@Test
public void loginSuccess() {
loginPage.open();
loginPage.login("test-user@localhost", "password");
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
}
private void loginSuccessAndLogout(String username, String password) {
loginPage.open();
loginPage.login(username, password);
Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assert.assertNotNull(oauth.getCurrentQuery().get(OAuth2Constants.CODE));
oauth.openLogout();
}
@Test
public void registerExistingUser() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerExistingUser@email",
"test-user@localhost",
"password",
"password");
registerPage.assertCurrent();
assertEquals("Username already exists.", registerPage.getError());
// assert form keeps form fields on error
assertEquals("firstName", registerPage.getFirstName());
assertEquals("lastName", registerPage.getLastName());
assertEquals("registerExistingUser@email", registerPage.getEmail());
assertEquals("", registerPage.getUsername());
assertEquals("", registerPage.getPassword());
assertEquals("", registerPage.getPasswordConfirm());
events
.expectRegister("test-user@localhost", "registerExistingUser@email")
.removeDetail(Details.EMAIL)
.user((String) null)
.error("username_in_use")
.assertEvent();
}
@Test
public void resetPasswordWrongEmail()
throws IOException, MessagingException, InterruptedException {
loginPage.open();
loginPage.resetPassword();
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword("invalid");
resetPasswordPage.assertCurrent();
Assert.assertEquals(
"You should receive an email shortly with further instructions.",
resetPasswordPage.getSuccessMessage());
Thread.sleep(1000);
Assert.assertEquals(0, greenMail.getReceivedMessages().length);
events
.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.user((String) null)
.session((String) null)
.detail(Details.USERNAME, "invalid")
.removeDetail(Details.EMAIL)
.removeDetail(Details.CODE_ID)
.error("user_not_found")
.assertEvent();
}
@Test
public void registerUserInvalidPasswordConfirm() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerUserInvalidPasswordConfirm@email",
"registerUserInvalidPasswordConfirm",
"password",
"invalid");
registerPage.assertCurrent();
assertEquals("Password confirmation doesn't match.", registerPage.getError());
// assert form keeps form fields on error
assertEquals("firstName", registerPage.getFirstName());
assertEquals("lastName", registerPage.getLastName());
assertEquals("registerUserInvalidPasswordConfirm@email", registerPage.getEmail());
assertEquals("registerUserInvalidPasswordConfirm", registerPage.getUsername());
assertEquals("", registerPage.getPassword());
assertEquals("", registerPage.getPasswordConfirm());
events
.expectRegister(
"registerUserInvalidPasswordConfirm", "registerUserInvalidPasswordConfirm@email")
.removeDetail(Details.USERNAME)
.removeDetail(Details.EMAIL)
.user((String) null)
.error("invalid_registration")
.assertEvent();
}
@Test
public void registerUserMissingOrInvalidEmail_emailAsUsername() {
configureRelamRegistrationEmailAsUsername(true);
try {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.registerWithEmailAsUsername(
"firstName", "lastName", null, "password", "password");
registerPage.assertCurrent();
assertEquals("Please specify email.", registerPage.getError());
events
.expectRegister(null, null)
.removeDetail("username")
.removeDetail("email")
.error("invalid_registration")
.assertEvent();
registerPage.registerWithEmailAsUsername(
"firstName", "lastName", "registerUserInvalidEmailemail", "password", "password");
registerPage.assertCurrent();
assertEquals("Invalid email address.", registerPage.getError());
events
.expectRegister("registerUserInvalidEmailemail", "registerUserInvalidEmailemail")
.error("invalid_registration")
.assertEvent();
} finally {
configureRelamRegistrationEmailAsUsername(false);
}
}
@Test
public void loginWithExistingUser() {
logInAsUserInIDP();
Integer userCount = adminClient.realm(consumerRealmName()).users().count();
driver.navigate().to(getAccountUrl(consumerRealmName()));
log.debug("Clicking social " + getIDPAlias());
accountLoginPage.clickSocial(getIDPAlias());
waitForPage("log in to");
Assert.assertTrue(
"Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));
accountLoginPage.login(getUserLogin(), getUserPassword());
assertEquals(
accountPage.buildUri().toASCIIString().replace("master", "consumer") + "/",
driver.getCurrentUrl());
assertEquals(userCount, adminClient.realm(consumerRealmName()).users().count());
}
@Test
public void registerUserSuccess_emailAsUsername() {
configureRelamRegistrationEmailAsUsername(true);
try {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.registerWithEmailAsUsername(
"firstName", "lastName", "registerUserSuccessE@email", "password", "password");
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId =
events
.expectRegister("registerUserSuccessE@email", "registerUserSuccessE@email")
.assertEvent()
.getUserId();
events
.expectLogin()
.detail("username", "registerusersuccesse@email")
.user(userId)
.assertEvent();
UserModel user = getUser(userId);
Assert.assertNotNull(user);
Assert.assertNotNull(user.getCreatedTimestamp());
// test that timestamp is current with 10s tollerance
Assert.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);
} finally {
configureRelamRegistrationEmailAsUsername(false);
}
}
@Test
public void registerUserSuccess() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerUserSuccess@email",
"registerUserSuccess",
"password",
"password");
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId =
events
.expectRegister("registerUserSuccess", "registerUserSuccess@email")
.assertEvent()
.getUserId();
events.expectLogin().detail("username", "registerusersuccess").user(userId).assertEvent();
UserModel user = getUser(userId);
Assert.assertNotNull(user);
Assert.assertNotNull(user.getCreatedTimestamp());
// test that timestamp is current with 10s tollerance
Assert.assertTrue((System.currentTimeMillis() - user.getCreatedTimestamp()) < 10000);
// test user info is set from form
assertEquals("registerusersuccess", user.getUsername());
assertEquals("registerusersuccess@email", user.getEmail());
assertEquals("firstName", user.getFirstName());
assertEquals("lastName", user.getLastName());
}
@Test
public void registerUserManyErrors() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(null, null, null, null, null, null);
registerPage.assertCurrent();
assertEquals(
"Please specify username.\n"
+ "Please specify first name.\n"
+ "Please specify last name.\n"
+ "Please specify email.\n"
+ "Please specify password.",
registerPage.getError());
events
.expectRegister(null, "registerUserMissingUsername@email")
.removeDetail(Details.USERNAME)
.removeDetail(Details.EMAIL)
.error("invalid_registration")
.assertEvent();
}
@Test
public void registerUserMissingPassword() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName",
"lastName",
"registerUserMissingPassword@email",
"registerUserMissingPassword",
null,
null);
registerPage.assertCurrent();
assertEquals("Please specify password.", registerPage.getError());
events
.expectRegister("registerUserMissingPassword", "registerUserMissingPassword@email")
.removeDetail(Details.USERNAME)
.removeDetail(Details.EMAIL)
.user((String) null)
.error("invalid_registration")
.assertEvent();
}
@Test
public void loginInvalidPassword() {
loginPage.open();
loginPage.login("test-user@localhost", "invalid");
loginPage.assertCurrent();
Assert.assertEquals("Invalid username or password.", loginPage.getError());
}
@Test
public void loginInvalidUsername() {
loginPage.open();
loginPage.login("invalid", "password");
loginPage.assertCurrent();
Assert.assertEquals("Invalid username or password.", loginPage.getError());
}
@Test
public void loginWithHotpSuccess() throws Exception {
loginPage.open();
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(loginTotpPage.isCurrent());
loginTotpPage.login(otp.generateHOTP("hotpSecret", counter++));
Assert.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
}
@Test
public void resetPasswordCancel() throws IOException, MessagingException {
loginPage.open();
loginPage.resetPassword();
resetPasswordPage.assertCurrent();
resetPasswordPage.changePassword("login-test");
resetPasswordPage.assertCurrent();
events
.expectRequiredAction(EventType.SEND_RESET_PASSWORD)
.user(userId)
.detail(Details.USERNAME, "login-test")
.detail(Details.EMAIL, "*****@*****.**")
.assertEvent()
.getSessionId();
resetPasswordPage.backToLogin();
Assert.assertTrue(loginPage.isCurrent());
loginPage.login("login-test", "password");
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
Assert.assertEquals(1, greenMail.getReceivedMessages().length);
MimeMessage message = greenMail.getReceivedMessages()[0];
String body = (String) message.getContent();
String changePasswordUrl = MailUtil.getLink(body);
driver.navigate().to(changePasswordUrl.trim());
events
.expect(EventType.RESET_PASSWORD_ERROR)
.client((String) null)
.user((String) null)
.error("invalid_code")
.clearDetails()
.assertEvent();
Assert.assertTrue(errorPage.isCurrent());
Assert.assertEquals(
"Unknown code, please login again through your application.", errorPage.getError());
}
public void testRedirectSignedLoginLogoutFront() {
// visit 1st app an logg in
System.out.println("visit 1st app ");
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig/");
assertAtLoginPageRedirectBinding();
System.out.println("login to form");
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// visit 2nd app
System.out.println("visit 2nd app ");
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig-front/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// visit 3rd app
System.out.println("visit 3rd app ");
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// logout of first app
System.out.println("GLO");
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig/", false);
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
String currentUrl = driver.getCurrentUrl();
Assert.assertTrue(currentUrl.startsWith(AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-sig/");
assertAtLoginPagePostBinding();
}
@Test
public void testRedirectSignedLoginLogoutFront() {
// visit 1st app an logg in
System.out.println("visit 1st app ");
driver.navigate().to("http://localhost:8081/employee-sig/");
assertAtLoginPageRedirectBinding();
System.out.println("login to form");
loginPage.login("bburke", "password");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// visit 2nd app
System.out.println("visit 2nd app ");
driver.navigate().to("http://localhost:8081/employee-sig-front/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/employee-sig-front/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// visit 3rd app
System.out.println("visit 3rd app ");
driver.navigate().to("http://localhost:8081/sales-post-sig/");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/sales-post-sig/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// logout of first app
System.out.println("GLO");
driver.navigate().to("http://localhost:8081/employee-sig?GLO=true");
checkLoggedOut("http://localhost:8081/employee-sig/", false);
driver.navigate().to("http://localhost:8081/employee-sig-front/");
assertAtLoginPageRedirectBinding();
driver.navigate().to("http://localhost:8081/sales-post-sig/");
assertAtLoginPagePostBinding();
}
@Test
public void returnToAppFromQueryParam() {
driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
driver
.navigate()
.to(
AccountUpdateProfilePage.PATH
+ "?referrer=test-app&referrer_uri=http://localhost:8081/app?test");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
Assert.assertEquals(appPage.baseUrl + "?test", driver.getCurrentUrl());
driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
Assert.assertTrue(profilePage.isCurrent());
driver.findElement(By.linkText("Authenticator")).click();
Assert.assertTrue(totpPage.isCurrent());
driver.findElement(By.linkText("Account")).click();
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
events.clear();
}
@Test
public void loginWithHotpInvalidPassword() throws Exception {
loginPage.open();
loginPage.login("test-user@localhost", "invalid");
Assert.assertTrue(loginPage.isCurrent());
Assert.assertEquals("Invalid username or password.", loginPage.getError());
events
.expectLogin()
.error("invalid_user_credentials")
.session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
}
@Test
public void registerUserMissingEmail() {
loginPage.open();
loginPage.clickRegister();
registerPage.assertCurrent();
registerPage.register(
"firstName", "lastName", null, "registerUserMissingEmail", "password", "password");
registerPage.assertCurrent();
assertEquals("Please specify email.", registerPage.getError());
events
.expectRegister("registerUserMissingEmail", null)
.removeDetail("email")
.error("invalid_registration")
.assertEvent();
}
@Test
public void changePasswordWithPasswordPolicy() {
keycloakRule.configure(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setPasswordPolicy(new PasswordPolicy("length"));
}
});
try {
changePasswordPage.open();
loginPage.login("test-user@localhost", "password");
changePasswordPage.changePassword("", "new", "new");
Assert.assertTrue(profilePage.isError());
changePasswordPage.changePassword("password", "new-password", "new-password");
Assert.assertTrue(profilePage.isSuccess());
} finally {
keycloakRule.configure(
new KeycloakRule.KeycloakSetup() {
@Override
public void config(
RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
appRealm.setPasswordPolicy(new PasswordPolicy(null));
}
});
}
}
public void testPostPassiveLoginLogout(boolean forbiddenIfNotauthenticated) {
// first request on passive app - no login page shown, user not logged in as we are in passive
// mode.
// Shown page depends on used authentication mechanism, some may return forbidden error, some
// return requested page with anonymous user (not logged in)
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
System.out.println(driver.getPageSource());
if (forbiddenIfNotauthenticated) {
Assert.assertTrue(driver.getPageSource().contains("HTTP status code: 403"));
} else {
Assert.assertTrue(driver.getPageSource().contains("principal=null"));
}
// login user by asking login from other app
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
loginPage.login("bburke", "password");
// navigate to the passive app again, we have to be logged in now
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/", driver.getCurrentUrl());
System.out.println(driver.getPageSource());
Assert.assertTrue(driver.getPageSource().contains("bburke"));
// logout from both app
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive?GLO=true");
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post?GLO=true");
// refresh passive app page, not logged in again as we are in passive mode
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-passive/");
assertEquals(APP_SERVER_BASE_URL + "/sales-post-passive/saml", driver.getCurrentUrl());
Assert.assertFalse(driver.getPageSource().contains("bburke"));
}
@Test
public void setupTotp() {
totpPage.open();
loginPage.login("test-user@localhost", "password");
events
.expectLogin()
.client("account")
.detail(Details.REDIRECT_URI, ACCOUNT_REDIRECT + "?path=totp")
.assertEvent();
Assert.assertTrue(totpPage.isCurrent());
Assert.assertFalse(driver.getPageSource().contains("Remove Google"));
// Error with false code
totpPage.configure(totp.generate(totpPage.getTotpSecret() + "123"));
Assert.assertEquals("Invalid authenticator code.", profilePage.getError());
totpPage.configure(totp.generate(totpPage.getTotpSecret()));
Assert.assertEquals("Mobile authenticator configured.", profilePage.getSuccess());
events.expectAccount(EventType.UPDATE_TOTP).assertEvent();
Assert.assertTrue(driver.getPageSource().contains("pficon-delete"));
totpPage.removeTotp();
events.expectAccount(EventType.REMOVE_TOTP).assertEvent();
}
@Test
public void testPostBadRealmSignature() {
driver.navigate().to("http://localhost:8081/bad-realm-sales-post-sig/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
Assert.assertEquals(driver.getCurrentUrl(), "http://localhost:8081/bad-realm-sales-post-sig/");
Assert.assertTrue(driver.getPageSource().contains("null"));
}
public void testPostSimpleUnauthorized(CheckAuthError error) {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post/");
assertAtLoginPagePostBinding();
loginPage.login("unauthorized", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post/");
System.out.println(driver.getPageSource());
error.check(driver);
}
@Test
public void changeProfileNoAccess() throws Exception {
profilePage.open();
loginPage.login("test-user-no-access@localhost", "password");
Assert.assertTrue(errorPage.isCurrent());
Assert.assertEquals("No access", errorPage.getError());
}
@Test
public void logInAsUserInIDP() {
driver.navigate().to(getAccountUrl(consumerRealmName()));
log.debug("Clicking social " + getIDPAlias());
accountLoginPage.clickSocial(getIDPAlias());
waitForPage("log in to");
Assert.assertTrue(
"Driver should be on the provider realm page right now",
driver.getCurrentUrl().contains("/auth/realms/" + providerRealmName() + "/"));
log.debug("Logging in");
accountLoginPage.login(getUserLogin(), getUserPassword());
waitForPage("update account information");
Assert.assertTrue(updateAccountInformationPage.isCurrent());
Assert.assertTrue(
"We must be on correct realm right now",
driver.getCurrentUrl().contains("/auth/realms/" + consumerRealmName() + "/"));
log.debug("Updating info on updateAccount page");
updateAccountInformationPage.updateAccountInformation("Firstname", "Lastname");
UsersResource consumerUsers = adminClient.realm(consumerRealmName()).users();
int userCount = consumerUsers.count();
Assert.assertTrue("There must be at least one user", userCount > 0);
List<UserRepresentation> users = consumerUsers.search("", 0, userCount);
boolean isUserFound = false;
for (UserRepresentation user : users) {
if (user.getUsername().equals(getUserLogin()) && user.getEmail().equals(getUserEmail())) {
isUserFound = true;
break;
}
}
Assert.assertTrue(
"There must be user " + getUserLogin() + " in realm " + consumerRealmName(), isUserFound);
testSingleLogout();
}
public void testRedirectSignedLoginLogoutFrontNoSSO() {
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front/");
assertAtLoginPageRedirectBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/employee-sig-front/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/employee-sig-front?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/employee-sig-front/", false);
}
public void testPostEncryptedLoginLogout() {
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-enc/");
assertAtLoginPagePostBinding();
loginPage.login("bburke", "password");
assertEquals(driver.getCurrentUrl(), APP_SERVER_BASE_URL + "/sales-post-enc/");
Assert.assertTrue(driver.getPageSource().contains("bburke"));
driver.navigate().to(APP_SERVER_BASE_URL + "/sales-post-enc?GLO=true");
checkLoggedOut(APP_SERVER_BASE_URL + "/sales-post-enc/", true);
}
@Test
public void returnToAppFromQueryParam() {
driver.navigate().to(AccountUpdateProfilePage.PATH + "?referrer=test-app");
loginPage.login("test-user@localhost", "password");
Assert.assertTrue(profilePage.isCurrent());
profilePage.backToApplication();
Assert.assertTrue(appPage.isCurrent());
}
