", "APP_COMPOSITE_CHILD", requestedRoles);
assertContains(realm, "APP_COMPOSITE_APPLICATION", "APP_ROLE_2", requestedRoles);
@ -135,37 +129,28 @@ public class CompositeRolesModelTest extends AbstractTestRealmKeycloakTest {
assertContains(realm, "realm", "REALM_ROLE_1", requestedRoles);
Set<RoleModel> requestedRoles2 = getRequestedRoles(realm.getClientByClientId("APP_COMPOSITE_APPLICATION"), session5.users().getUserByUsername(realm, "REALM_APP_COMPOSITE_USER"));
Assert.assertEquals(4, requestedRoles2.size());
Assertions.assertEquals(4, requestedRoles2.size());
assertContains(realm, "APP_ROLE_APPLICATION", "APP_ROLE_1", requestedRoles2);
requestedRoles = getRequestedRoles(realm.getClientByClientId("REALM_COMPOSITE_1_APPLICATION"), session5.users().getUserByUsername(realm, "REALM_COMPOSITE_1_USER"));
Assert.assertEquals(1, requestedRoles.size());
Assertions.assertEquals(1, requestedRoles.size());
assertContains(realm, "realm", "REALM_COMPOSITE_1", requestedRoles);
requestedRoles = getRequestedRoles(realm.getClientByClientId("REALM_COMPOSITE_2_APPLICATION"), session5.users().getUserByUsername(realm, "REALM_COMPOSITE_1_USER"));
Assert.assertEquals(3, requestedRoles.size());
Assertions.assertEquals(3, requestedRoles.size());
assertContains(realm, "realm", "REALM_COMPOSITE_1", requestedRoles);
assertContains(realm, "realm", "REALM_COMPOSITE_CHILD", requestedRoles);
assertContains(realm, "realm", "REALM_ROLE_4", requestedRoles);
requestedRoles = getRequestedRoles(realm.getClientByClientId("REALM_ROLE_1_APPLICATION"), session5.users().getUserByUsername(realm, "REALM_COMPOSITE_1_USER"));
Assert.assertEquals(1, requestedRoles.size());
Assertions.assertEquals(1, requestedRoles.size());
assertContains(realm, "realm", "REALM_ROLE_1", requestedRoles);
requestedRoles = getRequestedRoles(realm.getClientByClientId("REALM_COMPOSITE_1_APPLICATION"), session5.users().getUserByUsername(realm, "REALM_ROLE_1_USER"));
Assert.assertEquals(1, requestedRoles.size());
Assertions.assertEquals(1, requestedRoles.size());
assertContains(realm, "realm", "REALM_ROLE_1", requestedRoles);
});
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
log.infof("testcomposites imported");
RealmRepresentation newRealm = loadJson(getClass().getResourceAsStream("/model/testcomposites2.json"), RealmRepresentation.class);
adminClient.realms().create(newRealm);
}
}

12
tests/base/src/test/java/org/keycloak/tests/model/CustomProvidersServerConfig.java Normal file
View File

@ -0,0 +1,12 @@
package org.keycloak.tests.model;
import org.keycloak.testframework.server.KeycloakServerConfig;
import org.keycloak.testframework.server.KeycloakServerConfigBuilder;
public class CustomProvidersServerConfig implements KeycloakServerConfig {
@Override
public KeycloakServerConfigBuilder configure(KeycloakServerConfigBuilder config) {
return config.dependency("org.keycloak.tests", "keycloak-tests-custom-providers");
}
}

160
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/ImportTest.java → tests/base/src/test/java/org/keycloak/tests/model/ImportTest.java Executable file → Normal file
View File

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
@ -26,9 +26,9 @@ import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.common.Profile;
import org.keycloak.component.ComponentModel;
import org.keycloak.exportimport.Strategy;
import org.keycloak.exportimport.util.ImportUtils;
@ -42,52 +42,60 @@ import org.keycloak.representations.userprofile.config.UPAttribute;
import org.keycloak.representations.userprofile.config.UPAttributeSelector;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.runonserver.RunOnServerException;
import org.keycloak.testframework.annotations.InjectAdminClient;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.remote.providers.runonserver.RunOnServerException;
import org.keycloak.testframework.remote.runonserver.InjectRunOnServer;
import org.keycloak.testframework.remote.runonserver.RunOnServerClient;
import org.keycloak.userprofile.UserProfileProvider;
import org.keycloak.util.JsonSerialization;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.runners.MethodSorters;
import static org.keycloak.testsuite.AbstractAdminTest.loadJson;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
@FixMethodOrder(MethodSorters.NAME_ASCENDING)
public class ImportTest extends AbstractTestRealmKeycloakTest {
@KeycloakIntegrationTest
public class ImportTest {
@Test
public void demoDelete() {
// was having trouble deleting this realm from admin console
removeRealm("demo-delete");
}
@InjectRunOnServer
RunOnServerClient runOnServer;
@InjectAdminClient
Keycloak adminClient;
@Test
public void install2() {
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("demo");
public void install2() throws IOException {
RealmRepresentation testRealm = JsonSerialization.readValue(getClass().getResourceAsStream("testrealm-demo.json"), RealmRepresentation.class);
testRealm.setRealm("demo");
adminClient.realms().create(testRealm);
try {
runOnServer.run(session -> {
RealmModel realm = session.realms().getRealmByName("demo");
Assert.assertEquals(600, realm.getAccessCodeLifespanUserAction());
Assert.assertEquals(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT, realm.getAccessTokenLifespanForImplicitFlow());
Assert.assertEquals(Constants.DEFAULT_OFFLINE_SESSION_IDLE_TIMEOUT, realm.getOfflineSessionIdleTimeout());
Assert.assertEquals(1, realm.getRequiredCredentialsStream().count());
Assert.assertEquals("password", realm.getRequiredCredentialsStream().findFirst().get().getType());
});
Assertions.assertEquals(600, realm.getAccessCodeLifespanUserAction());
Assertions.assertEquals(Constants.DEFAULT_ACCESS_TOKEN_LIFESPAN_FOR_IMPLICIT_FLOW_TIMEOUT, realm.getAccessTokenLifespanForImplicitFlow());
Assertions.assertEquals(Constants.DEFAULT_OFFLINE_SESSION_IDLE_TIMEOUT, realm.getOfflineSessionIdleTimeout());
Assertions.assertEquals(1, realm.getRequiredCredentialsStream().count());
Assertions.assertEquals("password", realm.getRequiredCredentialsStream().findFirst().get().getType());
});
} finally {
adminClient.realms().realm("demo").remove();
}
}
// KEYCLOAK-12921 NPE importing realm with no request context
@Test
public void importWithoutRequestContext() throws IOException {
final String realmString = IOUtils.toString(getClass().getResourceAsStream("/model/realm-validation.json"), StandardCharsets.UTF_8);
final String realmString = IOUtils.toString(getClass().getResourceAsStream("realm-validation.json"), StandardCharsets.UTF_8);
testingClient.server().run(session -> {
runOnServer.run(session -> {
RealmRepresentation testRealm = JsonSerialization.readValue(realmString, RealmRepresentation.class);
AtomicReference<Throwable> err = new AtomicReference<>();
@ -128,58 +136,76 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
// KEYCLOAK-12640
@Test
public void importAuthorizationSettings() throws Exception {
ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/authz-bug.json"), RealmRepresentation.class);
RealmRepresentation testRealm = JsonSerialization.readValue(getClass().getResourceAsStream("authz-bug.json"), RealmRepresentation.class);
adminClient.realms().create(testRealm);
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("authz-bug");
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel client = realm.getClientByClientId("appserver");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
Assert.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
});
try {
runOnServer.run(session -> {
RealmModel realm = session.realms().getRealmByName("authz-bug");
AuthorizationProvider authz = session.getProvider(AuthorizationProvider.class);
ClientModel client = realm.getClientByClientId("appserver");
ResourceServer resourceServer = authz.getStoreFactory().getResourceServerStore().findByClient(client);
Assertions.assertEquals("AFFIRMATIVE", resourceServer.getDecisionStrategy().name());
});
} finally {
adminClient.realms().realm("authz-bug").remove();
}
}
// https://github.com/keycloak/keycloak/issues/32799
@Test
public void importAcrToLoaMappingWithDefaultAcrValues() {
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/acr-values-import-bug.json"), RealmRepresentation.class);
public void importAcrToLoaMappingWithDefaultAcrValues() throws IOException {
RealmRepresentation testRealm = JsonSerialization.readValue(getClass().getResourceAsStream("acr-values-import-bug.json"), RealmRepresentation.class);
testRealm.setId("acr-values-import-bug");
adminClient.realms().create(testRealm);
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("acr-import-bug");
Map<String, Integer> acrLoaMap = AcrUtils.getAcrLoaMap(realm);
Assert.assertNotNull(acrLoaMap);
ClientModel clientSilverAcr = realm.getClientByClientId("client-silver");
Assert.assertEquals("silver", clientSilverAcr.getAttribute("default.acr.values"));
});
try {
runOnServer.run(session -> {
RealmModel realm = session.realms().getRealmByName("acr-import-bug");
Map<String, Integer> acrLoaMap = AcrUtils.getAcrLoaMap(realm);
Assertions.assertNotNull(acrLoaMap);
ClientModel clientSilverAcr = realm.getClientByClientId("client-silver");
Assertions.assertEquals("silver", clientSilverAcr.getAttribute("default.acr.values"));
});
} finally {
adminClient.realms().realm("acr-import-bug").remove();
}
}
// https://github.com/keycloak/keycloak/issues/10730
@Test
public void importLdapWithReferenceToGroupBeingImported() {
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/testrealm-ldap-group.json"), RealmRepresentation.class);
public void importLdapWithReferenceToGroupBeingImported() throws IOException {
RealmRepresentation testRealm = JsonSerialization.readValue(getClass().getResourceAsStream("testrealm-ldap-group.json"), RealmRepresentation.class);
adminClient.realms().create(testRealm);
testingClient.server().run(session -> {
RealmModel realm = session.realms().getRealmByName("ldap-group-import-bug");
Optional<ComponentModel> hardCodedGroup = realm.getComponentsStream()
.filter((component) -> component.getName().equals("hard-coded-group"))
.findFirst();
try {
runOnServer.run(session -> {
RealmModel realm = session.realms().getRealmByName("ldap-group-import-bug");
Optional<ComponentModel> hardCodedGroup = realm.getComponentsStream()
.filter((component) -> component.getName().equals("hard-coded-group"))
.findFirst();
Assert.assertTrue(hardCodedGroup.isPresent());
});
Assertions.assertTrue(hardCodedGroup.isPresent());
});
} finally {
adminClient.realms().realm("ldap-group-import-bug").remove();
}
}
@Test
public void importUserProfile() throws Exception {
final String realmString = IOUtils.toString(getClass().getResourceAsStream("/model/import-userprofile.json"), StandardCharsets.UTF_8);
final String realmString = IOUtils.toString(getClass().getResourceAsStream("import-userprofile.json"), StandardCharsets.UTF_8);
testingClient.server().run(session -> {
RealmRepresentation realmRep = JsonSerialization.readValue(realmString, RealmRepresentation.class);
runOnServer.run(session -> {
RealmRepresentation realmRep = null;
try {
realmRep = JsonSerialization.readValue(realmString, RealmRepresentation.class);
} catch (IOException e) {
throw new RuntimeException(e);
}
// make sure the import happens within the context of the realm being imported
session.getContext().setRealm(null);
@ -192,9 +218,9 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
UserProfileProvider provider = session.getProvider(UserProfileProvider.class);
UPConfig config = provider.getConfiguration();
Assert.assertTrue(config.getAttributes().stream().map(UPAttribute::getName).anyMatch("email"::equals));
Assert.assertTrue(config.getAttributes().stream().map(UPAttribute::getName).anyMatch("test"::equals));
Assert.assertTrue(config.getAttributes().stream().map(UPAttribute::getSelector)
Assertions.assertTrue(config.getAttributes().stream().map(UPAttribute::getName).anyMatch("email"::equals));
Assertions.assertTrue(config.getAttributes().stream().map(UPAttribute::getName).anyMatch("test"::equals));
Assertions.assertTrue(config.getAttributes().stream().map(UPAttribute::getSelector)
.filter(Objects::nonNull)
.map(UPAttributeSelector::getScopes)
.filter(Objects::nonNull)
@ -203,20 +229,8 @@ public class ImportTest extends AbstractTestRealmKeycloakTest {
.contains("microprofile-jwt")
);
});
}
@Override
public void configureTestRealm(RealmRepresentation testRealmParm) {
log.infof("testrealm2 imported");
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/model/testrealm2.json"), RealmRepresentation.class);
adminClient.realms().create(testRealm);
log.infof("testrealm-demo imported");
testRealm = loadJson(getClass().getResourceAsStream("/model/testrealm-demo.json"), RealmRepresentation.class);
testRealm.setRealm("demo");
testRealm.setId("demo");
adminClient.realms().create(testRealm);
adminClient.realms().realm("user-profile").remove();
}
}

137
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/OwnerReplacementTest.java → tests/base/src/test/java/org/keycloak/tests/model/OwnerReplacementTest.java
View File

@ -16,9 +16,8 @@
*
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import java.util.function.BiFunction;
@ -38,58 +37,33 @@ import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testframework.annotations.InjectRealm;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.realm.ManagedRealm;
import org.keycloak.testframework.realm.RealmConfig;
import org.keycloak.testframework.realm.RealmConfigBuilder;
import org.keycloak.testframework.remote.annotations.TestOnServer;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import static org.keycloak.testsuite.AbstractAdminTest.loadJson;
import org.junit.jupiter.api.Assertions;
/**
* Test for the CRUD scenarios when the operation is called on the object, which is owned by different realm
*
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class OwnerReplacementTest extends AbstractKeycloakTest {
@KeycloakIntegrationTest
public class OwnerReplacementTest {
private static String testRealmId;
private static String fooRealmId;
@InjectRealm(fromJson = "/org/keycloak/tests/testrealm.json")
ManagedRealm testRealm;
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
log.debug("Adding test realm for import from testrealm.json");
RealmRepresentation testRealm = loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
testRealms.add(testRealm);
@InjectRealm(config = FooRealm.class, ref = "foo")
ManagedRealm fooRealm;
UserRepresentation user = UserBuilder.create()
.username("foo@user")
.email("foo@user.com")
.password("password")
.build();
private static final String testRealmId = "test";
private static final String fooRealmId = "foo";
RealmRepresentation realm2 = RealmBuilder.create()
.name("foo")
.user(user)
.build();
testRealms.add(realm2);
}
@Before
public void before() {
testingClient.server().run(session -> {
testRealmId = session.realms().getRealmByName("test").getId();
fooRealmId = session.realms().getRealmByName("foo").getId();
});
}
@Test
@ModelTest
@TestOnServer
public void componentsTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some component from realm1
@ -98,7 +72,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1ComponentId) -> {
ComponentModel component = realm2.getComponent(realm1ComponentId);
Assert.assertNull(component);
Assertions.assertNull(component);
}),
// Try to update some component in realm1 through the realm2
@ -114,7 +88,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1ComponentId) -> {
ComponentModel component = realm1.getComponent(realm1ComponentId);
Assert.assertNull(component.get("key1"));
Assertions.assertNull(component.get("key1"));
}),
// Try remove component from realm1 in the context of realm2
@ -129,14 +103,13 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1ComponentId) -> {
ComponentModel component = realm1.getComponent(realm1ComponentId);
Assert.assertNotNull(component);
Assertions.assertNotNull(component);
})
);
}
@Test
@ModelTest
@TestOnServer
public void requiredActionProvidersTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some object from realm1
@ -145,7 +118,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1ReqActionId) -> {
RequiredActionProviderModel reqAction = realm2.getRequiredActionProviderById(realm1ReqActionId);
Assert.assertNull(reqAction);
Assertions.assertNull(reqAction);
}),
// Try to update some object in realm1 through the realm2
@ -161,7 +134,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1ReqActionId) -> {
RequiredActionProviderModel reqAction = realm1.getRequiredActionProviderById(realm1ReqActionId);
Assert.assertNull(reqAction.getConfig().get("key1"));
Assertions.assertNull(reqAction.getConfig().get("key1"));
}),
// Try remove object from realm1 in the context of realm2
@ -176,15 +149,13 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1ReqActionId) -> {
RequiredActionProviderModel reqAction = realm1.getRequiredActionProviderById(realm1ReqActionId);
Assert.assertNotNull(reqAction);
Assertions.assertNotNull(reqAction);
})
);
}
@Test
@ModelTest
@TestOnServer
public void authenticationFlowsTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some object from realm1
@ -198,7 +169,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1FlowId) -> {
AuthenticationFlowModel flow = realm2.getAuthenticationFlowById(realm1FlowId);
Assert.assertNull(flow);
Assertions.assertNull(flow);
}),
// Try to update some object in realm1 through the realm2
@ -214,7 +185,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1FlowId) -> {
AuthenticationFlowModel flow = realm1.getAuthenticationFlowById(realm1FlowId);
Assert.assertNotEquals("foo", flow.getDescription());
Assertions.assertNotEquals("foo", flow.getDescription());
}),
// Try remove object from realm1 in the context of realm2
@ -229,15 +200,13 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1FlowId) -> {
AuthenticationFlowModel flow = realm1.getAuthenticationFlowById(realm1FlowId);
Assert.assertNotNull(flow);
Assertions.assertNotNull(flow);
})
);
}
@Test
@ModelTest
@TestOnServer
public void authenticationExecutionsTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some object from realm1
@ -251,7 +220,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1ExecutionId) -> {
AuthenticationExecutionModel execution = realm2.getAuthenticationExecutionById(realm1ExecutionId);
Assert.assertNull(execution);
Assertions.assertNull(execution);
}),
// Try to update some object in realm1 through the realm2
@ -267,7 +236,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1ExecutionId) -> {
AuthenticationExecutionModel execution = realm1.getAuthenticationExecutionById(realm1ExecutionId);
Assert.assertNotEquals(1234, execution.getPriority());
Assertions.assertNotEquals(1234, execution.getPriority());
}),
// Try remove object from realm1 in the context of realm2
@ -282,15 +251,13 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session,realm1, realm1ExecutionId) -> {
AuthenticationExecutionModel execution = realm1.getAuthenticationExecutionById(realm1ExecutionId);
Assert.assertNotNull(execution);
Assertions.assertNotNull(execution);
})
);
}
@Test
@ModelTest
@TestOnServer
public void authenticationConfigsTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some object from realm1
@ -299,7 +266,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1AuthConfigId) -> {
AuthenticatorConfigModel config = realm2.getAuthenticatorConfigById(realm1AuthConfigId);
Assert.assertNull(config);
Assertions.assertNull(config);
}),
// Try to update some object in realm1 through the realm2
@ -315,7 +282,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1AuthConfigId) -> {
AuthenticatorConfigModel config = realm1.getAuthenticatorConfigById(realm1AuthConfigId);
Assert.assertNull(config.getConfig().get("key1"));
Assertions.assertNull(config.getConfig().get("key1"));
}),
// Try remove object from realm1 in the context of realm2
@ -330,15 +297,13 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1AuthConfigId) -> {
AuthenticatorConfigModel config = realm1.getAuthenticatorConfigById(realm1AuthConfigId);
Assert.assertNotNull(config);
Assertions.assertNotNull(config);
})
);
}
@Test
@ModelTest
@TestOnServer
public void clientInitialAccessTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some object from realm1
@ -352,7 +317,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1ClientInitialAccessId) -> {
ClientInitialAccessModel clientInitialAccess = session.getProvider(RealmProvider.class).getClientInitialAccessModel(realm2, realm1ClientInitialAccessId);
Assert.assertNull(clientInitialAccess);
Assertions.assertNull(clientInitialAccess);
}),
// Try to update some object in realm1 through the realm2
@ -377,14 +342,13 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1ClientInitialAccessId) -> {
ClientInitialAccessModel clientInitialAccess = session.getProvider(RealmProvider.class).getClientInitialAccessModel(realm1, realm1ClientInitialAccessId);
Assert.assertNotNull(clientInitialAccess);
Assertions.assertNotNull(clientInitialAccess);
})
);
}
@Test
@ModelTest
@TestOnServer
public void rolesTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some object from realm1
@ -398,7 +362,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1RoleId) -> {
RoleModel role = session.getProvider(RoleProvider.class).getRoleById(realm2, realm1RoleId);
Assert.assertNull(role);
Assertions.assertNull(role);
}),
// Try to update some object in realm1 through the realm2
@ -428,8 +392,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
);
}
@Test
@ModelTest
@TestOnServer
public void userSessionsTest(KeycloakSession session1) {
doTest(session1,
// Get ID of some object from realm1
@ -444,7 +407,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm2, realm1SessionId) -> {
UserSessionModel userSession = session.sessions().getUserSession(realm2, realm1SessionId);
Assert.assertNull(userSession);
Assertions.assertNull(userSession);
}),
// Try to update some object in realm1 through the realm2
@ -471,7 +434,7 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
((session, realm1, realm1SessionId) -> {
UserSessionModel userSession = session.sessions().getUserSession(realm1, realm1SessionId);
Assert.assertNotNull(userSession);
Assertions.assertNotNull(userSession);
})
);
@ -547,4 +510,16 @@ public class OwnerReplacementTest extends AbstractKeycloakTest {
public interface TetraConsumer<T, U, V, W> {
void accept(T var1, U var2, V var3, W var4);
}
private static final class FooRealm implements RealmConfig {
@Override
public RealmConfigBuilder configure(RealmConfigBuilder realm) {
realm.name("foo").id("foo");
realm.addUser("foo@user").email("foo@user.com")
.password("password");
return realm;
}
}
}

134
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserConsentModelTest.java → tests/base/src/test/java/org/keycloak/tests/model/UserConsentModelTest.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
@ -32,38 +32,42 @@ import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.UserConsentManager;
import org.keycloak.storage.client.ClientStorageProviderModel;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.remote.annotations.TestOnServer;
import org.keycloak.testframework.remote.runonserver.InjectRunOnServer;
import org.keycloak.testframework.remote.runonserver.RunOnServerClient;
import org.keycloak.testsuite.federation.HardcodedClientStorageProviderFactory;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
@KeycloakIntegrationTest(config = CustomProvidersServerConfig.class)
public class UserConsentModelTest {
@InjectRunOnServer
RunOnServerClient runOnServer;
private static ComponentModel clientStorageComponent;
private static String realmId;
@Before
@BeforeEach
public void before() {
testingClient.server().run(session -> {
runOnServer.run(session -> {
setupEnv(session);
});
}
@After
@AfterEach
public void after() {
testingClient.server().run(session -> {
runOnServer.run(session -> {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.getRealm(realmId);
@ -126,7 +130,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
// Update should fail as grant doesn't yet exists
try {
UserConsentManager.updateConsent(realmManager.getSession(), realm, john, johnBarGrant);
Assert.fail("Not expected to end here");
Assertions.fail("Not expected to end here");
} catch (ModelException expected) {
}
@ -146,7 +150,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
Assert.assertNotNull(hardcodedClient);
Assertions.assertNotNull(hardcodedClient);
UserConsentModel maryHardcodedGrant = new UserConsentModel(hardcodedClient);
UserConsentManager.addConsent(realmManager.getSession(), realm, mary, maryHardcodedGrant);
@ -154,8 +158,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void basicConsentTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCT) -> {
@ -171,36 +174,35 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate());
Assertions.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assertions.assertNotNull(johnFooConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(johnFooConsent.getLastUpdatedDate(), "Last Updated Date should be set");
UserConsentModel johnBarConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, barClient.getId());
Assert.assertEquals(1, johnBarConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent));
Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate());
Assertions.assertEquals(1, johnBarConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent));
Assertions.assertNotNull(johnBarConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(johnBarConsent.getLastUpdatedDate(), "Last Updated Date should be set");
UserConsentModel maryConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, fooClient.getId());
Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate());
Assertions.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assertions.assertNotNull(maryConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(maryConsent.getLastUpdatedDate(), "Last Updated Date should be set");
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
UserConsentModel maryHardcodedConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId());
Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assert.assertNotNull("Created Date should be set", maryHardcodedConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryHardcodedConsent.getLastUpdatedDate());
Assertions.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assertions.assertNotNull(maryHardcodedConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(maryHardcodedConsent.getLastUpdatedDate(), "Last Updated Date should be set");
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, barClient.getId()));
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, hardcodedClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, barClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, hardcodedClient.getId()));
});
}
@Test
@ModelTest
@TestOnServer
public void getAllConsentTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionACT) -> {
@ -213,13 +215,13 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
Assert.assertEquals(2, UserConsentManager.getConsentsStream(currentSession, realm, john).count());
Assertions.assertEquals(2, UserConsentManager.getConsentsStream(currentSession, realm, john).count());
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
List<UserConsentModel> maryConsents = UserConsentManager.getConsentsStream(currentSession, realm, mary)
.collect(Collectors.toList());
Assert.assertEquals(2, maryConsents.size());
Assertions.assertEquals(2, maryConsents.size());
UserConsentModel maryConsent = maryConsents.get(0);
UserConsentModel maryHardcodedConsent = maryConsents.get(1);
if (maryConsents.get(0).getClient().getId().equals(hardcodedClient.getId())) {
@ -227,17 +229,16 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
maryHardcodedConsent = maryConsents.get(0);
}
Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assertions.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
Assertions.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId());
Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assertions.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId());
Assertions.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
});
}
@Test
@ModelTest
@TestOnServer
public void updateWithClientScopeRemovalTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession removalTestSession1) -> {
@ -249,7 +250,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(1, johnConsent.getGrantedClientScopes().size());
Assertions.assertEquals(1, johnConsent.getGrantedClientScopes().size());
// Remove foo protocol mapper from johnConsent
ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo");
@ -267,13 +268,12 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assert.assertTrue("Created date should be less than last updated date", johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate());
Assertions.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assertions.assertTrue(johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate(), "Created date should be less than last updated date");
});
}
@Test
@ModelTest
@TestOnServer
public void revokeTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRT1) -> {
@ -299,14 +299,13 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john");
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()));
UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId()));
});
}
@Test
@ModelTest
@TestOnServer
public void deleteUserTest(KeycloakSession session) {
// Validate user deleted without any referential constraint errors
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionUT) -> {
@ -321,8 +320,7 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void deleteClientScopeTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionST1) -> {
@ -344,12 +342,11 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assertions.assertEquals(0, johnConsent.getGrantedClientScopes().size());
});
}
@Test
@ModelTest
@TestOnServer
public void deleteClientTest(KeycloakSession session) {
AtomicReference<String> barClientID = new AtomicReference<>();
@ -371,20 +368,19 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client");
Assert.assertNull(realm.getClientByClientId("bar-client"));
Assertions.assertNull(realm.getClientByClientId("bar-client"));
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assertions.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, barClientID.get()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, barClientID.get()));
});
}
@Test
@ModelTest
@TestOnServer
public void deleteClientStorageTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionCST1) -> {
@ -401,10 +397,10 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
currentSession.getContext().setRealm(realm);
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
Assert.assertNull(hardcodedClient);
Assertions.assertNull(hardcodedClient);
UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
Assert.assertEquals(1, UserConsentManager.getConsentsStream(currentSession, realm, mary).count());
Assertions.assertEquals(1, UserConsentManager.getConsentsStream(currentSession, realm, mary).count());
});
}
@ -413,8 +409,4 @@ public class UserConsentModelTest extends AbstractTestRealmKeycloakTest {
return consentModel.isClientScopeGranted(clientScope);
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
}
}

133
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserConsentWithUserStorageModelTest.java → tests/base/src/test/java/org/keycloak/tests/model/UserConsentWithUserStorageModelTest.java
View File

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
@ -32,38 +32,42 @@ import org.keycloak.models.UserManager;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.services.managers.UserConsentManager;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.storage.client.ClientStorageProviderModel;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.remote.annotations.TestOnServer;
import org.keycloak.testframework.remote.runonserver.InjectRunOnServer;
import org.keycloak.testframework.remote.runonserver.RunOnServerClient;
import org.keycloak.testsuite.federation.HardcodedClientStorageProviderFactory;
import org.keycloak.testsuite.federation.UserMapStorageFactory;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import static org.keycloak.storage.UserStorageProviderModel.IMPORT_ENABLED;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeycloakTest {
@KeycloakIntegrationTest(config = CustomProvidersServerConfig.class)
public class UserConsentWithUserStorageModelTest {
@InjectRunOnServer
RunOnServerClient runOnServer;
private static ComponentModel clientStorageComponent;
@Before
@BeforeEach
public void before() {
testingClient.server().run(UserConsentWithUserStorageModelTest::setupEnv);
runOnServer.run(UserConsentWithUserStorageModelTest::setupEnv);
}
@After
@AfterEach
public void after() {
testingClient.server().run(session -> {
runOnServer.run(session -> {
RealmManager realmManager = new RealmManager(session);
RealmModel realm = realmManager.getRealmByName("original");
@ -134,7 +138,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
// Update should fail as grant doesn't yet exists
try {
UserConsentManager.updateConsent(currentSession, realm, john, johnBarGrant);
Assert.fail("Not expected to end here");
Assertions.fail("Not expected to end here");
} catch (ModelException expected) {
}
@ -154,15 +158,14 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
Assert.assertNotNull(hardcodedClient);
Assertions.assertNotNull(hardcodedClient);
UserConsentModel maryHardcodedGrant = new UserConsentModel(hardcodedClient);
UserConsentManager.addConsent(realmManager.getSession(), realm, mary, maryHardcodedGrant);
});
}
@Test
@ModelTest
@TestOnServer
public void basicConsentTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSessionCT) -> {
@ -177,36 +180,35 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
UserModel mary = currentSessionCT.users().getUserByUsername(realm, "mary");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNotNull("Created Date should be set", johnFooConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnFooConsent.getLastUpdatedDate());
Assertions.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assertions.assertNotNull(johnFooConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(johnFooConsent.getLastUpdatedDate(), "Last Updated Date should be set");
UserConsentModel johnBarConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, barClient.getId());
Assert.assertEquals(1, johnBarConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent));
Assert.assertNotNull("Created Date should be set", johnBarConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", johnBarConsent.getLastUpdatedDate());
Assertions.assertEquals(1, johnBarConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "bar", johnBarConsent));
Assertions.assertNotNull(johnBarConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(johnBarConsent.getLastUpdatedDate(), "Last Updated Date should be set");
UserConsentModel maryConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, fooClient.getId());
Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertNotNull("Created Date should be set", maryConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryConsent.getLastUpdatedDate());
Assertions.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assertions.assertNotNull(maryConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(maryConsent.getLastUpdatedDate(), "Last Updated Date should be set");
ClientModel hardcodedClient = currentSessionCT.clients().getClientByClientId(realm, "hardcoded-client");
UserConsentModel maryHardcodedConsent = UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId());
Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assert.assertNotNull("Created Date should be set", maryHardcodedConsent.getCreatedDate());
Assert.assertNotNull("Last Updated Date should be set", maryHardcodedConsent.getLastUpdatedDate());
Assertions.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assertions.assertNotNull(maryHardcodedConsent.getCreatedDate(), "Created Date should be set");
Assertions.assertNotNull(maryHardcodedConsent.getLastUpdatedDate(), "Last Updated Date should be set");
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, barClient.getId()));
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, hardcodedClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, barClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, hardcodedClient.getId()));
});
}
@Test
@ModelTest
@TestOnServer
public void getAllConsentTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession currentSessionACT) -> {
@ -219,13 +221,13 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
UserModel john = currentSessionACT.users().getUserByUsername(realm, "john");
UserModel mary = currentSessionACT.users().getUserByUsername(realm, "mary");
Assert.assertEquals(2, UserConsentManager.getConsentsStream(currentSession, realm, john).count());
Assertions.assertEquals(2, UserConsentManager.getConsentsStream(currentSession, realm, john).count());
ClientModel hardcodedClient = currentSessionACT.clients().getClientByClientId(realm, "hardcoded-client");
List<UserConsentModel> maryConsents = UserConsentManager.getConsentsStream(currentSession, realm, mary)
.collect(Collectors.toList());
Assert.assertEquals(2, maryConsents.size());
Assertions.assertEquals(2, maryConsents.size());
UserConsentModel maryConsent = maryConsents.get(0);
UserConsentModel maryHardcodedConsent = maryConsents.get(1);
if (maryConsents.get(0).getClient().getId().equals(hardcodedClient.getId())) {
@ -233,17 +235,16 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
maryHardcodedConsent = maryConsents.get(0);
}
Assert.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
Assert.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assertions.assertEquals(maryConsent.getClient().getId(), fooClient.getId());
Assertions.assertEquals(1, maryConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", maryConsent));
Assert.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId());
Assert.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
Assertions.assertEquals(maryHardcodedConsent.getClient().getId(), hardcodedClient.getId());
Assertions.assertEquals(0, maryHardcodedConsent.getGrantedClientScopes().size());
});
}
@Test
@ModelTest
@TestOnServer
public void updateWithClientScopeRemovalTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionScopeRemoval1) -> {
@ -255,7 +256,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(1, johnConsent.getGrantedClientScopes().size());
Assertions.assertEquals(1, johnConsent.getGrantedClientScopes().size());
// Remove foo protocol mapper from johnConsent
ClientScopeModel fooScope = KeycloakModelUtils.getClientScopeByName(realm, "foo");
@ -273,13 +274,12 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assert.assertTrue("Created date should be less than last updated date", johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate());
Assertions.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assertions.assertTrue(johnConsent.getCreatedDate() < johnConsent.getLastUpdatedDate(), "Created date should be less than last updated date");
});
}
@Test
@ModelTest
@TestOnServer
public void revokeTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionRevoke1) -> {
@ -305,15 +305,14 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
UserModel john = currentSession.users().getUserByUsername(realm, "john");
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId()));
UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
Assert.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId()));
Assertions.assertNull(UserConsentManager.getConsentByClient(currentSession, realm, mary, hardcodedClient.getId()));
});
}
@Test
@ModelTest
@TestOnServer
public void deleteUserTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sessionDelete) -> {
@ -329,8 +328,7 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
});
}
@Test
@ModelTest
@TestOnServer
public void deleteClientScopeTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClScope1) -> {
@ -351,12 +349,11 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
UserModel john = currentSession.users().getUserByUsername(realm, "john");
UserConsentModel johnConsent = UserConsentManager.getConsentByClient(currentSession, realm, john, fooClient.getId());
Assert.assertEquals(0, johnConsent.getGrantedClientScopes().size());
Assertions.assertEquals(0, johnConsent.getGrantedClientScopes().size());
});
}
@Test
@ModelTest
@TestOnServer
public void deleteClientTest(KeycloakSession session) {
AtomicReference<String> barClientID = new AtomicReference<>();
@ -379,20 +376,19 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
currentSession.getContext().setRealm(realm);
ClientModel fooClient = realm.getClientByClientId("foo-client");
Assert.assertNull(realm.getClientByClientId("bar-client"));
Assertions.assertNull(realm.getClientByClientId("bar-client"));
UserModel john = realmManager.getSession().users().getUserByUsername(realm, "john");
UserConsentModel johnFooConsent = UserConsentManager.getConsentByClient(realmManager.getSession(), realm, john, fooClient.getId());
Assert.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assert.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assertions.assertEquals(1, johnFooConsent.getGrantedClientScopes().size());
Assertions.assertTrue(isClientScopeGranted(realm, "foo", johnFooConsent));
Assert.assertNull(UserConsentManager.getConsentByClient(realmManager.getSession(), realm, john, barClientID.get()));
Assertions.assertNull(UserConsentManager.getConsentByClient(realmManager.getSession(), realm, john, barClientID.get()));
});
}
@Test
@ModelTest
@TestOnServer
public void deleteClientStorageTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesDelClientStore1) -> {
@ -409,10 +405,10 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
currentSession.getContext().setRealm(realm);
ClientModel hardcodedClient = currentSession.clients().getClientByClientId(realm, "hardcoded-client");
Assert.assertNull(hardcodedClient);
Assertions.assertNull(hardcodedClient);
UserModel mary = currentSession.users().getUserByUsername(realm, "mary");
Assert.assertEquals(1, UserConsentManager.getConsentsStream(currentSession, realm, mary).count());
Assertions.assertEquals(1, UserConsentManager.getConsentsStream(currentSession, realm, mary).count());
});
}
@ -421,7 +417,4 @@ public class UserConsentWithUserStorageModelTest extends AbstractTestRealmKeyclo
return consentModel.isClientScopeGranted(clientScope);
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
}
}

251
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserModelTest.java → tests/base/src/test/java/org/keycloak/tests/model/UserModelTest.java Executable file → Normal file
View File

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.util.ArrayList;
import java.util.Arrays;
@ -33,15 +33,17 @@ import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.managers.ClientManager;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testframework.annotations.InjectRealm;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.injection.LifeCycle;
import org.keycloak.testframework.realm.ManagedRealm;
import org.keycloak.testframework.realm.RealmConfig;
import org.keycloak.testframework.realm.RealmConfigBuilder;
import org.keycloak.testframework.remote.annotations.TestOnServer;
import org.junit.Assert;
import org.junit.Test;
import org.junit.jupiter.api.Assertions;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.contains;
@ -50,28 +52,18 @@ import static org.hamcrest.Matchers.empty;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNotNull;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class UserModelTest extends AbstractTestRealmKeycloakTest {
@KeycloakIntegrationTest
public class UserModelTest {
@Override
public void addTestRealms(List<RealmRepresentation> testRealms) {
testRealms.add(RealmBuilder.create().name("original").build());
testRealms.add(RealmBuilder.create().name("other").build());
testRealms.add(RealmBuilder.create().name("realm1").build());
testRealms.add(RealmBuilder.create().name("realm2").build());
}
@InjectRealm(lifecycle = LifeCycle.METHOD, config = UserModelRealm.class)
ManagedRealm originalRealm;
@Override
protected boolean isImportAfterEachMethod() {
return true;
}
@Test
@ModelTest(realmName = "original")
@TestOnServer
public void persistUser(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesPersistUser) -> {
KeycloakSession currentSession = sesPersistUser;
@ -83,7 +75,7 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
user.setEmail("email");
assertNotNull(user.getCreatedTimestamp());
// test that timestamp is current with 10s tollerance
Assert.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);
Assertions.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);
user.addRequiredAction(RequiredAction.CONFIGURE_TOTP);
user.addRequiredAction(RequiredAction.UPDATE_PASSWORD);
@ -120,10 +112,8 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest(realmName = "original")
@TestOnServer
public void webOriginSetTest(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesWebOrigin) -> {
KeycloakSession currentSession = sesWebOrigin;
RealmModel realm = currentSession.realms().getRealmByName("original");
@ -162,10 +152,8 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest(realmName = "original")
public void testUserRequiredActions(KeycloakSession session) throws Exception {
@TestOnServer
public void testUserRequiredActions(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesUserReqActions) -> {
KeycloakSession currentSession = sesUserReqActions;
RealmModel realm = currentSession.realms().getRealmByName("original");
@ -216,8 +204,7 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest(realmName = "original")
@TestOnServer
public void testUserMultipleAttributes(KeycloakSession session) throws Exception {
AtomicReference<List<String>> attrValsAtomic = new AtomicReference<>();
@ -282,8 +269,7 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
}
// KEYCLOAK-3494
@Test
@ModelTest(realmName = "original")
@TestOnServer
public void testUpdateUserAttribute(KeycloakSession session) throws Exception {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesUpdateAtr1) -> {
@ -314,8 +300,7 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
}
// KEYCLOAK-3608
@Test
@ModelTest(realmName = "original")
@TestOnServer
public void testUpdateUserSingleAttribute(KeycloakSession session) {
AtomicReference<Map<String, List<String>>> expectedAtomic = new AtomicReference<>();
@ -355,8 +340,7 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest(realmName = "original")
@TestOnServer
public void testSearchByString(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesSearchString1) -> {
@ -379,65 +363,66 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest(realmName = "original")
public void testSearchByUserAttribute(KeycloakSession session) throws Exception {
@TestOnServer
public void testSearchByUserAttribute(KeycloakSession session) {
try {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesSearchAtr1) -> {
KeycloakSession currentSession = sesSearchAtr1;
RealmModel realm = currentSession.realms().getRealmByName("original");
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesSearchAtr1) -> {
KeycloakSession currentSession = sesSearchAtr1;
RealmModel realm = currentSession.realms().getRealmByName("original");
UserModel user1 = currentSession.users().addUser(realm, "user1");
UserModel user2 = currentSession.users().addUser(realm, "user2");
UserModel user3 = currentSession.users().addUser(realm, "user3");
UserModel user1 = currentSession.users().addUser(realm, "user1");
UserModel user2 = currentSession.users().addUser(realm, "user2");
UserModel user3 = currentSession.users().addUser(realm, "user3");
user1.setSingleAttribute("key1", "value1");
user1.setSingleAttribute("key2", "value21");
user1.setSingleAttribute("key1", "value1");
user1.setSingleAttribute("key2", "value21");
user2.setSingleAttribute("key1", "value1");
user2.setSingleAttribute("key2", "value22");
user2.setSingleAttribute("key1", "value1");
user2.setSingleAttribute("key2", "value22");
user3.setSingleAttribute("key2", "value21");
user3.setSingleAttribute("key2", "value21");
RealmModel otherRealm = new RealmManager(session).createRealm("other", "other");
UserModel otherRealmUser = currentSession.users().addUser(otherRealm, "user1");
otherRealmUser.setSingleAttribute("key2", "value21");
});
RealmModel otherRealm = currentSession.realms().getRealmByName("other");
currentSession.getContext().setRealm(otherRealm);
UserModel otherRealmUser = currentSession.users().addUser(otherRealm, "user1");
otherRealmUser.setSingleAttribute("key2", "value21");
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesSearchAtr2) -> {
KeycloakSession currentSession = sesSearchAtr2;
RealmModel realm = currentSession.realms().getRealmByName("original");
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesSearchAtr2) -> {
KeycloakSession currentSession = sesSearchAtr2;
RealmModel realm = currentSession.realms().getRealmByName("original");
UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
UserModel user2 = currentSession.users().getUserByUsername(realm, "user2");
UserModel user3 = currentSession.users().getUserByUsername(realm, "user3");
UserModel user1 = currentSession.users().getUserByUsername(realm, "user1");
UserModel user2 = currentSession.users().getUserByUsername(realm, "user2");
UserModel user3 = currentSession.users().getUserByUsername(realm, "user3");
List<UserModel> users = currentSession.users().searchForUserByUserAttributeStream(realm, "key1", "value1")
.collect(Collectors.toList());
assertThat(users, hasSize(2));
assertThat(users, containsInAnyOrder(user1, user2));
List<UserModel> users = currentSession.users().searchForUserByUserAttributeStream(realm, "key1", "value1")
.collect(Collectors.toList());
assertThat(users, hasSize(2));
assertThat(users, containsInAnyOrder(user1, user2));
users = currentSession.users().searchForUserByUserAttributeStream(realm, "key2", "value21")
.collect(Collectors.toList());
assertThat(users, hasSize(2));
assertThat(users, containsInAnyOrder(user1, user3));
users = currentSession.users().searchForUserByUserAttributeStream(realm, "key2", "value21")
.collect(Collectors.toList());
assertThat(users, hasSize(2));
assertThat(users, containsInAnyOrder(user1, user3));
users = currentSession.users().searchForUserByUserAttributeStream(realm, "key2", "value22")
.collect(Collectors.toList());
assertThat(users, hasSize(1));
assertThat(users, contains(user2));
users = currentSession.users().searchForUserByUserAttributeStream(realm, "key2", "value22")
.collect(Collectors.toList());
assertThat(users, hasSize(1));
assertThat(users, contains(user2));
users = currentSession.users().searchForUserByUserAttributeStream(realm, "key3", "value3")
.collect(Collectors.toList());
assertThat(users, empty());
});
users = currentSession.users().searchForUserByUserAttributeStream(realm, "key3", "value3")
.collect(Collectors.toList());
assertThat(users, empty());
});
} finally {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession cleanupSession) -> {
cleanupSession.realms().removeRealm("other");
});
}
}
@Test
@ModelTest(realmName = "original")
public void testServiceAccountLink(KeycloakSession session) throws Exception {
@TestOnServer
public void testServiceAccountLink(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesServiceLink1) -> {
KeycloakSession currentSession = sesServiceLink1;
RealmModel realm = currentSession.realms().getRealmByName("original");
@ -505,59 +490,64 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
public void testGrantToAll(KeycloakSession session) throws Exception {
@TestOnServer
public void testGrantToAll(KeycloakSession session) {
try {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesGrantToAll1) -> {
KeycloakSession currentSession = sesGrantToAll1;
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesGrantToAll1) -> {
KeycloakSession currentSession = sesGrantToAll1;
RealmManager realmManager = new RealmManager(currentSession);
RealmModel realm1 = currentSession.realms().getRealmByName("realm1");
currentSession.getContext().setRealm(realm1);
RealmModel realm1 = realmManager.createRealm("realm1", "realm1");
currentSession.getContext().setRealm(realm1);
realm1.addRole("role1");
currentSession.users().addUser(realm1, "user1");
currentSession.users().addUser(realm1, "user2");
realm1.addRole("role1");
currentSession.users().addUser(realm1, "user1");
currentSession.users().addUser(realm1, "user2");
RealmModel realm2 = currentSession.realms().getRealmByName("realm2");
currentSession.users().addUser(realm2, "user1");
});
RealmModel realm2 = realmManager.createRealm("realm2", "realm2");
currentSession.users().addUser(realm2, "user1");
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesGrantToAll2) -> {
KeycloakSession currentSession = sesGrantToAll2;
RealmModel realm1 = currentSession.realms().getRealmByName("realm1");
currentSession.getContext().setRealm(realm1);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesGrantToAll2) -> {
KeycloakSession currentSession = sesGrantToAll2;
RealmModel realm1 = currentSession.realms().getRealmByName("realm1");
currentSession.getContext().setRealm(realm1);
RoleModel role1 = realm1.getRole("role1");
currentSession.users().grantToAllUsers(realm1, role1);
});
RoleModel role1 = realm1.getRole("role1");
currentSession.users().grantToAllUsers(realm1, role1);
});
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesGrantToAll2) -> {
KeycloakSession currentSession = sesGrantToAll2;
RealmModel realm1 = currentSession.realms().getRealmByName("realm1");
currentSession.getContext().setRealm(realm1);
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession sesGrantToAll2) -> {
KeycloakSession currentSession = sesGrantToAll2;
RealmModel realm1 = currentSession.realms().getRealmByName("realm1");
currentSession.getContext().setRealm(realm1);
RoleModel role1 = realm1.getRole("role1");
UserModel user1 = currentSession.users().getUserByUsername(realm1, "user1");
UserModel user2 = currentSession.users().getUserByUsername(realm1, "user2");
Assert.assertTrue(user1.hasRole(role1));
Assert.assertTrue(user2.hasRole(role1));
RoleModel role1 = realm1.getRole("role1");
UserModel user1 = currentSession.users().getUserByUsername(realm1, "user1");
UserModel user2 = currentSession.users().getUserByUsername(realm1, "user2");
Assertions.assertTrue(user1.hasRole(role1));
Assertions.assertTrue(user2.hasRole(role1));
RealmModel realm2 = currentSession.realms().getRealmByName("realm2");
currentSession.getContext().setRealm(realm2);
UserModel realm2User1 = currentSession.users().getUserByUsername(realm2, "user1");
Assert.assertFalse(realm2User1.hasRole(role1));
RealmModel realm2 = currentSession.realms().getRealmByName("realm2");
currentSession.getContext().setRealm(realm2);
UserModel realm2User1 = currentSession.users().getUserByUsername(realm2, "user1");
Assertions.assertFalse(realm2User1.hasRole(role1));
currentSession.realms().removeRealm(realm2.getId());
currentSession.getContext().setRealm(realm1);
currentSession.realms().removeRealm(realm1.getId());
});
currentSession.realms().removeRealm(realm2.getId());
currentSession.getContext().setRealm(realm1);
currentSession.realms().removeRealm(realm1.getId());
});
} finally {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession cleanupSession) -> {
cleanupSession.realms().removeRealm("realm1");
cleanupSession.realms().removeRealm("realm2");
});
}
}
@Test
@ModelTest(realmName = "original")
public void testUserNotBefore(KeycloakSession session) throws Exception {
@TestOnServer
public void testUserNotBefore(KeycloakSession session) {
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), session.getContext(), (KeycloakSession sesUserNotBefore1) -> {
KeycloakSession currentSession = sesUserNotBefore1;
RealmModel realm = currentSession.realms().getRealmByName("original");
@ -597,7 +587,12 @@ public class UserModelTest extends AbstractTestRealmKeycloakTest {
containsInAnyOrder(expected.getRequiredActionsStream().toArray()));
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
private static final class UserModelRealm implements RealmConfig {
@Override
public RealmConfigBuilder configure(RealmConfigBuilder realm) {
return realm.name("original");
}
}
}

186
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/model/UserSessionProviderTest.java → tests/base/src/test/java/org/keycloak/tests/model/UserSessionProviderTest.java Executable file → Normal file
View File

@ -15,7 +15,7 @@
* limitations under the License.
*/
package org.keycloak.testsuite.model;
package org.keycloak.tests.model;
import java.util.Arrays;
import java.util.HashMap;
@ -41,37 +41,44 @@ import org.keycloak.models.utils.ResetTimeOffsetEvent;
import org.keycloak.models.utils.SessionTimeoutHelper;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.provider.ProviderEventListener;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.keycloak.testframework.annotations.InjectRealm;
import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.realm.ManagedRealm;
import org.keycloak.testframework.realm.RealmConfig;
import org.keycloak.testframework.realm.RealmConfigBuilder;
import org.keycloak.testframework.remote.annotations.TestOnServer;
import org.keycloak.testframework.remote.runonserver.InjectRunOnServer;
import org.keycloak.testframework.remote.runonserver.RunOnServerClient;
import org.keycloak.tests.utils.infinispan.InfinispanTimeUtil;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertSame;
import static org.junit.Assert.assertTrue;
import static org.junit.jupiter.api.Assertions.assertArrayEquals;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertSame;
import static org.junit.jupiter.api.Assertions.assertTrue;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@KeycloakIntegrationTest
public class UserSessionProviderTest {
@Rule
public InfinispanTestTimeServiceRule ispnTestTimeService = new InfinispanTestTimeServiceRule(this);
@InjectRealm(config = UserSessionProviderRealm.class)
ManagedRealm managedRealm;
@Before
@InjectRunOnServer
RunOnServerClient runOnServer;
@BeforeEach
public void before() {
testingClient.server().run( session -> {
runOnServer.run( session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
session.users().addUser(realm, "user1").setEmail("user1@localhost");
@ -79,9 +86,9 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@After
@AfterEach
public void after() {
testingClient.server().run( session -> {
runOnServer.run( session -> {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
session.sessions().removeUserSessions(realm);
@ -98,8 +105,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testCreateSessions(KeycloakSession session) {
int started = Time.currentTime();
RealmModel realm = session.realms().getRealmByName("test");
@ -112,8 +118,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testUpdateSession(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
UserSessionModel[] sessions = createSessions(session);
@ -125,8 +130,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testUpdateSessionInSameTransaction(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
UserSessionModel[] sessions = createSessions(session);
@ -138,8 +142,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testRestartSession(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
int started = Time.currentTime();
@ -180,8 +183,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
}
}
@Test
@ModelTest
@TestOnServer
public void testCreateClientSession(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
@ -204,8 +206,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testUpdateClientSession(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
@ -231,8 +232,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testUpdateClientSessionWithGetByClientId(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
UserSessionModel[] sessions = createSessions(session);
@ -257,8 +257,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testUpdateClientSessionInSameTransaction(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
UserSessionModel[] sessions = createSessions(session);
@ -280,8 +279,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testGetUserSessions(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
UserSessionModel[] sessions = createSessions(session);
@ -295,8 +293,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testRemoveUserSessionsByUser(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
createSessions(session);
@ -321,14 +318,13 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
assertSame(1, userSessions.size());
for (UserSessionModel userSession : userSessions) {
Assert.assertEquals((int) clientSessionsKept.get(userSession.getId()),
Assertions.assertEquals((int) clientSessionsKept.get(userSession.getId()),
userSession.getAuthenticatedClientSessions().size());
}
});
}
@Test
@ModelTest
@TestOnServer
public void testRemoveUserSession(KeycloakSession session) {
String userSessionId = KeycloakModelUtils.runJobInTransactionWithResult(session.getKeycloakSessionFactory(), kcSession -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
@ -346,8 +342,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testRemoveUserSessionsByRealm(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
@ -365,8 +360,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
assertEquals(0, session.sessions().getUserSessionsStream(realm, user2).count());
}
@Test
@ModelTest
@TestOnServer
public void testOnClientRemoved(KeycloakSession session) {
UserSessionModel[] sessions = createSessions(session);
@ -408,9 +402,9 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
}
}
@Test
@ModelTest
@TestOnServer
public void testRemoveUserSessionsByExpired(KeycloakSession session) {
InfinispanTimeUtil.enableTestingTimeService(session);
try {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
@ -472,11 +466,11 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
} finally {
Time.setOffset(0);
session.getKeycloakSessionFactory().publish(new ResetTimeOffsetEvent());
InfinispanTimeUtil.disableTestingTimeService(session);
}
}
@Test
@ModelTest
@TestOnServer
public void testTransientUserSession(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
@ -497,17 +491,17 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// Can find session by ID in current transaction
UserSessionModel foundSession = session1.sessions().getUserSession(realm, userSessionId);
Assert.assertEquals(userSession, foundSession);
Assertions.assertEquals(userSession, foundSession);
// Count of sessions should be still the same
Assert.assertEquals(sessionsBefore, session1.sessions().getActiveUserSessions(realm, client));
Assertions.assertEquals(session1.sessions().getActiveUserSessions(realm, client), sessionsBefore);
});
// create an user session whose last refresh exceeds the max session idle timeout.
KeycloakModelUtils.runJobInTransaction(session.getKeycloakSessionFactory(), (KeycloakSession session1) -> {
session1.getContext().setRealm(realm);
UserSessionModel userSession = session1.sessions().getUserSession(realm, userSessionId);
Assert.assertNull(userSession);
Assertions.assertNull(userSession);
});
}
@ -517,9 +511,9 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
*
* @param session the {@code KeycloakSession}
*/
@Test
@ModelTest
@TestOnServer
public void testRemoveUserSessionsByExpiredRememberMe(KeycloakSession session) {
InfinispanTimeUtil.enableTestingTimeService(session);
RealmModel testRealm = session.realms().getRealmByName("test");
session.getContext().setRealm(testRealm);
int previousMaxLifespan = testRealm.getSsoSessionMaxLifespanRememberMe();
@ -610,12 +604,12 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
r.setSsoSessionIdleTimeoutRememberMe(previousMaxIdle);
r.setRememberMe(false);
});
InfinispanTimeUtil.disableTestingTimeService(session);
}
}
// KEYCLOAK-2508
@Test
@ModelTest
@TestOnServer
public void testRemovingExpiredSession(KeycloakSession session) {
UserSessionModel[] sessions = createSessions(session);
try {
@ -635,8 +629,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
}
}
@Test
@ModelTest
@TestOnServer
public void testGetByClient(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
final UserSessionModel[] sessions = createSessions(session);
@ -650,8 +643,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testGetByClientPaginated(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
@ -683,8 +675,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
});
}
@Test
@ModelTest
@TestOnServer
public void testCreateAndGetInSameTransaction(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
@ -694,15 +685,14 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
UserSessionModel userSessionLoaded = session.sessions().getUserSession(realm, userSession.getId());
AuthenticatedClientSessionModel clientSessionLoaded = userSessionLoaded.getAuthenticatedClientSessions().get(client.getId());
Assert.assertNotNull(userSessionLoaded);
Assert.assertNotNull(clientSessionLoaded);
Assertions.assertNotNull(userSessionLoaded);
Assertions.assertNotNull(clientSessionLoaded);
Assert.assertEquals(userSession.getId(), clientSessionLoaded.getUserSession().getId());
Assert.assertEquals(1, userSessionLoaded.getAuthenticatedClientSessions().size());
Assertions.assertEquals(userSession.getId(), clientSessionLoaded.getUserSession().getId());
Assertions.assertEquals(1, userSessionLoaded.getAuthenticatedClientSessions().size());
}
@Test
@ModelTest
@TestOnServer
public void testAuthenticatedClientSessions(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
session.getContext().setRealm(realm);
@ -729,7 +719,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// Ensure sessions are here
userSession = session.sessions().getUserSession(realm, userSession.getId());
Map<String, AuthenticatedClientSessionModel> clientSessions = userSession.getAuthenticatedClientSessions();
Assert.assertEquals(2, clientSessions.size());
Assertions.assertEquals(2, clientSessions.size());
testAuthenticatedClientSession(clientSessions.get(client1.getId()), "test-app", userSession.getId(), "foo1", currentTime1);
testAuthenticatedClientSession(clientSessions.get(client2.getId()), "third-party", userSession.getId(), "foo2", currentTime2);
@ -752,7 +742,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
// Ensure updated
userSession = session.sessions().getUserSession(realm, userSession.getId());
clientSessions = userSession.getAuthenticatedClientSessions();
Assert.assertEquals(2, clientSessions.size());
Assertions.assertEquals(2, clientSessions.size());
testAuthenticatedClientSession(clientSessions.get(client1.getId()), "test-app", userSession.getId(), "foo1-updated", currentTime1);
testAuthenticatedClientSession(clientSessions.get(client2.getId()), "third-party", userSession.getId(), "foo2-rewrited", currentTime3);
@ -762,16 +752,16 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
userSession = session.sessions().getUserSession(realm, userSession.getId());
clientSessions = userSession.getAuthenticatedClientSessions();
Assert.assertEquals(1, clientSessions.size());
Assert.assertNull(clientSessions.get(client1.getId()));
Assertions.assertEquals(1, clientSessions.size());
Assertions.assertNull(clientSessions.get(client1.getId()));
}
private static void testAuthenticatedClientSession(AuthenticatedClientSessionModel clientSession, String expectedClientId, String expectedUserSessionId, String expectedAction, int expectedTimestamp) {
Assert.assertEquals(expectedClientId, clientSession.getClient().getClientId());
Assert.assertEquals(expectedUserSessionId, clientSession.getUserSession().getId());
Assert.assertEquals(expectedAction, clientSession.getAction());
Assert.assertEquals(expectedTimestamp, clientSession.getTimestamp());
Assertions.assertEquals(expectedClientId, clientSession.getClient().getClientId());
Assertions.assertEquals(expectedUserSessionId, clientSession.getUserSession().getId());
Assertions.assertEquals(expectedAction, clientSession.getAction());
Assertions.assertEquals(expectedTimestamp, clientSession.getTimestamp());
}
private static void assertPaginatedSession(KeycloakSession session, RealmModel realm, ClientModel client, int start, int max, int expectedSize) {
@ -780,8 +770,9 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@Test
public void testGetCountByClient() {
testingClient.server().run(UserSessionProviderTest::testGetCountByClient);
runOnServer.run(UserSessionProviderTest::testGetCountByClient);
}
public static void testGetCountByClient(KeycloakSession session) {
RealmModel realm = session.realms().getRealmByName("test");
createSessions(session);
@ -795,7 +786,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@Test
public void loginFailures() {
testingClient.server().run((KeycloakSession kcSession) -> {
runOnServer.run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
UserLoginFailureModel failure1 = kcSession.loginFailures().addUserLoginFailure(realm, "user1");
@ -808,7 +799,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
failure2.setLastFailure(Time.currentTimeMillis());
});
testingClient.server().run((KeycloakSession kcSession) -> {
runOnServer.run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
@ -830,13 +821,13 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
assertEquals(0, failure1.getNumFailures());
});
testingClient.server().run((KeycloakSession kcSession) -> {
runOnServer.run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
kcSession.loginFailures().removeUserLoginFailure(realm, "user1");
});
testingClient.server().run((KeycloakSession kcSession) -> {
runOnServer.run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
@ -845,7 +836,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
kcSession.loginFailures().removeAllUserLoginFailures(realm);
});
testingClient.server().run((KeycloakSession kcSession) -> {
runOnServer.run((KeycloakSession kcSession) -> {
RealmModel realm = kcSession.realms().getRealmByName("test");
kcSession.getContext().setRealm(realm);
assertNull(kcSession.loginFailures().getUserLoginFailure(realm, "user1"));
@ -855,7 +846,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@Test
public void testOnUserRemoved() {
testingClient.server().run(UserSessionProviderTest::testOnUserRemoved);
runOnServer.run(UserSessionProviderTest::testOnUserRemoved);
}
public static void testOnUserRemoved(KeycloakSession session) {
@ -887,12 +878,12 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
@Test
public void testOnUserRemovedLazyUserAttributesAreLoaded() {
testingClient.server().run(session -> {
runOnServer.run(session -> {
RealmModel realm = session.realms().getRealmByName("test");
UserModel user1 = session.users().getUserByUsername(realm, "user1");
user1.setSingleAttribute("customAttribute", "value1");
});
testingClient.server().run(UserSessionProviderTest::testOnUserRemovedLazyUserAttributesAreLoaded);
runOnServer.run(UserSessionProviderTest::testOnUserRemovedLazyUserAttributesAreLoaded);
}
public static void testOnUserRemovedLazyUserAttributesAreLoaded(KeycloakSession session) {
@ -974,7 +965,7 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
for (Map.Entry<String, AuthenticatedClientSessionModel> entry : session.getAuthenticatedClientSessions().entrySet()) {
String clientUUID = entry.getKey();
AuthenticatedClientSessionModel clientSession = entry.getValue();
Assert.assertEquals(clientUUID, clientSession.getClient().getId());
Assertions.assertEquals(clientUUID, clientSession.getClient().getId());
actualClients[i] = clientSession.getClient().getClientId();
i++;
}
@ -985,8 +976,15 @@ public class UserSessionProviderTest extends AbstractTestRealmKeycloakTest {
assertArrayEquals(clients, actualClients);
}
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
private static class UserSessionProviderRealm implements RealmConfig {
@Override
public RealmConfigBuilder configure(RealmConfigBuilder realm) {
realm.name("test");
realm.addClient("test-app");
realm.addClient("third-party");
return realm;
}
}
}

2512
tests/base/src/test/resources/org/keycloak/tests/model/acr-values-import-bug.json Normal file
View File

File diff suppressed because it is too large Load Diff

24
tests/base/src/test/resources/org/keycloak/tests/model/authz-bug.json Normal file
View File

@ -0,0 +1,24 @@
{
"realm": "authz-bug",
"enabled": true,
"clients": [
{
"clientId": "appserver",
"enabled": true,
"clientAuthenticatorType": "client-secret",
"secret": "appserver-secret",
"bearerOnly": false,
"consentRequired": false,
"standardFlowEnabled": false,
"implicitFlowEnabled": false,
"directAccessGrantsEnabled": true,
"serviceAccountsEnabled": true,
"authorizationServicesEnabled": true,
"publicClient": false,
"fullScopeAllowed": true,
"authorizationSettings": {
"policyEnforcementMode": "ENFORCING",
"decisionStrategy": "AFFIRMATIVE"
}
}]
}

95
tests/base/src/test/resources/org/keycloak/tests/model/import-userprofile.json Normal file
View File

@ -0,0 +1,95 @@
{
"realm": "user-profile",
"enabled": true,
"accessTokenLifespan": 3000,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 6000,
"sslRequired": "external",
"registrationAllowed": false,
"requiredCredentials": [ "password" ],
"users" : [
{
"username" : "bburke@redhat.com",
"enabled": true,
"email" : "bburke@redhat.com",
"firstName": "Bill",
"lastName": "Burke",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["user"],
"applicationRoles": {
"account": [ "manage-account" ]
}
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "User privileges"
},
{
"name": "admin",
"description": "Administrator privileges"
}
]
},
"scopeMappings": [
{
"client": "third-party",
"roles": ["user"]
},
{
"client": "customer-portal",
"roles": ["user"]
},
{
"client": "product-portal",
"roles": ["user"]
}
],
"applications": [
{
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal",
"redirectUris": [
"http://localhost:8080/customer-portal/*"
],
"secret": "password"
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal",
"redirectUris": [
"http://localhost:8080/product-portal/*"
],
"secret": "password"
}
],
"oauthClients": [
{
"name": "third-party",
"enabled": true,
"redirectUris": [
"http://localhost:8080/oauth-client/*",
"http://localhost:8080/oauth-client-cdi/*"
],
"secret": "password"
}
],
"components": {
"org.keycloak.userprofile.UserProfileProvider" : [ {
"providerId" : "declarative-user-profile",
"subComponents" : { },
"config" : {
"kc.user.profile.config" : [ "{\"attributes\":[{\"name\":\"username\",\"displayName\":\"${username}\",\"validations\":{\"length\":{\"min\":3,\"max\":255},\"username-prohibited-characters\":{}}},{\"name\":\"email\",\"displayName\":\"${email}\",\"validations\":{\"email\":{},\"length\":{\"max\":255}}},{\"name\":\"firstName\",\"displayName\":\"${firstName}\",\"permissions\":{\"view\":[\"user\",\"admin\"],\"edit\":[\"user\",\"admin\"]},\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"selector\":{\"scopes\":[]},\"required\":{}},{\"name\":\"lastName\",\"displayName\":\"${lastName}\",\"permissions\":{\"view\":[\"user\",\"admin\"],\"edit\":[\"user\",\"admin\"]},\"validations\":{\"length\":{\"max\":255},\"person-name-prohibited-characters\":{}},\"selector\":{\"scopes\":[]}},{\"selector\":{\"scopes\":[\"microprofile-jwt\"]},\"permissions\":{\"view\":[],\"edit\":[]},\"name\":\"test\"}]}" ]
}
} ]
}
}

9
tests/base/src/test/resources/org/keycloak/tests/model/realm-validation.json Executable file
View File

@ -0,0 +1,9 @@
{
"realm": "realm-validation",
"clients": [
{
"name": "my-client",
"baseUrl": "/product-portal"
}
]
}

228
tests/base/src/test/resources/org/keycloak/tests/model/testcomposites2.json Executable file
View File

@ -0,0 +1,228 @@
{
"id": "TestComposites",
"realm": "TestComposites",
"enabled": true,
"accessTokenLifespan": 600,
"accessCodeLifespan": 600,
"accessCodeLifespanUserAction": 600,
"sslRequired": "external",
"registrationAllowed": true,
"resetPasswordAllowed": true,
"requiredCredentials": [ "password" ],
"smtpServer": {
"from": "auto@keycloak.org",
"host": "localhost",
"port":"3025"
},
"users" : [
{
"username" : "REALM_COMPOSITE_1_USER",
"enabled": true,
"email" : "test-user1@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "REALM_COMPOSITE_1" ]
},
{
"username" : "REALM_ROLE_1_USER",
"enabled": true,
"email" : "test-user2@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "REALM_ROLE_1"]
},
{
"username" : "REALM_APP_COMPOSITE_USER",
"enabled": true,
"email" : "test-user3@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": [ "REALM_APP_COMPOSITE_ROLE" ]
},
{
"username" : "REALM_APP_ROLE_USER",
"enabled": true,
"email" : "test-user4@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"applicationRoles": {
"APP_ROLE_APPLICATION": [ "APP_ROLE_2" ]
}
},
{
"username" : "APP_COMPOSITE_USER",
"enabled": true,
"email" : "test-user5@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["REALM_APP_COMPOSITE_ROLE", "REALM_COMPOSITE_1"]
}
],
"oauthClients" : [
{
"name" : "third-party",
"enabled": true,
"secret": "password"
}
],
"scopeMappings": [
{
"client": "REALM_COMPOSITE_1_APPLICATION",
"roles": ["REALM_COMPOSITE_1"]
},
{
"client": "REALM_COMPOSITE_2_APPLICATION",
"roles": ["REALM_COMPOSITE_1", "REALM_COMPOSITE_CHILD", "REALM_ROLE_4"]
},
{
"client": "REALM_ROLE_1_APPLICATION",
"roles": ["REALM_ROLE_1"]
}
],
"applications": [
{
"name": "REALM_COMPOSITE_1_APPLICATION",
"fullScopeAllowed": false,
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
"secret": "password"
},
{
"name": "REALM_COMPOSITE_2_APPLICATION",
"fullScopeAllowed": false,
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
"secret": "password"
},
{
"name": "REALM_ROLE_1_APPLICATION",
"fullScopeAllowed": false,
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
"secret": "password"
},
{
"name": "APP_ROLE_APPLICATION",
"fullScopeAllowed": false,
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
"secret": "password"
},
{
"name": "APP_COMPOSITE_APPLICATION",
"fullScopeAllowed": false,
"enabled": true,
"baseUrl": "http://localhost:8081/app",
"adminUrl": "http://localhost:8081/app/logout",
"secret": "password"
}
],
"roles" : {
"realm" : [
{
"name": "REALM_ROLE_1"
},
{
"name": "REALM_ROLE_2"
},
{
"name": "REALM_ROLE_3"
},
{
"name": "REALM_ROLE_4"
},
{
"name": "REALM_COMPOSITE_1",
"composites": {
"realm": ["REALM_ROLE_1", "REALM_COMPOSITE_CHILD"]
}
},
{
"name": "REALM_COMPOSITE_CHILD",
"composites": {
"realm": ["REALM_ROLE_4"]
}
},
{
"name": "REALM_APP_COMPOSITE_ROLE",
"composites": {
"application": {
"APP_ROLE_APPLICATION" :[
"APP_ROLE_1"
],
"APP_COMPOSITE_APPLICATION" :[
"APP_COMPOSITE_ROLE"
]
}
}
}
],
"application" : {
"APP_ROLE_APPLICATION" : [
{
"name": "APP_ROLE_1"
},
{
"name": "APP_ROLE_2"
}
],
"APP_COMPOSITE_APPLICATION" : [
{
"name": "APP_COMPOSITE_ROLE",
"composites": {
"realm" : [
"REALM_ROLE_1",
"REALM_ROLE_2",
"REALM_ROLE_3"
],
"application": {
"APP_ROLE_APPLICATION" :[
"APP_ROLE_1"
],
"APP_COMPOSITE_APPLICATION" :[
"APP_COMPOSITE_CHILD"
]
}
}
},
{
"name": "APP_COMPOSITE_CHILD",
"composites": {
"application": {
"APP_COMPOSITE_APPLICATION" :[
"APP_ROLE_2"
]
}
}
},
{
"name": "APP_ROLE_2"
}
]
}
},
"applicationScopeMappings": {
"APP_ROLE_APPLICATION": [
{
"client": "APP_COMPOSITE_APPLICATION",
"roles": ["APP_ROLE_1"]
}
]
}
}

61
tests/base/src/test/resources/org/keycloak/tests/model/testrealm-demo.json Executable file
View File

@ -0,0 +1,61 @@
{
"realm": "demo",
"enabled": true,
"accessTokenLifespan": 300,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 600,
"sslRequired": "external",
"requiredCredentials": [ "password" ],
"users" : [
{
"username" : "bburke@redhat.com",
"enabled": true,
"email" : "bburke@redhat.com",
"credentials" : [
{ "type" : "Password",
"value" : "password" }
],
"realmRoles": [ "user" ]
}
],
"oauthClients" : [
{
"name" : "third-party",
"enabled": true,
"secret": "password"
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
]
},
"scopeMappings": [
{
"client": "third-party",
"roles": ["user"]
}
],
"applications": [
{
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
"secret": "password"
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
"secret": "password"
}
]
}

196
tests/base/src/test/resources/org/keycloak/tests/model/testrealm-ldap-group.json Executable file
View File

@ -0,0 +1,196 @@
{
"realm": "ldap-group-import-bug",
"enabled": true,
"accessTokenLifespan": 300,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 600,
"sslRequired": "external",
"requiredCredentials": [
"password"
],
"users": [
{
"username": "kyale",
"enabled": true,
"email": "kyale@foo.bar",
"credentials": [
{
"type": "Password",
"value": "password"
}
],
"realmRoles": [
"user"
]
}
],
"oauthClients": [
{
"name": "third-party",
"enabled": true,
"secret": "password"
}
],
"roles": {
"realm": [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
]
},
"groups": [
{
"name": "hardcoded",
"path": "/hardcoded",
"subGroups": [],
"attributes": {},
"realmRoles": [],
"clientRoles": {}
}
],
"scopeMappings": [
{
"client": "third-party",
"roles": [
"user"
]
}
],
"applications": [
{
"name": "customer-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/customer-portal/j_admin_request",
"secret": "password"
},
{
"name": "product-portal",
"enabled": true,
"adminUrl": "http://localhost:8080/product-portal/j_admin_request",
"secret": "password"
}
],
"components": {
"org.keycloak.storage.UserStorageProvider": [
{
"id": "34192d41-8e0d-4a2f-916e-7061de988801",
"name": "LDAP Login",
"providerId": "ldap",
"subComponents": {
"org.keycloak.storage.ldap.mappers.LDAPStorageMapper": [
{
"name": "hard-coded-group",
"providerId": "hardcoded-ldap-group-mapper",
"subComponents": {},
"config": {
"group": [
"hardcoded"
]
}
}
]
},
"config": {
"fullSyncPeriod": [
"-1"
],
"pagination": [
"false"
],
"startTls": [
"false"
],
"connectionPooling": [
"true"
],
"usersDn": [
"OU=users,DC=apmoller,DC=local"
],
"cachePolicy": [
"DEFAULT"
],
"useKerberosForPasswordAuthentication": [
"false"
],
"importEnabled": [
"false"
],
"enabled": [
"true"
],
"bindDn": [
"CN=admin,DC=apmoller,DC=local"
],
"changedSyncPeriod": [
"-1"
],
"bindCredential": [
"**********"
],
"usernameLDAPAttribute": [
"uid"
],
"vendor": [
"other"
],
"uuidLDAPAttribute": [
"entryUUID"
],
"allowKerberosAuthentication": [
"false"
],
"connectionUrl": [
"ldap://mock-ldap.apmt-dpos.svc.cluster.local:389"
],
"syncRegistrations": [
"false"
],
"authType": [
"simple"
],
"krbPrincipalAttribute": [
"userPrincipalName"
],
"customUserSearchFilter": [
"(objectClass=*)"
],
"searchScope": [
"2"
],
"useTruststoreSpi": [
"always"
],
"usePasswordModifyExtendedOp": [
"false"
],
"trustEmail": [
"false"
],
"userObjectClasses": [
"inetOrgPerson"
],
"rdnLDAPAttribute": [
"uid"
],
"referral": [
"ignore"
],
"readTimeout": [
"5000"
],
"editMode": [
"READ_ONLY"
],
"validatePasswordPolicy": [
"false"
]
}
}
]
}
}

55
tests/base/src/test/resources/org/keycloak/tests/model/testrealm-noclient-id.json Executable file
View File

@ -0,0 +1,55 @@
{
"realm": "demo-no-client-id",
"enabled": true,
"accessTokenLifespan": 300,
"accessCodeLifespan": 10,
"accessCodeLifespanUserAction": 600,
"sslRequired": "external",
"requiredCredentials": [ "password" ],
"users" : [
{
"username" : "bburke@redhat.com",
"enabled": true,
"email" : "bburke@redhat.com",
"credentials" : [
{ "type" : "Password",
"value" : "password" }
],
"realmRoles": [ "user" ]
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
}
]
},
"scopeMappings": [
{
"client": "third-party",
"roles": ["user"]
}
],
"clients": [
{
"name": "third-party",
"enabled": true,
"bearerOnly": true
}
],
"clientScopeMappings": {
"realm-management": [
{
"client": "some-client",
"roles": ["create-client"]
}
]
}
}

694
tests/base/src/test/resources/org/keycloak/tests/testrealm.json Normal file
View File

@ -0,0 +1,694 @@
{
"id": "test",
"realm": "test",
"enabled": true,
"sslRequired": "external",
"registrationAllowed": true,
"resetPasswordAllowed": true,
"editUsernameAllowed" : true,
"ssoSessionIdleTimeout": 1800,
"ssoSessionMaxLifespan": 36000,
"offlineSessionIdleTimeout": 2592000,
"offlineSessionMaxLifespan": 5184000,
"requiredCredentials": [ "password" ],
"defaultRoles": [ "user" ],
"smtpServer": {
"from": "auto@keycloak.org",
"host": "localhost",
"port":"3025",
"fromDisplayName": "Keycloak SSO",
"replyTo":"reply-to@keycloak.org",
"replyToDisplayName": "Keycloak no-reply",
"envelopeFrom": "auto+bounces@keycloak.org"
},
"users" : [
{
"username" : "test-user@localhost",
"enabled": true,
"email" : "test-user@localhost",
"firstName": "Tom",
"lastName": "Brady",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["user", "offline_access"],
"clientRoles": {
"test-app": [ "customer-user" ],
"account": [ "view-profile", "manage-account" ]
}
},
{
"username" : "john-doh@localhost",
"enabled": true,
"email" : "john-doh@localhost",
"firstName": "John",
"lastName": "Doh",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["user"],
"clientRoles": {
"test-app": [ "customer-user" ],
"account": [ "view-profile", "manage-account" ]
}
},
{
"username" : "keycloak-user@localhost",
"enabled": true,
"email" : "keycloak-user@localhost",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["user"],
"clientRoles": {
"test-app": [ "customer-user" ],
"account": [ "view-profile", "manage-account" ]
}
},
{
"username" : "topGroupUser",
"enabled": true,
"email" : "top@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/topGroup"
]
},
{
"username" : "level2GroupUser",
"enabled": true,
"email" : "level2@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/topGroup/level2group"
]
},
{
"username" : "roleRichUser",
"enabled": true,
"email" : "rich.roles@redhat.com",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"groups": [
"/roleRichGroup/level2group"
],
"clientRoles": {
"test-app-scope": [ "test-app-allowed-by-scope", "test-app-disallowed-by-scope" ]
}
},
{
"username" : "non-duplicate-email-user",
"enabled": true,
"email" : "non-duplicate-email-user@localhost",
"firstName": "Brian",
"lastName": "Cohen",
"credentials" : [
{ "type" : "password",
"value" : "password" }
],
"realmRoles": ["user", "offline_access"],
"clientRoles": {
"test-app": [ "customer-user" ],
"account": [ "view-profile", "manage-account" ]
}
},
{
"username" : "user-with-one-configured-otp",
"enabled": true,
"email" : "otp1@redhat.com",
"credentials" : [
{
"type" : "password",
"value" : "password"
},
{
"id" : "unique",
"type" : "otp",
"secretData" : "{\"value\":\"DJmQfC73VGFhw7D4QJ8A\"}",
"credentialData" : "{\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\",\"subType\":\"totp\"}"
}
]
},
{
"username" : "user-with-two-configured-otp",
"enabled": true,
"email" : "otp2@redhat.com",
"realmRoles": ["user"],
"credentials" : [
{
"id" : "first",
"userLabel" : "first",
"type" : "otp",
"secretData" : "{\"value\":\"DJmQfC73VGFhw7D4QJ8A\"}",
"credentialData" : "{\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\",\"subType\":\"totp\"}"
},
{
"type" : "password",
"value" : "password"
},
{
"id" : "second",
"type" : "otp",
"secretData" : "{\"value\":\"ABCQfC73VGFhw7D4QJ8A\"}",
"credentialData" : "{\"digits\":6,\"counter\":0,\"period\":30,\"algorithm\":\"HmacSHA1\",\"subType\":\"totp\"}"
}
]
},
{
"username" : "special>>character",
"enabled": true,
"email" : "special-character@localhost",
"firstName": "Special",
"lastName": "Character",
"credentials" : [
{ "type" : "password",
"value" : "<password>" }
],
"realmRoles": ["user", "offline_access"]
}
],
"scopeMappings": [
{
"client": "third-party",
"roles": ["user"]
},
{
"client": "test-app",
"roles": ["user"]
},
{
"client": "test-app-scope",
"roles": ["user", "admin"]
}
],
"clients": [
{
"clientId": "test-app",
"enabled": true,
"baseUrl": "http://localhost:8180/auth/realms/master/app/auth",
"redirectUris": [
"http://localhost:8180/auth/realms/master/app/auth/*",
"https://localhost:8543/auth/realms/master/app/auth/*",
"http://localhost:8180/auth/realms/test/app/auth/*",
"https://localhost:8543/auth/realms/test/app/auth/*"
],
"adminUrl": "http://localhost:8180/auth/realms/master/app/admin",
"secret": "password"
},
{
"clientId": "root-url-client",
"enabled": true,
"rootUrl": "http://localhost:8180/foo/bar",
"adminUrl": "http://localhost:8180/foo/bar",
"baseUrl": "/baz",
"redirectUris": [
"http://localhost:8180/foo/bar/*",
"https://localhost:8543/foo/bar/*"
],
"directAccessGrantsEnabled": true,
"secret": "password"
},
{
"clientId" : "test-app-scope",
"enabled": true,
"redirectUris": [
"http://localhost:8180/auth/realms/master/app/*",
"https://localhost:8543/auth/realms/master/app/*"
],
"secret": "password",
"fullScopeAllowed": "false"
},
{
"clientId" : "third-party",
"description" : "A third party application",
"enabled": true,
"consentRequired": true,
"baseUrl": "http://localhost:8180/auth/realms/master/app/auth",
"redirectUris": [
"http://localhost:8180/auth/realms/master/app/*",
"https://localhost:8543/auth/realms/master/app/*"
],
"secret": "password"
},
{
"clientId": "test-app-authz",
"enabled": true,
"baseUrl": "/test-app-authz",
"adminUrl": "/test-app-authz",
"bearerOnly": false,
"authorizationSettings": {
"allowRemoteResourceManagement": true,
"policyEnforcementMode": "ENFORCING",
"resources": [
{
"name": "Admin Resource",
"uri": "/protected/admin/*",
"type": "http://test-app-authz/protected/admin",
"scopes": [
{
"name": "admin-access"
}
]
},
{
"name": "Protected Resource",
"uri": "/*",
"type": "http://test-app-authz/protected/resource",
"scopes": [
{
"name": "resource-access"
}
]
},
{
"name": "Premium Resource",
"uri": "/protected/premium/*",
"type": "urn:test-app-authz:protected:resource",
"scopes": [
{
"name": "premium-access"
}
]
},
{
"name": "Main Page",
"type": "urn:test-app-authz:protected:resource",
"scopes": [
{
"name": "urn:test-app-authz:page:main:actionForAdmin"
},
{
"name": "urn:test-app-authz:page:main:actionForUser"
},
{
"name": "urn:test-app-authz:page:main:actionForPremiumUser"
}
]
}
],
"policies": [
{
"name": "Any Admin Policy",
"description": "Defines that adminsitrators can do something",
"type": "role",
"config": {
"roles": "[{\"id\":\"admin\"}]"
}
},
{
"name": "Any User Policy",
"description": "Defines that any user can do something",
"type": "role",
"config": {
"roles": "[{\"id\":\"user\"}]"
}
},
{
"name": "Only Premium User Policy",
"description": "Defines that only premium users can do something",
"type": "role",
"logic": "POSITIVE",
"config": {
"roles": "[{\"id\":\"customer-user-premium\"}]"
}
},
{
"name": "All Users Policy",
"description": "Defines that all users can do something",
"type": "aggregate",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"applyPolicies": "[\"Any User Policy\",\"Any Admin Policy\",\"Only Premium User Policy\"]"
}
},
{
"name": "Premium Resource Permission",
"description": "A policy that defines access to premium resources",
"type": "resource",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"Premium Resource\"]",
"applyPolicies": "[\"Only Premium User Policy\"]"
}
},
{
"name": "Administrative Resource Permission",
"description": "A policy that defines access to administrative resources",
"type": "resource",
"decisionStrategy": "UNANIMOUS",
"config": {
"resources": "[\"Admin Resource\"]",
"applyPolicies": "[\"Any Admin Policy\"]"
}
},
{
"name": "Protected Resource Permission",
"description": "A policy that defines access to any protected resource",
"type": "resource",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"resources": "[\"Protected Resource\"]",
"applyPolicies": "[\"All Users Policy\"]"
}
},
{
"name": "Action 1 on Main Page Resource Permission",
"description": "A policy that defines access to action 1 on the main page",
"type": "scope",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"scopes": "[\"urn:test-app-authz:page:main:actionForAdmin\"]",
"applyPolicies": "[\"Any Admin Policy\"]"
}
},
{
"name": "Action 2 on Main Page Resource Permission",
"description": "A policy that defines access to action 2 on the main page",
"type": "scope",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"scopes": "[\"urn:test-app-authz:page:main:actionForUser\"]",
"applyPolicies": "[\"Any User Policy\"]"
}
},
{
"name": "Action 3 on Main Page Resource Permission",
"description": "A policy that defines access to action 3 on the main page",
"type": "scope",
"decisionStrategy": "AFFIRMATIVE",
"config": {
"scopes": "[\"urn:test-app-authz:page:main:actionForPremiumUser\"]",
"applyPolicies": "[\"Only Premium User Policy\"]"
}
}
]
},
"redirectUris": [
"/test-app-authz/*"
],
"secret": "secret"
},
{
"clientId": "named-test-app",
"name": "My Named Test App",
"enabled": true,
"directAccessGrantsEnabled": true,
"baseUrl": "http://localhost:8180/namedapp/base",
"redirectUris": [
"http://localhost:8180/namedapp/base/*",
"https://localhost:8543/namedapp/base/*"
],
"adminUrl": "http://localhost:8180/namedapp/base/admin",
"secret": "password"
},
{
"clientId": "var-named-test-app",
"name": "Test App Named - ${client_account}",
"enabled": true,
"baseUrl": "http://localhost:8180/varnamedapp/base",
"redirectUris": [
"http://localhost:8180/varnamedapp/base/*",
"https://localhost:8543/varnamedapp/base/*"
],
"adminUrl": "http://localhost:8180/varnamedapp/base/admin",
"secret": "password"
},
{
"clientId": "direct-grant",
"enabled": true,
"directAccessGrantsEnabled": true,
"secret": "password",
"webOrigins": [ "http://localtest.me:8180" ],
"protocolMappers": [
{
"name": "aud-account",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-mapper",
"config": {
"included.client.audience": "account",
"id.token.claim": "true",
"access.token.claim": "true"
}
},
{
"name": "aud-admin",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-mapper",
"config": {
"included.client.audience": "security-admin-console",
"id.token.claim": "true",
"access.token.claim": "true"
}
}
]
},
{
"clientId": "custom-audience",
"enabled": true,
"directAccessGrantsEnabled": true,
"secret": "password",
"protocolMappers": [
{
"name": "aud",
"protocol": "openid-connect",
"protocolMapper": "oidc-audience-mapper",
"config": {
"id.token.claim": "true",
"access.token.claim": "true",
"included.custom.audience": "foo-bar"
}
},
{
"name": "client roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-client-role-mapper",
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "resource_access.${client_id}.roles",
"jsonType.label": "String",
"multivalued": "true"
}
},
{
"name": "realm roles",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-realm-role-mapper",
"config": {
"user.attribute": "foo",
"access.token.claim": "true",
"claim.name": "realm_access.roles",
"jsonType.label": "String",
"multivalued": "true"
}
}
],
"defaultClientScopes": [
"web-origins",
"profile",
"email"
]
}
],
"roles" : {
"realm" : [
{
"name": "user",
"description": "Have User privileges"
},
{
"name": "admin",
"description": "Have Administrator privileges"
},
{
"name": "customer-user-premium",
"description": "Have User Premium privileges"
},
{
"name": "sample-realm-role",
"description": "Sample realm role"
},
{
"name": "attribute-role",
"description": "has attributes assigned",
"attributes": {
"hello": [
"world",
"keycloak"
]
}
},
{
"name": "realm-composite-role",
"description": "Realm composite role containing client role",
"composite" : true,
"composites" : {
"realm" : [ "sample-realm-role" ],
"client" : {
"test-app" : [ "sample-client-role" ],
"account" : [ "view-profile" ]
}
}
}
],
"client" : {
"test-app" : [
{
"name": "manage-account",
"description": "Allows application-initiated actions."
},
{
"name": "customer-user",
"description": "Have Customer User privileges"
},
{
"name": "customer-admin",
"description": "Have Customer Admin privileges"
},
{
"name": "sample-client-role",
"description": "Sample client role",
"attributes": {
"sample-client-role-attribute": [
"sample-client-role-attribute-value"
]
}
},
{
"name": "customer-admin-composite-role",
"description": "Have Customer Admin privileges via composite role",
"composite" : true,
"composites" : {
"realm" : [ "customer-user-premium" ],
"client" : {
"test-app" : [ "customer-admin" ]
}
}
}
],
"test-app-scope" : [
{
"name": "test-app-allowed-by-scope",
"description": "Role allowed by scope in test-app-scope"
},
{
"name": "test-app-disallowed-by-scope",
"description": "Role disallowed by scope in test-app-scope"
}
]
}
},
"groups" : [
{
"name": "topGroup",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["user"],
"subGroups": [
{
"name": "level2group",
"realmRoles": ["admin"],
"clientRoles": {
"test-app": ["customer-user"]
},
"attributes": {
"level2Attribute": ["true"]
}
},
{
"name": "level2group2",
"realmRoles": ["admin"],
"clientRoles": {
"test-app": ["customer-user"]
},
"attributes": {
"level2Attribute": ["true"]
}
}
]
},
{
"name": "roleRichGroup",
"attributes": {
"topAttribute": ["true"]
},
"realmRoles": ["user", "realm-composite-role"],
"clientRoles": {
"account": ["manage-account"]
},
"subGroups": [
{
"name": "level2group",
"realmRoles": ["admin"],
"clientRoles": {
"test-app": ["customer-user", "customer-admin-composite-role"]
},
"attributes": {
"level2Attribute": ["true"]
}
},
{
"name": "level2group2",
"realmRoles": ["admin"],
"clientRoles": {
"test-app": ["customer-user"]
},
"attributes": {
"level2Attribute": ["true"]
}
}
]
},
{
"name": "sample-realm-group"
}
],
"clientScopeMappings": {
"test-app": [
{
"client": "third-party",
"roles": ["customer-user"]
},
{
"client": "test-app-scope",
"roles": ["customer-admin-composite-role"]
}
],
"test-app-scope": [
{
"client": "test-app-scope",
"roles": ["test-app-allowed-by-scope"]
}
]
},
"internationalizationEnabled": true,
"supportedLocales": ["en", "de"],
"defaultLocale": "en",
"eventsListeners": ["jboss-logging"]
}

318
tests/custom-providers/src/main/java/org/keycloak/testsuite/federation/HardcodedClientStorageProvider.java Executable file
View File

@ -0,0 +1,318 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.federation;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientScopeModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocolFactory;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.client.AbstractReadOnlyClientStorageAdapter;
import org.keycloak.storage.client.ClientLookupProvider;
import org.keycloak.storage.client.ClientStorageProvider;
import org.keycloak.storage.client.ClientStorageProviderModel;
import org.jboss.logging.Logger;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class HardcodedClientStorageProvider implements ClientStorageProvider, ClientLookupProvider {
protected KeycloakSession session;
protected ClientStorageProviderModel component;
protected String clientId;
protected String redirectUri;
protected boolean consent;
public HardcodedClientStorageProvider(KeycloakSession session, ClientStorageProviderModel component) {
this.session = session;
this.component = component;
this.clientId = component.getConfig().getFirst(HardcodedClientStorageProviderFactory.CLIENT_ID);
this.redirectUri = component.getConfig().getFirst(HardcodedClientStorageProviderFactory.REDIRECT_URI);
this.consent = "true".equals(component.getConfig().getFirst(HardcodedClientStorageProviderFactory.CONSENT));
}
@Override
public ClientModel getClientById(RealmModel realm, String id) {
StorageId storageId = new StorageId(id);
final String clientId = storageId.getExternalId();
if (this.clientId.equals(clientId)) return new ClientAdapter(realm);
return null;
}
@Override
public ClientModel getClientByClientId(RealmModel realm, String clientId) {
if (this.clientId.equals(clientId)) return new ClientAdapter(realm);
return null;
}
@Override
public void close() {
}
@Override
public Stream<ClientModel> searchClientsByClientIdStream(RealmModel realm, String clientId, Integer firstResult, Integer maxResults) {
if (Boolean.parseBoolean(component.getConfig().getFirst(HardcodedClientStorageProviderFactory.DELAYED_SEARCH))) try {
Thread.sleep(5000l);
} catch (InterruptedException ex) {
Logger.getLogger(HardcodedClientStorageProvider.class).warn(ex.getCause());
return Stream.empty();
}
if (clientId != null && this.clientId.toLowerCase().contains(clientId.toLowerCase())) {
return Stream.of(new ClientAdapter(realm));
}
return Stream.empty();
}
@Override
public Stream<ClientModel> searchClientsByAttributes(RealmModel realm, Map<String, String> attributes, Integer firstResult, Integer maxResults) {
return Stream.empty();
}
@Override
public Stream<ClientModel> searchClientsByAuthenticationFlowBindingOverrides(RealmModel realm, Map<String, String> overrides, Integer firstResult, Integer maxResults) {
return Stream.empty();
}
@Override
public Map<String, ClientScopeModel> getClientScopes(RealmModel realm, ClientModel client, boolean defaultScope) {
if (defaultScope) {
ClientScopeModel rolesScope = KeycloakModelUtils.getClientScopeByName(realm, OIDCLoginProtocolFactory.ROLES_SCOPE);
ClientScopeModel webOriginsScope = KeycloakModelUtils.getClientScopeByName(realm, OIDCLoginProtocolFactory.WEB_ORIGINS_SCOPE);
ClientScopeModel basicScope = KeycloakModelUtils.getClientScopeByName(realm, OIDCLoginProtocolFactory.BASIC_SCOPE);
return Arrays.asList(rolesScope, webOriginsScope, basicScope)
.stream()
.filter(Objects::nonNull)
.collect(Collectors.toMap(ClientScopeModel::getName, clientScope -> clientScope));
} else {
ClientScopeModel offlineScope = KeycloakModelUtils.getClientScopeByName(realm, "offline_access");
return Collections.singletonMap("offline_access", offlineScope);
}
}
public class ClientAdapter extends AbstractReadOnlyClientStorageAdapter {
public ClientAdapter(RealmModel realm) {
super(HardcodedClientStorageProvider.this.session, realm, HardcodedClientStorageProvider.this.component);
}
@Override
public String getClientId() {
return clientId;
}
@Override
public String getName() {
return "Federated Client";
}
@Override
public String getDescription() {
return "Pulled in from client storage provider";
}
@Override
public boolean isEnabled() {
return true;
}
@Override
public boolean isAlwaysDisplayInConsole() {
return false;
}
@Override
public Set<String> getWebOrigins() {
return Collections.EMPTY_SET;
}
@Override
public Set<String> getRedirectUris() {
HashSet<String> set = new HashSet<>();
set.add(redirectUri);
return set;
}
@Override
public String getManagementUrl() {
return null;
}
@Override
public String getRootUrl() {
return null;
}
@Override
public String getBaseUrl() {
return null;
}
@Override
public boolean isBearerOnly() {
return false;
}
@Override
public int getNodeReRegistrationTimeout() {
return 0;
}
@Override
public String getClientAuthenticatorType() {
return null;
}
@Override
public boolean validateSecret(String secret) {
return "password".equals(secret);
}
@Override
public String getSecret() {
return "password";
}
@Override
public String getRegistrationToken() {
return null;
}
@Override
public String getProtocol() {
return "openid-connect";
}
@Override
public String getAttribute(String name) {
return null;
}
@Override
public Map<String, String> getAttributes() {
return Collections.EMPTY_MAP;
}
@Override
public String getAuthenticationFlowBindingOverride(String binding) {
return null;
}
@Override
public Map<String, String> getAuthenticationFlowBindingOverrides() {
return Collections.EMPTY_MAP;
}
@Override
public boolean isFrontchannelLogout() {
return false;
}
@Override
public boolean isPublicClient() {
return false;
}
@Override
public boolean isConsentRequired() {
return consent;
}
@Override
public boolean isStandardFlowEnabled() {
return true;
}
@Override
public boolean isImplicitFlowEnabled() {
return true;
}
@Override
public boolean isDirectAccessGrantsEnabled() {
return true;
}
@Override
public boolean isServiceAccountsEnabled() {
return false;
}
@Override
public Map<String, ClientScopeModel> getClientScopes(boolean defaultScope) {
return session.clients().getClientScopes(getRealm(), this, defaultScope);
}
@Override
public int getNotBefore() {
return 0;
}
@Override
public Stream<ProtocolMapperModel> getProtocolMappersStream() {
return Stream.empty();
}
@Override
public ProtocolMapperModel getProtocolMapperById(String id) {
return null;
}
@Override
public ProtocolMapperModel getProtocolMapperByName(String protocol, String name) {
return null;
}
@Override
public boolean isFullScopeAllowed() {
return false;
}
@Override
public Stream<RoleModel> getScopeMappingsStream() {
return Stream.of(realm.getRole("offline_access"));
}
@Override
public Stream<RoleModel> getRealmScopeMappingsStream() {
return Stream.empty();
}
@Override
public boolean hasScope(RoleModel role) {
return false;
}
}
}

88
tests/custom-providers/src/main/java/org/keycloak/testsuite/federation/HardcodedClientStorageProviderFactory.java Normal file
View File

@ -0,0 +1,88 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.testsuite.federation;
import java.util.List;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.provider.ProviderConfigurationBuilder;
import org.keycloak.storage.client.ClientStorageProviderFactory;
import org.keycloak.storage.client.ClientStorageProviderModel;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class HardcodedClientStorageProviderFactory implements ClientStorageProviderFactory<HardcodedClientStorageProvider> {
@Override
public HardcodedClientStorageProvider create(KeycloakSession session, ComponentModel model) {
return new HardcodedClientStorageProvider(session, new ClientStorageProviderModel(model));
}
public static final String PROVIDER_ID = "hardcoded-client";
@Override
public String getId() {
return PROVIDER_ID;
}
protected static final List<ProviderConfigProperty> CONFIG_PROPERTIES;
public static final String CLIENT_ID = "client_id";
public static final String REDIRECT_URI = "redirect_uri";
public static final String CONSENT = "consent";
public static final String DELAYED_SEARCH = "delayed_search";
static {
CONFIG_PROPERTIES = ProviderConfigurationBuilder.create()
.property().name(CLIENT_ID)
.type(ProviderConfigProperty.STRING_TYPE)
.label("Hardcoded Client Id")
.helpText("Only this client id is available for lookup")
.defaultValue("hardcoded-client")
.add()
.property().name(REDIRECT_URI)
.type(ProviderConfigProperty.STRING_TYPE)
.label("Redirect Uri")
.helpText("Valid redirect uri. Only one allowed")
.defaultValue("http://localhost:8180/*")
.add()
.property().name(CONSENT)
.type(ProviderConfigProperty.BOOLEAN_TYPE)
.label("Consent Required")
.helpText("Is consent required")
.defaultValue("false")
.add()
.property().name(DELAYED_SEARCH)
.type(ProviderConfigProperty.BOOLEAN_TYPE)
.label("Delayes provider by 5s.")
.helpText("If true it delayes search for clients within the provider by 5s.")
.defaultValue(false)
.add()
.build();
}
@Override
public List<ProviderConfigProperty> getConfigProperties() {
return CONFIG_PROPERTIES;
}
}

1
tests/custom-providers/src/main/resources/META-INF/services/org.keycloak.storage.client.ClientStorageProviderFactory Normal file
View File

@ -0,0 +1 @@
org.keycloak.testsuite.federation.HardcodedClientStorageProviderFactory

52
tests/utils/src/main/java/org/keycloak/tests/utils/infinispan/InfinispanTimeUtil.java Normal file
View File

@ -0,0 +1,52 @@
package org.keycloak.tests.utils.infinispan;
import java.io.Serializable;
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
import org.keycloak.models.KeycloakSession;
import org.keycloak.testframework.remote.providers.runonserver.RunOnServer;
import org.infinispan.manager.EmbeddedCacheManager;
import org.jboss.logging.Logger;
import static org.keycloak.connections.infinispan.InfinispanUtil.setTimeServiceToKeycloakTime;
/**
* Should be executed on the server-side with RunOnServer or @TestOnServer
*/
public class InfinispanTimeUtil implements Serializable {
protected static final Logger logger = Logger.getLogger(InfinispanTimeUtil.class);
private static Runnable origTimeService = null;
public static RunOnServer enableTestingTimeService() {
return InfinispanTimeUtil::enableTestingTimeService;
}
public static RunOnServer disableTestingTimeService() {
return InfinispanTimeUtil::disableTestingTimeService;
}
public static void enableTestingTimeService(KeycloakSession session) {
if (origTimeService != null) {
throw new IllegalStateException("Calling setTestingTimeService when testing TimeService was already set");
}
InfinispanConnectionProvider ispnProvider = session.getProvider(InfinispanConnectionProvider.class);
logger.info("Will set KeycloakIspnTimeService to the infinispan cacheManager");
EmbeddedCacheManager cacheManager = ispnProvider.getCache(InfinispanConnectionProvider.USER_CACHE_NAME).getCacheManager();
origTimeService = setTimeServiceToKeycloakTime(cacheManager);
}
public static void disableTestingTimeService(KeycloakSession session) {
if (origTimeService == null) {
throw new IllegalStateException("Calling revertTimeService when testing TimeService was not set");
}
origTimeService.run();
origTimeService = null;
}
}

1
testsuite/integration-arquillian/tests/base/testsuites/base-suite
View File

@ -18,7 +18,6 @@ federation,5
forms,5
login,4
migration,4
model,6
oauth,6
oid4vc,6
oidc,6