@Test
public void registerUserSuccess() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerUserSuccess@email",
"registerUserSuccess",
"password",
"password");
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId =
events
.expectRegister("registerUserSuccess", "registerUserSuccess@email")
.assertEvent()
.getUserId();
events.expectLogin().detail("username", "registerusersuccess").user(userId).assertEvent();
UserModel user = getUser(userId);
Assert.assertNotNull(user);
Assert.assertNotNull(user.getCreatedTimestamp());
// test that timestamp is current with 10s tollerance
Assert.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);
// test user info is set from form
assertEquals("registerusersuccess", user.getUsername());
assertEquals("registerusersuccess@email", user.getEmail());
assertEquals("firstName", user.getFirstName());
assertEquals("lastName", user.getLastName());
}
@Test
public void registerUserSuccess_emailAsUsername() {
configureRelamRegistrationEmailAsUsername(true);
try {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.registerWithEmailAsUsername(
"firstName", "lastName", "registerUserSuccessE@email", "password", "password");
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId =
events
.expectRegister("registerUserSuccessE@email", "registerUserSuccessE@email")
.assertEvent()
.getUserId();
events
.expectLogin()
.detail("username", "registerusersuccesse@email")
.user(userId)
.assertEvent();
UserModel user = getUser(userId);
Assert.assertNotNull(user);
Assert.assertNotNull(user.getCreatedTimestamp());
// test that timestamp is current with 10s tollerance
Assert.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);
} finally {
configureRelamRegistrationEmailAsUsername(false);
}
}
@Test
public void registerUserMissingOrInvalidEmail_emailAsUsername() {
configureRelamRegistrationEmailAsUsername(true);
try {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.registerWithEmailAsUsername(
"firstName", "lastName", null, "password", "password");
registerPage.assertCurrent();
assertEquals("Please specify email.", registerPage.getError());
events
.expectRegister(null, null)
.removeDetail("username")
.removeDetail("email")
.error("invalid_registration")
.assertEvent();
registerPage.registerWithEmailAsUsername(
"firstName", "lastName", "registerUserInvalidEmailemail", "password", "password");
registerPage.assertCurrent();
assertEquals("Invalid email address.", registerPage.getError());
events
.expectRegister("registerUserInvalidEmailemail", "registerUserInvalidEmailemail")
.error("invalid_registration")
.assertEvent();
} finally {
configureRelamRegistrationEmailAsUsername(false);
}
}
@Test
public void setupTotp() {
totpPage.open();
loginPage.login("test-user@localhost", "password");
events
.expectLogin()
.client("account")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=totp")
.assertEvent();
Assert.assertTrue(totpPage.isCurrent());
Assert.assertFalse(driver.getPageSource().contains("Remove Google"));
// Error with false code
totpPage.configure(totp.generate(totpPage.getTotpSecret() + "123"));
Assert.assertEquals("Invalid authenticator code.", profilePage.getError());
totpPage.configure(totp.generate(totpPage.getTotpSecret()));
Assert.assertEquals("Mobile authenticator configured.", profilePage.getSuccess());
events.expectAccount(EventType.UPDATE_TOTP).assertEvent();
Assert.assertTrue(driver.getPageSource().contains("pficon-delete"));
totpPage.removeTotp();
events.expectAccount(EventType.REMOVE_TOTP).assertEvent();
}
// KEYCLOAK-2102
@Test
public void spnegoCaseInsensitiveTest() throws Exception {
KeycloakRule keycloakRule = getKeycloakRule();
AssertEvents events = getAssertEvents();
Response spnegoResponse = spnegoLogin("MyDuke", "theduke");
Assert.assertEquals(302, spnegoResponse.getStatus());
events
.expectLogin()
.client("kerberos-app")
.user(keycloakRule.getUser("test", "myduke").getId())
.detail(Details.REDIRECT_URI, KERBEROS_APP_URL)
// .detail(Details.AUTH_METHOD, "spnego")
.detail(Details.USERNAME, "myduke")
.assertEvent();
String location = spnegoResponse.getLocation().toString();
driver.navigate().to(location);
String pageSource = driver.getPageSource();
Assert.assertTrue(
pageSource.contains("Kerberos Test")
&& pageSource.contains("Kerberos servlet secured content"));
spnegoResponse.close();
events.clear();
}
@Test
public void changePassword() {
changePasswordPage.open();
loginPage.login("test-user@localhost", "password");
Event event =
events
.expectLogin()
.client("account")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password")
.assertEvent();
String sessionId = event.getSessionId();
String userId = event.getUserId();
changePasswordPage.changePassword("", "new-password", "new-password");
Assert.assertEquals("Please specify password.", profilePage.getError());
changePasswordPage.changePassword("password", "new-password", "new-password2");
Assert.assertEquals("Password confirmation doesn't match.", profilePage.getError());
changePasswordPage.changePassword("password", "new-password", "new-password");
Assert.assertEquals("Your password has been updated.", profilePage.getSuccess());
events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
changePasswordPage.logout();
events
.expectLogout(sessionId)
.detail(Details.REDIRECT_URI, changePasswordPage.getPath())
.assertEvent();
loginPage.open();
loginPage.login("test-user@localhost", "password");
Assert.assertEquals("Invalid username or password.", loginPage.getError());
events
.expectLogin()
.session((String) null)
.error("invalid_user_credentials")
.removeDetail(Details.CONSENT)
.assertEvent();
loginPage.open();
loginPage.login("test-user@localhost", "new-password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
}
@Test
public void clientCredentialsAuthSuccess() throws Exception {
oauth.clientId("service-account-cl");
OAuthClient.AccessTokenResponse response =
oauth.doClientCredentialsGrantAccessTokenRequest("secret1");
assertEquals(200, response.getStatusCode());
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
events
.expectClientLogin()
.client("service-account-cl")
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(
Details.USERNAME,
ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
.assertEvent();
assertEquals(accessToken.getSessionState(), refreshToken.getSessionState());
System.out.println("Access token other claims: " + accessToken.getOtherClaims());
Assert.assertEquals(
"service-account-cl", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID));
Assert.assertTrue(
accessToken.getOtherClaims().containsKey(ServiceAccountConstants.CLIENT_ADDRESS));
Assert.assertTrue(
accessToken.getOtherClaims().containsKey(ServiceAccountConstants.CLIENT_HOST));
OAuthClient.AccessTokenResponse refreshedResponse =
oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret1");
AccessToken refreshedAccessToken = oauth.verifyToken(refreshedResponse.getAccessToken());
RefreshToken refreshedRefreshToken =
oauth.verifyRefreshToken(refreshedResponse.getRefreshToken());
assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());
events
.expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
.user(userId)
.client("service-account-cl")
.assertEvent();
}
@Test
public void resetPasswordCancel() throws IOException, MessagingException {
loginPage.open();
loginPage.resetPassword();
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword("login-test");
resetPasswordPage.assertCurrent();
events
.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.user(userId)
.detail(Details.USERNAME, "login-test")
.detail(Details.EMAIL, "*****@*****.**")
.assertEvent()
.getSessionId();
resetPasswordPage.backToLogin();
Assert.assertTrue(loginPage.isCurrent());
loginPage.login("login-test", "password");
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String body = (String) message.getContent();
String changePasswordUrl = MailUtil.getLink(body);
driver.navigate().to(changePasswordUrl.trim());
events
.expect(EventType.RESET_PASSWORD_ERROR)
.client((String) null)
.user((String) null)
.error("invalid_code")
.clearDetails()
.assertEvent();
Assert.assertTrue(errorPage.isCurrent());
Assert.assertEquals(
"Unknown code, please login again through your application.", errorPage.getError());
}
@Test
public void grantAccessTokenUserNotFound() throws Exception {
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response =
oauth.doGrantAccessTokenRequest("secret", "invalid", "invalid");
assertEquals(401, response.getStatusCode());
assertEquals("invalid_grant", response.getError());
events
.expectLogin()
.client("resource-owner")
.user((String) null)
.session((String) null)
.detail(Details.AUTH_METHOD, "oauth_credentials")
.detail(Details.RESPONSE_TYPE, "token")
.detail(Details.USERNAME, "invalid")
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.error(Errors.INVALID_USER_CREDENTIALS)
.assertEvent();
}
@Test
public void registerUserMissingPassword() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerUserMissingPassword@email",
"registerUserMissingPassword",
null,
null);
registerPage.assertCurrent();
assertEquals("Please specify password.", registerPage.getError());
events
.expectRegister("registerUserMissingPassword", "registerUserMissingPassword@email")
.removeDetail(Details.USERNAME)
.removeDetail(Details.EMAIL)
.user((String) null)
.error("invalid_registration")
.assertEvent();
}
@Test
public void returnToAppFromQueryParam() {
driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
driver
.navigate()
.to(
AccountUpdateProfilePage.PATH
+ "?referrer=test-app&referrer_uri=http://localhost:8081/app?test");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
Assert.assertEquals(appPage.baseUrl + "?test", driver.getCurrentUrl());
driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
Assert.assertTrue(profilePage.isCurrent());
driver.findElement(By.linkText("Authenticator")).click();
Assert.assertTrue(totpPage.isCurrent());
driver.findElement(By.linkText("Account")).click();
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
events.clear();
}
@Test
public void registerUserManyErrors() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(null, null, null, null, null, null);
registerPage.assertCurrent();
assertEquals(
"Please specify username.\n"
+ "Please specify first name.\n"
+ "Please specify last name.\n"
+ "Please specify email.\n"
+ "Please specify password.",
registerPage.getError());
events
.expectRegister(null, "registerUserMissingUsername@email")
.removeDetail(Details.USERNAME)
.removeDetail(Details.EMAIL)
.error("invalid_registration")
.assertEvent();
}
@Test
public void registerExistingUser() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerExistingUser@email",
"test-user@localhost",
"password",
"password");
registerPage.assertCurrent();
assertEquals("Username already exists.", registerPage.getError());
// assert form keeps form fields on error
assertEquals("firstName", registerPage.getFirstName());
assertEquals("lastName", registerPage.getLastName());
assertEquals("registerExistingUser@email", registerPage.getEmail());
assertEquals("", registerPage.getUsername());
assertEquals("", registerPage.getPassword());
assertEquals("", registerPage.getPasswordConfirm());
events
.expectRegister("test-user@localhost", "registerExistingUser@email")
.removeDetail(Details.EMAIL)
.user((String) null)
.error("username_in_use")
.assertEvent();
}
@Test
public void registerUserInvalidPasswordConfirm() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerUserInvalidPasswordConfirm@email",
"registerUserInvalidPasswordConfirm",
"password",
"invalid");
registerPage.assertCurrent();
assertEquals("Password confirmation doesn't match.", registerPage.getError());
// assert form keeps form fields on error
assertEquals("firstName", registerPage.getFirstName());
assertEquals("lastName", registerPage.getLastName());
assertEquals("registerUserInvalidPasswordConfirm@email", registerPage.getEmail());
assertEquals("registerUserInvalidPasswordConfirm", registerPage.getUsername());
assertEquals("", registerPage.getPassword());
assertEquals("", registerPage.getPasswordConfirm());
events
.expectRegister(
"registerUserInvalidPasswordConfirm", "registerUserInvalidPasswordConfirm@email")
.removeDetail(Details.USERNAME)
.removeDetail(Details.EMAIL)
.user((String) null)
.error("invalid_registration")
.assertEvent();
}
@Test
public void resetPasswordWrongEmail()
throws IOException, MessagingException, InterruptedException {
loginPage.open();
loginPage.resetPassword();
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword("invalid");
resetPasswordPage.assertCurrent();
Assert.assertEquals(
"You should receive an email shortly with further instructions.",
resetPasswordPage.getSuccessMessage());
Thread.sleep(1000);
Assert.assertEquals(0, greenMail.getReceivedMessages().length);
events
.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.user((String) null)
.session((String) null)
.detail(Details.USERNAME, "invalid")
.removeDetail(Details.EMAIL)
.removeDetail(Details.CODE_ID)
.error("user_not_found")
.assertEvent();
}
@Test
public void clientCredentialsLogout() throws Exception {
oauth.clientId("service-account-cl");
OAuthClient.AccessTokenResponse response =
oauth.doClientCredentialsGrantAccessTokenRequest("secret1");
assertEquals(200, response.getStatusCode());
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
events
.expectClientLogin()
.client("service-account-cl")
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(
Details.USERNAME,
ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
.detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID)
.assertEvent();
HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1");
assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
events
.expectLogout(accessToken.getSessionState())
.client("service-account-cl")
.user(userId)
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret1");
assertEquals(400, response.getStatusCode());
assertEquals("invalid_grant", response.getError());
events
.expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
.client("service-account-cl")
.user(userId)
.removeDetail(Details.TOKEN_ID)
.removeDetail(Details.UPDATED_REFRESH_TOKEN_ID)
.error(Errors.INVALID_TOKEN)
.assertEvent();
}
@Test
public void grantAccessTokenLogout() throws Exception {
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response =
oauth.doGrantAccessTokenRequest("secret", "test-user@localhost", "password");
assertEquals(200, response.getStatusCode());
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
events
.expectLogin()
.client("resource-owner")
.session(accessToken.getSessionState())
.detail(Details.AUTH_METHOD, "oauth_credentials")
.detail(Details.RESPONSE_TYPE, "token")
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret");
assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
events
.expectLogout(accessToken.getSessionState())
.client("resource-owner")
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret");
assertEquals(400, response.getStatusCode());
assertEquals("invalid_grant", response.getError());
events
.expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
.client("resource-owner")
.removeDetail(Details.TOKEN_ID)
.removeDetail(Details.UPDATED_REFRESH_TOKEN_ID)
.error(Errors.INVALID_TOKEN)
.assertEvent();
}
protected void testSuccessfulImpersonation(String admin, String adminRealm) {
Client client = createClient(admin, adminRealm);
WebTarget impersonate = createImpersonateTarget(client);
Map data = impersonate.request().post(null, Map.class);
Assert.assertNotNull(data);
Assert.assertNotNull(data.get("redirect"));
events
.expect(EventType.IMPERSONATE)
.session(AssertEvents.isUUID())
.user(impersonatedUserId)
.detail(Details.IMPERSONATOR, admin)
.detail(Details.IMPERSONATOR_REALM, adminRealm)
.client((String) null)
.assertEvent();
client.close();
}
private void grantAccessToken(String login) throws Exception {
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response =
oauth.doGrantAccessTokenRequest("secret", login, "password");
assertEquals(200, response.getStatusCode());
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
events
.expectLogin()
.client("resource-owner")
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.AUTH_METHOD, "oauth_credentials")
.detail(Details.RESPONSE_TYPE, "token")
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, login)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
assertEquals(accessToken.getSessionState(), refreshToken.getSessionState());
OAuthClient.AccessTokenResponse refreshedResponse =
oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret");
AccessToken refreshedAccessToken = oauth.verifyToken(refreshedResponse.getAccessToken());
RefreshToken refreshedRefreshToken =
oauth.verifyRefreshToken(refreshedResponse.getRefreshToken());
assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());
events
.expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
.user(userId)
.client("resource-owner")
.assertEvent();
}
@Test
public void sessions() {
loginPage.open();
loginPage.clickRegister();
registerPage.register(
"view", "sessions", "view-sessions@localhost", "view-sessions", "password", "password");
Event registerEvent =
events.expectRegister("view-sessions", "view-sessions@localhost").assertEvent();
String userId = registerEvent.getUserId();
events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();
sessionsPage.open();
Assert.assertTrue(sessionsPage.isCurrent());
List<List<String>> sessions = sessionsPage.getSessions();
Assert.assertEquals(1, sessions.size());
Assert.assertEquals("127.0.0.1", sessions.get(0).get(0));
// Create second session
WebDriver driver2 = WebRule.createWebDriver();
try {
OAuthClient oauth2 = new OAuthClient(driver2);
oauth2.state("mystate");
oauth2.doLogin("view-sessions", "password");
Event login2Event =
events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();
sessionsPage.open();
sessions = sessionsPage.getSessions();
Assert.assertEquals(2, sessions.size());
sessionsPage.logoutAll();
events.expectLogout(registerEvent.getSessionId());
events.expectLogout(login2Event.getSessionId());
} finally {
driver2.close();
}
}
@Test
public void changePasswordWithLengthPasswordPolicy() {
keycloakRule.update(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setPasswordPolicy(new PasswordPolicy("length"));
}
});
try {
changePasswordPage.open();
loginPage.login("test-user@localhost", "password");
events
.expectLogin()
.client("account")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password")
.assertEvent();
changePasswordPage.changePassword("", "new", "new");
Assert.assertEquals("Please specify password.", profilePage.getError());
changePasswordPage.changePassword("password", "new-password", "new-password");
Assert.assertEquals("Your password has been updated.", profilePage.getSuccess());
events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
} finally {
keycloakRule.update(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setPasswordPolicy(new PasswordPolicy(null));
}
});
}
}
// KEYCLOAK-1534
@Test
public void changeEmailToExisting() {
profilePage.open();
loginPage.login("test-user@localhost", "password");
events
.expectLogin()
.client("account")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT)
.assertEvent();
Assert.assertEquals("test-user@localhost", profilePage.getUsername());
Assert.assertEquals("test-user@localhost", profilePage.getEmail());
// Change to the email, which some other user has
profilePage.updateProfile("New first", "New last", "test-user-no-access@localhost");
profilePage.assertCurrent();
Assert.assertEquals("Email already exists.", profilePage.getError());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("test-user-no-access@localhost", profilePage.getEmail());
events.assertEmpty();
// Change some other things, but not email
profilePage.updateProfile("New first", "New last", "test-user@localhost");
Assert.assertEquals("Your account has been updated.", profilePage.getSuccess());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("test-user@localhost", profilePage.getEmail());
events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
// Change email and other things to original values
profilePage.updateProfile("Tom", "Brady", "test-user@localhost");
events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
}
@Test
public void loginWithHotpSuccess() throws Exception {
loginPage.open();
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(loginTotpPage.isCurrent());
loginTotpPage.login(otp.generateHOTP("hotpSecret", counter++));
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
}
@Test
public void changeClientIdTest() throws Exception {
keycloakRule.update(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ClientModel app = appRealm.getClientByClientId("service-account-cl");
app.setClientId("updated-client");
}
});
oauth.clientId("updated-client");
OAuthClient.AccessTokenResponse response =
oauth.doClientCredentialsGrantAccessTokenRequest("secret1");
assertEquals(200, response.getStatusCode());
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
Assert.assertEquals(
"updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID));
// Username still same. Client ID changed
events
.expectClientLogin()
.client("updated-client")
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(
Details.USERNAME,
ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
.assertEvent();
// Revert change
keycloakRule.update(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
ClientModel app = appRealm.getClientByClientId("updated-client");
app.setClientId("service-account-cl");
}
});
}
@Test
public void changeProfileNoAccess() throws Exception {
profilePage.open();
loginPage.login("test-user-no-access@localhost", "password");
events
.expectLogin()
.client("account")
.user(keycloakRule.getUser("test", "test-user-no-access@localhost").getId())
.detail(Details.USERNAME, "test-user-no-access@localhost")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT)
.assertEvent();
Assert.assertTrue(errorPage.isCurrent());
Assert.assertEquals("No access", errorPage.getError());
}
@Test
public void loginWithHotpInvalidPassword() throws Exception {
loginPage.open();
loginPage.login("test-user@localhost", "invalid");
Assert.assertTrue(loginPage.isCurrent());
Assert.assertEquals("Invalid username or password.", loginPage.getError());
events
.expectLogin()
.error("invalid_user_credentials")
.session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
}
@Test
public void registerUserMissingEmail() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName", "lastName", null, "registerUserMissingEmail", "password", "password");
registerPage.assertCurrent();
assertEquals("Please specify email.", registerPage.getError());
events
.expectRegister("registerUserMissingEmail", null)
.removeDetail("email")
.error("invalid_registration")
.assertEvent();
}
@Test
public void grantAccessTokenInvalidClientCredentials() throws Exception {
oauth.clientId("resource-owner");
OAuthClient.AccessTokenResponse response =
oauth.doGrantAccessTokenRequest("invalid", "test-user@localhost", "password");
assertEquals(400, response.getStatusCode());
assertEquals("unauthorized_client", response.getError());
events
.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
.error(Errors.INVALID_CLIENT_CREDENTIALS)
.user((String) null)
.assertEvent();
}
@Test
public void clientCredentialsInvalidClientCredentials() throws Exception {
oauth.clientId("service-account-cl");
OAuthClient.AccessTokenResponse response =
oauth.doClientCredentialsGrantAccessTokenRequest("secret2");
assertEquals(400, response.getStatusCode());
assertEquals("unauthorized_client", response.getError());
events
.expectClientLogin()
.client("service-account-cl")
.session((String) null)
.clearDetails()
.error(Errors.INVALID_CLIENT_CREDENTIALS)
.user((String) null)
.assertEvent();
}
@Test
public void loginWithHotpFailure() throws Exception {
loginPage.open();
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(loginTotpPage.isCurrent());
loginTotpPage.login("123456");
loginTotpPage.assertCurrent();
Assert.assertEquals("Invalid authenticator code.", loginPage.getError());
// loginPage.assertCurrent(); // Invalid authenticator code.
// Assert.assertEquals("Invalid username or password.", loginPage.getError());
events
.expectLogin()
.error("invalid_user_credentials")
.session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
}
