@Test
  public void registerUserSuccess() {
    loginPage.open();
    loginPage.clickRegister();
    registerPage.assertCurrent();

    registerPage.register(
        "firstName",
        "lastName",
        "registerUserSuccess@email",
        "registerUserSuccess",
        "password",
        "password");

    assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());

    String userId =
        events
            .expectRegister("registerUserSuccess", "registerUserSuccess@email")
            .assertEvent()
            .getUserId();
    events.expectLogin().detail("username", "registerusersuccess").user(userId).assertEvent();

    UserModel user = getUser(userId);
    Assert.assertNotNull(user);
    Assert.assertNotNull(user.getCreatedTimestamp());
    // test that timestamp is current with 10s tollerance
    Assert.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);
    // test user info is set from form
    assertEquals("registerusersuccess", user.getUsername());
    assertEquals("registerusersuccess@email", user.getEmail());
    assertEquals("firstName", user.getFirstName());
    assertEquals("lastName", user.getLastName());
  }
  @Test
  public void registerUserSuccess_emailAsUsername() {
    configureRelamRegistrationEmailAsUsername(true);

    try {
      loginPage.open();
      loginPage.clickRegister();
      registerPage.assertCurrent();

      registerPage.registerWithEmailAsUsername(
          "firstName", "lastName", "registerUserSuccessE@email", "password", "password");

      assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());

      String userId =
          events
              .expectRegister("registerUserSuccessE@email", "registerUserSuccessE@email")
              .assertEvent()
              .getUserId();
      events
          .expectLogin()
          .detail("username", "registerusersuccesse@email")
          .user(userId)
          .assertEvent();

      UserModel user = getUser(userId);
      Assert.assertNotNull(user);
      Assert.assertNotNull(user.getCreatedTimestamp());
      // test that timestamp is current with 10s tollerance
      Assert.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);

    } finally {
      configureRelamRegistrationEmailAsUsername(false);
    }
  }
  @Test
  public void registerUserMissingOrInvalidEmail_emailAsUsername() {
    configureRelamRegistrationEmailAsUsername(true);

    try {
      loginPage.open();
      loginPage.clickRegister();
      registerPage.assertCurrent();

      registerPage.registerWithEmailAsUsername(
          "firstName", "lastName", null, "password", "password");
      registerPage.assertCurrent();
      assertEquals("Please specify email.", registerPage.getError());
      events
          .expectRegister(null, null)
          .removeDetail("username")
          .removeDetail("email")
          .error("invalid_registration")
          .assertEvent();

      registerPage.registerWithEmailAsUsername(
          "firstName", "lastName", "registerUserInvalidEmailemail", "password", "password");
      registerPage.assertCurrent();
      assertEquals("Invalid email address.", registerPage.getError());
      events
          .expectRegister("registerUserInvalidEmailemail", "registerUserInvalidEmailemail")
          .error("invalid_registration")
          .assertEvent();
    } finally {
      configureRelamRegistrationEmailAsUsername(false);
    }
  }
Exemple #4
0
  @Test
  public void setupTotp() {
    totpPage.open();
    loginPage.login("test-user@localhost", "password");

    events
        .expectLogin()
        .client("account")
        .detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=totp")
        .assertEvent();

    Assert.assertTrue(totpPage.isCurrent());

    Assert.assertFalse(driver.getPageSource().contains("Remove Google"));

    // Error with false code
    totpPage.configure(totp.generate(totpPage.getTotpSecret() + "123"));

    Assert.assertEquals("Invalid authenticator code.", profilePage.getError());

    totpPage.configure(totp.generate(totpPage.getTotpSecret()));

    Assert.assertEquals("Mobile authenticator configured.", profilePage.getSuccess());

    events.expectAccount(EventType.UPDATE_TOTP).assertEvent();

    Assert.assertTrue(driver.getPageSource().contains("pficon-delete"));

    totpPage.removeTotp();

    events.expectAccount(EventType.REMOVE_TOTP).assertEvent();
  }
  // KEYCLOAK-2102
  @Test
  public void spnegoCaseInsensitiveTest() throws Exception {
    KeycloakRule keycloakRule = getKeycloakRule();
    AssertEvents events = getAssertEvents();

    Response spnegoResponse = spnegoLogin("MyDuke", "theduke");
    Assert.assertEquals(302, spnegoResponse.getStatus());

    events
        .expectLogin()
        .client("kerberos-app")
        .user(keycloakRule.getUser("test", "myduke").getId())
        .detail(Details.REDIRECT_URI, KERBEROS_APP_URL)
        // .detail(Details.AUTH_METHOD, "spnego")
        .detail(Details.USERNAME, "myduke")
        .assertEvent();

    String location = spnegoResponse.getLocation().toString();
    driver.navigate().to(location);

    String pageSource = driver.getPageSource();
    Assert.assertTrue(
        pageSource.contains("Kerberos Test")
            && pageSource.contains("Kerberos servlet secured content"));

    spnegoResponse.close();
    events.clear();
  }
Exemple #6
0
  @Test
  public void changePassword() {
    changePasswordPage.open();
    loginPage.login("test-user@localhost", "password");

    Event event =
        events
            .expectLogin()
            .client("account")
            .detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password")
            .assertEvent();
    String sessionId = event.getSessionId();
    String userId = event.getUserId();
    changePasswordPage.changePassword("", "new-password", "new-password");

    Assert.assertEquals("Please specify password.", profilePage.getError());

    changePasswordPage.changePassword("password", "new-password", "new-password2");

    Assert.assertEquals("Password confirmation doesn't match.", profilePage.getError());

    changePasswordPage.changePassword("password", "new-password", "new-password");

    Assert.assertEquals("Your password has been updated.", profilePage.getSuccess());

    events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();

    changePasswordPage.logout();

    events
        .expectLogout(sessionId)
        .detail(Details.REDIRECT_URI, changePasswordPage.getPath())
        .assertEvent();

    loginPage.open();
    loginPage.login("test-user@localhost", "password");

    Assert.assertEquals("Invalid username or password.", loginPage.getError());

    events
        .expectLogin()
        .session((String) null)
        .error("invalid_user_credentials")
        .removeDetail(Details.CONSENT)
        .assertEvent();

    loginPage.open();
    loginPage.login("test-user@localhost", "new-password");

    Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());

    events.expectLogin().assertEvent();
  }
  @Test
  public void clientCredentialsAuthSuccess() throws Exception {
    oauth.clientId("service-account-cl");

    OAuthClient.AccessTokenResponse response =
        oauth.doClientCredentialsGrantAccessTokenRequest("secret1");

    assertEquals(200, response.getStatusCode());

    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());

    events
        .expectClientLogin()
        .client("service-account-cl")
        .user(userId)
        .session(accessToken.getSessionState())
        .detail(Details.TOKEN_ID, accessToken.getId())
        .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
        .detail(
            Details.USERNAME,
            ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
        .assertEvent();

    assertEquals(accessToken.getSessionState(), refreshToken.getSessionState());
    System.out.println("Access token other claims: " + accessToken.getOtherClaims());
    Assert.assertEquals(
        "service-account-cl", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID));
    Assert.assertTrue(
        accessToken.getOtherClaims().containsKey(ServiceAccountConstants.CLIENT_ADDRESS));
    Assert.assertTrue(
        accessToken.getOtherClaims().containsKey(ServiceAccountConstants.CLIENT_HOST));

    OAuthClient.AccessTokenResponse refreshedResponse =
        oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret1");

    AccessToken refreshedAccessToken = oauth.verifyToken(refreshedResponse.getAccessToken());
    RefreshToken refreshedRefreshToken =
        oauth.verifyRefreshToken(refreshedResponse.getRefreshToken());

    assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
    assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());

    events
        .expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
        .user(userId)
        .client("service-account-cl")
        .assertEvent();
  }
  @Test
  public void resetPasswordCancel() throws IOException, MessagingException {
    loginPage.open();
    loginPage.resetPassword();

    resetPasswordPage.assertCurrent();

    resetPasswordPage.changePassword("login-test");

    resetPasswordPage.assertCurrent();

    events
        .expectRequiredAction(EventType.SEND_RESET_PASSWORD)
        .user(userId)
        .detail(Details.USERNAME, "login-test")
        .detail(Details.EMAIL, "*****@*****.**")
        .assertEvent()
        .getSessionId();

    resetPasswordPage.backToLogin();

    Assert.assertTrue(loginPage.isCurrent());

    loginPage.login("login-test", "password");

    events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();

    Assert.assertEquals(1, greenMail.getReceivedMessages().length);

    MimeMessage message = greenMail.getReceivedMessages()[0];

    String body = (String) message.getContent();
    String changePasswordUrl = MailUtil.getLink(body);

    driver.navigate().to(changePasswordUrl.trim());

    events
        .expect(EventType.RESET_PASSWORD_ERROR)
        .client((String) null)
        .user((String) null)
        .error("invalid_code")
        .clearDetails()
        .assertEvent();

    Assert.assertTrue(errorPage.isCurrent());
    Assert.assertEquals(
        "Unknown code, please login again through your application.", errorPage.getError());
  }
  @Test
  public void grantAccessTokenUserNotFound() throws Exception {
    oauth.clientId("resource-owner");

    OAuthClient.AccessTokenResponse response =
        oauth.doGrantAccessTokenRequest("secret", "invalid", "invalid");

    assertEquals(401, response.getStatusCode());

    assertEquals("invalid_grant", response.getError());

    events
        .expectLogin()
        .client("resource-owner")
        .user((String) null)
        .session((String) null)
        .detail(Details.AUTH_METHOD, "oauth_credentials")
        .detail(Details.RESPONSE_TYPE, "token")
        .detail(Details.USERNAME, "invalid")
        .removeDetail(Details.CODE_ID)
        .removeDetail(Details.REDIRECT_URI)
        .removeDetail(Details.CONSENT)
        .error(Errors.INVALID_USER_CREDENTIALS)
        .assertEvent();
  }
  @Test
  public void registerUserMissingPassword() {
    loginPage.open();
    loginPage.clickRegister();
    registerPage.assertCurrent();

    registerPage.register(
        "firstName",
        "lastName",
        "registerUserMissingPassword@email",
        "registerUserMissingPassword",
        null,
        null);

    registerPage.assertCurrent();
    assertEquals("Please specify password.", registerPage.getError());

    events
        .expectRegister("registerUserMissingPassword", "registerUserMissingPassword@email")
        .removeDetail(Details.USERNAME)
        .removeDetail(Details.EMAIL)
        .user((String) null)
        .error("invalid_registration")
        .assertEvent();
  }
Exemple #11
0
  @Test
  public void returnToAppFromQueryParam() {
    driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
    loginPage.login("test-user@localhost", "password");
    Assert.assertTrue(profilePage.isCurrent());
    profilePage.backToApplication();

    Assert.assertTrue(appPage.isCurrent());

    driver
        .navigate()
        .to(
            AccountUpdateProfilePage.PATH
                + "?referrer=test-app&referrer_uri=http://localhost:8081/app?test");
    Assert.assertTrue(profilePage.isCurrent());
    profilePage.backToApplication();

    Assert.assertTrue(appPage.isCurrent());
    Assert.assertEquals(appPage.baseUrl + "?test", driver.getCurrentUrl());

    driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
    Assert.assertTrue(profilePage.isCurrent());

    driver.findElement(By.linkText("Authenticator")).click();
    Assert.assertTrue(totpPage.isCurrent());

    driver.findElement(By.linkText("Account")).click();
    Assert.assertTrue(profilePage.isCurrent());

    profilePage.backToApplication();

    Assert.assertTrue(appPage.isCurrent());

    events.clear();
  }
  @Test
  public void registerUserManyErrors() {
    loginPage.open();
    loginPage.clickRegister();
    registerPage.assertCurrent();

    registerPage.register(null, null, null, null, null, null);

    registerPage.assertCurrent();

    assertEquals(
        "Please specify username.\n"
            + "Please specify first name.\n"
            + "Please specify last name.\n"
            + "Please specify email.\n"
            + "Please specify password.",
        registerPage.getError());

    events
        .expectRegister(null, "registerUserMissingUsername@email")
        .removeDetail(Details.USERNAME)
        .removeDetail(Details.EMAIL)
        .error("invalid_registration")
        .assertEvent();
  }
  @Test
  public void registerExistingUser() {
    loginPage.open();
    loginPage.clickRegister();
    registerPage.assertCurrent();

    registerPage.register(
        "firstName",
        "lastName",
        "registerExistingUser@email",
        "test-user@localhost",
        "password",
        "password");

    registerPage.assertCurrent();
    assertEquals("Username already exists.", registerPage.getError());

    // assert form keeps form fields on error
    assertEquals("firstName", registerPage.getFirstName());
    assertEquals("lastName", registerPage.getLastName());
    assertEquals("registerExistingUser@email", registerPage.getEmail());
    assertEquals("", registerPage.getUsername());
    assertEquals("", registerPage.getPassword());
    assertEquals("", registerPage.getPasswordConfirm());

    events
        .expectRegister("test-user@localhost", "registerExistingUser@email")
        .removeDetail(Details.EMAIL)
        .user((String) null)
        .error("username_in_use")
        .assertEvent();
  }
  @Test
  public void registerUserInvalidPasswordConfirm() {
    loginPage.open();
    loginPage.clickRegister();
    registerPage.assertCurrent();

    registerPage.register(
        "firstName",
        "lastName",
        "registerUserInvalidPasswordConfirm@email",
        "registerUserInvalidPasswordConfirm",
        "password",
        "invalid");

    registerPage.assertCurrent();
    assertEquals("Password confirmation doesn't match.", registerPage.getError());

    // assert form keeps form fields on error
    assertEquals("firstName", registerPage.getFirstName());
    assertEquals("lastName", registerPage.getLastName());
    assertEquals("registerUserInvalidPasswordConfirm@email", registerPage.getEmail());
    assertEquals("registerUserInvalidPasswordConfirm", registerPage.getUsername());
    assertEquals("", registerPage.getPassword());
    assertEquals("", registerPage.getPasswordConfirm());

    events
        .expectRegister(
            "registerUserInvalidPasswordConfirm", "registerUserInvalidPasswordConfirm@email")
        .removeDetail(Details.USERNAME)
        .removeDetail(Details.EMAIL)
        .user((String) null)
        .error("invalid_registration")
        .assertEvent();
  }
  @Test
  public void resetPasswordWrongEmail()
      throws IOException, MessagingException, InterruptedException {
    loginPage.open();
    loginPage.resetPassword();

    resetPasswordPage.assertCurrent();

    resetPasswordPage.changePassword("invalid");

    resetPasswordPage.assertCurrent();

    Assert.assertEquals(
        "You should receive an email shortly with further instructions.",
        resetPasswordPage.getSuccessMessage());

    Thread.sleep(1000);

    Assert.assertEquals(0, greenMail.getReceivedMessages().length);

    events
        .expectRequiredAction(EventType.SEND_RESET_PASSWORD)
        .user((String) null)
        .session((String) null)
        .detail(Details.USERNAME, "invalid")
        .removeDetail(Details.EMAIL)
        .removeDetail(Details.CODE_ID)
        .error("user_not_found")
        .assertEvent();
  }
  @Test
  public void clientCredentialsLogout() throws Exception {
    oauth.clientId("service-account-cl");

    OAuthClient.AccessTokenResponse response =
        oauth.doClientCredentialsGrantAccessTokenRequest("secret1");

    assertEquals(200, response.getStatusCode());

    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());

    events
        .expectClientLogin()
        .client("service-account-cl")
        .user(userId)
        .session(accessToken.getSessionState())
        .detail(Details.TOKEN_ID, accessToken.getId())
        .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
        .detail(
            Details.USERNAME,
            ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
        .detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID)
        .assertEvent();

    HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret1");
    assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
    events
        .expectLogout(accessToken.getSessionState())
        .client("service-account-cl")
        .user(userId)
        .removeDetail(Details.REDIRECT_URI)
        .assertEvent();

    response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret1");
    assertEquals(400, response.getStatusCode());
    assertEquals("invalid_grant", response.getError());

    events
        .expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
        .client("service-account-cl")
        .user(userId)
        .removeDetail(Details.TOKEN_ID)
        .removeDetail(Details.UPDATED_REFRESH_TOKEN_ID)
        .error(Errors.INVALID_TOKEN)
        .assertEvent();
  }
  @Test
  public void grantAccessTokenLogout() throws Exception {
    oauth.clientId("resource-owner");

    OAuthClient.AccessTokenResponse response =
        oauth.doGrantAccessTokenRequest("secret", "test-user@localhost", "password");

    assertEquals(200, response.getStatusCode());

    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());

    events
        .expectLogin()
        .client("resource-owner")
        .session(accessToken.getSessionState())
        .detail(Details.AUTH_METHOD, "oauth_credentials")
        .detail(Details.RESPONSE_TYPE, "token")
        .detail(Details.TOKEN_ID, accessToken.getId())
        .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
        .removeDetail(Details.CODE_ID)
        .removeDetail(Details.REDIRECT_URI)
        .removeDetail(Details.CONSENT)
        .assertEvent();

    HttpResponse logoutResponse = oauth.doLogout(response.getRefreshToken(), "secret");
    assertEquals(204, logoutResponse.getStatusLine().getStatusCode());
    events
        .expectLogout(accessToken.getSessionState())
        .client("resource-owner")
        .removeDetail(Details.REDIRECT_URI)
        .assertEvent();

    response = oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret");
    assertEquals(400, response.getStatusCode());
    assertEquals("invalid_grant", response.getError());

    events
        .expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
        .client("resource-owner")
        .removeDetail(Details.TOKEN_ID)
        .removeDetail(Details.UPDATED_REFRESH_TOKEN_ID)
        .error(Errors.INVALID_TOKEN)
        .assertEvent();
  }
  protected void testSuccessfulImpersonation(String admin, String adminRealm) {
    Client client = createClient(admin, adminRealm);
    WebTarget impersonate = createImpersonateTarget(client);
    Map data = impersonate.request().post(null, Map.class);
    Assert.assertNotNull(data);
    Assert.assertNotNull(data.get("redirect"));

    events
        .expect(EventType.IMPERSONATE)
        .session(AssertEvents.isUUID())
        .user(impersonatedUserId)
        .detail(Details.IMPERSONATOR, admin)
        .detail(Details.IMPERSONATOR_REALM, adminRealm)
        .client((String) null)
        .assertEvent();

    client.close();
  }
  private void grantAccessToken(String login) throws Exception {
    oauth.clientId("resource-owner");

    OAuthClient.AccessTokenResponse response =
        oauth.doGrantAccessTokenRequest("secret", login, "password");

    assertEquals(200, response.getStatusCode());

    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());

    events
        .expectLogin()
        .client("resource-owner")
        .user(userId)
        .session(accessToken.getSessionState())
        .detail(Details.AUTH_METHOD, "oauth_credentials")
        .detail(Details.RESPONSE_TYPE, "token")
        .detail(Details.TOKEN_ID, accessToken.getId())
        .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
        .detail(Details.USERNAME, login)
        .removeDetail(Details.CODE_ID)
        .removeDetail(Details.REDIRECT_URI)
        .removeDetail(Details.CONSENT)
        .assertEvent();

    assertEquals(accessToken.getSessionState(), refreshToken.getSessionState());

    OAuthClient.AccessTokenResponse refreshedResponse =
        oauth.doRefreshTokenRequest(response.getRefreshToken(), "secret");

    AccessToken refreshedAccessToken = oauth.verifyToken(refreshedResponse.getAccessToken());
    RefreshToken refreshedRefreshToken =
        oauth.verifyRefreshToken(refreshedResponse.getRefreshToken());

    assertEquals(accessToken.getSessionState(), refreshedAccessToken.getSessionState());
    assertEquals(accessToken.getSessionState(), refreshedRefreshToken.getSessionState());

    events
        .expectRefresh(refreshToken.getId(), refreshToken.getSessionState())
        .user(userId)
        .client("resource-owner")
        .assertEvent();
  }
Exemple #20
0
  @Test
  public void sessions() {
    loginPage.open();
    loginPage.clickRegister();

    registerPage.register(
        "view", "sessions", "view-sessions@localhost", "view-sessions", "password", "password");

    Event registerEvent =
        events.expectRegister("view-sessions", "view-sessions@localhost").assertEvent();
    String userId = registerEvent.getUserId();

    events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();

    sessionsPage.open();

    Assert.assertTrue(sessionsPage.isCurrent());

    List<List<String>> sessions = sessionsPage.getSessions();
    Assert.assertEquals(1, sessions.size());
    Assert.assertEquals("127.0.0.1", sessions.get(0).get(0));

    // Create second session
    WebDriver driver2 = WebRule.createWebDriver();
    try {
      OAuthClient oauth2 = new OAuthClient(driver2);
      oauth2.state("mystate");
      oauth2.doLogin("view-sessions", "password");

      Event login2Event =
          events.expectLogin().user(userId).detail(Details.USERNAME, "view-sessions").assertEvent();

      sessionsPage.open();
      sessions = sessionsPage.getSessions();
      Assert.assertEquals(2, sessions.size());

      sessionsPage.logoutAll();

      events.expectLogout(registerEvent.getSessionId());
      events.expectLogout(login2Event.getSessionId());
    } finally {
      driver2.close();
    }
  }
Exemple #21
0
  @Test
  public void changePasswordWithLengthPasswordPolicy() {
    keycloakRule.update(
        new KeycloakRule.KeycloakSetup() {
          @Override
          public void config(
              RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
            appRealm.setPasswordPolicy(new PasswordPolicy("length"));
          }
        });

    try {
      changePasswordPage.open();
      loginPage.login("test-user@localhost", "password");

      events
          .expectLogin()
          .client("account")
          .detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=password")
          .assertEvent();

      changePasswordPage.changePassword("", "new", "new");

      Assert.assertEquals("Please specify password.", profilePage.getError());

      changePasswordPage.changePassword("password", "new-password", "new-password");

      Assert.assertEquals("Your password has been updated.", profilePage.getSuccess());

      events.expectAccount(EventType.UPDATE_PASSWORD).assertEvent();
    } finally {
      keycloakRule.update(
          new KeycloakRule.KeycloakSetup() {
            @Override
            public void config(
                RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
              appRealm.setPasswordPolicy(new PasswordPolicy(null));
            }
          });
    }
  }
Exemple #22
0
  // KEYCLOAK-1534
  @Test
  public void changeEmailToExisting() {
    profilePage.open();
    loginPage.login("test-user@localhost", "password");

    events
        .expectLogin()
        .client("account")
        .detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT)
        .assertEvent();

    Assert.assertEquals("test-user@localhost", profilePage.getUsername());
    Assert.assertEquals("test-user@localhost", profilePage.getEmail());

    // Change to the email, which some other user has
    profilePage.updateProfile("New first", "New last", "test-user-no-access@localhost");

    profilePage.assertCurrent();
    Assert.assertEquals("Email already exists.", profilePage.getError());
    Assert.assertEquals("New first", profilePage.getFirstName());
    Assert.assertEquals("New last", profilePage.getLastName());
    Assert.assertEquals("test-user-no-access@localhost", profilePage.getEmail());

    events.assertEmpty();

    // Change some other things, but not email
    profilePage.updateProfile("New first", "New last", "test-user@localhost");

    Assert.assertEquals("Your account has been updated.", profilePage.getSuccess());
    Assert.assertEquals("New first", profilePage.getFirstName());
    Assert.assertEquals("New last", profilePage.getLastName());
    Assert.assertEquals("test-user@localhost", profilePage.getEmail());

    events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();

    // Change email and other things to original values
    profilePage.updateProfile("Tom", "Brady", "test-user@localhost");
    events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
  }
Exemple #23
0
  @Test
  public void loginWithHotpSuccess() throws Exception {
    loginPage.open();
    loginPage.login("test-user@localhost", "password");

    Assert.assertTrue(loginTotpPage.isCurrent());

    loginTotpPage.login(otp.generateHOTP("hotpSecret", counter++));

    Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());

    events.expectLogin().assertEvent();
  }
  @Test
  public void changeClientIdTest() throws Exception {
    keycloakRule.update(
        new KeycloakRule.KeycloakSetup() {

          @Override
          public void config(
              RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
            ClientModel app = appRealm.getClientByClientId("service-account-cl");
            app.setClientId("updated-client");
          }
        });

    oauth.clientId("updated-client");

    OAuthClient.AccessTokenResponse response =
        oauth.doClientCredentialsGrantAccessTokenRequest("secret1");

    assertEquals(200, response.getStatusCode());

    AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
    RefreshToken refreshToken = oauth.verifyRefreshToken(response.getRefreshToken());
    Assert.assertEquals(
        "updated-client", accessToken.getOtherClaims().get(ServiceAccountConstants.CLIENT_ID));

    // Username still same. Client ID changed
    events
        .expectClientLogin()
        .client("updated-client")
        .user(userId)
        .session(accessToken.getSessionState())
        .detail(Details.TOKEN_ID, accessToken.getId())
        .detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
        .detail(
            Details.USERNAME,
            ServiceAccountConstants.SERVICE_ACCOUNT_USER_PREFIX + "service-account-cl")
        .assertEvent();

    // Revert change
    keycloakRule.update(
        new KeycloakRule.KeycloakSetup() {

          @Override
          public void config(
              RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
            ClientModel app = appRealm.getClientByClientId("updated-client");
            app.setClientId("service-account-cl");
          }
        });
  }
Exemple #25
0
  @Test
  public void changeProfileNoAccess() throws Exception {
    profilePage.open();
    loginPage.login("test-user-no-access@localhost", "password");

    events
        .expectLogin()
        .client("account")
        .user(keycloakRule.getUser("test", "test-user-no-access@localhost").getId())
        .detail(Details.USERNAME, "test-user-no-access@localhost")
        .detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT)
        .assertEvent();

    Assert.assertTrue(errorPage.isCurrent());
    Assert.assertEquals("No access", errorPage.getError());
  }
Exemple #26
0
  @Test
  public void loginWithHotpInvalidPassword() throws Exception {
    loginPage.open();
    loginPage.login("test-user@localhost", "invalid");

    Assert.assertTrue(loginPage.isCurrent());

    Assert.assertEquals("Invalid username or password.", loginPage.getError());

    events
        .expectLogin()
        .error("invalid_user_credentials")
        .session((String) null)
        .removeDetail(Details.CONSENT)
        .assertEvent();
  }
  @Test
  public void registerUserMissingEmail() {
    loginPage.open();
    loginPage.clickRegister();
    registerPage.assertCurrent();

    registerPage.register(
        "firstName", "lastName", null, "registerUserMissingEmail", "password", "password");
    registerPage.assertCurrent();
    assertEquals("Please specify email.", registerPage.getError());
    events
        .expectRegister("registerUserMissingEmail", null)
        .removeDetail("email")
        .error("invalid_registration")
        .assertEvent();
  }
  @Test
  public void grantAccessTokenInvalidClientCredentials() throws Exception {
    oauth.clientId("resource-owner");

    OAuthClient.AccessTokenResponse response =
        oauth.doGrantAccessTokenRequest("invalid", "test-user@localhost", "password");

    assertEquals(400, response.getStatusCode());

    assertEquals("unauthorized_client", response.getError());

    events
        .expectLogin()
        .client("resource-owner")
        .session((String) null)
        .clearDetails()
        .error(Errors.INVALID_CLIENT_CREDENTIALS)
        .user((String) null)
        .assertEvent();
  }
  @Test
  public void clientCredentialsInvalidClientCredentials() throws Exception {
    oauth.clientId("service-account-cl");

    OAuthClient.AccessTokenResponse response =
        oauth.doClientCredentialsGrantAccessTokenRequest("secret2");

    assertEquals(400, response.getStatusCode());

    assertEquals("unauthorized_client", response.getError());

    events
        .expectClientLogin()
        .client("service-account-cl")
        .session((String) null)
        .clearDetails()
        .error(Errors.INVALID_CLIENT_CREDENTIALS)
        .user((String) null)
        .assertEvent();
  }
Exemple #30
0
  @Test
  public void loginWithHotpFailure() throws Exception {
    loginPage.open();
    loginPage.login("test-user@localhost", "password");

    Assert.assertTrue(loginTotpPage.isCurrent());

    loginTotpPage.login("123456");
    loginTotpPage.assertCurrent();
    Assert.assertEquals("Invalid authenticator code.", loginPage.getError());

    // loginPage.assertCurrent();  // Invalid authenticator code.
    // Assert.assertEquals("Invalid username or password.", loginPage.getError());

    events
        .expectLogin()
        .error("invalid_user_credentials")
        .session((String) null)
        .removeDetail(Details.CONSENT)
        .assertEvent();
  }