// KEYCLOAK-2102
@Test
public void spnegoCaseInsensitiveTest() throws Exception {
KeycloakRule keycloakRule = getKeycloakRule();
AssertEvents events = getAssertEvents();
Response spnegoResponse = spnegoLogin("MyDuke", "theduke");
Assert.assertEquals(302, spnegoResponse.getStatus());
events
.expectLogin()
.client("kerberos-app")
.user(keycloakRule.getUser("test", "myduke").getId())
.detail(Details.REDIRECT_URI, KERBEROS_APP_URL)
// .detail(Details.AUTH_METHOD, "spnego")
.detail(Details.USERNAME, "myduke")
.assertEvent();
String location = spnegoResponse.getLocation().toString();
driver.navigate().to(location);
String pageSource = driver.getPageSource();
Assert.assertTrue(
pageSource.contains("Kerberos Test")
&& pageSource.contains("Kerberos servlet secured content"));
spnegoResponse.close();
events.clear();
}
@Test
public void returnToAppFromQueryParam() {
driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
driver
.navigate()
.to(
AccountUpdateProfilePage.PATH
+ "?referrer=test-app&referrer_uri=http://localhost:8081/app?test");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
Assert.assertEquals(appPage.baseUrl + "?test", driver.getCurrentUrl());
driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
Assert.assertTrue(profilePage.isCurrent());
driver.findElement(By.linkText("Authenticator")).click();
Assert.assertTrue(totpPage.isCurrent());
driver.findElement(By.linkText("Account")).click();
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
events.clear();
}
@Test
public void usernamePasswordLoginTest() throws Exception {
KeycloakRule keycloakRule = getKeycloakRule();
AssertEvents events = getAssertEvents();
// Change editMode to READ_ONLY
updateProviderEditMode(UserFederationProvider.EditMode.READ_ONLY);
// Login with username/password from kerberos
changePasswordPage.open();
// Only needed if you are providing a click thru to bypass kerberos. Currently there is a
// javascript
// to forward the user if kerberos isn't enabled.
// bypassPage.isCurrent();
// bypassPage.clickContinue();
loginPage.assertCurrent();
loginPage.login("jduke", "theduke");
changePasswordPage.assertCurrent();
// Change password is not possible as editMode is READ_ONLY
changePasswordPage.changePassword("theduke", "newPass", "newPass");
Assert.assertTrue(
driver
.getPageSource()
.contains("You can't update your password as your account is read only"));
// Change editMode to UNSYNCED
updateProviderEditMode(UserFederationProvider.EditMode.UNSYNCED);
// Successfully change password now
changePasswordPage.changePassword("theduke", "newPass", "newPass");
Assert.assertTrue(driver.getPageSource().contains("Your password has been updated."));
changePasswordPage.logout();
// Only needed if you are providing a click thru to bypass kerberos. Currently there is a
// javascript
// to forward the user if kerberos isn't enabled.
// bypassPage.isCurrent();
// bypassPage.clickContinue();
// Login with old password doesn't work, but with new password works
loginPage.login("jduke", "theduke");
loginPage.assertCurrent();
loginPage.login("jduke", "newPass");
changePasswordPage.assertCurrent();
changePasswordPage.logout();
// Assert SPNEGO login still with the old password as mode is unsynced
events.clear();
Response spnegoResponse = spnegoLogin("jduke", "theduke");
Assert.assertEquals(302, spnegoResponse.getStatus());
String redirect = spnegoResponse.getLocation().toString();
events
.expectLogin()
.client("kerberos-app")
.user(keycloakRule.getUser("test", "jduke").getId())
.detail(Details.REDIRECT_URI, KERBEROS_APP_URL)
// .detail(Details.AUTH_METHOD, "spnego")
.detail(Details.USERNAME, "jduke")
.assertEvent();
spnegoResponse.close();
}
@Test
public void changeUsername() {
// allow to edit the username in realm
keycloakRule.update(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setEditUsernameAllowed(true);
}
});
try {
profilePage.open();
loginPage.login("test-user@localhost", "password");
events
.expectLogin()
.client("account")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT)
.assertEvent();
Assert.assertEquals("test-user@localhost", profilePage.getUsername());
Assert.assertEquals("Tom", profilePage.getFirstName());
Assert.assertEquals("Brady", profilePage.getLastName());
Assert.assertEquals("test-user@localhost", profilePage.getEmail());
// All fields are required, so there should be an error when something is missing.
profilePage.updateProfile("", "New first", "New last", "*****@*****.**");
Assert.assertEquals("Please specify username.", profilePage.getError());
Assert.assertEquals("", profilePage.getUsername());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("*****@*****.**", profilePage.getEmail());
events.assertEmpty();
// Change to the username already occupied by other user
profilePage.updateProfile(
"test-user-no-access@localhost", "New first", "New last", "*****@*****.**");
Assert.assertEquals("Username already exists.", profilePage.getError());
Assert.assertEquals("test-user-no-access@localhost", profilePage.getUsername());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("*****@*****.**", profilePage.getEmail());
events.assertEmpty();
profilePage.updateProfile(
"test-user-new@localhost", "New first", "New last", "*****@*****.**");
Assert.assertEquals("Your account has been updated.", profilePage.getSuccess());
Assert.assertEquals("test-user-new@localhost", profilePage.getUsername());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("*****@*****.**", profilePage.getEmail());
} finally {
// reset user for other tests
profilePage.updateProfile("test-user@localhost", "Tom", "Brady", "test-user@localhost");
events.clear();
// reset realm
keycloakRule.update(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setEditUsernameAllowed(false);
}
});
}
}
@Test
public void changeProfile() {
profilePage.open();
loginPage.login("test-user@localhost", "password");
events
.expectLogin()
.client("account")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT)
.assertEvent();
Assert.assertEquals("Tom", profilePage.getFirstName());
Assert.assertEquals("Brady", profilePage.getLastName());
Assert.assertEquals("test-user@localhost", profilePage.getEmail());
// All fields are required, so there should be an error when something is missing.
profilePage.updateProfile("", "New last", "*****@*****.**");
Assert.assertEquals("Please specify first name.", profilePage.getError());
Assert.assertEquals("", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("*****@*****.**", profilePage.getEmail());
events.assertEmpty();
profilePage.updateProfile("New first", "", "*****@*****.**");
Assert.assertEquals("Please specify last name.", profilePage.getError());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("", profilePage.getLastName());
Assert.assertEquals("*****@*****.**", profilePage.getEmail());
events.assertEmpty();
profilePage.updateProfile("New first", "New last", "");
Assert.assertEquals("Please specify email.", profilePage.getError());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("", profilePage.getEmail());
events.assertEmpty();
profilePage.clickCancel();
Assert.assertEquals("Tom", profilePage.getFirstName());
Assert.assertEquals("Brady", profilePage.getLastName());
Assert.assertEquals("test-user@localhost", profilePage.getEmail());
events.assertEmpty();
profilePage.updateProfile("New first", "New last", "*****@*****.**");
Assert.assertEquals("Your account has been updated.", profilePage.getSuccess());
Assert.assertEquals("New first", profilePage.getFirstName());
Assert.assertEquals("New last", profilePage.getLastName());
Assert.assertEquals("*****@*****.**", profilePage.getEmail());
events.expectAccount(EventType.UPDATE_PROFILE).assertEvent();
events
.expectAccount(EventType.UPDATE_EMAIL)
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost")
.detail(Details.UPDATED_EMAIL, "*****@*****.**")
.assertEvent();
// reset user for other tests
profilePage.updateProfile("Tom", "Brady", "test-user@localhost");
events.clear();
}