KeyCloak/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-26 13:50:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Rewrite AssertEvents expectLoginEvent to EventAssertion. (#48467)

Browse Source 
Signed-off-by: Lukas Hanusovsky <lhanusov@redhat.com>
This commit is contained in:
Lukas Hanusovsky
2026-05-04 11:26:47 +02:00
committed by GitHub
parent 98366ba559
commit 4f47022641
102 changed files with 1674 additions and 1266 deletions
Download Patch File Download Diff File Expand all files Collapse all files
test-framework/core/src/main/java/org/keycloak/testframework/events/EventAssertion.java
+53
View File
@@ -1,5 +1,7 @@
package org.keycloak.testframework.events;
import java.util.Set;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.EventRepresentation;
@@ -49,6 +51,34 @@ public class EventAssertion {
return new EventAssertion(event);
}
/**
* Assert an expected LOGIN event
*
* @param event the event to assert
* @return
*/
public static EventAssertion expectLoginSuccess(EventRepresentation event) {
return assertSuccess(event)
.type(EventType.LOGIN)
.isCodeId()
.hasSessionId()
.hasIpAddress()
.loginSuccessEventHasAllRequiredDetails();
}
/**
* Assert an expected LOGIN_ERROR event
*
* @param event the event to assert
* @return
*/
public static EventAssertion expectLoginError(EventRepresentation event) {
return assertError(event)
.type(EventType.LOGIN_ERROR)
.isCodeId()
.hasIpAddress();
}
/**
* Assert the error message
*
@@ -81,6 +111,16 @@ public class EventAssertion {
return this;
}
/**
* Assert the event has a userId set
*
* @return
*/
public EventAssertion hasUserId() {
MatcherAssert.assertThat(event.getUserId(), EventMatchers.isUUID());
return this;
}
/**
* Assert the event has the <code>code_id</code> details set
* @return
@@ -163,6 +203,19 @@ public class EventAssertion {
return this;
}
/**
* Assert the LOGIN event details with required key set
*
* @return
*/
private EventAssertion loginSuccessEventHasAllRequiredDetails() {
Set<String> keyDetails = Set.of("auth_method", "response_type", "redirect_uri", "consent", "code_id", "response_mode");
for (String key : keyDetails) {
MatcherAssert.assertThat(event.getDetails(), Matchers.hasKey(key));
}
return this;
}
/**
* Return the event associated to the assertion.
*
tests/base/src/test/java/org/keycloak/tests/admin/ConsentsTest.java
+1 -1
View File
@@ -304,7 +304,7 @@ public class ConsentsTest {
.isCodeId()
.details(Details.USERNAME, userFromUserRealm.getUsername())
.details(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
.details(Details.REDIRECT_URI, "http://127.0.0.1:8500/callback/oauth");
.details(Details.REDIRECT_URI, userRealmOAuth.getRedirectUri());
userRealm.updateWithCleanup(r -> r.enabledEventTypes("REFRESH_TOKEN_ERROR"));
String sessionId = loginEvent.getSessionId();
tests/base/src/test/java/org/keycloak/tests/admin/event/LoginEventsTest.java
+1 -1
View File
@@ -105,7 +105,7 @@ public class LoginEventsTest {
.details(Details.AUTH_METHOD, "openid-connect")
.details(Details.AUTH_TYPE, "code")
.details(Details.USERNAME, "bad")
.details(Details.REDIRECT_URI, "http://127.0.0.1:8500/callback/oauth");
.details(Details.REDIRECT_URI, oAuthClient.getRedirectUri());
}
@Test
tests/base/src/test/java/org/keycloak/tests/sessionlimits/UserSessionLimitsTest.java
+5 -8
View File
@@ -32,6 +32,7 @@ import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.Constants;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.DefaultAuthenticationFlows;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
@@ -41,6 +42,7 @@ import org.keycloak.testframework.annotations.KeycloakIntegrationTest;
import org.keycloak.testframework.annotations.TestSetup;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.events.Events;
import org.keycloak.testframework.injection.LifeCycle;
import org.keycloak.testframework.mail.MailServer;
import org.keycloak.testframework.mail.annotations.InjectMailServer;
import org.keycloak.testframework.oauth.OAuthClient;
@@ -87,7 +89,7 @@ public class UserSessionLimitsTest {
@InjectWebDriver
ManagedWebDriver driver;
@InjectOAuthClient
@InjectOAuthClient(lifecycle = LifeCycle.METHOD)
OAuthClient oauth;
@InjectEvents
@@ -113,7 +115,6 @@ public class UserSessionLimitsTest {
private static final String password = "password";
private static final String directGrant1 = "direct-grant-1";
private static final String directGrant2 = "direct-grant-2";
private static String defaultRedirectUri = null;
@BeforeEach
public void setup() {
@@ -126,15 +127,10 @@ public class UserSessionLimitsTest {
session.sessions().removeUserSessions(realm);
// Reset password
org.keycloak.models.UserModel user = session.users().getUserByUsername(realm, username);
UserModel user = session.users().getUserByUsername(realm, username);
user.credentialManager().updateCredential(UserCredentialModel.password(password));
});
if (defaultRedirectUri == null) {
defaultRedirectUri = oauth.getRedirectUri();
}
oauth.redirectUri(defaultRedirectUri);
events.clear();
}
@@ -402,6 +398,7 @@ public class UserSessionLimitsTest {
}
}
@Test
public void testRealmSessionCountAndClientSessionCountExceededAndDecreaseLimitsAfterActiveSessionsAreCreated() throws Exception {
try {
setAuthenticatorConfigItem(DefaultAuthenticationFlows.DIRECT_GRANT_FLOW, UserSessionLimitsAuthenticatorFactory.BEHAVIOR, UserSessionLimitsAuthenticatorFactory.TERMINATE_OLDEST_SESSION);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testframework/events/EventAssertion.java
+227
View File
@@ -0,0 +1,227 @@
package org.keycloak.testframework.events;
import java.util.Set;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.EventRepresentation;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.jupiter.api.Assertions;
import static org.hamcrest.Matchers.is;
/**
* Helper to assert login events
*/
public class EventAssertion {
private final EventRepresentation event;
private static final String DEFAULT_IP_ADDRESS = "127.0.0.1";
private static final String DEFAULT_IP_ADDRESS_V6 = "0:0:0:0:0:0:0:1";
private static final String DEFAULT_IP_ADDRESS_V6_SHORT = "::1";
protected EventAssertion(EventRepresentation event) {
Assertions.assertNotNull(event, "Event was null");
Assertions.assertNotNull(event.getId(), "Event id was null");
this.event = event;
}
/**
* Assert an expected successfull event
*
* @param event the event to assert
* @return
*/
public static EventAssertion assertSuccess(EventRepresentation event) {
Assertions.assertFalse(event.getType().endsWith("_ERROR"), "Expected successful event");
return new EventAssertion(event);
}
/**
* Assert an expected error event
*
* @param event the event to assert
* @return
*/
public static EventAssertion assertError(EventRepresentation event) {
Assertions.assertTrue(event.getType().endsWith("_ERROR"), "Expected error event");
return new EventAssertion(event);
}
/**
* Assert an expected LOGIN event
*
* @param event the event to assert
* @return
*/
public static EventAssertion expectLoginSuccess(EventRepresentation event) {
return assertSuccess(event)
.type(EventType.LOGIN)
.isCodeId()
.hasSessionId()
.hasIpAddress()
.loginSuccessEventHasAllRequiredDetails();
}
/**
* Assert an expected LOGIN_ERROR event
*
* @param event the event to assert
* @return
*/
public static EventAssertion expectLoginError(EventRepresentation event) {
return assertError(event)
.type(EventType.LOGIN_ERROR)
.isCodeId()
.hasIpAddress();
}
/**
* Assert the error message
*
* @param error the expected error message
* @return
*/
public EventAssertion error(String error) {
Assertions.assertEquals(error, event.getError());
return this;
}
/**
* Assert the type of the event
*
* @param type the expected type of the event
* @return
*/
public EventAssertion type(EventType type) {
Assertions.assertEquals(type, EventType.valueOf(event.getType()));
return this;
}
/**
* Assert the event has a sessionId set
*
* @return
*/
public EventAssertion hasSessionId() {
MatcherAssert.assertThat(event.getSessionId(), EventMatchers.isSessionId());
return this;
}
/**
* Assert the event has a userId set
*
* @return
*/
public EventAssertion hasUserId() {
MatcherAssert.assertThat(event.getUserId(), EventMatchers.isUUID());
return this;
}
/**
* Assert the event has the <code>code_id</code> details set
* @return
*/
public EventAssertion isCodeId() {
MatcherAssert.assertThat(event.getDetails().get(Details.CODE_ID), EventMatchers.isCodeId());
return this;
}
/**
* Assert the event has an ipAddress set
* @return
*/
public EventAssertion hasIpAddress() {
Assertions.assertNotNull(event.getIpAddress());
Assertions.assertFalse(event.getIpAddress().isEmpty());
MatcherAssert.assertThat(event.getIpAddress(), Matchers.anyOf(is(DEFAULT_IP_ADDRESS), is(DEFAULT_IP_ADDRESS_V6), is(DEFAULT_IP_ADDRESS_V6_SHORT)));
return this;
}
/**
* Assert the clientId for the event
*
* @param clientId the expected clientId
* @return
*/
public EventAssertion clientId(String clientId) {
Assertions.assertEquals(clientId, event.getClientId());
return this;
}
/**
* Assert the sessionId for the event
*
* @param sessionId the expected sessionId
* @return
*/
public EventAssertion sessionId(String sessionId) {
Assertions.assertEquals(sessionId, event.getSessionId());
return this;
}
/**
* Assert the userId (sub) of the event
*
* @param userId the expected userId
* @return
*/
public EventAssertion userId(String userId) {
Assertions.assertEquals(userId, event.getUserId());
return this;
}
/**
* Assert the event has an entry in the details map with the specified key and value
*
* @param key the expected details key
* @param value the expected details value
* @return
*/
public EventAssertion details(String key, String value) {
if (value != null) {
MatcherAssert.assertThat(event.getDetails(), Matchers.hasEntry(key, value));
} else {
withoutDetails(key);
}
return this;
}
/**
* Assert the event details map does not contain the specified keys
*
* @param keys the list of keys that are not expected in the details map
* @return
*/
public EventAssertion withoutDetails(String... keys) {
for (String key : keys) {
MatcherAssert.assertThat(event.getDetails(), Matchers.not(Matchers.hasKey(key)));
}
return this;
}
/**
* Assert the LOGIN event details with required key set
*
* @return
*/
private EventAssertion loginSuccessEventHasAllRequiredDetails() {
Set<String> keyDetails = Set.of("auth_method", "response_type", "redirect_uri", "consent", "code_id", "response_mode");
for (String key : keyDetails) {
MatcherAssert.assertThat(event.getDetails(), Matchers.hasKey(key));
}
return this;
}
/**
* Return the event associated to the assertion.
*
* @return the asserted {@link EventRepresentation}
*/
public EventRepresentation getEvent() {
return event;
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testframework/events/EventMatchers.java
+81
View File
@@ -0,0 +1,81 @@
package org.keycloak.testframework.events;
import java.util.UUID;
import java.util.regex.Pattern;
import org.hamcrest.Description;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.hamcrest.TypeSafeMatcher;
/**
* Matchers to assert event properties
*/
public class EventMatchers {
private EventMatchers() {
}
/**
* Check if value is a UUID
* @return
*/
public static Matcher<String> isUUID() {
return new UUIDMatcher();
}
/**
* Check if value is a code_id
*
* @return
*/
public static Matcher<String> isCodeId() {
// Make the tests pass with the old and the new encoding of code IDs
return Matchers.anyOf(isBase64WithAtLeast128Bits(), isUUID());
}
/**
* Check if value is a session_id
*
* @return
*/
public static Matcher<String> isSessionId() {
// Make the tests pass with the old and the new encoding of sessions
return Matchers.anyOf(isBase64WithAtLeast128Bits(), isUUID());
}
private static Matcher<String> isBase64WithAtLeast128Bits() {
return new TypeSafeMatcher<>() {
private static final Pattern BASE64 = Pattern.compile("[-A-Za-z0-9+/_]*");
@Override
protected boolean matchesSafely(String item) {
return item.length() >= 24 && item.matches(BASE64.pattern());
}
@Override
public void describeTo(Description description) {
description.appendText("not an base64 ID with at least 128bits");
}
};
}
private static class UUIDMatcher extends TypeSafeMatcher<String> {
@Override
protected boolean matchesSafely(String item) {
try {
UUID.fromString(item);
return true;
} catch (IllegalArgumentException e) {
return false;
}
}
@Override
public void describeTo(Description description) {
description.appendText("not a UUID");
}
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionResetPasswordTest.java
+16 -13
View File
@@ -40,6 +40,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
@@ -133,7 +134,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
doAIA();
@@ -176,7 +177,8 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
assertKcActionStatus(SUCCESS);
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -186,7 +188,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "new-password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
}
@@ -195,7 +197,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
setTimeOffset(350);
@@ -232,7 +234,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
setTimeOffset(550);
@@ -271,7 +273,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
setTimeOffset(350);
@@ -308,7 +310,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// we need to add some slack to avoid timing issues
setTimeOffset(1);
@@ -352,7 +354,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
.detail(Details.CUSTOM_REQUIRED_ACTION, UserModel.RequiredAction.UPDATE_PASSWORD.name())
.error(Errors.REJECTED_BY_USER)
.assertEvent();
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -388,7 +390,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
userRep.getRequiredActions().add(UserModel.RequiredAction.UPDATE_PASSWORD.name());
userResource.update(userRep);
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
doAIA();
@@ -413,7 +415,7 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
UserResource testUser = managedRealm.admin().users().get(findUser("test-user@localhost").getId());
List<UserSessionRepresentation> sessions = testUser.getUserSessions();
@@ -421,7 +423,8 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
final String firstSessionId = sessions.get(0).getId();
oauth2.doLogin("test-user@localhost", "password");
EventRepresentation event2 = events.expectLogin().assertEvent();
EventRepresentation event2 = events.poll();
EventAssertion.expectLoginSuccess(event2);
assertEquals(2, testUser.getUserSessions().size());
doAIA();
@@ -447,10 +450,10 @@ public class AppInitiatedActionResetPasswordTest extends AbstractAppInitiatedAct
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
oauth2.doLogin("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
assertEquals(2, testUser.getUserSessions().size());
doAIA();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionTotpSetupTest.java
+11 -10
View File
@@ -35,6 +35,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AssertEvents;
@@ -128,7 +129,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
assertKcActionStatus(SUCCESS);
assertEquals(authSessionId1, authSessionId2);
events.expectLogin().user(userId).session(authSessionId2).detail(Details.USERNAME, "setuptotp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).sessionId(authSessionId2).userId(userId).details(Details.USERNAME, "setuptotp");
}
@Test
@@ -396,7 +397,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
assertKcActionStatus(SUCCESS);
assertEquals(authSessionId1, authSessionId2);
EventRepresentation loginEvent = events.expectLogin().session(authSessionId2).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).sessionId(authSessionId2).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -410,7 +411,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
loginTotpPage.login(totp.generateTOTP(totpSecret));
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -444,7 +445,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
.detail(Details.CREDENTIAL_TYPE, OTPCredentialModel.TYPE)
.detail(Details.USERNAME, "setuptotp2").assertEvent();
EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "setuptotp2").getEvent();
// Logout
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
@@ -465,7 +466,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
// Login with one-time password
loginTotpPage.login(totp.generateTOTP(totpCode));
events.expectLogin().user(userId).detail(Details.USERNAME, "setupTotp2").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "setupTotp2");
// Remove google authenticator
Assertions.assertTrue(AccountHelper.deleteTotpAuthentication(managedRealm.admin(),"setupTotp2"));
@@ -511,7 +512,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
assertKcActionStatus(SUCCESS);
assertEquals(sessionId1, sessionId2);
EventRepresentation loginEvent = events.expectLogin().session(sessionId2).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).sessionId(sessionId2).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -529,7 +530,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
assertKcActionStatus(null);
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// Revert
realmRep = adminClient.realm("test").toRepresentation();
@@ -570,7 +571,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
//RequestType reqType = appPage.getRequestType();
assertKcActionStatus(SUCCESS);
EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).sessionId(sessionId1).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -584,7 +585,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
assertKcActionStatus(null);
loginEvent = events.expectLogin().assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -610,7 +611,7 @@ public class AppInitiatedActionTotpSetupTest extends AbstractAppInitiatedActionT
assertKcActionStatus(null);
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// Revert
realmRep = adminClient.realm("test").toRepresentation();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/AppInitiatedActionUpdateProfileTest.java
+15 -15
View File
@@ -22,12 +22,12 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginUpdateProfileEditUsernameAllowedPage;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
@@ -94,7 +94,7 @@ public class AppInitiatedActionUpdateProfileTest extends AbstractAppInitiatedAct
.detail(Details.PREVIOUS_LAST_NAME, "Brady").detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
assertKcActionStatus(SUCCESS);
@@ -120,12 +120,12 @@ public class AppInitiatedActionUpdateProfileTest extends AbstractAppInitiatedAct
updateProfilePage.prepareUpdate().username("test-user@localhost").firstName("New first").lastName("New last").email("new@email.com").submit();
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
events.expectRequiredAction(EventType.UPDATE_PROFILE).detail(Details.PREVIOUS_FIRST_NAME, "Tom").detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.PREVIOUS_LAST_NAME, "Brady").detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.PREVIOUS_EMAIL, "test-user@localhost").detail(Details.UPDATED_EMAIL, "new@email.com")
.assertEvent();
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
assertKcActionStatus(SUCCESS);
@@ -170,20 +170,20 @@ public class AppInitiatedActionUpdateProfileTest extends AbstractAppInitiatedAct
updateProfilePage.prepareUpdate().username("new").firstName("New first").lastName("New last").email("john-doh@localhost").submit();
events.expectLogin()
.event(EventType.UPDATE_PROFILE)
.detail(Details.PREVIOUS_FIRST_NAME, "John")
.detail(Details.UPDATED_FIRST_NAME, "New first")
.detail(Details.PREVIOUS_LAST_NAME, "Doh")
.detail(Details.UPDATED_LAST_NAME, "New last")
.detail(Details.USERNAME, "john-doh@localhost")
.user(userId).session(Matchers.nullValue(String.class))
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.UPDATE_PROFILE)
.details(Details.PREVIOUS_FIRST_NAME, "John")
.details(Details.UPDATED_FIRST_NAME, "New first")
.details(Details.PREVIOUS_LAST_NAME, "Doh")
.details(Details.UPDATED_LAST_NAME, "New last")
.details(Details.USERNAME, "john-doh@localhost")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.userId(userId).sessionId(null)
.withoutDetails(Details.CONSENT);
assertKcActionStatus(SUCCESS);
events.expectLogin().detail(Details.USERNAME, "john-doh@localhost").user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "john-doh@localhost").userId(userId);
// assert user is really updated in persistent store
UserRepresentation user = ActionUtil.findUserWithAdminClient(adminClient, "new");
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionEmailVerificationTest.java
+5 -4
View File
@@ -43,6 +43,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.sessions.RootAuthenticationSessionModel;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.RealmAttributesBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
@@ -226,7 +227,7 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
appPage.assertCurrent();
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(testUserId).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(testUserId).sessionId(mailCodeId).details(Details.USERNAME, "test-user@localhost");
}
@Test
@@ -261,7 +262,7 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(userId).session(mailCodeId).detail(Details.USERNAME, "verifyemail").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).sessionId(mailCodeId).details(Details.USERNAME, "verifyemail");
}
private void updatePasswordOnChangePasswordPage(LoginPasswordUpdatePage updatePasswordPage, String userId) {
@@ -439,7 +440,7 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
.detail(Details.CODE_ID, mailCodeId)
.assertEvent();
events.expectLogin().user(testUserId).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(testUserId).sessionId(mailCodeId).details(Details.USERNAME, "test-user@localhost");
}
@Test
@@ -506,7 +507,7 @@ public class RequiredActionEmailVerificationTest extends AbstractTestRealmKeyclo
.detail(Details.CODE_ID, mailCodeId)
.assertEvent();
events.expectLogin().user(testUserId).session(mailCodeId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(testUserId).sessionId(mailCodeId).details(Details.USERNAME, "test-user@localhost");
}
@Test
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionMultipleActionsTest.java
+2 -1
View File
@@ -22,6 +22,7 @@ import org.keycloak.models.UserModel.RequiredAction;
import org.keycloak.models.credential.PasswordCredentialModel;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.AppPage;
@@ -83,7 +84,7 @@ public class RequiredActionMultipleActionsTest extends AbstractTestRealmKeycloak
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().session(codeId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).sessionId(codeId);
}
public String updatePassword(String codeId) {
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionPriorityTest.java
+7 -6
View File
@@ -27,6 +27,7 @@ import org.keycloak.models.credential.OTPCredentialModel;
import org.keycloak.models.credential.PasswordCredentialModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -158,7 +159,7 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Logged in
appPage.assertCurrent();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -208,7 +209,7 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Logged in
appPage.assertCurrent();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -259,7 +260,7 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Logged in
appPage.assertCurrent();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@@ -324,7 +325,7 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Logged in
appPage.assertCurrent();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -377,7 +378,7 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Logged in
appPage.assertCurrent();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -418,7 +419,7 @@ public class RequiredActionPriorityTest extends AbstractTestRealmKeycloakTest {
// Logged in
appPage.assertCurrent();
assertThat(appPage.getRequestType(), is(RequestType.AUTH_RESPONSE));
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionResetPasswordTest.java
+11 -6
View File
@@ -33,6 +33,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -116,7 +117,8 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -126,7 +128,7 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe
oauth.openLoginForm();
loginPage.login("test-user@localhost", "new-password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -144,7 +146,8 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe
OAuthClient oauth2 = oauth.newConfig().driver(driver2);
UserResource testUser = managedRealm.admin().users().get(findUser("test-user@localhost").getId());
oauth2.doLogin("test-user@localhost", "password");
EventRepresentation regularSession = events.expectLogin().assertEvent();
EventRepresentation regularSession = events.poll();
EventAssertion.expectLoginSuccess(regularSession);
assertEquals(1, testUser.getUserSessions().size());
// navigate to a neutral URL to then clear the cookies on that domain
@@ -154,7 +157,8 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe
// create an offline session
oauth2.scope(OAuth2Constants.OFFLINE_ACCESS);
AuthorizationEndpointResponse os = oauth2.doLogin("test-user@localhost", "password");
EventRepresentation offlineSession = events.expectLogin().assertEvent();
EventRepresentation offlineSession = events.poll();
EventAssertion.expectLoginSuccess(offlineSession);
AccessTokenResponse at = oauth2.doAccessTokenRequest(os.getCode());
String clientUuid = managedRealm.admin().clients().findByClientId(oauth2.getClientId()).get(0).getId();
assertEquals(1, testUser.getOfflineSessions(clientUuid).size());
@@ -183,7 +187,8 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe
events.expectRequiredAction(EventType.UPDATE_PASSWORD).detail(Details.CREDENTIAL_TYPE, PasswordCredentialModel.TYPE).assertEvent(true);
events.expectRequiredAction(EventType.UPDATE_CREDENTIAL).detail(Details.CREDENTIAL_TYPE, PasswordCredentialModel.TYPE).assertEvent();
EventRepresentation event2 = events.expectLogin().assertEvent();
EventRepresentation event2 = events.poll();
EventAssertion.expectLoginSuccess(event2);
List<UserSessionRepresentation> regularSessions = testUser.getUserSessions();
List<UserSessionRepresentation> offlineSessions = testUser.getOfflineSessions(clientUuid);
if (logoutOtherSessions) {
@@ -217,7 +222,7 @@ public class RequiredActionResetPasswordTest extends AbstractTestRealmKeycloakTe
);
oauth.openLoginForm();
loginUsernameOnlyPage.login("test-user@localhost");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
} finally {
//reset browser flow and delete username only flow
RealmRepresentation realm = managedRealm.admin().toRepresentation();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionTotpSetupTest.java
+14 -13
View File
@@ -43,6 +43,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
@@ -211,7 +212,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(userId).session(authSessionId1).detail(Details.USERNAME, "setuptotp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).sessionId(authSessionId1).userId(userId).details(Details.USERNAME, "setuptotp");
}
@Test
@@ -425,7 +426,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(authSessionId1, authSessionId2);
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().session(authSessionId1).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).sessionId(authSessionId1).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -442,7 +443,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals("Invalid authenticator code.", loginTotpPage.getInputError());
} else {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
}
@@ -504,7 +505,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
.detail(Details.CREDENTIAL_TYPE, OTPCredentialModel.TYPE)
.detail(Details.USERNAME, "setuptotp2").assertEvent();
EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setuptotp2").assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "setuptotp2").getEvent();
// Logout
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
@@ -526,7 +527,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
// Login with one-time password
loginTotpPage.login(totp.generateTOTP(totpCode));
loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "setupTotp2").assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "setupTotp2").getEvent();
// Remove google authenticator
Assertions.assertTrue(AccountHelper.deleteTotpAuthentication(managedRealm.admin(), "setupTotp2"));
@@ -556,7 +557,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(sessionId1, sessionId2);
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(userId).session(sessionId1).detail(Details.USERNAME, "setupTotp2").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).sessionId(sessionId1).userId(userId).details(Details.USERNAME, "setupTotp2");
} finally {
setOTPAuthRequirement(AuthenticationExecutionModel.Requirement.CONDITIONAL, AuthenticationExecutionModel.Requirement.ALTERNATIVE);
}
@@ -596,7 +597,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(sessionId1, sessionId2);
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).sessionId(sessionId1).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -614,7 +615,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// Revert
realmRep = adminClient.realm("test").toRepresentation();
@@ -656,7 +657,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(sessionId1, sessionId2);
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().session(sessionId1).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).sessionId(sessionId1).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -671,7 +672,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
loginEvent = events.expectLogin().assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
oauth.logoutForm().idTokenHint(tokenResponse.getIdToken()).withRedirect().open();
@@ -696,7 +697,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// Revert
realmRep = adminClient.realm("test").toRepresentation();
@@ -728,7 +729,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
UserResource testUser = managedRealm.admin().users().get(findUser("test-user@localhost").getId());
OAuthClient oauth2 = oauth.newConfig().driver(driver2);
oauth2.doLogin("test-user@localhost", "password");
EventRepresentation event1 = events.expectLogin().assertEvent();
EventRepresentation event1 = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
assertEquals(1, testUser.getUserSessions().size());
// add action to configure totp
@@ -759,7 +760,7 @@ public class RequiredActionTotpSetupTest extends AbstractTestRealmKeycloakTest {
.user(event1.getUserId())
.detail(Details.CREDENTIAL_TYPE, OTPCredentialModel.TYPE)
.detail(Details.USERNAME, "test-user@localhost").assertEvent();
event2 = events.expectLogin().user(event2.getUserId()).session(event2.getDetails().get(Details.CODE_ID)).detail(Details.USERNAME, "test-user@localhost").assertEvent();
event2 = EventAssertion.expectLoginSuccess(events.poll()).sessionId(event2.getDetails().get(Details.CODE_ID)).userId(event2.getUserId()).details(Details.USERNAME, "test-user@localhost").getEvent();
// assert old session is gone or is maintained
List<UserSessionRepresentation> sessions = testUser.getUserSessions();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateEmailTest.java
+3 -2
View File
@@ -37,6 +37,7 @@ import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.representations.userprofile.config.UPAttribute;
import org.keycloak.representations.userprofile.config.UPAttributePermissions;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.oauth.OAuthClient;
@@ -75,7 +76,7 @@ public class RequiredActionUpdateEmailTest extends AbstractRequiredActionUpdateE
UserResource testUser = managedRealm.admin().users().get(findUser("test-user@localhost").getId());
OAuthClient oauth2 = oauth.newConfig().driver(driver2);;
oauth2.doLogin("test-user@localhost", "password");
EventRepresentation event1 = events.expectLogin().assertEvent();
EventRepresentation event1 = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
assertEquals(1, testUser.getUserSessions().size());
// add the action and change it
@@ -92,7 +93,7 @@ public class RequiredActionUpdateEmailTest extends AbstractRequiredActionUpdateE
.detail(Details.UPDATED_EMAIL, "new@localhost").assertEvent();
assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation event2 = events.expectLogin().assertEvent();
EventRepresentation event2 = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
List<UserSessionRepresentation> sessions = testUser.getUserSessions();
if (logoutOtherSessions) {
assertEquals(1, sessions.size());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateEmailTestWithVerificationTest.java
+5 -1
View File
@@ -41,6 +41,7 @@ import org.keycloak.representations.idm.RequiredActionConfigRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.broker.util.SimpleHttpDefault;
@@ -160,7 +161,10 @@ public class RequiredActionUpdateEmailTestWithVerificationTest extends AbstractR
UserResource testUser = managedRealm.admin().users().get(findUser("test-user@localhost").getId());
OAuthClient oauth2 = oauth.newConfig().driver(driver2);
oauth2.doLogin("test-user@localhost", "password");
EventRepresentation event1 = events.expectLogin().detail(Details.REDIRECT_URI, getAuthServerContextRoot() + "/auth/realms/test/app/auth").assertEvent();
EventRepresentation event1 = events.poll();
EventAssertion.expectLoginSuccess(event1)
.details(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
.details(Details.REDIRECT_URI, getAuthServerContextRoot() + "/auth/realms/test/app/auth");
assertEquals(1, testUser.getUserSessions().size());
// add action and change email
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileTest.java
+13 -7
View File
@@ -35,6 +35,7 @@ import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.userprofile.config.UPAttribute;
import org.keycloak.representations.userprofile.config.UPAttributePermissions;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
@@ -134,7 +135,7 @@ public class RequiredActionUpdateProfileTest extends AbstractChangeImportedUserP
.assertEvent();
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// assert user is really updated in persistent store
user = ActionUtil.findUserWithAdminClient(adminClient, "test-user@localhost");
@@ -158,14 +159,19 @@ public class RequiredActionUpdateProfileTest extends AbstractChangeImportedUserP
updateProfilePage.prepareUpdate().username("new").firstName("New first").lastName("New last").email("john-doh@localhost").submit();
events.expectLogin().event(EventType.UPDATE_PROFILE).detail(Details.UPDATED_FIRST_NAME, "New first").user(userId).session(Matchers.nullValue(String.class)).removeDetail(Details.CONSENT)
.detail(Details.UPDATED_LAST_NAME, "New last").user(userId).session(Matchers.nullValue(String.class)).removeDetail(Details.CONSENT)
.detail(Details.USERNAME, "john-doh@localhost")
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.UPDATE_PROFILE)
.isCodeId()
.sessionId(null)
.userId(userId)
.details(Details.USERNAME, "john-doh@localhost")
.details(Details.UPDATED_FIRST_NAME, "New first")
.details(Details.UPDATED_LAST_NAME, "New last")
.withoutDetails(Details.CONSENT);
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().detail(Details.USERNAME, "john-doh@localhost").user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "john-doh@localhost").userId(userId);
// assert user is really updated in persistent store
UserRepresentation user = ActionUtil.findUserWithAdminClient(adminClient, "new");
@@ -437,7 +443,7 @@ public class RequiredActionUpdateProfileTest extends AbstractChangeImportedUserP
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// assert user is really updated in persistent store
userRep = ActionUtil.findUserWithAdminClient(adminClient, "test-user@localhost");
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/RequiredActionUpdateProfileWithUserProfileTest.java
+2 -1
View File
@@ -26,6 +26,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientScopeBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
@@ -283,7 +284,7 @@ public class RequiredActionUpdateProfileWithUserProfileTest extends AbstractTest
.assertEvent();
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// assert user is really updated in persistent store
UserRepresentation user = ActionUtil.findUserWithAdminClient(adminClient, USERNAME1);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/actions/TermsAndConditionsTest.java
+11 -13
View File
@@ -28,6 +28,7 @@ import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.messages.Messages;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
@@ -41,7 +42,6 @@ import org.keycloak.testsuite.util.UIUtils;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Rule;
@@ -105,7 +105,7 @@ public class TermsAndConditionsTest extends AbstractChangeImportedUserPasswordsT
AuthorizationEndpointResponse response = oauth.parseLoginResponse();
Assertions.assertNotNull(response.getCode());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// assert user attribute is properly set
UserRepresentation user = ActionUtil.findUserWithAdminClient(adminClient, "test-user@localhost");
@@ -141,11 +141,10 @@ public class TermsAndConditionsTest extends AbstractChangeImportedUserPasswordsT
Assertions.assertEquals(Messages.TERMS_AND_CONDITIONS_DECLINED, response.getErrorDescription());
// assert event
events.expectLogin().event(EventType.CUSTOM_REQUIRED_ACTION_ERROR).detail(Details.CUSTOM_REQUIRED_ACTION, TermsAndConditions.PROVIDER_ID)
EventAssertion.assertError(events.poll()).type(EventType.CUSTOM_REQUIRED_ACTION_ERROR).details(Details.CUSTOM_REQUIRED_ACTION, TermsAndConditions.PROVIDER_ID)
.error(Errors.REJECTED_BY_USER)
.removeDetail(Details.CONSENT)
.session(Matchers.nullValue(String.class))
.assertEvent();
.withoutDetails(Details.CONSENT)
.sessionId(null);
// assert user attribute is properly removed
UserRepresentation user = ActionUtil.findUserWithAdminClient(adminClient, "test-user@localhost");
@@ -172,13 +171,12 @@ public class TermsAndConditionsTest extends AbstractChangeImportedUserPasswordsT
WaitUtils.waitForPageToLoad();
events.expectLogin().event(EventType.CUSTOM_REQUIRED_ACTION_ERROR).detail(Details.CUSTOM_REQUIRED_ACTION, TermsAndConditions.PROVIDER_ID)
EventAssertion.assertError(events.poll()).type(EventType.CUSTOM_REQUIRED_ACTION_ERROR).details(Details.CUSTOM_REQUIRED_ACTION, TermsAndConditions.PROVIDER_ID)
.error(Errors.REJECTED_BY_USER)
.removeDetail(Details.CONSENT)
.session(Matchers.nullValue(String.class))
.client(Constants.ACCOUNT_CONSOLE_CLIENT_ID)
.detail(Details.REDIRECT_URI, getAuthServerContextRoot() + "/auth/realms/" + TEST_REALM_NAME + "/account")
.assertEvent();
.withoutDetails(Details.CONSENT)
.sessionId(null)
.clientId(Constants.ACCOUNT_CONSOLE_CLIENT_ID)
.details(Details.REDIRECT_URI, getAuthServerContextRoot() + "/auth/realms/" + TEST_REALM_NAME + "/account");
// assert user attribute is properly removed
@@ -213,7 +211,7 @@ public class TermsAndConditionsTest extends AbstractChangeImportedUserPasswordsT
assertTrue(appPage.isCurrent());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedAccessTest.java
+9 -16
View File
@@ -39,6 +39,7 @@ import org.keycloak.representations.idm.authorization.ResourcePermissionRepresen
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AssertEvents;
import org.junit.Before;
@@ -315,14 +316,10 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
String realmId = getRealm().toRepresentation().getId();
String clientId = client.toRepresentation().getClientId();
events.expectLogin().realm(realmId).client(clientId)
.user(koloId)
.clearDetails()
.assertEvent();
events.expectLogin().realm(realmId).client(clientId)
.user(koloId)
.clearDetails()
.assertEvent();
EventAssertion.assertSuccess(events.poll()).clientId(clientId)
.userId(koloId);
EventAssertion.assertSuccess(events.poll()).clientId(clientId)
.userId(koloId);
events.expect(EventType.PERMISSION_TOKEN_ERROR).realm(realmId).client(clientId).user(koloId)
.session((String) null)
.error("access_denied")
@@ -371,14 +368,10 @@ public class UserManagedAccessTest extends AbstractResourceServerTest {
assertPermissions(permissions, resource.getName(), "ScopeA", "ScopeB");
assertTrue(permissions.isEmpty());
events.expectLogin().realm(realmId).client(clientId)
.user(koloId)
.clearDetails()
.assertEvent();
events.expectLogin().realm(realmId).client(clientId)
.user(koloId)
.clearDetails()
.assertEvent();
EventAssertion.assertSuccess(events.poll()).type(EventType.LOGIN).hasSessionId().clientId(clientId)
.userId(koloId);
EventAssertion.assertSuccess(events.poll()).type(EventType.LOGIN).hasSessionId().clientId(clientId)
.userId(koloId);
events.expect(EventType.PERMISSION_TOKEN).realm(realmId).client(clientId).user(koloId)
.session((String) null)
.clearDetails()
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcMultipleTabsBrokerTest.java
+51 -48
View File
@@ -28,7 +28,10 @@ import org.keycloak.events.EventType;
import org.keycloak.models.Constants;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.events.EventMatchers;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.util.BrowserTabUtil;
@@ -36,6 +39,7 @@ import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.keycloak.testsuite.util.oauth.OAuthClient;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Rule;
import org.junit.Test;
@@ -146,18 +150,17 @@ public class KcOidcMultipleTabsBrokerTest extends AbstractInitializedBaseBroker
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
// Event for "already logged-in" in the provider realm
events.expectLogin().error(Errors.ALREADY_LOGGED_IN)
.realm(getProviderRealmId())
.client("brokerapp")
.user((String) null)
.session((String) null)
.removeDetail(Details.CONSENT)
.removeDetail(Details.CODE_ID)
.detail(Details.REDIRECT_URI, Matchers.equalTo(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint"))
.detail(Details.REDIRECTED_TO_CLIENT, "true")
.detail(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.detail(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value())
.assertEvent();
EventAssertion.assertError(events.poll()).error(Errors.ALREADY_LOGGED_IN)
.type(EventType.LOGIN_ERROR)
.clientId("brokerapp")
.userId(null)
.sessionId(null)
.withoutDetails(Details.CONSENT)
.withoutDetails(Details.CODE_ID)
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint")
.details(Details.REDIRECTED_TO_CLIENT, "true")
.details(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.details(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value());
// Event for "already logged-in" in the consumer realm
events.expect(EventType.IDENTITY_PROVIDER_LOGIN).error(Errors.ALREADY_LOGGED_IN)
@@ -224,18 +227,17 @@ public class KcOidcMultipleTabsBrokerTest extends AbstractInitializedBaseBroker
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
// Event for "already logged-in" in the provider realm
events.expectLogin().error(Errors.ALREADY_LOGGED_IN)
.realm(getProviderRealmId())
.client("brokerapp")
.user((String) null)
.session((String) null)
.removeDetail(Details.CONSENT)
.removeDetail(Details.CODE_ID)
.detail(Details.REDIRECT_URI, Matchers.equalTo(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint"))
.detail(Details.REDIRECTED_TO_CLIENT, "true")
.detail(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.detail(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value())
.assertEvent();
EventAssertion.assertError(events.poll()).error(Errors.ALREADY_LOGGED_IN)
.type(EventType.LOGIN_ERROR)
.clientId("brokerapp")
.userId(null)
.sessionId(null)
.withoutDetails(Details.CONSENT)
.withoutDetails(Details.CODE_ID)
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint")
.details(Details.REDIRECTED_TO_CLIENT, "true")
.details(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.details(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value());
// Event for "already logged-in" in the consumer realm
events.expect(EventType.IDENTITY_PROVIDER_LOGIN).error(Errors.ALREADY_LOGGED_IN)
@@ -297,18 +299,17 @@ public class KcOidcMultipleTabsBrokerTest extends AbstractInitializedBaseBroker
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
// Event for "already logged-in" in the provider realm
events.expectLogin().error(Errors.ALREADY_LOGGED_IN)
.realm(getProviderRealmId())
.client("brokerapp")
.user((String) null)
.session((String) null)
.removeDetail(Details.CONSENT)
.removeDetail(Details.CODE_ID)
.detail(Details.REDIRECT_URI, Matchers.equalTo(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint"))
.detail(Details.REDIRECTED_TO_CLIENT, "true")
.detail(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.detail(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value())
.assertEvent();
EventAssertion.assertError(events.poll()).error(Errors.ALREADY_LOGGED_IN)
.type(EventType.LOGIN_ERROR)
.clientId("brokerapp")
.userId(null)
.sessionId(null)
.withoutDetails(Details.CONSENT)
.withoutDetails(Details.CODE_ID)
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint")
.details(Details.REDIRECTED_TO_CLIENT, "true")
.details(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.details(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value());
// OIDC IDP on "consumer" will retry IDP login on the "provider"
events.expect(EventType.IDENTITY_PROVIDER_LOGIN)
@@ -325,22 +326,24 @@ public class KcOidcMultipleTabsBrokerTest extends AbstractInitializedBaseBroker
loginPage.login(bc.getUserPassword());
// Login finished on IDP (provider) as well as on "consumer" realm after being redirected there from "provider"
events.expectLogin()
.realm(getProviderRealmId())
.client("brokerapp")
.user(AssertEvents.isUUID())
.detail(Details.REDIRECT_URI, Matchers.equalTo(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint"))
.assertEvent();
EventRepresentation eventRep1 = EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.isCodeId()
.hasSessionId()
.clientId("brokerapp")
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint").getEvent();
MatcherAssert.assertThat(eventRep1.getUserId(), EventMatchers.isUUID());
Assertions.assertEquals(EventType.CODE_TO_TOKEN.name(), events.poll().getType());
Assertions.assertEquals(EventType.USER_INFO_REQUEST.name(), events.poll().getType());
events.expectLogin()
.realm(getConsumerRealmId())
.client("broker-app")
.user(AssertEvents.isUUID())
.detail(Details.IDENTITY_PROVIDER, bc.getIDPAlias())
.assertEvent();
EventRepresentation eventRep2 = EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.isCodeId()
.hasSessionId()
.clientId("broker-app")
.details(Details.IDENTITY_PROVIDER, bc.getIDPAlias()).getEvent();
MatcherAssert.assertThat(eventRep2.getUserId(), EventMatchers.isUUID());
// Being redirected back to consumer and then back to client right away. Authentication session on "consumer" realm is still valid, so no error here.
appPage.assertCurrent();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcSamlMultipleTabsBrokerTest.java
+34 -32
View File
@@ -22,6 +22,9 @@ package org.keycloak.testsuite.broker;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.events.EventMatchers;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.util.BrowserTabUtil;
@@ -29,6 +32,7 @@ import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.keycloak.testsuite.util.oauth.OAuthClient;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Rule;
import org.junit.Test;
@@ -97,16 +101,14 @@ public class KcSamlMultipleTabsBrokerTest extends AbstractInitializedBaseBrokerT
assertThat(tabUtil.getCountOfTabs(), Matchers.equalTo(1));
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
events.expectLogin().error(Errors.ALREADY_LOGGED_IN)
.realm(getProviderRealmId())
.client(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName())
.user((String) null)
.session((String) null)
.removeDetail(Details.CONSENT)
.removeDetail(Details.CODE_ID)
.detail(Details.REDIRECT_URI, Matchers.equalTo(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint"))
.detail(Details.REDIRECTED_TO_CLIENT, "true")
.assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.ALREADY_LOGGED_IN)
.clientId(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName())
.userId(null)
.sessionId(null)
.withoutDetails(Details.CONSENT)
.withoutDetails(Details.CODE_ID)
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint")
.details(Details.REDIRECTED_TO_CLIENT, "true");
// Event for "already logged-in" in the consumer realm
events.expect(EventType.IDENTITY_PROVIDER_LOGIN).error(Errors.ALREADY_LOGGED_IN)
@@ -165,16 +167,14 @@ public class KcSamlMultipleTabsBrokerTest extends AbstractInitializedBaseBrokerT
loginPage.login(bc.getUserLogin(), bc.getUserPassword());
// Event 1: Already-logged-in on provider
events.expectLogin().error(Errors.ALREADY_LOGGED_IN)
.realm(getProviderRealmId())
.client(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName())
.user((String) null)
.session((String) null)
.removeDetail(Details.CONSENT)
.removeDetail(Details.CODE_ID)
.detail(Details.REDIRECT_URI, Matchers.equalTo(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint"))
.detail(Details.REDIRECTED_TO_CLIENT, "true")
.assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.ALREADY_LOGGED_IN)
.clientId(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName())
.userId(null)
.sessionId(null)
.withoutDetails(Details.CONSENT)
.withoutDetails(Details.CODE_ID)
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint")
.details(Details.REDIRECTED_TO_CLIENT, "true");
// Event 2: Consumer redirecting to "provider" IDP for retry login
events.expect(EventType.IDENTITY_PROVIDER_LOGIN)
@@ -186,20 +186,22 @@ public class KcSamlMultipleTabsBrokerTest extends AbstractInitializedBaseBrokerT
.assertEvent();
// Event 3: Successful SSO login on "provider", which then redirects back to "consumer"
events.expectLogin()
.realm(getProviderRealmId())
.client(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName())
.user(AssertEvents.isUUID())
.detail(Details.REDIRECT_URI, Matchers.equalTo(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint"))
.assertEvent();
EventRepresentation eventRep1 = EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.isCodeId()
.hasSessionId()
.clientId(OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName())
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/realms/" + bc.consumerRealmName() + "/broker/" + bc.getIDPAlias() + "/endpoint").getEvent();
MatcherAssert.assertThat(eventRep1.getUserId(), EventMatchers.isUUID());
// Event 4: Successful login on "consumer"
events.expectLogin()
.realm(getConsumerRealmId())
.client("broker-app")
.user(AssertEvents.isUUID())
.detail(Details.IDENTITY_PROVIDER, bc.getIDPAlias())
.assertEvent();
EventRepresentation eventRep2 = EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.isCodeId()
.hasSessionId()
.clientId("broker-app")
.details(Details.IDENTITY_PROVIDER, bc.getIDPAlias()).getEvent();
MatcherAssert.assertThat(eventRep2.getUserId(), EventMatchers.isUUID());
// Authentication session on "consumer" realm is still valid, so no error here.
appPage.assertCurrent();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRedirectTest.java
+2 -1
View File
@@ -29,6 +29,7 @@ import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.constants.ServiceUrlConstants;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
@@ -104,7 +105,7 @@ public class ClientRedirectTest extends AbstractTestRealmKeycloakTest {
try {
log.debug("log in");
oauth.doLogin("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
String code = oauth.parseLoginResponse().getCode();
String idTokenHint = oauth.doAccessTokenRequest(code).getIdToken();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientSecretRotationTest.java
+3 -1
View File
@@ -37,6 +37,7 @@ import org.keycloak.services.clientpolicy.condition.ClientAccessTypeCondition.Co
import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory;
import org.keycloak.services.clientpolicy.executor.ClientSecretRotationExecutor;
import org.keycloak.services.clientpolicy.executor.ClientSecretRotationExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.account.AbstractRestServiceTest;
@@ -888,7 +889,8 @@ public class ClientSecretRotationTest extends AbstractRestServiceTest {
oauth.client(clientId, clientSecret);
oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).clientId(clientId);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/AbstractClientPoliciesTest.java
+5 -2
View File
@@ -122,6 +122,7 @@ import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFac
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientScopeBuilder;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -1384,7 +1385,8 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
oauth.client(clientId, clientSecret);
oauth.loginForm().nonce(nonce).state(state).request(request).requestUri(requestUri).doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).clientId(clientId);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -1402,7 +1404,8 @@ public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
oauth.loginForm().nonce("bjapewiziIE083d").codeChallenge(pkceGenerator).doLogin(userName, userPassword);
EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).clientId(clientId);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesExecutorTest.java
+7 -7
View File
@@ -88,6 +88,7 @@ import org.keycloak.services.clientpolicy.executor.SecureResponseTypeExecutorFac
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RoleBuilder;
import org.keycloak.testframework.realm.UserBuilder;
@@ -320,7 +321,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN);
oauth.loginForm().nonce("vbwe566fsfffds").doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -342,7 +343,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN + " " + OIDCResponseType.TOKEN); // token response type allowed
oauth.loginForm().nonce("cie8cjcwiw").doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
loginEvent = events.expectLogin().client(clientId).assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId).getEvent();
sessionId = loginEvent.getSessionId();
codeId = loginEvent.getDetails().get(Details.CODE_ID);
code = oauth.parseLoginResponse().getCode();
@@ -451,7 +452,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
oauth.responseType(OIDCResponseType.CODE + " " + OIDCResponseType.ID_TOKEN);
oauth.loginForm().nonce("LIVieviDie028f").doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
authorizationEndpointResponse = oauth.parseLoginResponse();
@@ -1430,9 +1431,8 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
oauth.client(clientId);
oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
EventRepresentation loginEvent = events.expectLogin()
.client(clientId)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.clientId(clientId).getEvent();
String sessionId = loginEvent.getSessionId();
String code = oauth.parseLoginResponse().getCode();
@@ -1521,7 +1521,7 @@ public class ClientPoliciesExecutorTest extends AbstractClientPoliciesTest {
oauth.client(clientId);
oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
events.expectLogin().client(clientId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId);
String code = oauth.parseLoginResponse().getCode();
// obtain access token
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesExtendedEventTest.java
+5 -4
View File
@@ -47,6 +47,7 @@ import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFac
import org.keycloak.services.clientpolicy.condition.ClientRolesConditionFactory;
import org.keycloak.services.clientpolicy.condition.ClientScopesConditionFactory;
import org.keycloak.services.clientpolicy.executor.SuppressRefreshTokenRotationExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RoleBuilder;
import org.keycloak.testframework.realm.UserBuilder;
@@ -417,7 +418,7 @@ public class ClientPoliciesExtendedEventTest extends AbstractClientPoliciesTest
oauth.client(clientId, clientSecret);
oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
events.expectLogin().client(clientId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId);
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = oauth.doAccessTokenRequest(code);
assertEquals(400, response.getStatusCode());
@@ -440,7 +441,7 @@ public class ClientPoliciesExtendedEventTest extends AbstractClientPoliciesTest
oauth.client(clientId, clientSecret);
oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -505,7 +506,7 @@ public class ClientPoliciesExtendedEventTest extends AbstractClientPoliciesTest
oauth.client(clientId, clientSecret);
oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
events.expectLogin().client(clientId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId);
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse res = oauth.doAccessTokenRequest(code);
@@ -690,7 +691,7 @@ public class ClientPoliciesExtendedEventTest extends AbstractClientPoliciesTest
oauth.client(clientId, clientSecret);
oauth.doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
events.expectLogin().client(clientId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId);
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = oauth.doAccessTokenRequest(code);
assertEquals(200, response.getStatusCode());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/policies/ClientPoliciesTest.java
+2 -1
View File
@@ -87,6 +87,7 @@ import org.keycloak.services.clientpolicy.executor.SecureClientAuthenticatorExec
import org.keycloak.services.clientpolicy.executor.SecureSessionEnforceExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SecureSigningAlgorithmForSignedJwtExecutorFactory;
import org.keycloak.services.clientpolicy.executor.SuppressRefreshTokenRotationExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RoleBuilder;
import org.keycloak.testframework.realm.UserBuilder;
@@ -1249,7 +1250,7 @@ public class ClientPoliciesTest extends AbstractClientPoliciesTest {
oauth.loginForm().request(request).doLogin(TEST_USER_NAME, TEST_USER_PASSWORD);
// check an authorization response
EventRepresentation loginEvent = events.expectLogin().client(clientId).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/docker/DockerClientTest.java
+9 -9
View File
@@ -21,6 +21,7 @@ import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -208,15 +209,14 @@ public class DockerClientTest extends AbstractKeycloakTest {
}
private void assertLogin(UserRepresentation dockerUser) {
events.expectLogin()
.realm(REALM_ID)
.ipAddress(Matchers.any(String.class))
.client(CLIENT_ID)
.user(dockerUser.getId())
.detail(Details.AUTH_METHOD, DockerAuthV2Protocol.LOGIN_PROTOCOL)
.detail(Details.USERNAME, DOCKER_USER)
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.isCodeId()
.clientId(CLIENT_ID)
.userId(dockerUser.getId())
.details(Details.AUTH_METHOD, DockerAuthV2Protocol.LOGIN_PROTOCOL)
.details(Details.USERNAME, DOCKER_USER)
.withoutDetails(Details.REDIRECT_URI);
}
private void assertLoginErrorClientDisabled() {
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosSingleRealmTest.java
+5 -5
View File
@@ -36,6 +36,7 @@ import org.keycloak.representations.UserInfo;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.AccountHelper;
@@ -162,11 +163,10 @@ public abstract class AbstractKerberosSingleRealmTest extends AbstractKerberosTe
Assertions.assertEquals(302, spnegoResponse.getStatus());
List<UserRepresentation> users = testRealmResource().users().search("jduke", 0, 1);
String userId = users.get(0).getId();
events.expectLogin()
.client("kerberos-app")
.user(userId)
.detail(Details.USERNAME, "jduke")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId("kerberos-app")
.userId(userId)
.details(Details.USERNAME, "jduke");
String codeUrl = spnegoResponse.getLocation().toString();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.java
+5 -5
View File
@@ -53,6 +53,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -202,11 +203,10 @@ public abstract class AbstractKerberosTest extends AbstractAuthTest {
List<UserRepresentation> users = testRealmResource().users().search(expectedUsername, 0, 1);
String userId = users.get(0).getId();
events.expectLogin()
.client(clientId)
.user(userId)
.detail(Details.USERNAME, expectedUsername)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId(clientId)
.userId(userId)
.details(Details.USERNAME, expectedUsername);
String codeUrl = spnegoResponse.getLocation().toString();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/kerberos/KerberosLdapTest.java
+5 -5
View File
@@ -36,6 +36,7 @@ import org.keycloak.storage.ldap.LDAPStorageProviderFactory;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.storage.ldap.kerberos.LDAPProviderKerberosConfig;
import org.keycloak.storage.user.SynchronizationResult;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.KerberosEmbeddedServer;
import org.keycloak.testsuite.federation.ldap.LDAPTestAsserts;
import org.keycloak.testsuite.federation.ldap.LDAPTestContext;
@@ -213,11 +214,10 @@ public class KerberosLdapTest extends AbstractKerberosSingleRealmTest {
Assertions.assertEquals(302, spnegoResponse.getStatus());
List<UserRepresentation> users = testRealmResource().users().search("jduke", 0, 1);
String userId = users.get(0).getId();
events.expectLogin()
.client("kerberos-app")
.user(userId)
.detail(Details.USERNAME, "jduke")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId("kerberos-app")
.userId(userId)
.details(Details.USERNAME, "jduke");
String codeUrl = spnegoResponse.getLocation().toString();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPProvidersIntegrationTest.java
+3 -2
View File
@@ -71,6 +71,7 @@ import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapper;
import org.keycloak.storage.ldap.mappers.HardcodedLDAPRoleStorageMapperFactory;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.storage.ldap.mappers.UserAttributeLDAPStorageMapper;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.admin.ApiUtil;
@@ -626,7 +627,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
String userId = user.toRepresentation().getId();
events.expectRegister(username, email).assertEvent();
EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
appPage.logout(tokenResponse.getIdToken());
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
@@ -660,7 +661,7 @@ public class LDAPProvidersIntegrationTest extends AbstractLDAPTest {
appPage.assertCurrent();
events.expect(EventType.UPDATE_PASSWORD).detail(Details.CREDENTIAL_TYPE, PasswordCredentialModel.TYPE).user(userId).assertEvent();
events.expect(EventType.UPDATE_CREDENTIAL).detail(Details.CREDENTIAL_TYPE, PasswordCredentialModel.TYPE).user(userId).assertEvent();
loginEvent = events.expectLogin().user(userId).assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).getEvent();
tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
appPage.logout(tokenResponse.getIdToken());
events.expectLogout(loginEvent.getSessionId()).user(userId);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest.java
+2 -1
View File
@@ -31,6 +31,7 @@ import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.ldap.idm.model.LDAPObject;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.EnableVault;
import org.keycloak.testsuite.pages.AppPage;
@@ -154,7 +155,7 @@ public class LDAPUserLoginTest extends AbstractLDAPTest {
appPage.assertCurrent();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
EventRepresentation loginEvent = events.expectLogin().user(userId).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
appPage.logout(tokenResponse.getIdToken());
events.expectLogout(loginEvent.getSessionId()).user(userId).assertEvent();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/ClientStorageTest.java
+16 -14
View File
@@ -36,6 +36,7 @@ import org.keycloak.OAuth2Constants;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.component.ComponentModel;
import org.keycloak.events.Details;
import org.keycloak.events.EventType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
@@ -50,6 +51,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.storage.CacheableStorageProviderModel;
import org.keycloak.storage.client.ClientStorageProvider;
import org.keycloak.storage.client.ClientStorageProviderModel;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
@@ -254,7 +256,7 @@ public class ClientStorageTest extends AbstractTestRealmKeycloakTest {
AuthorizationEndpointResponse response = oauth.doLogin("test-user@localhost", "password");
appPage.assertCurrent();
events.expectLogin().client(clientId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId).details(Details.USERNAME, "test-user@localhost");
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(response.getCode());
Assertions.assertNotNull(tokenResponse.getAccessToken());
@@ -457,19 +459,19 @@ public class ClientStorageTest extends AbstractTestRealmKeycloakTest {
String offlineTokenString = tokenResponse.getRefreshToken();
RefreshToken offlineToken = oauth.parseRefreshToken(offlineTokenString);
events.expectLogin()
.client("hardcoded-client")
.user(userId)
.session(token.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, token.getId())
.detail(Details.REFRESH_TOKEN_ID, offlineToken.getId())
.detail(Details.REFRESH_TOKEN_TYPE, TokenUtil.TOKEN_TYPE_OFFLINE)
.detail(Details.USERNAME, "test-user@localhost")
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.clientId("hardcoded-client")
.userId(userId)
.sessionId(token.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, token.getId())
.details(Details.REFRESH_TOKEN_ID, offlineToken.getId())
.details(Details.REFRESH_TOKEN_TYPE, TokenUtil.TOKEN_TYPE_OFFLINE)
.details(Details.USERNAME, "test-user@localhost")
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
Assertions.assertEquals(TokenUtil.TOKEN_TYPE_OFFLINE, offlineToken.getType());
Assertions.assertNull(offlineToken.getExp());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageFailureTest.java
+8 -5
View File
@@ -45,6 +45,8 @@ import org.keycloak.storage.UserStoragePrivateUtil;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.storage.UserStorageUtil;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.events.EventMatchers;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.auth.page.AuthRealm;
@@ -55,6 +57,7 @@ import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.keycloak.testsuite.util.oauth.OAuthClient;
import org.hamcrest.MatcherAssert;
import org.jboss.arquillian.container.test.api.ContainerController;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
@@ -164,11 +167,11 @@ public class UserStorageFailureTest extends AbstractTestRealmKeycloakTest {
oauth.redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/offline-client");
oauth.doLogin(FailableHardcodedStorageProvider.username, "password");
EventRepresentation loginEvent = events.expectLogin()
.user(AssertEvents.isUUID())
.client("offline-client")
.detail(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/offline-client")
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.clientId("offline-client")
.details(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
.details(Details.REDIRECT_URI, OAuthClient.AUTH_SERVER_ROOT + "/offline-client").getEvent();
MatcherAssert.assertThat(loginEvent.getUserId(), EventMatchers.isUUID());
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/storage/UserStorageOTPTest.java
+4 -3
View File
@@ -37,6 +37,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert;
@@ -181,7 +182,7 @@ public class UserStorageOTPTest extends AbstractTestRealmKeycloakTest {
events.expect(EventType.UPDATE_CREDENTIAL)
.detail(Details.CREDENTIAL_TYPE, OTPCredentialModel.TYPE)
.user(userRep.getId()).assertEvent();
EventRepresentation loginEvent = events.expectLogin().user(userRep.getId()).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userRep.getId()).getEvent();
String idTokenHint = sendTokenRequestAndGetResponse(loginEvent).getIdToken();
appPage.logout(idTokenHint);
events.expectLogout(loginEvent.getSessionId()).user(userRep.getId()).assertEvent();
@@ -193,7 +194,7 @@ public class UserStorageOTPTest extends AbstractTestRealmKeycloakTest {
loginTotpPage.login(DummyUserFederationProvider.HARDCODED_OTP);
appPage.assertCurrent();
loginEvent = events.expectLogin().user(userRep.getId()).assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userRep.getId()).getEvent();
idTokenHint = sendTokenRequestAndGetResponse(loginEvent).getIdToken();
appPage.logout(idTokenHint);
events.expectLogout(loginEvent.getSessionId()).user(userRep.getId()).assertEvent();
@@ -205,7 +206,7 @@ public class UserStorageOTPTest extends AbstractTestRealmKeycloakTest {
loginTotpPage.login(totp.generateTOTP(totpSecret));
appPage.assertCurrent();
loginEvent = events.expectLogin().user(userRep.getId()).assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userRep.getId()).getEvent();
idTokenHint = sendTokenRequestAndGetResponse(loginEvent).getIdToken();
appPage.logout(idTokenHint);
events.expectLogout(loginEvent.getSessionId()).user(userRep.getId()).assertEvent();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AllowDenyAuthenticatorTest.java
+33 -38
View File
@@ -14,6 +14,7 @@ import org.keycloak.authentication.authenticators.directgrant.ValidateUsername;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.ErrorPage;
@@ -97,13 +98,13 @@ public class AllowDenyAuthenticatorTest extends AbstractChangeImportedUserPasswo
errorPage.assertCurrent();
assertThat(errorPage.getError(), is(expectedMessage));
events.expectLogin()
.user((String) null)
.session((String) null)
EventAssertion.expectLoginError(events.poll())
.userId(null)
.sessionId(null)
.error(Errors.ACCESS_DENIED)
.detail(Details.USERNAME, userWithoutAttribute)
.removeDetail(Details.CONSENT)
.assertEvent();
.details(Details.USERNAME, userWithoutAttribute)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
} finally {
revertFlows(managedRealm.admin(), flowAlias);
}
@@ -136,13 +137,13 @@ public class AllowDenyAuthenticatorTest extends AbstractChangeImportedUserPasswo
errorPage.assertCurrent();
assertThat(errorPage.getError(), is(errorMessage));
events.expectLogin()
.user((String) null)
.session((String) null)
EventAssertion.expectLoginError(events.poll())
.userId(null)
.sessionId(null)
.error(Errors.ACCESS_DENIED)
.detail(Details.USERNAME, userWithoutAttribute)
.removeDetail(Details.CONSENT)
.assertEvent();
.details(Details.USERNAME, userWithoutAttribute)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
} finally {
revertFlows(managedRealm.admin(), flowAlias);
}
@@ -172,13 +173,13 @@ public class AllowDenyAuthenticatorTest extends AbstractChangeImportedUserPasswo
errorPage.assertCurrent();
assertThat(errorPage.getError(), is(errorMessage));
events.expectLogin()
.user((String) null)
.session((String) null)
EventAssertion.expectLoginError(events.poll())
.userId(null)
.sessionId(null)
.error(Errors.ACCESS_DENIED)
.detail(Details.USERNAME, userWithoutAttribute)
.removeDetail(Details.CONSENT)
.assertEvent();
.details(Details.USERNAME, userWithoutAttribute)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
} finally {
revertFlows(managedRealm.admin(), flowAlias);
}
@@ -240,13 +241,13 @@ public class AllowDenyAuthenticatorTest extends AbstractChangeImportedUserPasswo
errorPage.assertCurrent();
assertThat(errorPage.getError(), is(errorMessage));
events.expectLogin()
.user((String) null)
.session((String) null)
EventAssertion.expectLoginError(events.poll())
.userId(null)
.sessionId(null)
.error(Errors.ACCESS_DENIED)
.detail(Details.USERNAME, userCondMatch)
.removeDetail(Details.CONSENT)
.assertEvent();
.details(Details.USERNAME, userCondMatch)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
final String userCondNotMatchId = managedRealm.admin().users().search(userCondNotMatch).get(0).getId();
@@ -257,10 +258,8 @@ public class AllowDenyAuthenticatorTest extends AbstractChangeImportedUserPasswo
passwordPage.assertCurrent();
passwordPage.login(getPassword(userCondNotMatch));
events.expectLogin().user(userCondNotMatchId)
.detail(Details.USERNAME, userCondNotMatch)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userCondNotMatchId)
.details(Details.USERNAME, userCondNotMatch);
} finally {
revertFlows(managedRealm.admin(), flowAlias);
}
@@ -290,11 +289,9 @@ public class AllowDenyAuthenticatorTest extends AbstractChangeImportedUserPasswo
passwordPage.assertCurrent();
passwordPage.login(getPassword(userWithoutRole));
events.expectLogin()
.user(testUserWithoutRoleId)
.detail(Details.USERNAME, userWithoutRole)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(testUserWithoutRoleId)
.details(Details.USERNAME, userWithoutRole);
} finally {
revertFlows(managedRealm.admin(), newFlowAlias);
}
@@ -321,11 +318,9 @@ public class AllowDenyAuthenticatorTest extends AbstractChangeImportedUserPasswo
final String testUserWithRoleId = managedRealm.admin().users().search(userWithRole).get(0).getId();
events.expectLogin()
.user(testUserWithRoleId)
.detail(Details.USERNAME, userWithRole)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(testUserWithRoleId)
.details(Details.USERNAME, userWithRole);
} finally {
revertFlows(managedRealm.admin(), newFlowAlias);
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AuthenticatorSubflowsTest.java
+4 -3
View File
@@ -26,6 +26,7 @@ import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.RealmModel;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.authentication.ExpectedParamAuthenticator;
@@ -269,7 +270,7 @@ public class AuthenticatorSubflowsTest extends AbstractChangeImportedUserPasswor
oauth.fillLoginForm("test-user@localhost", getPassword("test-user@localhost"));
appPage.assertCurrent();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
}
@@ -290,7 +291,7 @@ public class AuthenticatorSubflowsTest extends AbstractChangeImportedUserPasswor
oauth.fillLoginForm("test-user@localhost", getPassword("test-user@localhost"));
appPage.assertCurrent();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
}
@@ -311,7 +312,7 @@ public class AuthenticatorSubflowsTest extends AbstractChangeImportedUserPasswor
//
// appPage.assertCurrent();
//
// events.expectLogin().detail(Details.USERNAME, "john-doh@localhost").assertEvent();
// EventAssertion.expectLoginSuccessWithSessionAndDetails(events.poll()).details(Details.USERNAME, "john-doh@localhost").assertEvent();
// }
//
//
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/AuthenticatorSubflowsTest2.java
+3 -2
View File
@@ -26,6 +26,7 @@ import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
import org.keycloak.models.RealmModel;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.authentication.ExpectedParamAuthenticator;
@@ -168,7 +169,7 @@ public class AuthenticatorSubflowsTest2 extends AbstractChangeImportedUserPasswo
oauth.fillLoginForm("test-user@localhost", getPassword("test-user@localhost"));
appPage.assertCurrent();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
}
@@ -187,7 +188,7 @@ public class AuthenticatorSubflowsTest2 extends AbstractChangeImportedUserPasswo
pushTheButtonPage.submit();
appPage.assertCurrent();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BrowserFlowTest.java
+21 -22
View File
@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.RoleBuilder;
import org.keycloak.testsuite.AbstractAuthenticationTest;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
@@ -716,8 +717,8 @@ public class BrowserFlowTest extends AbstractChangeImportedUserPasswordsTest {
loginTotpPage.login(getOtpCode(USER_WITH_ONE_OTP_OTP_SECRET));
Assertions.assertFalse(loginTotpPage.isCurrent());
events.expectLogin().user(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.details(Details.USERNAME, "user-with-one-configured-otp");
} finally {
revertFlows("browser - copy 1");
@@ -769,11 +770,12 @@ public class BrowserFlowTest extends AbstractChangeImportedUserPasswordsTest {
try {
String userId = managedRealm.admin().users().search("user-with-two-configured-otp").get(0).getId();
provideUsernamePassword("user-with-two-configured-otp");
events.expectLogin().user(userId).session((String) null)
EventAssertion.expectLoginError(events.poll()).userId(userId)
.sessionId(null)
.error("invalid_user_credentials")
.detail(Details.USERNAME, "user-with-two-configured-otp")
.removeDetail(Details.CONSENT)
.assertEvent();
.details(Details.USERNAME, "user-with-two-configured-otp")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
// Assert on otp page now
Assertions.assertTrue(oneTimeCodePage.isOtpLabelPresent());
@@ -782,7 +784,7 @@ public class BrowserFlowTest extends AbstractChangeImportedUserPasswordsTest {
loginTotpPage.login(getOtpCode(USER_WITH_TWO_OTPS_OTP1_SECRET));
Assertions.assertFalse(loginTotpPage.isCurrent());
events.expectLogin().user(userId).detail(Details.USERNAME, "user-with-two-configured-otp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "user-with-two-configured-otp");
} finally {
revertFlows("browser - copy 1");
}
@@ -800,15 +802,14 @@ public class BrowserFlowTest extends AbstractChangeImportedUserPasswordsTest {
try {
String userId = managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId();
provideUsernamePassword("user-with-one-configured-otp");
events.expectLogin().user(userId).session((String) null)
EventAssertion.expectLoginError(events.poll()).userId(userId).sessionId(null)
.error("invalid_user_credentials")
.detail(Details.USERNAME, "user-with-one-configured-otp")
.removeDetail(Details.CONSENT)
.assertEvent();
.details(Details.USERNAME, "user-with-one-configured-otp")
.withoutDetails(Details.CONSENT);
// Assert not on otp page now
Assertions.assertFalse(oneTimeCodePage.isOtpLabelPresent());
Assertions.assertFalse(loginTotpPage.isCurrent());
events.expectLogin().user(userId).detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "user-with-one-configured-otp");
} finally {
revertFlows("browser - copy 1");
@@ -1055,10 +1056,9 @@ public class BrowserFlowTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.login(user.getUsername(), getPassword("test-user@localhost"));
Assertions.assertFalse(loginPage.isCurrent());
events.expectLogin()
.user(user)
.detail(Details.USERNAME, "test-user@localhost")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, "test-user@localhost");
}
/**
@@ -1102,10 +1102,9 @@ public class BrowserFlowTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertFalse(loginUsernameOnlyPage.isCurrent());
Assertions.assertFalse(passwordPage.isCurrent());
events.expectLogin()
.user(user)
.detail(Details.USERNAME, "test-user@localhost")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, "test-user@localhost");
} finally {
revertFlows("browser - alternative");
}
@@ -1191,8 +1190,8 @@ public class BrowserFlowTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertFalse(loginPage.isCurrent());
Assertions.assertFalse(oneTimeCodePage.isOtpLabelPresent());
events.expectLogin().user(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.details(Details.USERNAME, "user-with-one-configured-otp");
} finally {
revertFlows(newFlowAlias);
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/BruteForceTest.java
+14 -13
View File
@@ -43,6 +43,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.BruteForceProtector;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
@@ -1171,15 +1172,15 @@ public class BruteForceTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.assertCurrent();
Assertions.assertEquals("Invalid username or password.", loginPage.getInputError());
ExpectedEvent event = events.expectLogin()
.session((String) null)
EventRepresentation event = EventAssertion.expectLoginError(events.poll())
.sessionId(null)
.error(Errors.USER_TEMPORARILY_DISABLED)
.detail(Details.USERNAME, username)
.removeDetail(Details.CONSENT);
.details(Details.USERNAME, username)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT).getEvent();
if (userId != null) {
event.user(userId);
Assertions.assertEquals(userId, event.getUserId());
}
event.assertEvent();
}
public void expectPermanentlyDisabled() {
@@ -1192,12 +1193,12 @@ public class BruteForceTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.assertCurrent();
Assertions.assertEquals("Invalid username or password.", loginPage.getInputError());
ExpectedEvent event = events.expectLogin()
.session((String) null)
EventAssertion.expectLoginError(events.poll())
.sessionId(null)
.error(Errors.USER_DISABLED)
.detail(Details.USERNAME, username)
.removeDetail(Details.CONSENT);
event.assertEvent();
.details(Details.USERNAME, username)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
UserRepresentation user = managedRealm.admin().users().search(username, true).get(0);
user = managedRealm.admin().users().get(user.getId()).toRepresentation();
List<String> disabledReason = user.getAttributes().get(UserModel.DISABLED_REASON);
@@ -1221,7 +1222,7 @@ public class BruteForceTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
String code = oauth.parseLoginResponse().getCode();
String idTokenHint = oauth.doAccessTokenRequest(code ).getIdToken();
@@ -1249,7 +1250,7 @@ public class BruteForceTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
String code = oauth.parseLoginResponse().getCode();
String idTokenHint = oauth.doAccessTokenRequest(code).getIdToken();
appPage.logout(idTokenHint);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ConditionalUserAttributeAuthenticatorTest.java
+10 -11
View File
@@ -16,6 +16,7 @@ import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.GroupBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
@@ -118,11 +119,9 @@ public class ConditionalUserAttributeAuthenticatorTest extends AbstractTestRealm
passwordPage.assertCurrent();
passwordPage.login(PASSWORD);
events.expectLogin()
.user(testUserId)
.detail(Details.USERNAME, user)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(testUserId)
.details(Details.USERNAME, user);
AccountHelper.logout(managedRealm.admin(), user);
}
@@ -147,13 +146,13 @@ public class ConditionalUserAttributeAuthenticatorTest extends AbstractTestRealm
errorPage.assertCurrent();
assertThat(errorPage.getError(), is(errorMessage));
events.expectLogin()
.user((String) null)
.session((String) null)
EventAssertion.expectLoginError(events.poll())
.userId(null)
.sessionId(null)
.error(Errors.ACCESS_DENIED)
.detail(Details.USERNAME, user)
.removeDetail(Details.CONSENT)
.assertEvent();
.details(Details.USERNAME, user)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
} finally {
revertFlows(managedRealm.admin(), flowAlias);
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomFlowTest.java
+25 -23
View File
@@ -29,6 +29,7 @@ import org.keycloak.authentication.authenticators.x509.AbstractX509ClientCertifi
import org.keycloak.authentication.authenticators.x509.ValidateX509CertificateUsernameFactory;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
@@ -39,6 +40,7 @@ import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.AuthenticationExecutionBuilder;
import org.keycloak.testframework.realm.AuthenticationFlowBuilder;
import org.keycloak.testframework.realm.ClientBuilder;
@@ -310,7 +312,7 @@ public class CustomFlowTest extends AbstractFlowTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
@@ -342,15 +344,15 @@ public class CustomFlowTest extends AbstractFlowTest {
assertEquals(401, response.getStatusCode());
assertEquals("invalid_client", response.getError());
events.expectLogin()
.client((String) null)
.user((String) null)
.session((String) null)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.error(Errors.CLIENT_NOT_FOUND)
.assertEvent();
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId(null)
.userId(null)
.sessionId(null)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT)
.error(Errors.CLIENT_NOT_FOUND);
state.setClientId("test-app");
testingClient.testing().updateAuthenticator(state);
@@ -372,19 +374,19 @@ public class CustomFlowTest extends AbstractFlowTest {
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
events.expectLogin()
.client(clientId)
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, login)
.detail(Details.CLIENT_AUTH_METHOD, PassThroughClientAuthenticator.PROVIDER_ID)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.clientId(clientId)
.userId(userId)
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.details(Details.USERNAME, login)
.details(Details.CLIENT_AUTH_METHOD, PassThroughClientAuthenticator.PROVIDER_ID)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
assertEquals(accessToken.getSessionState(), refreshToken.getSessionState());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/CustomRegistrationFlowTest.java
+2 -1
View File
@@ -20,6 +20,7 @@ import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.AuthenticationExecutionBuilder;
import org.keycloak.testframework.realm.AuthenticationFlowBuilder;
import org.keycloak.testsuite.AssertEvents;
@@ -99,7 +100,7 @@ public class CustomRegistrationFlowTest extends AbstractFlowTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId = events.expectRegister(PassThroughRegistration.username, PassThroughRegistration.email).assertEvent().getUserId();
events.expectLogin().detail("username", PassThroughRegistration.username).user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details("username", PassThroughRegistration.username).userId(userId);
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/FlowOverrideTest.java
+3 -2
View File
@@ -46,6 +46,7 @@ import org.keycloak.models.jpa.entities.AuthenticationFlowEntity;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
@@ -216,7 +217,7 @@ public class FlowOverrideTest extends AbstractFlowTest {
oauth.fillLoginForm("test-user@localhost", getPassword("test-user@localhost"));
appPage.assertCurrent();
events.expectLogin().client("test-app-flow").detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId("test-app-flow").details(Details.USERNAME, "test-user@localhost");
}
@Test
@@ -248,7 +249,7 @@ public class FlowOverrideTest extends AbstractFlowTest {
oauth.fillLoginForm("test-user@localhost", getPassword("test-user@localhost"));
appPage.assertCurrent();
events.expectLogin().client(clientId).detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId).details(Details.USERNAME, "test-user@localhost");
}
@Test
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LevelOfAssuranceFlowTest.java
+3 -1
View File
@@ -61,6 +61,7 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractAuthenticationTest;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
@@ -1173,7 +1174,8 @@ public class LevelOfAssuranceFlowTest extends AbstractChangeImportedUserPassword
}
private TokenCtx assertLoggedInWithAcr(String acr) {
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
IDToken idToken = oauth.verifyIDToken(tokenResponse.getIdToken());
Assertions.assertEquals(acr, idToken.getAcr());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginHotpTest.java
+11 -10
View File
@@ -24,6 +24,7 @@ import org.keycloak.models.credential.OTPCredentialModel;
import org.keycloak.models.utils.HmacOTP;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
@@ -110,9 +111,9 @@ public class LoginHotpTest extends AbstractChangeImportedUserPasswordsTest {
//loginPage.assertCurrent(); // Invalid authenticator code.
//Assert.assertEquals("Invalid username or password.", loginPage.getError());
events.expectLogin().error("invalid_user_credentials").session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).error("invalid_user_credentials").sessionId(null)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
@Test
@@ -129,9 +130,9 @@ public class LoginHotpTest extends AbstractChangeImportedUserPasswordsTest {
//loginPage.assertCurrent(); // Invalid authenticator code.
//Assert.assertEquals("Invalid username or password.", loginPage.getError());
events.expectLogin().error("invalid_user_credentials").session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).error("invalid_user_credentials").sessionId(null)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
@Test
@@ -147,7 +148,7 @@ public class LoginHotpTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -159,8 +160,8 @@ public class LoginHotpTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Invalid username or password.", loginPage.getInputError());
events.expectLogin().error("invalid_user_credentials").session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).error("invalid_user_credentials").sessionId(null)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTest.java
+71 -77
View File
@@ -51,6 +51,8 @@ import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.events.EventMatchers;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
@@ -245,7 +247,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.assertCurrent();
loginPage.login("login-test", getPassword("login-test"));
events.expectLogin().user(userId).detail(OAuth2Constants.REDIRECT_URI, longRedirectUri).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.REDIRECT_URI, longRedirectUri);
}
}
@@ -262,17 +264,17 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Invalid username or password.", loginPage.getUsernameInputError());
assertNull(loginPage.getPasswordInputError());
events.expectLogin().user(user2Id).session((String) null).error("invalid_user_credentials")
.detail(Details.USERNAME, "login-test2")
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).userId(user2Id).sessionId(null).error("invalid_user_credentials")
.details(Details.USERNAME, "login-test2")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
loginPage.login("login-test", getPassword("login-test"));
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
@@ -289,10 +291,10 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Invalid username or password.", loginPage.getUsernameInputError());
assertNull(loginPage.getPasswordInputError());
events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials")
.detail(Details.USERNAME, "login-test")
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).userId(userId).sessionId(null).error("invalid_user_credentials")
.details(Details.USERNAME, "login-test")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
@Test
@@ -309,10 +311,10 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Invalid username or password.", loginPage.getUsernameInputError());
assertNull(loginPage.getPasswordInputError());
events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials")
.detail(Details.USERNAME, "login-test")
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).userId(userId).sessionId(null).error("invalid_user_credentials")
.details(Details.USERNAME, "login-test")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
private void setUserEnabled(String id, boolean enabled) {
@@ -338,10 +340,10 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
// KEYCLOAK-2024
Assertions.assertEquals("Invalid username or password.", loginPage.getInputError());
events.expectLogin().user(userId).session((String) null).error("invalid_user_credentials")
.detail(Details.USERNAME, "login-test")
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).userId(userId).sessionId(null).error("invalid_user_credentials")
.details(Details.USERNAME, "login-test")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
} finally {
setUserEnabled(userId, true);
}
@@ -364,10 +366,10 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
// KEYCLOAK-2024
Assertions.assertEquals("Account is disabled, contact your administrator.", loginPage.getError());
events.expectLogin().user(userId).session((String) null).error("user_disabled")
.detail(Details.USERNAME, "login-test")
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).userId(userId).sessionId(null).error("user_disabled")
.details(Details.USERNAME, "login-test")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
} finally {
setUserEnabled(userId, true);
}
@@ -411,17 +413,17 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Invalid username or password.", loginPage.getInputError());
events.expectLogin().user((String) null).session((String) null).error("user_not_found")
.detail(Details.USERNAME, "invalid")
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).userId(null).sessionId(null).error("user_not_found")
.details(Details.USERNAME, "invalid")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
loginPage.login("login-test", getPassword("login-test"));
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
@@ -433,9 +435,9 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Invalid username or password.", loginPage.getInputError());
events.expectLogin().user((String) null).session((String) null).error("user_not_found")
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).userId(null).sessionId(null).error("user_not_found")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
@Test
@@ -447,7 +449,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login@test.com").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login@test.com");
}
@Test
@@ -458,7 +460,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
@@ -471,7 +473,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
driver.navigate().to(getAuthServerContextRoot() + "/auth/realms/test/");
String keycloakIdentity = driver.manage().getCookieNamed("KEYCLOAK_IDENTITY").getValue();
@@ -509,7 +511,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
@@ -520,7 +522,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId);
}
private void setPasswordPolicy(String policy) {
@@ -556,7 +558,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
String pageSource = driver.getPageSource();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType(), "bad expectation, on page: " + currentUrl);
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
} finally {
setPasswordPolicy(null);
@@ -581,7 +583,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
setTimeOffset(0);
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
} finally {
setPasswordPolicy(null);
}
@@ -597,7 +599,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
setTimeOffset(0);
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent().getSessionId();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
@@ -610,7 +612,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
@@ -621,7 +623,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId);
}
private void setRememberMe(boolean enabled) {
@@ -649,10 +651,9 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
EventRepresentation loginEvent = events.expectLogin().user(userId)
.detail(Details.USERNAME, "login-test")
.detail(Details.REMEMBER_ME, "true")
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId)
.details(Details.USERNAME, "login-test")
.details(Details.REMEMBER_ME, "true").getEvent();
String sessionId = loginEvent.getSessionId();
// Expire session
@@ -687,9 +688,8 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
EventRepresentation loginEvent = events.expectLogin().user(userId)
.detail(Details.USERNAME, "login-test")
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId)
.details(Details.USERNAME, "login-test").getEvent();
// check remember me is not set although it was sent in the form data
assertNull(loginEvent.getDetails().get(Details.REMEMBER_ME));
}
@@ -709,10 +709,9 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
EventRepresentation loginEvent = events.expectLogin().user(userId)
.detail(Details.USERNAME, "login-test")
.detail(Details.REMEMBER_ME, "true")
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId)
.details(Details.USERNAME, "login-test")
.details(Details.REMEMBER_ME, "true").getEvent();
String sessionId = loginEvent.getSessionId();
// Expire session
@@ -728,9 +727,8 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.login("login-test", getPassword("login-test"));
// Expire session
loginEvent = events.expectLogin().user(userId)
.detail(Details.USERNAME, "login-test")
.assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId)
.details(Details.USERNAME, "login-test").getEvent();
sessionId = loginEvent.getSessionId();
testingClient.testing().removeUserSession("test", sessionId);
@@ -756,10 +754,9 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
EventRepresentation loginEvent = events.expectLogin().user(userId)
.detail(Details.USERNAME, "login@test.com")
.detail(Details.REMEMBER_ME, "true")
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId)
.details(Details.USERNAME, "login@test.com")
.details(Details.REMEMBER_ME, "true").getEvent();
String sessionId = loginEvent.getSessionId();
// Expire session
@@ -790,10 +787,9 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin().user(userId)
.detail(Details.USERNAME, "login@test.com")
.detail(Details.REMEMBER_ME, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId)
.details(Details.USERNAME, "login@test.com")
.details(Details.REMEMBER_ME, "true");
AccessTokenResponse response = oauth.accessTokenRequest(oauth.parseLoginResponse().getCode()).send();
@@ -828,8 +824,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Your login attempt timed out. Login will start from the beginning.", loginPage.getError());
setTimeOffset(0);
events.expectLogin().user((String) null).session((String) null).error(Errors.EXPIRED_CODE).clearDetails()
.assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).userId(null).sessionId(null).error(Errors.EXPIRED_CODE);
}
// KEYCLOAK-1037
@@ -846,9 +841,8 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
setTimeOffset(0);
events.expectLogin().user((String) null).session((String) null).error(Errors.EXPIRED_CODE).clearDetails()
.detail(Details.RESTART_AFTER_TIMEOUT, "true")
.assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).userId(null).sessionId(null).error(Errors.EXPIRED_CODE)
.details(Details.RESTART_AFTER_TIMEOUT, "true");
}
@Test
@@ -862,7 +856,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
oauth.openLoginForm();
loginPage.login("login@test.com", getPassword("login-test"));
events.expectLogin().user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId);
// wait for a timeout
setTimeOffset(6);
@@ -870,7 +864,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
oauth.openLoginForm();
loginPage.login("login@test.com", getPassword("login-test"));
events.expectLogin().user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId);
}
}
@@ -955,7 +949,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.login("test-user@localhost", getPassword("test-user@localhost"));
appPage.assertCurrent();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
}
@Test
@@ -972,7 +966,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.login("test-user@localhost", getPassword("test-user@localhost"));
appPage.assertCurrent();
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
}
@Test
@@ -1014,7 +1008,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.login("test-user@localhost", getPassword("test-user@localhost"));
// sucessful login - app page should be on display.
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
appPage.assertCurrent();
// expire idle timeout using the timeout window.
@@ -1042,7 +1036,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
loginPage.login("test-user@localhost", getPassword("test-user@localhost"));
// sucessful login - app page should be on display.
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
appPage.assertCurrent();
// expire the max lifespan.
@@ -1077,7 +1071,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
oauth.scope("dynamic:scope");
oauth.doLogin("login@test.com", getPassword("login-test"));
events.expectLogin().user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId);
}
@Test
@@ -1087,7 +1081,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
oauth.openLoginForm();
loginPage.login("test-user@localhost", getPassword("test-user@localhost"));
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
} finally {
testingClient.enableFeature(Profile.Feature.WEB_AUTHN);
}
@@ -1098,7 +1092,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
oauth.openLoginForm();
loginPage.login("test-user@localhost", getPassword("test-user@localhost"));
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
UsersResource users = adminClient.realm("test").users();
UserRepresentation user = users.search("test-user@localhost").get(0);
@@ -1135,7 +1129,7 @@ public class LoginTest extends AbstractChangeImportedUserPasswordsTest {
String authSessionId = decodedAuthSessionId.substring(0, decodedAuthSessionId.indexOf("."));
String signature = decodedAuthSessionId.substring(decodedAuthSessionId.indexOf(".") + 1);
Assertions.assertNotNull(authSessionId);
MatcherAssert.assertThat(authSessionId, AssertEvents.isSessionId());
MatcherAssert.assertThat(authSessionId, EventMatchers.isSessionId());
Assertions.assertNotNull(signature);
testingClient.server().run(session-> {
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/LoginTotpTest.java
+11 -11
View File
@@ -39,6 +39,7 @@ import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
@@ -113,9 +114,9 @@ public class LoginTotpTest extends AbstractChangeImportedUserPasswordsTest {
//loginPage.assertCurrent(); // Invalid authenticator code.
//Assert.assertEquals("Invalid username or password.", loginPage.getError());
events.expectLogin().error("invalid_user_credentials").session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).error("invalid_user_credentials").sessionId(null)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
@Test
@@ -132,9 +133,9 @@ public class LoginTotpTest extends AbstractChangeImportedUserPasswordsTest {
//loginPage.assertCurrent(); // Invalid authenticator code.
//Assert.assertEquals("Invalid username or password.", loginPage.getError());
events.expectLogin().error("invalid_user_credentials").session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).error("invalid_user_credentials").sessionId(null)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT);
}
@Test
@@ -150,7 +151,7 @@ public class LoginTotpTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
// KEYCLOAK-3835
@@ -170,7 +171,7 @@ public class LoginTotpTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -182,9 +183,8 @@ public class LoginTotpTest extends AbstractChangeImportedUserPasswordsTest {
Assertions.assertEquals("Invalid username or password.", loginPage.getInputError());
events.expectLogin().error("invalid_user_credentials").session((String) null)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.expectLoginError(events.poll()).error("invalid_user_credentials").sessionId(null)
.withoutDetails(Details.CONSENT);
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultiFactorAuthenticationTest.java
+7 -6
View File
@@ -31,6 +31,7 @@ import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.client.KeycloakTestingClient;
@@ -238,8 +239,8 @@ public class MultiFactorAuthenticationTest extends AbstractChangeImportedUserPas
Assertions.assertFalse(passwordPage.isCurrent());
Assertions.assertFalse(loginPage.isCurrent());
events.expectLogin().user(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.details(Details.USERNAME, "user-with-one-configured-otp");
} finally {
BrowserFlowTest.revertFlows(managedRealm.admin(),"browser - alternative mechanisms");
}
@@ -284,8 +285,8 @@ public class MultiFactorAuthenticationTest extends AbstractChangeImportedUserPas
// Successfully login with OTP
loginTotpPage.login(new TimeBasedOTP().generateTOTP("DJmQfC73VGFhw7D4QJ8A"));
Assertions.assertFalse(loginTotpPage.isCurrent());
events.expectLogin().user(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.detail(Details.USERNAME, "user-with-one-configured-otp").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(managedRealm.admin().users().search("user-with-one-configured-otp").get(0).getId())
.details(Details.USERNAME, "user-with-one-configured-otp");
} finally {
BrowserFlowTest.revertFlows(managedRealm.admin(),"browser - alternative mechanisms");
}
@@ -340,8 +341,8 @@ public class MultiFactorAuthenticationTest extends AbstractChangeImportedUserPas
// Login
passwordPage.login(getPassword("user-with-one-configured-otp"));
events.expectLogin().user(user.getId())
.detail(Details.USERNAME, "otp1@redhat.com").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(user.getId())
.details(Details.USERNAME, "otp1@redhat.com");
} finally {
BrowserFlowTest.revertFlows(managedRealm.admin(), "browser - alternative");
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/MultipleTabsLoginTest.java
+8 -6
View File
@@ -43,6 +43,7 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
@@ -245,13 +246,14 @@ public class MultipleTabsLoginTest extends AbstractChangeImportedUserPasswordsTe
errorPage.assertCurrent();
Assertions.assertEquals("Invalid parameter: redirect_uri", errorPage.getError());
events.expectLogin().user((String) null).session((String) null)
EventAssertion.assertError(events.poll()).userId(null).sessionId(null)
.type(EventType.LOGIN_ERROR)
.error(Errors.INVALID_REDIRECT_URI)
.detail(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.detail(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value())
.removeDetail(Details.CONSENT)
.removeDetail(Details.CODE_ID)
.assertEvent(true);
.details(Details.RESPONSE_TYPE, OIDCResponseType.CODE)
.details(Details.RESPONSE_MODE, OIDCResponseMode.QUERY.value())
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.withoutDetails(Details.CONSENT)
.withoutDetails(Details.CODE_ID);
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RecoveryAuthnCodesAuthenticatorTest.java
+11 -25
View File
@@ -34,6 +34,7 @@ import org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentati
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.services.resources.account.AccountCredentialResource;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractChangeImportedUserPasswordsTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -160,7 +161,7 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractChangeImportedU
UserResource testUser = managedRealm.admin().users().get(findUser("test-user@localhost").getId());
OAuthClient oauth2 = oauth.newConfig().driver(driver2);
oauth2.doLogin("test-user@localhost", getPassword("test-user@localhost"));
EventRepresentation event1 = events.expectLogin().assertEvent();
EventRepresentation event1 = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
assertEquals(1, testUser.getUserSessions().size());
// add action to recovery codes for the test user
@@ -190,8 +191,8 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractChangeImportedU
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CREDENTIAL_TYPE, RecoveryAuthnCodesCredentialModel.TYPE)
.assertEvent();
event2 = events.expectLogin().user(event2.getUserId()).session(event2.getDetails().get(Details.CODE_ID))
.detail(Details.USERNAME, "test-user@localhost").assertEvent();
event2 = EventAssertion.expectLoginSuccess(events.poll()).sessionId(event2.getDetails().get(Details.CODE_ID)).userId(event2.getUserId())
.details(Details.USERNAME, "test-user@localhost").getEvent();
// assert old session is gone or is maintained
List<UserSessionRepresentation> sessions = testUser.getUserSessions();
@@ -242,9 +243,8 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractChangeImportedU
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CREDENTIAL_TYPE, RecoveryAuthnCodesCredentialModel.TYPE)
.assertEvent();
events.expectLogin().user(event.getUserId()).session(event.getDetails().get(Details.CODE_ID))
.detail(Details.USERNAME, "test-user@localhost")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).sessionId(event.getDetails().get(Details.CODE_ID)).userId(event.getUserId())
.details(Details.USERNAME, "test-user@localhost");
}
@Test
@@ -274,9 +274,8 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractChangeImportedU
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CREDENTIAL_TYPE, RecoveryAuthnCodesCredentialModel.TYPE)
.assertEvent();
events.expectLogin().user(event.getUserId()).session(event.getDetails().get(Details.CODE_ID))
.detail(Details.USERNAME, "test-user@localhost")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).sessionId(event.getDetails().get(Details.CODE_ID)).userId(event.getUserId())
.details(Details.USERNAME, "test-user@localhost");
}
private void loginUsername(LoginUsernameOnlyPage loginUsernameOnlyPage, WebDriver driver) {
@@ -335,19 +334,6 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractChangeImportedU
return generatedRecoveryAuthnCodes;
}
private void assertIsContained(AssertEvents.ExpectedEvent expectedEvent, List<? extends EventRepresentation> actualEvents) {
for (EventRepresentation e : actualEvents) {
try {
expectedEvent.assertEvent(e);
return;
} catch (AssertionError error) {
// silently fail because it can be other event in the list
}
}
Assertions.fail("No event found in the list for " + expectedEvent);
}
// In a sub-flow with alternative credential executors, test whether Recovery Authentication Codes are working
@Test
public void test05AuthenticateRecoveryAuthnCodes() {
@@ -366,7 +352,7 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractChangeImportedU
enterRecoveryCodes(enterRecoveryAuthnCodePage, driver, 0, generatedRecoveryAuthnCodes);
enterRecoveryAuthnCodePage.clickSignInButton();
enterRecoveryAuthnCodePage.assertAccountLinkAvailability(true);
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
} finally {
// Revert copy of browser flow to original to keep clean slate after this test
BrowserFlowTest.revertFlows(managedRealm.admin(), BROWSER_FLOW_WITH_RECOVERY_AUTHN_CODES);
@@ -398,8 +384,8 @@ public class RecoveryAuthnCodesAuthenticatorTest extends AbstractChangeImportedU
// one event should be a login and the other a login error
List<EventRepresentation> actualEvents = Arrays.asList(events.poll(5), events.poll(5));
assertIsContained(events.expectLogin().detail(Details.USERNAME, "test-user@localhost"), actualEvents);
assertIsContained(events.expect(EventType.LOGIN_ERROR).error(Errors.INVALID_USER_CREDENTIALS), actualEvents);
EventAssertion.expectLoginSuccess(actualEvents.get(0)).details(Details.USERNAME, "test-user@localhost");
EventAssertion.expectLoginError(actualEvents.get(1)).error(Errors.INVALID_USER_CREDENTIALS);
} finally {
// Revert copy of browser flow to original to keep clean slate after this test
BrowserFlowTest.revertFlows(managedRealm.admin(), BROWSER_FLOW_WITH_RECOVERY_AUTHN_CODES);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterTest.java
+12 -13
View File
@@ -41,6 +41,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -160,7 +161,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId = events.expectRegister("registerExistingEmailUser", "test-user@localhost").assertEvent().getUserId();
events.expectLogin().detail("username", "registerexistingemailuser").user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details("username", "registerexistingemailuser").userId(userId);
assertUserBasicRegisterAttributes(userId, "registerexistingemailuser", "test-user@localhost", "firstName", "lastName");
@@ -200,10 +201,9 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
loginPage.login(EMAIL, password);
assertThat(RequestType.AUTH_RESPONSE, is(appPage.getRequestType()));
events.expectLogin()
.detail("username", EMAIL)
.user(userId)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details("username", EMAIL)
.userId(userId);
} finally {
assertThat(userId, notNullValue());
managedRealm.admin().users().get(userId).remove();
@@ -274,7 +274,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
String userId = events.expectRegister("registerPasswordPolicy", "registerPasswordPolicy@email").assertEvent().getUserId();
events.expectLogin().user(userId).detail(Details.USERNAME, "registerpasswordpolicy").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "registerpasswordpolicy");
}
}
@@ -455,7 +455,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
}
private UserRepresentation assertUserRegistered(String userId, String username, String email) {
events.expectLogin().detail("username", username.toLowerCase()).user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details("username", username.toLowerCase()).userId(userId);
UserRepresentation user = getUser(userId);
Assertions.assertNotNull(user);
@@ -478,7 +478,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
registerPage.register("Äǜṳǚǘǖ", "Öṏṏ", "registeruserumlats@email", "registeruserumlats", generatePassword());
String userId = events.expectRegister("registeruserumlats", "registeruserumlats@email").assertEvent().getUserId();
events.expectLogin().detail("username", "registeruserumlats").user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details("username", "registeruserumlats").userId(userId);
UserRepresentation userRepresentation = AccountHelper.getUserRepresentation(adminClient.realm("test"), "registeruserumlats");
@@ -642,7 +642,7 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
String userId = events.expectRegister("registerUserSuccessE@email", "registerUserSuccessE@email").assertEvent().getUserId();
events.expectLogin().detail("username", "registerusersuccesse@email").user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details("username", "registerusersuccesse@email").userId(userId);
UserRepresentation user = getUser(userId);
Assertions.assertNotNull(user);
@@ -855,10 +855,9 @@ public class RegisterTest extends AbstractTestRealmKeycloakTest {
.assertEvent()
.getUserId();
EventRepresentation loginEvent = events.expectLogin()
.detail("username", EMAIL_OR_USERNAME.toLowerCase())
.user(userId)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.details("username", EMAIL_OR_USERNAME.toLowerCase())
.userId(userId).getEvent();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
idTokenHint = tokenResponse.getIdToken();
assertUserBasicRegisterAttributes(userId, emailAsUsername ? null : USERNAME, EMAIL, "firstName", "lastName");
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RegisterWithUserProfileTest.java
+2 -1
View File
@@ -23,6 +23,7 @@ import java.util.List;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientScopeBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -696,7 +697,7 @@ public class RegisterWithUserProfileTest extends AbstractTestRealmKeycloakTest {
}
private void assertUserRegistered(String userId, String username, String email, String firstName, String lastName) {
events.expectLogin().detail("username", username.toLowerCase()).user(userId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details("username", username.toLowerCase()).userId(userId);
UserRepresentation user = getUser(userId);
Assertions.assertNotNull(user);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ResetPasswordTest.java
+7 -6
View File
@@ -56,6 +56,7 @@ import org.keycloak.services.resources.LoginActionsService;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RealmAttributesBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
@@ -204,7 +205,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
oauth.openLoginForm();
loginPage.login(username, password);
events.expectLogin().user(userId).detail(Details.USERNAME, username).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, username);
String resetUri = oauth.AUTH_SERVER_ROOT + "/realms/test/login-actions/reset-credentials";
@@ -493,7 +494,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
loginPage.login("login@test.com", password);
EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "login@test.com").assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login@test.com").getEvent();
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse tokenResponse = oauth.doAccessTokenRequest(code);
@@ -580,7 +581,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
// continue to app because it is the same browser and auth session exists
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, username.trim()).assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, username.trim()).getEvent();
String sessionId = loginEvent.getSessionId();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
@@ -592,7 +593,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
loginPage.login("login-test", password);
loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test").getEvent();
sessionId = loginEvent.getSessionId();
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
@@ -1215,7 +1216,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test").getEvent();
String sessionId = loginEvent.getSessionId();
AccessTokenResponse tokenResponse = sendTokenRequestAndGetResponse(loginEvent);
@@ -1229,7 +1230,7 @@ public class ResetPasswordTest extends AbstractTestRealmKeycloakTest {
assertEquals(RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().user(userId).detail(Details.USERNAME, "login-test").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "login-test");
}
@Test
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/RestartCookieTest.java
+6 -6
View File
@@ -35,6 +35,7 @@ import org.keycloak.crypto.Algorithm;
import org.keycloak.crypto.KeyUse;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.keys.Attributes;
import org.keycloak.keys.GeneratedHmacKeyProviderFactory;
@@ -48,6 +49,7 @@ import org.keycloak.protocol.RestartLoginCookie;
import org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -263,9 +265,8 @@ public class RestartCookieTest extends AbstractTestRealmKeycloakTest {
loginPage.assertCurrent();
Assertions.assertEquals("Your login attempt timed out. Login will start from the beginning.", loginPage.getError());
events.expectLogin().user((String) null).session((String) null).error(Errors.EXPIRED_CODE).clearDetails()
.detail(Details.RESTART_AFTER_TIMEOUT, "true")
.assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).userId(null).sessionId(null).error(Errors.EXPIRED_CODE)
.details(Details.RESTART_AFTER_TIMEOUT, "true");
}
@@ -296,8 +297,7 @@ public class RestartCookieTest extends AbstractTestRealmKeycloakTest {
loginPage.assertCurrent();
Assertions.assertEquals("Your login attempt timed out. Login will start from the beginning.", loginPage.getError());
events.expectLogin().user((String) null).session((String) null).error(Errors.EXPIRED_CODE).clearDetails()
.detail(Details.RESTART_AFTER_TIMEOUT, "true")
.assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).userId(null).sessionId(null).error(Errors.EXPIRED_CODE)
.details(Details.RESTART_AFTER_TIMEOUT, "true");
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/forms/ScriptAuthenticatorTest.java
+3 -2
View File
@@ -30,6 +30,7 @@ import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.AuthenticationExecutionBuilder;
import org.keycloak.testframework.realm.AuthenticationFlowBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
@@ -165,7 +166,7 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
loginPage.login("user", getPassword("user"));
events.expectLogin().user(userId).detail(Details.USERNAME, "user").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "user");
}
/**
@@ -200,6 +201,6 @@ public class ScriptAuthenticatorTest extends AbstractFlowTest {
loginPage.login("user", getPassword("user"));
events.expectLogin().user(userId).detail(Details.USERNAME, "user").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(userId).details(Details.USERNAME, "user");
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/login/ConditionalCredentialAuthenticatorTest.java
+3 -1
View File
@@ -16,6 +16,7 @@
*/
package org.keycloak.testsuite.login;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@@ -32,6 +33,7 @@ import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.auth.page.login.OneTimeCode;
@@ -214,7 +216,7 @@ public class ConditionalCredentialAuthenticatorTest extends AbstractTestRealmKey
Assertions.assertNull(res.getError());
Assertions.assertNotNull(res.getAccessToken());
events.expectLogin().user(AssertEvents.isUUID()).detail(Details.USERNAME, username).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).hasUserId().details(Details.USERNAME, username);
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/login/ConditionalSubFlowExecutedAuthenticatorTest.java
+2 -1
View File
@@ -30,6 +30,7 @@ import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.auth.page.login.OneTimeCode;
@@ -154,7 +155,7 @@ public class ConditionalSubFlowExecutedAuthenticatorTest extends AbstractTestRea
Assertions.assertNull(res.getError());
Assertions.assertNotNull(res.getAccessToken());
events.expectLogin().user(AssertEvents.isUUID()).detail(Details.USERNAME, username).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).hasUserId().details(Details.USERNAME, username);
}
private void configureConditionalSubFlowExecutedAuthenticatorInFlow(String flowName, String check) {
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AbstractClientAuthSignedJWTTest.java
+29 -30
View File
@@ -90,6 +90,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.util.CertificateInfoHelper;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.UserBuilder;
@@ -357,9 +358,8 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
// test
oauth.realm("test").client(clientId);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin()
.client(clientId)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.clientId(clientId).getEvent();
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code,
@@ -392,18 +392,18 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
events.expectLogin()
.client("client2")
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.clientId("client2")
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.details(Details.USERNAME, "test-user@localhost")
.details(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
} finally {
// Revert jwks_url settings
revertJwksUriSettings(clientRepresentation, clientResource);
@@ -482,18 +482,18 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
events.expectLogin()
.client(client.getClientId())
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.clientId(client.getClientId())
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
}
@@ -682,9 +682,8 @@ public abstract class AbstractClientAuthSignedJWTTest extends AbstractKeycloakTe
// test
oauth.client("client2");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin()
.client("client2")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId("client2");
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code, getClient2SignedJWT());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AccessTokenTest.java
+14 -13
View File
@@ -75,6 +75,7 @@ import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RoleBuilder;
import org.keycloak.testframework.realm.UserBuilder;
@@ -199,7 +200,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
public void accessTokenRequest() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -324,7 +325,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
oauth.fillLoginForm("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
AccessTokenResponse response = oauth.doAccessTokenRequest(loginPageCode);
@@ -336,7 +337,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
public void accessTokenInvalidClientCredentials() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -352,7 +353,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
oauth.client("test-app");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -367,7 +368,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
public void accessTokenInvalidRedirectUri() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -397,7 +398,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
public void accessTokenUserSessionExpired() {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String sessionId = loginEvent.getSessionId();
@@ -430,7 +431,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
RealmManager.realm(adminClient.realm("test")).accessCodeLifeSpan(1);
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
loginEvent.getSessionId();
@@ -463,7 +464,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
@Test
public void bearerAccessTokenAsDPoPOnUserInfoEndpoint() throws IOException {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
loginEvent.getSessionId();
AccessTokenResponse response = oauth.doAccessTokenRequest(oauth.parseLoginResponse().getCode());
Assertions.assertEquals(200, response.getStatusCode());
@@ -481,7 +482,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
public void accessTokenCodeUsed() throws IOException {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
loginEvent.getSessionId();
@@ -544,7 +545,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
loginEvent.getDetails().get(Details.CODE_ID);
@@ -1052,7 +1053,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
oauth.client("sample-public-client");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().client("sample-public-client").assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).clientId("sample-public-client").getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -1123,7 +1124,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
public void accessTokenResponseHeader() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -1451,7 +1452,7 @@ public class AccessTokenTest extends AbstractKeycloakTest {
private void tokenRequest(String expectedRefreshAlg, String expectedAccessAlg, String expectedIdTokenAlg, String idTokenCurve) throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/AuthorizationCodeTest.java
+11 -10
View File
@@ -36,6 +36,7 @@ import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.representations.AuthorizationResponseToken;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.ErrorPage;
@@ -99,7 +100,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
Assertions.assertNull(response.getError());
assertEquals(oauth.AUTH_SERVER_ROOT + "/realms/test", response.getIssuer());
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -111,7 +112,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
installedAppPage.getSuccessCode();
events.expectLogin().detail(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/protocol/openid-connect/oauth/oob").assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll()).details(Details.REDIRECT_URI, oauth.AUTH_SERVER_ROOT + "/realms/test/protocol/openid-connect/oauth/oob");
ClientManager.realm(adminClient.realm("test")).clientId("test-app").removeRedirectUris(Constants.INSTALLED_APP_URN);
}
@@ -142,7 +143,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
assertTrue(response.isRedirected());
Assertions.assertNotNull(response.getCode());
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -183,7 +184,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
Assertions.assertNull(response.getError());
assertEquals(oauth.AUTH_SERVER_ROOT + "/realms/test", response.getIssuer());
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -196,7 +197,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE);
Assertions.assertEquals(oauth.AUTH_SERVER_ROOT + "/realms/test", errorResponse.getIssuer());
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().detail(Details.RESPONSE_TYPE, "tokenn").assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null).details(Details.RESPONSE_TYPE, "tokenn");
}
// Issue 29866
@@ -257,7 +258,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", state);
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -273,7 +274,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
errorPage.assertCurrent();
assertEquals("Invalid parameter: redirect_uri", errorPage.getError());
events.expectLogin().error(Errors.INVALID_REDIRECT_URI).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REDIRECT_URI).userId(null).sessionId(null);
}
}
@@ -355,7 +356,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
assertEquals("\"><foo>bar_baz(2)far</foo>", state);
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@@ -399,7 +400,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
assertEquals("invalid_request", response.getError());
assertEquals("duplicated parameter", response.getErrorDescription());
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
}
@Test
@@ -415,7 +416,7 @@ public class AuthorizationCodeTest extends AbstractKeycloakTest {
assertTrue(errorPage.isCurrent());
assertEquals("Invalid Request", errorPage.getError());
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).client((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null).clientId(null);
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/BackchannelLogoutTest.java
+9 -8
View File
@@ -27,6 +27,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.CredentialBuilder;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.broker.AbstractNestedBrokerTest;
@@ -639,14 +640,14 @@ public class BackchannelLogoutTest extends AbstractNestedBrokerTest {
if (loginEventOptional.isPresent()) {
EventRepresentation loginEvent = loginEventOptional.get();
this.events.expectLogin()
.realm(realmId)
.client(clientId)
.user(userId)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent(loginEvent);
EventAssertion.assertSuccess(loginEvent)
.type(EventType.LOGIN)
.isCodeId()
.hasSessionId()
.hasIpAddress()
.clientId(clientId)
.userId(userId);
sessionId = loginEvent.getSessionId();
} else {
fail("No Login event found for user " + userId);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthPostMethodTest.java
+2 -1
View File
@@ -31,6 +31,7 @@ import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -75,7 +76,7 @@ public class ClientAuthPostMethodTest extends AbstractKeycloakTest {
public void testPostAuthentication() {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSecretSignedJWTTest.java
+21 -19
View File
@@ -58,6 +58,7 @@ import org.keycloak.services.clientpolicy.condition.ClientAccessTypeCondition;
import org.keycloak.services.clientpolicy.condition.ClientAccessTypeConditionFactory;
import org.keycloak.services.clientpolicy.executor.ClientSecretRotationExecutor;
import org.keycloak.services.clientpolicy.executor.ClientSecretRotationExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -158,7 +159,7 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
try {
oauth.client("test-app", "password");
oauth.doLogin("test-user@localhost", "password");
events.expectLogin().client("test-app").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId("test-app");
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code, getClientSignedJWT(CLIENT_SECRET, 20, Algorithm.HS256));
@@ -233,7 +234,7 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
oauth.client(clientId);
oauth.doLogin("test-user@localhost", "password");
events.expectLogin().client(clientId).assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId(clientId);
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code, getClientSignedJWT(CLIENT_SECRET, 20, Algorithm.HS256));
@@ -252,9 +253,9 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
private void testCodeToTokenRequestSuccess(String algorithm) throws Exception {
oauth.client("test-app", "password");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin()
.client("test-app")
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.clientId("test-app");
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code, getClientSignedJWT(CLIENT_SECRET, 20, algorithm));
@@ -303,7 +304,7 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
oauth.client("jwt-client");
oauth.doLogin("test-user@localhost", "password");
events.expectLogin().client("jwt-client").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).clientId("jwt-client");
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code, getClientSignedJWT(firstSecret, 20, algorithm));
assertThat(response.getStatusCode(), is(HttpStatus.SC_OK));
@@ -315,9 +316,9 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
public void testAssertionInvalidSignature() throws Exception {
oauth.client("test-app", "password");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin()
.client("test-app")
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.clientId("test-app");
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code, getClientSignedJWT("ppassswordd", 20));
@@ -331,9 +332,9 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
public void testAssertionWithNoneAlgorithm() throws Exception {
oauth.client("test-app", "password");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin()
.client("test-app")
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.clientId("test-app");
String code = oauth.parseLoginResponse().getCode();
@@ -352,9 +353,9 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
public void testAssertionReuse() throws Exception {
oauth.client("test-app", "password");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin()
.client("test-app")
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.clientId("test-app");
String code = oauth.parseLoginResponse().getCode();
String clientSignedJWT = getClientSignedJWT(CLIENT_SECRET, 20);
@@ -369,9 +370,9 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
// 2nd attempt to use same clientSignedJWT should fail
oauth.openLoginForm();
loginEvent = events.expectLogin()
.client("test-app")
.assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.clientId("test-app");
String code2 = oauth.parseLoginResponse().getCode();
response = doAccessTokenRequest(code2, clientSignedJWT);
@@ -408,7 +409,8 @@ public class ClientAuthSecretSignedJWTTest extends AbstractKeycloakTest {
oauth.client("jwt-client");
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().client("jwt-client").assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).clientId("jwt-client");
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = doAccessTokenRequest(code, getClientSignedJWT(firstSecret, 20, Algorithm.HS256));
assertThat(response.getStatusCode(), is(HttpStatus.SC_BAD_REQUEST));
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientAuthSignedJWTTest.java
+14 -12
View File
@@ -35,6 +35,7 @@ import org.keycloak.crypto.Algorithm;
import org.keycloak.crypto.SignatureSignerContext;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
@@ -44,6 +45,7 @@ import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.services.util.CertificateInfoHelper;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.KeyUtils;
@@ -222,18 +224,18 @@ public class ClientAuthSignedJWTTest extends AbstractClientAuthSignedJWTTest {
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
events.expectLogin()
.client("client2")
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.clientId("client2")
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.details(Details.USERNAME, "test-user@localhost")
.details(Details.CLIENT_AUTH_METHOD, JWTClientAuthenticator.PROVIDER_ID)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
}
@Test
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/LogoutTest.java
+3 -2
View File
@@ -44,6 +44,7 @@ import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractKeycloakTest;
@@ -285,7 +286,7 @@ public class LogoutTest extends AbstractKeycloakTest {
public void logoutUserByAdmin() {
oauth.openLoginForm();
loginPage.login("test-user@localhost", "password");
String sessionId = events.expectLogin().assertEvent().getSessionId();
EventAssertion.expectLoginSuccess(events.poll());
UserRepresentation user = AdminApiUtil.findUserByUsername(adminClient.realm("test"), "test-user@localhost");
Assertions.assertEquals((Object) 0, user.getNotBefore());
@@ -358,7 +359,7 @@ public class LogoutTest extends AbstractKeycloakTest {
clients.get(rep.getId()).update(rep);
oauth.doLogin("test-user@localhost", "password");
String sessionId = events.expectLogin().assertEvent().getSessionId();
String sessionId = EventAssertion.expectLoginSuccess(events.poll()).getEvent().getSessionId();
String code = oauth.parseLoginResponse().getCode();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuth2OnlyTest.java
+13 -12
View File
@@ -23,10 +23,12 @@ import java.util.Collections;
import org.keycloak.OAuth2Constants;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.ActionURIUtils;
import org.keycloak.testsuite.AssertEvents;
@@ -35,7 +37,6 @@ import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.keycloak.testsuite.util.oauth.AuthorizationEndpointResponse;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Rule;
@@ -101,7 +102,7 @@ public class OAuth2OnlyTest extends AbstractTestRealmKeycloakTest {
driver.navigate().to(loginFormUrl);
oauth.fillLoginForm("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = oauth.doAccessTokenRequest(code);
@@ -152,7 +153,7 @@ public class OAuth2OnlyTest extends AbstractTestRealmKeycloakTest {
driver.navigate().to(loginFormUrl);
loginPage.assertCurrent();
oauth.fillLoginForm("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
// Client 'more-uris-client' has 2 redirect uris. OAuth2 login without redirect_uri won't be allowed
oauth.client("more-uris-client");
@@ -163,15 +164,15 @@ public class OAuth2OnlyTest extends AbstractTestRealmKeycloakTest {
driver.navigate().to(loginFormUrl);
errorPage.assertCurrent();
Assertions.assertEquals("Invalid parameter: redirect_uri", errorPage.getError());
events.expectLogin()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.error(Errors.INVALID_REDIRECT_URI)
.client("more-uris-client")
.user(Matchers.nullValue(String.class))
.session(Matchers.nullValue(String.class))
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.CONSENT)
.assertEvent();
.clientId("more-uris-client")
.userId(null)
.sessionId(null)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.CONSENT);
}
@@ -185,7 +186,7 @@ public class OAuth2OnlyTest extends AbstractTestRealmKeycloakTest {
driver.navigate().to(loginFormUrl);
loginPage.assertCurrent();
oauth.fillLoginForm("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
AuthorizationEndpointResponse response = oauth.parseLoginResponse();
Assertions.assertNull(response.getError());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthDanceClientSessionExtensionTest.java
+3 -1
View File
@@ -22,6 +22,7 @@ import java.util.List;
import org.keycloak.events.Details;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
@@ -54,7 +55,8 @@ public class OAuthDanceClientSessionExtensionTest extends AbstractKeycloakTest {
public void doOauthDanceWithClientSessionStateAndHost() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthGrantTest.java
+60 -61
View File
@@ -37,6 +37,7 @@ import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -50,7 +51,6 @@ import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
import org.keycloak.testsuite.util.oauth.AccessTokenResponse;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Rule;
import org.junit.Test;
@@ -109,10 +109,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
EventRepresentation loginEvent = events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).getEvent();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String sessionId = loginEvent.getSessionId();
@@ -154,12 +154,11 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
assertEquals("access_denied", oauth.parseLoginResponse().getError());
events.expectLogin()
.client(THIRD_PARTY_APP)
EventAssertion.expectLoginError(events.poll())
.clientId(THIRD_PARTY_APP)
.error("rejected_by_user")
.removeDetail(Details.CONSENT)
.session(Matchers.nullValue(String.class))
.assertEvent();
.withoutDetails(Details.CONSENT)
.sessionId(null);
}
@Test
@@ -171,10 +170,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
grantPage.assertCurrent();
grantPage.accept();
events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
// Assert permissions granted on Account mgmt.
List<Map<String, Object>> userConsents = AccountHelper.getUserConsents(adminClient.realm(TEST), DEFAULT_USERNAME);
@@ -185,11 +184,11 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
// Open login form and assert grantPage not shown
oauth.openLoginForm();
appPage.assertCurrent();
events.expectLogin()
.detail(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL)
.detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.removeDetail(Details.USERNAME)
.client(THIRD_PARTY_APP).assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.clientId(THIRD_PARTY_APP);
// Revoke grant in account mgmt.
AccountHelper.revokeConsents(adminClient.realm(TEST), DEFAULT_USERNAME, THIRD_PARTY_APP);
@@ -226,10 +225,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
// Confirm grant page
grantPage.assertCurrent();
grantPage.accept();
events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
// Assert new clientScope not yet in account mgmt
List<Map<String, Object>> userConsents = AccountHelper.getUserConsents(adminClient.realm(TEST), DEFAULT_USERNAME);
@@ -241,10 +240,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
grantPage.assertGrants("foo-scope");
grantPage.accept();
events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
// Go to account mgmt. Everything is granted now
userConsents = AccountHelper.getUserConsents(adminClient.realm(TEST), DEFAULT_USERNAME);
@@ -285,12 +284,12 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
Assertions.assertFalse(grants.contains("foo-scope"));
grantPage.cancel();
events.expectLogin()
.client(THIRD_PARTY_APP)
EventAssertion.expectLoginError(events.poll())
.clientId(THIRD_PARTY_APP)
.error("rejected_by_user")
.removeDetail(Details.CONSENT)
.session(Matchers.nullValue(String.class))
.assertEvent();
.withoutDetails(Details.CONSENT)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.sessionId(null);
oauth.scope("foo-scope");
oauth.doLogin(DEFAULT_USERNAME, DEFAULT_PASSWORD);
@@ -299,10 +298,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
Assertions.assertTrue(grants.contains("foo-scope"));
grantPage.accept();
events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
// Revoke
AccountHelper.revokeConsents(adminClient.realm(TEST), DEFAULT_USERNAME, THIRD_PARTY_APP);
@@ -346,10 +345,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
Assertions.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
grantPage.accept();
EventRepresentation loginEvent = events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).getEvent();
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse res = oauth.doAccessTokenRequest(code);
@@ -371,10 +370,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
Assertions.assertTrue(grants.contains("foo-dynamic-scope: withparam"));
grantPage.accept();
events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
// Revoke
AccountHelper.revokeConsents(adminClient.realm(TEST), DEFAULT_USERNAME, THIRD_PARTY_APP);
@@ -417,10 +416,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
grantPage.assertGrants(OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, "foo-addr");
grantPage.accept();
events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
// Go to user's application screen
List<Map<String, Object>> userConsents = AccountHelper.getUserConsents(adminClient.realm(TEST), DEFAULT_USERNAME);
@@ -436,11 +435,11 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
// Assert automatically logged another time
oauth.openLoginForm();
appPage.assertCurrent();
events.expectLogin()
.detail(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL)
.detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.removeDetail(Details.USERNAME)
.client(THIRD_PARTY_APP).assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL)
.details(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.clientId(THIRD_PARTY_APP);
// Revoke
AccountHelper.revokeConsents(adminClient.realm(TEST), DEFAULT_USERNAME, THIRD_PARTY_APP);
@@ -530,10 +529,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
EventRepresentation loginEvent = events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).getEvent();
String sessionId = loginEvent.getSessionId();
// Revoke consent with admin REST API
@@ -546,10 +545,10 @@ public class OAuthGrantTest extends AbstractKeycloakTest {
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
grantPage.accept();
loginEvent = events.expectLogin()
.client(THIRD_PARTY_APP)
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.clientId(THIRD_PARTY_APP)
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED).getEvent();
//String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String sessionId2 = loginEvent.getSessionId();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/OAuthProofKeyForCodeExchangeTest.java
+27 -25
View File
@@ -11,6 +11,7 @@ import org.keycloak.common.util.Base64Url;
import org.keycloak.crypto.KeyUse;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jws.JWSHeader;
import org.keycloak.jose.jws.JWSInput;
@@ -22,6 +23,7 @@ import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -98,7 +100,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
// test case : success : A-1-1
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -116,7 +118,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -134,7 +136,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -156,7 +158,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
// test case : success : A-1-3
oauth.loginForm().codeChallenge(".234567890-234567890~234567890_234567890123", OAuth2Constants.PKCE_METHOD_PLAIN).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -171,7 +173,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
// test case : failure : A-1-6
oauth.loginForm().codeChallenge("1234567890123456789012345678901234567890123", OAuth2Constants.PKCE_METHOD_PLAIN).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -193,7 +195,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
// test case : success : A-1-4
oauth.loginForm().codeChallenge("1234567890123456789012345678901234567890123", null).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -214,7 +216,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Missing parameter: code_challenge");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
}
@Test
@@ -227,8 +229,8 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertTrue(errorResponse.isRedirected());
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Invalid parameter: code_challenge");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
}
@Test
@@ -241,8 +243,8 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertTrue(errorResponse.isRedirected());
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Invalid parameter: code_challenge");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
}
@Test
@@ -253,7 +255,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -277,7 +279,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -298,7 +300,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
// test case : failure : A-1-12
oauth.loginForm().codeChallenge("1234567890123456789012345678901234567890123", OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -324,8 +326,8 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertTrue(errorResponse.isRedirected());
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Invalid parameter: code_challenge");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
}
@Test
@@ -336,7 +338,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -359,7 +361,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
// send oauth request without code_challenge because intercepted
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -498,7 +500,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -524,7 +526,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_PLAIN).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
@@ -552,7 +554,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Invalid parameter: code challenge method is not matching the configured one");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
} finally {
setPkceActivationSettings("test-app", null);
}
@@ -573,7 +575,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Missing parameter: code_challenge_method");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
} finally {
setPkceActivationSettings("test-app", null);
@@ -593,7 +595,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Missing parameter: code_challenge");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
} finally {
setPkceActivationSettings("test-app", null);
@@ -613,7 +615,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Invalid parameter: code_challenge");
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
} finally {
setPkceActivationSettings("test-app", null);
@@ -629,7 +631,7 @@ public class OAuthProofKeyForCodeExchangeTest extends AbstractKeycloakTest {
oauth.loginForm().codeChallenge(codeChallenge, OAuth2Constants.PKCE_METHOD_S256).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RPInitiatedLogoutTest.java
+3 -2
View File
@@ -41,6 +41,7 @@ import org.keycloak.protocol.oidc.OIDCConfigAttributes;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -247,7 +248,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
loginPage.login("test-user@localhost", "password");
assertTrue(appPage.isCurrent());
String sessionId2 = events.expectLogin().assertEvent().getSessionId();
String sessionId2 = EventAssertion.expectLoginSuccess(events.poll()).getEvent().getSessionId();
assertNotEquals(sessionId, sessionId2);
// Using idTokenHint of the 1st session. Logout confirmation is needed in such case. Test also "state" parameter is included in the URL after logout
@@ -299,7 +300,7 @@ public class RPInitiatedLogoutTest extends AbstractTestRealmKeycloakTest {
assertTrue(loginPage.isRememberMeChecked());
loginPage.login(testUsername, testUserPassword);
String sessionId = events.expectLogin().assertEvent().getSessionId();
String sessionId = EventAssertion.expectLoginSuccess(events.poll()).getEvent().getSessionId();
// Expire session
testingClient.testing().removeUserSession("test", sessionId);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ResourceOwnerPasswordCredentialsGrantTest.java
+137 -138
View File
@@ -36,6 +36,7 @@ import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
import org.keycloak.crypto.Algorithm;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSHeader;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.models.ClientScopeModel;
@@ -51,6 +52,7 @@ import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.UserBuilder;
@@ -222,18 +224,19 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
events.expectLogin()
.client("resource-owner-public")
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, "direct-login")
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.hasIpAddress()
.clientId("resource-owner-public")
.userId(userId)
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.details(Details.USERNAME, "direct-login")
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
assertTrue(accessToken.getScope().contains("dynamic-scope:123"));
}
@@ -277,13 +280,12 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.error(Errors.INVALID_USER_CREDENTIALS)
.user(userId2)
.assertEvent();
.userId(userId2);
}
@Test
@@ -298,13 +300,12 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.error(Errors.INVALID_USER_CREDENTIALS)
.user(userId2)
.assertEvent();
.userId(userId2);
// Check that count of authSessions is same as before authentication (as authentication session was removed)
Assertions.assertEquals(authSessionsBefore, getAuthenticationSessionsCount());
@@ -324,18 +325,19 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
events.expectLogin()
.client(clientId)
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, login)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.hasIpAddress()
.clientId(clientId)
.userId(userId)
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.details(Details.USERNAME, login)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
Assertions.assertTrue(login.equals(accessToken.getPreferredUsername()) || login.equals(accessToken.getEmail()));
@@ -397,18 +399,19 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("JWT", header.getType());
assertNull(header.getContentType());
events.expectLogin()
.client(clientId)
.user(userId)
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.detail(Details.USERNAME, login)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.hasIpAddress()
.clientId(clientId)
.userId(userId)
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.details(Details.USERNAME, login)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT);
Assertions.assertTrue(login.equals(accessToken.getPreferredUsername()) || login.equals(accessToken.getEmail()));
@@ -436,17 +439,18 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
AccessToken accessToken = oauth.verifyToken(response.getAccessToken());
RefreshToken refreshToken = oauth.parseRefreshToken(response.getRefreshToken());
events.expectLogin()
.client("resource-owner")
.session(accessToken.getSessionState())
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.TOKEN_ID, accessToken.getId())
.detail(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.detail(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID)
.assertEvent();
EventAssertion.assertSuccess(events.poll())
.type(EventType.LOGIN)
.hasSessionId()
.clientId("resource-owner")
.sessionId(accessToken.getSessionState())
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.TOKEN_ID, accessToken.getId())
.details(Details.REFRESH_TOKEN_ID, refreshToken.getId())
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT)
.details(Details.CLIENT_AUTH_METHOD, ClientIdAndSecretAuthenticator.PROVIDER_ID);
LogoutResponse logoutResponse = oauth.doLogout(response.getRefreshToken());
assertTrue(logoutResponse.isSuccess());
@@ -474,13 +478,12 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("unauthorized_client", response.getError());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.error(Errors.INVALID_CLIENT_CREDENTIALS)
.user((String) null)
.assertEvent();
.userId(null);
}
@Test
@@ -493,13 +496,12 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("unauthorized_client", response.getError());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.error(Errors.INVALID_CLIENT_CREDENTIALS)
.user((String) null)
.assertEvent();
.userId(null);
}
@Test
@@ -515,13 +517,12 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals(OAuthErrorException.UNAUTHORIZED_CLIENT, response.getError());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.error(Errors.NOT_ALLOWED)
.user((String) null)
.assertEvent();
.userId(null);
ClientManager.realm(adminClient.realm("test")).clientId("resource-owner").directAccessGrant(true);
@@ -543,13 +544,12 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
assertEquals("Account is not fully set up", response.getErrorDescription());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.error(Errors.RESOLVE_REQUIRED_ACTIONS)
.user((String) null)
.assertEvent();
.userId(null);
RealmManager.realm(realmResource).verifyEmail(false);
UserManager.realm(realmResource).username("test-user@localhost").removeRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL.toString());
@@ -573,15 +573,15 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
assertEquals("Invalid user credentials", response.getErrorDescription());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.error(Errors.INVALID_USER_CREDENTIALS)
.assertEvent();
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT)
.error(Errors.INVALID_USER_CREDENTIALS);
RealmManager.realm(realmResource).verifyEmail(false);
UserManager.realm(realmResource).username("test-user@localhost").removeRequiredAction(UserModel.RequiredAction.VERIFY_EMAIL.toString());
@@ -608,13 +608,12 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
setTimeOffset(0);
events.expectLogin()
.client("resource-owner")
.session((String) null)
.clearDetails()
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.error(Errors.RESOLVE_REQUIRED_ACTIONS)
.user((String) null)
.assertEvent();
.userId(null);
} finally {
RealmManager.realm(realmResource).passwordPolicy("");
UserManager.realm(realmResource).username("test-user@localhost")
@@ -640,15 +639,15 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
assertEquals("Invalid user credentials", response.getErrorDescription());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.error(Errors.INVALID_USER_CREDENTIALS)
.assertEvent();
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT)
.error(Errors.INVALID_USER_CREDENTIALS);
} finally {
RealmManager.realm(realmResource).passwordPolicy("");
UserManager.realm(realmResource).username("test-user@localhost")
@@ -699,15 +698,15 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
assertEquals("Invalid user credentials", response.getErrorDescription());
events.expectLogin()
.client("resource-owner")
.session((String) null)
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.error(Errors.INVALID_USER_CREDENTIALS)
.assertEvent();
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.sessionId(null)
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT)
.error(Errors.INVALID_USER_CREDENTIALS);
}
@Test
@@ -720,17 +719,17 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
events.expectLogin()
.client("resource-owner")
.user((String) null)
.session((String) null)
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.USERNAME, "invalid")
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.error(Errors.USER_NOT_FOUND)
.assertEvent();
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner")
.userId(null)
.sessionId(null)
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.USERNAME, "invalid")
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT)
.error(Errors.USER_NOT_FOUND);
}
@Test
@@ -789,17 +788,17 @@ public class ResourceOwnerPasswordCredentialsGrantTest extends AbstractKeycloakT
assertEquals("invalid_grant", response.getError());
assertEquals("Invalid user credentials", response.getErrorDescription());
events.expectLogin()
.client("resource-owner-refresh")
.session((String) null)
.user((String) null)
.detail(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.detail(Details.REASON, "User is a service account")
.removeDetail(Details.CODE_ID)
.removeDetail(Details.REDIRECT_URI)
.removeDetail(Details.CONSENT)
.error(Errors.INVALID_USER)
.assertEvent();
EventAssertion.assertError(events.poll())
.type(EventType.LOGIN_ERROR)
.clientId("resource-owner-refresh")
.sessionId(null)
.userId(null)
.details(Details.GRANT_TYPE, OAuth2Constants.PASSWORD)
.details(Details.REASON, "User is a service account")
.withoutDetails(Details.CODE_ID)
.withoutDetails(Details.REDIRECT_URI)
.withoutDetails(Details.CONSENT)
.error(Errors.INVALID_USER);
ClientManager.realm(adminClient.realm("test")).clientId("resource-owner").setServiceAccountsEnabled(false);
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/TokenIntrospectionTest.java
+9 -8
View File
@@ -42,6 +42,7 @@ import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
@@ -214,7 +215,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
public void testIntrospectRefreshToken() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.parseLoginResponse().getCode();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
oauth.client("confidential-cli", "secret1");
@@ -251,7 +252,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
driver.navigate().refresh();
oauth.fillLoginForm("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
Assertions.assertFalse(loginPage.isCurrent());
@@ -310,7 +311,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
public void testIntrospectAccessToken() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.parseLoginResponse().getCode();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
oauth.client("confidential-cli", "secret1");
TokenMetadataRepresentation rep = oauth.doIntrospectionAccessTokenRequest(accessTokenResponse.getAccessToken()).asTokenMetadata();
@@ -333,7 +334,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
testRealm.setClientScopes(List.of());
adminClient.realm("test").update(testRealm);
try {
EventRepresentation loginEvent = events.expectLogin().client("no-scope").assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).clientId("no-scope").getEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
oauth.client("no-scope", "password");
TokenMetadataRepresentation rep = oauth.doIntrospectionAccessTokenRequest(accessTokenResponse.getAccessToken()).asTokenMetadata();
@@ -352,7 +353,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
public void testIntrospectAccessTokenReturnedAsJwt() throws Exception {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.parseLoginResponse().getCode();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
TokenMetadataRepresentation rep = oauth.introspectionRequest(accessTokenResponse.getAccessToken())
@@ -387,7 +388,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.parseLoginResponse().getCode();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
assertEquals(jwaAlgorithm, new JWSInput(accessTokenResponse.getAccessToken()).getHeader().getAlgorithm().name());
@@ -495,7 +496,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
UserRepresentation userRep = new UserRepresentation();
try {
@@ -539,7 +540,7 @@ public class TokenIntrospectionTest extends AbstractTestRealmKeycloakTest {
public void testIntrospectWithSamlClient() {
oauth.doLogin("test-user@localhost", "password");
String code = oauth.parseLoginResponse().getCode();
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
AccessTokenResponse accessTokenResponse = oauth.doAccessTokenRequest(code);
oauth.client("saml-client", "secret2");
IntrospectionResponse introspectionResponse = oauth.doIntrospectionAccessTokenRequest(accessTokenResponse.getAccessToken());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/hok/HoKTest.java
+16 -30
View File
@@ -40,7 +40,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -90,29 +90,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
private static final List<String> CLIENT_LIST = Arrays.asList("test-app", "named-test-app", "service-account-client");
public static class HoKAssertEvents extends AssertEvents {
public HoKAssertEvents(AbstractKeycloakTest ctx) {
super(ctx);
}
private final String defaultRedirectUri = "https://localhost:8543/auth/realms/master/app/auth";
@Override
public ExpectedEvent expectLogin() {
return expect(EventType.LOGIN)
.detail(Details.CODE_ID, isCodeId())
//.detail(Details.USERNAME, DEFAULT_USERNAME)
//.detail(Details.AUTH_METHOD, OIDCLoginProtocol.LOGIN_PROTOCOL)
//.detail(Details.AUTH_TYPE, AuthorizationEndpoint.CODE_AUTH_TYPE)
.detail(Details.REDIRECT_URI, defaultRedirectUri)
.detail(Details.CONSENT, Details.CONSENT_VALUE_NO_CONSENT_REQUIRED)
.session(isSessionId());
}
}
@Rule
public HoKAssertEvents events = new HoKAssertEvents(this);
public AssertEvents events = new AssertEvents(this);
@Override
public void configureTestRealm(RealmRepresentation testRealm) {
@@ -188,7 +167,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
@Test
public void accessTokenRequestWithClientCertificate() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -334,7 +314,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
public void refreshTokenRequestByHoKRefreshTokenWithClientCertificate() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -383,7 +364,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
public void refreshTokenRequestByRefreshTokenWithoutClientCertificate() throws Exception {
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
String sessionId = loginEvent.getSessionId();
String code = oauth.parseLoginResponse().getCode();
@@ -472,7 +454,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
// get an access token
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -513,7 +496,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
// get an access token
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
String code = oauth.parseLoginResponse().getCode();
@@ -616,7 +600,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
oauth.loginForm().nonce(nonce).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
AuthorizationEndpointResponse authzResponse = oauth.parseLoginResponse();
Assertions.assertNotNull(authzResponse.getSessionState());
List<IDToken> idTokens = testAuthzResponseAndRetrieveIDTokens(authzResponse, loginEvent);
@@ -651,7 +636,8 @@ public class HoKTest extends AbstractTestRealmKeycloakTest {
// mimic Client
oauth.doLogin("test-user@localhost", "password");
String code = oauth.parseLoginResponse().getCode();
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
AccessTokenResponse accessTokenResponse = null;
try (CloseableHttpClient client = MutualTLSUtils.newCloseableHttpClientWithDefaultKeyStoreAndTrustStore()) {
oauth.httpClient().set(client);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/rar/DynamicScopesRARParseTest.java
+7 -9
View File
@@ -32,6 +32,7 @@ import org.keycloak.rar.AuthorizationRequestSource;
import org.keycloak.representations.AuthorizationDetailsJSONRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
@@ -54,9 +55,8 @@ public class DynamicScopesRARParseTest extends AbstractRARParserTest {
oauth.openLoginForm();
oauth.scope("openid");
oauth.doLogin("rar-test", "password");
events.expectLogin()
.user(userId)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(userId);
AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream()
.filter(authorizationRequestHolder -> authorizationRequestHolder.getSource().equals(AuthorizationRequestSource.SCOPE))
@@ -89,9 +89,8 @@ public class DynamicScopesRARParseTest extends AbstractRARParserTest {
oauth.openLoginForm();
oauth.scope("openid static-scope");
oauth.doLogin("rar-test", "password");
events.expectLogin()
.user(userId)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(userId);
AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream()
@@ -127,9 +126,8 @@ public class DynamicScopesRARParseTest extends AbstractRARParserTest {
oauth.openLoginForm();
oauth.scope("openid dynamic-scope:param");
oauth.doLogin("rar-test", "password");
events.expectLogin()
.user(userId)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(userId);
AuthorizationRequestContextHolder contextHolder = fetchAuthorizationRequestContextHolder(userId);
List<AuthorizationRequestContextHolder.AuthorizationRequestHolder> authorizationRequestHolders = contextHolder.getAuthorizationRequestHolders().stream()
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/tokenexchange/StandardTokenExchangeV2Test.java
+10 -7
View File
@@ -63,6 +63,7 @@ import org.keycloak.services.clientpolicy.condition.GrantTypeConditionFactory;
import org.keycloak.services.clientpolicy.executor.DownscopeAssertionGrantEnforcerExecutorFactory;
import org.keycloak.services.clientpolicy.executor.JWTClaimEnforcerExecutor;
import org.keycloak.services.clientpolicy.executor.JWTClaimEnforcerExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.admin.ApiUtil;
@@ -157,13 +158,15 @@ public class StandardTokenExchangeV2Test extends AbstractClientPoliciesTest {
assertEquals(Response.Status.OK.getStatusCode(), response.getStatusCode());
TokenVerifier<AccessToken> accessTokenVerifier = TokenVerifier.create(response.getAccessToken(), AccessToken.class);
AccessToken token = accessTokenVerifier.parse().getToken();
final EventRepresentation loginEvent = events.expectLogin()
.client(clientId)
.user(user.getId())
.session(token.getSessionId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
final EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.clientId(clientId)
.userId(user.getId())
.sessionId(token.getSessionId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.details(Details.REDIRECT_URI, oauth.getRedirectUri());
final String codeId = loginEvent.getDetails().get(Details.CODE_ID);
events.expectCodeToToken(codeId, token.getSessionId())
.client(clientId)
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AcrAuthFlowTest.java
+3 -3
View File
@@ -47,6 +47,7 @@ import org.keycloak.services.clientpolicy.condition.AcrCondition;
import org.keycloak.services.clientpolicy.condition.AcrConditionFactory;
import org.keycloak.services.clientpolicy.executor.AuthenticationFlowSelectorExecutor;
import org.keycloak.services.clientpolicy.executor.AuthenticationFlowSelectorExecutorFactory;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
@@ -479,9 +480,8 @@ public class AcrAuthFlowTest extends AbstractOIDCScopeTest{
* @return The tokens from a successful login
*/
private Tokens assertLoginWithAcr(String userId, String expectedAcr){
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.userId(userId).getEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid", CLIENT_ID);
assertAcr(tokens.idToken, expectedAcr);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AudienceTest.java
+5 -6
View File
@@ -35,6 +35,7 @@ import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.admin.ApiUtil;
@@ -131,9 +132,8 @@ public class AudienceTest extends AbstractOIDCScopeTest {
// Login and check audiences in the token (just accessToken contains it)
oauth.scope("openid audience-scope");
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.userId(userId).getEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid profile email audience-scope", "test-app");
assertAudiences(tokens.accessToken, "service-client");
@@ -163,9 +163,8 @@ public class AudienceTest extends AbstractOIDCScopeTest {
// Login and check audiences in the token
oauth.scope("openid audience-scope");
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.userId(userId).getEvent();
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid profile email audience-scope", "test-app");
assertAudiences(tokens.accessToken, "http://host/service/ctx1", "http://host/service/ctx2");
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthenticationMethodReferenceTest.java
+3 -3
View File
@@ -43,6 +43,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.forms.LevelOfAssuranceFlowTest;
import org.keycloak.testsuite.pages.LoginPage;
@@ -515,9 +516,8 @@ public class AuthenticationMethodReferenceTest extends AbstractOIDCScopeTest{
* @return The tokens from a successful login
*/
private Tokens assertLogin(String userId){
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll())
.userId(userId).getEvent();
return sendTokenRequest(loginEvent, userId, "openid", CLIENT_ID);
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/AuthorizationTokenResponseModeTest.java
+8 -7
View File
@@ -21,13 +21,14 @@ import java.net.URI;
import org.keycloak.OAuth2Constants;
import org.keycloak.OAuthErrorException;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AuthorizationResponseToken;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.util.ClientManager;
@@ -64,7 +65,7 @@ public class AuthorizationTokenResponseModeTest extends AbstractTestRealmKeycloa
assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", responseToken.getOtherClaims().get("state"));
Assertions.assertNull(responseToken.getOtherClaims().get("error"));
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -88,7 +89,7 @@ public class AuthorizationTokenResponseModeTest extends AbstractTestRealmKeycloa
Assertions.assertNotNull(currentUri.getRawQuery());
Assertions.assertNull(currentUri.getRawFragment());
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -109,7 +110,7 @@ public class AuthorizationTokenResponseModeTest extends AbstractTestRealmKeycloa
Assertions.assertNull(currentUri.getRawQuery());
Assertions.assertNotNull(currentUri.getRawFragment());
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -129,7 +130,7 @@ public class AuthorizationTokenResponseModeTest extends AbstractTestRealmKeycloa
assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", responseToken.getOtherClaims().get("state"));
Assertions.assertNull(responseToken.getOtherClaims().get("error"));
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -158,7 +159,7 @@ public class AuthorizationTokenResponseModeTest extends AbstractTestRealmKeycloa
Assertions.assertNull(currentUri.getRawQuery());
Assertions.assertNotNull(currentUri.getRawFragment());
String codeId = events.expectLogin().assertEvent().getDetails().get(Details.CODE_ID);
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -205,7 +206,7 @@ public class AuthorizationTokenResponseModeTest extends AbstractTestRealmKeycloa
Assertions.assertEquals(OAuthErrorException.INVALID_REQUEST, responseToken.getOtherClaims().get("error"));
Assertions.assertEquals("Response_mode 'query.jwt' is allowed only when the authorization response token is encrypted", responseToken.getOtherClaims().get("error_description"));
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
}
@Test
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/NonceBackwardsCompatibleMapperTest.java
+2 -1
View File
@@ -38,6 +38,7 @@ import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -162,7 +163,7 @@ public class NonceBackwardsCompatibleMapperTest extends AbstractTestRealmKeycloa
oauth.scope(OAuth2Constants.OFFLINE_ACCESS);
}
oauth.loginForm().nonce(nonce).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String code = oauth.parseLoginResponse().getCode();
AccessTokenResponse response = oauth.doAccessTokenRequest(code);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.java
+52 -38
View File
@@ -71,6 +71,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.util.CertificateInfoHelper;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -205,7 +206,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
public void testMaxAge1() {
// Open login form and login successfully
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
@@ -222,7 +224,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.assertCurrent();
assertThat(false, is(loginPage.isUsernameInputPresent()));
loginPage.login("password");
loginEvent = events.expectLogin().assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
idToken = sendTokenRequestAndGetIDToken(loginEvent);
@@ -235,7 +238,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
public void testMaxAge10000() {
// Open login form and login successfully
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
@@ -251,7 +255,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
oauth.loginForm().maxAge(10000).open();
// Assert that I will be automatically logged through cookie
loginEvent = events.expectLogin().assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
idToken = sendTokenRequestAndGetIDToken(loginEvent);
@@ -292,7 +297,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.login("test-user@localhost", "password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
long authTime = idToken.getAuth_time();
@@ -303,7 +309,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
oauth.loginForm().prompt("none").open();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
loginEvent = events.expectLogin().removeDetail(Details.USERNAME).assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
idToken = sendTokenRequestAndGetIDToken(loginEvent);
long authTime2 = idToken.getAuth_time();
@@ -334,10 +341,10 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
grantPage.assertCurrent();
grantPage.accept();
events.expectLogin()
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details(Details.USERNAME, "test-user@localhost")
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.details(Details.REDIRECT_URI, oauth.getRedirectUri());
// Consent not required anymore. Login with prompt=none should success
oauth.loginForm().prompt("none").open();
@@ -347,10 +354,10 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
Assertions.assertNotNull(resp.getCode());
Assertions.assertNull(resp.getError());
events.expectLogin()
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details(Details.USERNAME, "test-user@localhost")
.details(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.details(Details.REDIRECT_URI, oauth.getRedirectUri());
} finally {
// Revert consent
@@ -371,7 +378,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.login("test-user@localhost", "password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
IDToken oldIdToken = sendTokenRequestAndGetIDToken(loginEvent);
// Set time offset
@@ -380,7 +388,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
// SSO login first WITHOUT prompt=login ( Tests KEYCLOAK-5248 )
oauth.openLoginForm();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
IDToken newIdToken = sendTokenRequestAndGetIDToken(loginEvent);
// Assert that authTime wasn't updated
@@ -396,7 +405,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.login("password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
newIdToken = sendTokenRequestAndGetIDToken(loginEvent);
// Assert that authTime was updated
@@ -454,19 +464,19 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
appPage.assertCurrent();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin()
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details(Details.USERNAME, "test-user@localhost")
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.details(Details.REDIRECT_URI, oauth.getRedirectUri());
// Re-login without prompt=consent. The previous persistent consent was used
oauth.openLoginForm();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin()
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details(Details.USERNAME, "test-user@localhost")
.details(Details.CONSENT, Details.CONSENT_VALUE_PERSISTED_CONSENT)
.details(Details.REDIRECT_URI, oauth.getRedirectUri());
// Re-login with prompt=consent.
oauth.loginForm()
@@ -480,10 +490,9 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
appPage.assertCurrent();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin()
.detail(Details.USERNAME, "test-user@localhost")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.details(Details.USERNAME, "test-user@localhost")
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
} finally {
// Revert consent
@@ -504,7 +513,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.login("test-user@localhost", "password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
IDToken idToken = sendTokenRequestAndGetIDToken(loginEvent);
Assertions.assertNotNull(idToken);
@@ -1152,7 +1162,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.login("password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
}
// CLAIMS
@@ -1174,7 +1184,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.login("test-user@localhost", "password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
String sessionId = loginEvent.getSessionId();
String clientId = loginEvent.getClientId();
@@ -1213,7 +1224,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
loginPage.login("test-user@localhost", "password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
EventRepresentation loginEvent = events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).details(Details.USERNAME, "test-user@localhost");
String sessionId = loginEvent.getSessionId();
String clientId = loginEvent.getClientId();
@@ -1265,7 +1277,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
String request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth.loginForm().request(request).doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
AccessTokenResponse accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
IDToken idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
@@ -1312,7 +1325,8 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
request = new JWSBuilder().jsonContent(oidcRequest).none();
oauth.loginForm().request(request).doLogin("test-user@localhost", "password");
loginEvent = events.expectLogin().assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent);
accessTokenResponse = sendTokenRequestAndGetResponse(loginEvent);
idToken = oauth.verifyIDToken(accessTokenResponse.getIdToken());
@@ -1344,7 +1358,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
@Test
public void testSignedRequestObject() throws IOException {
oauth.loginForm().request(createAndSignRequestObject()).doLogin("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
@Test
@@ -1417,7 +1431,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
@Test
public void testSignedAndEncryptedRequestObject() throws IOException, JWEException {
oauth.loginForm().request(createEncryptedRequestObject(RSA_OAEP_256)).doLogin("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
private String createEncryptedRequestObject(String encAlg) throws IOException, JWEException {
@@ -1532,7 +1546,7 @@ public class OIDCAdvancedRequestParamsTest extends AbstractTestRealmKeycloakTest
.setEncryptionKey(decryptionKEK);
oauth.loginForm().request(jwe.encodeJwe()).doLogin("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
}
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCBackwardsCompatibilityTest.java
+8 -6
View File
@@ -23,10 +23,12 @@ import org.keycloak.OAuthErrorException;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -88,7 +90,7 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
public void testExcludeSessionStateParameter() {
// Open login form and login successfully. Assert session_state is present
AuthorizationEndpointResponse authzResponse = oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(authzResponse.getSessionState());
@@ -102,7 +104,7 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
// Open login again and assert session_state not present
oauth.openLoginForm();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
authzResponse = oauth.parseLoginResponse();
Assertions.assertNull(authzResponse.getSessionState());
@@ -116,7 +118,7 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
public void testExcludeIssuerParameter() {
// Open login form and login successfully. Assert iss parameter is present
AuthorizationEndpointResponse authzResponse = oauth.doLogin("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertEquals(oauth.AUTH_SERVER_ROOT + "/realms/test", authzResponse.getIssuer());
@@ -130,7 +132,7 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
// Open login again and assert iss parameter is not present
oauth.openLoginForm();
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).details(Details.USERNAME, "test-user@localhost");
authzResponse = oauth.parseLoginResponse();
Assertions.assertNull(authzResponse.getIssuer());
@@ -151,7 +153,7 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE);
Assertions.assertEquals(oauth.AUTH_SERVER_ROOT + "/realms/test", errorResponse.getIssuer());
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().detail(Details.RESPONSE_TYPE, "tokenn").assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null).details(Details.RESPONSE_TYPE, "tokenn");
// Switch "exclude iss" to on
ClientResource client = AdminApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
@@ -168,7 +170,7 @@ public class OIDCBackwardsCompatibilityTest extends AbstractTestRealmKeycloakTes
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.UNSUPPORTED_RESPONSE_TYPE);
Assertions.assertNull(errorResponse.getIssuer());
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().detail(Details.RESPONSE_TYPE, "tokenn").assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null).details(Details.RESPONSE_TYPE, "tokenn");
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCDynamicScopeTest.java
+4 -3
View File
@@ -35,6 +35,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.ProfileAssume;
@@ -233,9 +234,9 @@ public class OIDCDynamicScopeTest extends OIDCScopeTest {
oauth.openLoginForm();
oauth.doLogin(username, "password");
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.userId(userId);
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile " + expectedRoleScopes, "test-app");
Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCPublicClientTest.java
+2 -1
View File
@@ -26,6 +26,7 @@ import org.keycloak.events.Details;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -93,7 +94,7 @@ public class OIDCPublicClientTest extends AbstractKeycloakTest {
// It should be possible to authenticate
oauth.doLogin("test-user@localhost", "password");
EventRepresentation loginEvent = events.expectLogin().assertEvent();
EventRepresentation loginEvent = EventAssertion.expectLoginSuccess(events.poll()).getEvent();
String sessionId = loginEvent.getSessionId();
String codeId = loginEvent.getDetails().get(Details.CODE_ID);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/OIDCScopeTest.java
+40 -39
View File
@@ -45,6 +45,7 @@ import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.RoleBuilder;
import org.keycloak.testframework.realm.UserBuilder;
import org.keycloak.testsuite.Assert;
@@ -182,9 +183,8 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
public void testBuiltinOptionalScopes() throws Exception {
// Login. Assert that just 'profile' and 'email' data are there. 'Address' and 'phone' not
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).userId(userId);
Tokens tokens = sendTokenRequest(loginEvent, userId, "openid email profile", "test-app");
IDToken idToken = tokens.idToken;
@@ -207,9 +207,8 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
// Login with optional scopes. Assert that everything is there
oauth.scope("openid address phone microprofile-jwt");
oauth.doLogin("john", "password");
loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).userId(userId);
tokens = sendTokenRequest(loginEvent, userId,"openid email profile address phone microprofile-jwt", "test-app");
idToken = tokens.idToken;
@@ -299,9 +298,8 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
// Login without scope parameter. Assert 'profile' and 'email' info not there
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).userId(userId);
Tokens tokens = sendTokenRequest(loginEvent, userId,"openid", "test-app");
IDToken idToken = tokens.idToken;
@@ -321,9 +319,8 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
// Login with scope parameter. Just 'profile' is there
oauth.scope("openid profile");
oauth.doLogin("john", "password");
loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).userId(userId);
tokens = sendTokenRequest(loginEvent, userId,"openid profile", "test-app");
idToken = tokens.idToken;
@@ -354,11 +351,12 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
grantPage.accept();
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.client("third-party")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.userId(userId)
.clientId("third-party")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
Tokens tokens = sendTokenRequest(loginEvent, userId,"openid email profile", "third-party");
IDToken idToken = tokens.idToken;
@@ -383,11 +381,12 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
grantPage.assertGrants(OAuthGrantPage.PHONE_CONSENT_TEXT);
grantPage.accept();
loginEvent = events.expectLogin()
.client("third-party")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.user(userId)
.assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.userId(userId)
.clientId("third-party")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
tokens = sendTokenRequest(loginEvent, userId,"openid email profile address phone", "third-party");
idToken = tokens.idToken;
@@ -419,11 +418,12 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT, "ThirdParty permissions");
grantPage.accept();
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.client("third-party")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.userId(userId)
.clientId("third-party")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
Tokens tokens = sendTokenRequest(loginEvent, userId,"openid email profile", "third-party");
IDToken idToken = tokens.idToken;
@@ -482,11 +482,12 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
grantPage.assertGrants(OAuthGrantPage.PROFILE_CONSENT_TEXT, OAuthGrantPage.EMAIL_CONSENT_TEXT, OAuthGrantPage.ROLES_CONSENT_TEXT);
grantPage.accept();
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.client("third-party")
.detail(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.userId(userId)
.clientId("third-party")
.details(Details.REDIRECT_URI, oauth.getRedirectUri())
.details(Details.CONSENT, Details.CONSENT_VALUE_CONSENT_GRANTED);
Tokens tokens = sendTokenRequest(loginEvent, userId,"openid email profile", "third-party");
IDToken idToken = tokens.idToken;
@@ -568,9 +569,9 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
// Login with scope-role-1. Save refresh token
oauth.scope("scope-role-1");
oauth.doLogin("john", "password");
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent)
.userId(userId);
Tokens tokens1 = sendTokenRequest(loginEvent, userId,"openid email profile scope-role-1", "test-app");
Assertions.assertTrue(tokens1.accessToken.getRealmAccess().isUserInRole("role-1"));
@@ -579,7 +580,8 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
//SSO login with scope-role-2. Save refresh token
oauth.scope("scope-role-2");
oauth.openLoginForm();
loginEvent = events.expectLogin().user(userId).removeDetail(Details.USERNAME).client("test-app").assertEvent();
loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).userId(userId).clientId("test-app");
Tokens tokens2 = sendTokenRequest(loginEvent, userId,"openid email profile scope-role-2", "test-app");
Assertions.assertFalse(tokens2.accessToken.getRealmAccess().isUserInRole("role-1"));
Assertions.assertTrue(tokens2.accessToken.getRealmAccess().isUserInRole("role-2"));
@@ -692,9 +694,8 @@ public class OIDCScopeTest extends AbstractOIDCScopeTest {
oauth.openLoginForm();
oauth.doLogin(username, "password");
EventRepresentation loginEvent = events.expectLogin()
.user(userId)
.assertEvent();
EventRepresentation loginEvent = events.poll();
EventAssertion.expectLoginSuccess(loginEvent).userId(userId);
Tokens tokens = sendTokenRequest(loginEvent, userId,"openid email profile " + expectedRoleScopes, "test-app");
Assert.assertNames(tokens.accessToken.getRealmAccess().getRoles(), expectedRoles);
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/UserInfoTest.java
+2 -1
View File
@@ -76,6 +76,7 @@ import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.Urls;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.RoleBuilder;
@@ -620,7 +621,7 @@ public class UserInfoTest extends AbstractKeycloakTest {
driver.navigate().refresh();
oauth.fillLoginForm("test-user@localhost", "password");
events.expectLogin().assertEvent();
EventAssertion.expectLoginSuccess(events.poll());
Assertions.assertFalse(loginPage.isCurrent());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oidc/flows/AbstractOIDCResponseTypeTest.java
+13 -5
View File
@@ -24,12 +24,14 @@ import org.keycloak.OAuthErrorException;
import org.keycloak.crypto.Algorithm;
import org.keycloak.events.Details;
import org.keycloak.events.Errors;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.JWSHeader;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.HashUtils;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
@@ -120,7 +122,7 @@ public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeyc
Assertions.assertTrue(errorResponse.isRedirected());
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.INVALID_REQUEST);
events.expectLogin().error(Errors.INVALID_REQUEST).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.INVALID_REQUEST).userId(null).sessionId(null);
}
protected void validateNonceNotUsedSuccessExpected() {
@@ -153,7 +155,7 @@ public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeyc
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.UNAUTHORIZED_CLIENT);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Client is not allowed to initiate browser login with given response_type. Implicit flow is disabled for the client.");
events.expectLogin().error(Errors.NOT_ALLOWED).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.NOT_ALLOWED).userId(null).sessionId(null);
// Revert
clientManagerBuilder().implicitFlow(true);
@@ -171,7 +173,7 @@ public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeyc
Assertions.assertEquals(errorResponse.getError(), OAuthErrorException.UNAUTHORIZED_CLIENT);
Assertions.assertEquals(errorResponse.getErrorDescription(), "Client is not allowed to initiate browser login with given response_type. Standard flow is disabled for the client.");
events.expectLogin().error(Errors.NOT_ALLOWED).user((String) null).session((String) null).clearDetails().assertEvent();
EventAssertion.assertError(events.poll()).type(EventType.LOGIN_ERROR).error(Errors.NOT_ALLOWED).userId(null).sessionId(null);
// Revert
clientManagerBuilder().standardFlow(true);
@@ -186,7 +188,9 @@ public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeyc
loginPage.login("test-user@localhost", "password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
return events.expectLogin().detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation eventRep = events.poll();
EventAssertion.expectLoginSuccess(eventRep).details(Details.USERNAME, "test-user@localhost");
return eventRep;
}
protected EventRepresentation loginUserWithRedirect(String nonce, String redirectUri) {
@@ -200,7 +204,11 @@ public abstract class AbstractOIDCResponseTypeTest extends AbstractTestRealmKeyc
loginPage.login("test-user@localhost", "password");
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
return events.expectLogin().detail(Details.REDIRECT_URI, redirectUri).detail(Details.USERNAME, "test-user@localhost").assertEvent();
EventRepresentation eventRep = events.poll();
EventAssertion.expectLoginSuccess(eventRep)
.details(Details.REDIRECT_URI, redirectUri)
.details(Details.USERNAME, "test-user@localhost");
return eventRep;
}
protected abstract boolean isFragment();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/script/DeployedScriptAuthenticatorTest.java
+2 -1
View File
@@ -39,6 +39,7 @@ import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.provider.ScriptProviderDescriptor;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.AuthenticationExecutionBuilder;
import org.keycloak.testframework.realm.AuthenticationFlowBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
@@ -188,7 +189,7 @@ public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
loginPage.login("user", "password");
events.expectLogin().user(okayUser()).detail(Details.USERNAME, "user").assertEvent();
EventAssertion.expectLoginSuccess(events.poll()).userId(okayUser().getId()).details(Details.USERNAME, "user");
}
// Issue 20005
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/ssl/TrustStoreEmailTest.java
+6 -7
View File
@@ -24,6 +24,7 @@ import org.keycloak.events.EventType;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -138,13 +139,11 @@ public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
events.expectLogin()
.client("test-app")
.user(user.getId())
.session(mailCodeId)
.detail(Details.USERNAME, "test-user@localhost")
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.clientId("test-app")
.userId(user.getId())
.sessionId(mailCodeId)
.details(Details.USERNAME, "test-user@localhost");
assertCurrentUrlStartsWith(OAuthClient.APP_AUTH_ROOT);
AccountHelper.logout(managedRealm.admin(), user.getUsername());
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/AppInitiatedActionWebAuthnTest.java
+7 -4
View File
@@ -35,6 +35,7 @@ import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.actions.AbstractAppInitiatedActionTest;
import org.keycloak.testsuite.admin.AdminApiUtil;
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
@@ -192,7 +193,8 @@ public class AppInitiatedActionWebAuthnTest extends AbstractAppInitiatedActionTe
.update()) {
OAuthClient oauth2 = oauth.newConfig().driver(driver2);
oauth2.doLogin(DEFAULT_USERNAME, getPassword(DEFAULT_USERNAME));
event1 = events.expectLogin().assertEvent();
event1 = events.poll();
EventAssertion.expectLoginSuccess(event1);
assertEquals(1, testUser.getUserSessions().size());
}
@@ -243,8 +245,9 @@ public class AppInitiatedActionWebAuthnTest extends AbstractAppInitiatedActionTe
assertThat(appPage.getRequestType(), is(AppPage.RequestType.AUTH_RESPONSE));
assertNotNull(oauth.parseLoginResponse().getCode());
return events.expectLogin()
.detail(Details.USERNAME, DEFAULT_USERNAME)
.assertEvent();
EventRepresentation eventRep = events.poll();
EventAssertion.expectLoginSuccess(eventRep)
.details(Details.USERNAME, DEFAULT_USERNAME);
return eventRep;
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/WebAuthnIdlessTest.java
+23 -18
View File
@@ -39,6 +39,7 @@ import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AdminApiUtil;
@@ -256,9 +257,10 @@ public class WebAuthnIdlessTest extends AbstractWebAuthnVirtualTest {
.collect(Collectors.toList()).size(), is(1));
}
String sessionId = events.expectLogin()
.user(userId)
.assertEvent().getSessionId();
EventRepresentation eventRepWithSession = events.poll();
EventAssertion.expectLoginSuccess(eventRepWithSession).userId(userId);
String sessionId = eventRepWithSession.getSessionId();
events.clear();
logout();
events.expectLogout(sessionId)
@@ -310,11 +312,12 @@ public class WebAuthnIdlessTest extends AbstractWebAuthnVirtualTest {
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
String sessionId = events.expectLogin()
.user(userId)
.detail(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, credentialId)
.detail("web_authn_authenticator_user_verification_checked", Boolean.FALSE.toString())
.assertEvent().getSessionId();
EventRepresentation eventRepWithSession = events.poll();
EventAssertion.expectLoginSuccess(eventRepWithSession)
.userId(userId)
.details(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, credentialId)
.details("web_authn_authenticator_user_verification_checked", Boolean.FALSE.toString());
String sessionId = eventRepWithSession.getSessionId();
events.clear();
logout();
@@ -341,11 +344,12 @@ public class WebAuthnIdlessTest extends AbstractWebAuthnVirtualTest {
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
String sessionId = events.expectLogin()
.user(userId)
.detail(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, credentialId)
.detail("web_authn_authenticator_user_verification_checked", Boolean.TRUE.toString())
.assertEvent().getSessionId();
EventRepresentation eventRepWithSession = events.poll();
EventAssertion.expectLoginSuccess(eventRepWithSession)
.userId(userId)
.details(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, credentialId)
.details("web_authn_authenticator_user_verification_checked", Boolean.TRUE.toString());
String sessionId = eventRepWithSession.getSessionId();
events.clear();
logout();
@@ -375,11 +379,12 @@ public class WebAuthnIdlessTest extends AbstractWebAuthnVirtualTest {
if (shouldSuccess) {
appPage.assertCurrent();
String sessionId = events.expectLogin()
.user(userId)
.detail(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, credentialId)
.detail("web_authn_authenticator_user_verification_checked", Boolean.TRUE.toString())
.assertEvent().getSessionId();
EventRepresentation eventRepWithSession = events.poll();
EventAssertion.expectLoginSuccess(eventRepWithSession)
.userId(userId)
.details(WebAuthnConstants.PUBKEY_CRED_ID_ATTR, credentialId)
.details("web_authn_authenticator_user_verification_checked", Boolean.TRUE.toString());
String sessionId = eventRepWithSession.getSessionId();
events.clear();
logout();
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/WebAuthnPropertyTest.java
+4 -4
View File
@@ -26,6 +26,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.credential.WebAuthnCredentialModel;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.webauthn.utils.WebAuthnRealmData;
@@ -76,10 +77,9 @@ public class WebAuthnPropertyTest extends AbstractWebAuthnVirtualTest {
authenticateDefaultUser();
// confirm that authentication is successfully completed
events.expectLogin()
.user(user.getId())
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/passwordless/PasskeysConditionalUITest.java
+5 -5
View File
@@ -29,6 +29,7 @@ import org.keycloak.models.Constants;
import org.keycloak.models.credential.WebAuthnCredentialModel;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
@@ -93,11 +94,10 @@ public class PasskeysConditionalUITest extends AbstractWebAuthnVirtualTest {
WaitUtils.waitForPageToLoad();
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/passwordless/PasskeysDefaultBrowserFlowTest.java
+14 -17
View File
@@ -28,6 +28,7 @@ import org.keycloak.models.credential.WebAuthnCredentialModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
import org.keycloak.testsuite.auth.page.login.OneTimeCode;
@@ -44,7 +45,6 @@ import org.junit.Test;
import org.openqa.selenium.By;
import org.openqa.selenium.firefox.FirefoxDriver;
import static org.hamcrest.Matchers.nullValue;
/**
*
@@ -156,12 +156,11 @@ public class PasskeysDefaultBrowserFlowTest extends AbstractWebAuthnVirtualTest
appPage.assertCurrent();
// expect success login
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
logout();
}
@@ -178,11 +177,10 @@ public class PasskeysDefaultBrowserFlowTest extends AbstractWebAuthnVirtualTest
// login using password
loginPage.login(USERNAME, getPassword(USERNAME));
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, USERNAME)
.detail(Details.CREDENTIAL_TYPE, nullValue())
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, USERNAME)
.details(Details.CREDENTIAL_TYPE, null);
logout();
}
@@ -204,11 +202,10 @@ public class PasskeysDefaultBrowserFlowTest extends AbstractWebAuthnVirtualTest
oneTimeCodePage.sendCode(new TimeBasedOTP().generateTOTP(totpSecret));
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, USERNAME)
.detail(Details.CREDENTIAL_TYPE, nullValue())
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, USERNAME)
.details(Details.CREDENTIAL_TYPE, null);
logout();
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/webauthn/passwordless/PasskeysOrganizationAuthenticationTest.java
+32 -35
View File
@@ -32,10 +32,12 @@ import org.keycloak.organization.authentication.authenticators.browser.Organizat
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.OrganizationDomainRepresentation;
import org.keycloak.representations.idm.OrganizationRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.IgnoreBrowserDriver;
@@ -109,12 +111,11 @@ public class PasskeysOrganizationAuthenticationTest extends AbstractWebAuthnVirt
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
logout();
events.clear();
@@ -126,12 +127,11 @@ public class PasskeysOrganizationAuthenticationTest extends AbstractWebAuthnVirt
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
logout();
}
@@ -226,11 +226,11 @@ public class PasskeysOrganizationAuthenticationTest extends AbstractWebAuthnVirt
MatcherAssert.assertThat(driver.findElement(By.xpath("//form[@id='webauth']")), Matchers.notNullValue());
loginPage.login(getPassword(USERNAME));
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, "UserWebAuthn")
.detail(Details.CREDENTIAL_TYPE, Matchers.nullValue())
.assertEvent();
EventRepresentation eventRep = events.poll();
EventAssertion.expectLoginSuccess(eventRep)
.userId(user.getId())
.details(Details.USERNAME, "UserWebAuthn");
MatcherAssert.assertThat(eventRep.getDetails().get(Details.CREDENTIAL_TYPE), Matchers.nullValue());
}
}
@@ -270,12 +270,11 @@ public class PasskeysOrganizationAuthenticationTest extends AbstractWebAuthnVirt
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
logout();
}
}
@@ -309,12 +308,11 @@ public class PasskeysOrganizationAuthenticationTest extends AbstractWebAuthnVirt
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
// Re-authentication now with prompt=login. Passkeys login should be possible.
oauth.loginForm()
@@ -328,12 +326,11 @@ public class PasskeysOrganizationAuthenticationTest extends AbstractWebAuthnVirt
webAuthnLoginPage.clickAuthenticate();
appPage.assertCurrent();
events.expectLogin()
.user(user.getId())
.detail(Details.USERNAME, user.getUsername())
.detail(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.detail(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true")
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(user.getId())
.details(Details.USERNAME, user.getUsername())
.details(Details.CREDENTIAL_TYPE, WebAuthnCredentialModel.TYPE_PASSWORDLESS)
.details(WebAuthnConstants.USER_VERIFICATION_CHECKED, "true");
logout();
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/AbstractX509AuthenticationTest.java
+10 -14
View File
@@ -46,11 +46,13 @@ import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.userprofile.config.UPAttribute;
import org.keycloak.representations.userprofile.config.UPAttributePermissions;
import org.keycloak.representations.userprofile.config.UPConfig;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testframework.realm.ClientBuilder;
import org.keycloak.testframework.realm.RealmBuilder;
import org.keycloak.testframework.realm.UserBuilder;
@@ -70,6 +72,7 @@ import org.keycloak.testsuite.util.HtmlUnitBrowser;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.userprofile.UserProfileConstants;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.logging.Logger;
@@ -578,20 +581,13 @@ public abstract class AbstractX509AuthenticationTest extends AbstractTestRealmKe
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
AssertEvents.ExpectedEvent expectedEvent = events.expectLogin()
.user(userId)
.detail(Details.USERNAME, attemptedUsername)
.removeDetail(Details.REDIRECT_URI);
EventRepresentation eventRep = events.poll();
EventAssertion.expectLoginSuccess(eventRep)
.userId(userId)
.details(Details.USERNAME, attemptedUsername);
addX509CertificateDetails(expectedEvent)
.assertEvent();
}
protected AssertEvents.ExpectedEvent addX509CertificateDetails(AssertEvents.ExpectedEvent expectedEvent) {
return expectedEvent
.detail(Details.X509_CERTIFICATE_SERIAL_NUMBER, Matchers.not(is(emptyOrNullString())))
.detail(Details.X509_CERTIFICATE_SUBJECT_DISTINGUISHED_NAME, Matchers.startsWith("EMAILADDRESS=test-user@localhost"))
.detail(Details.X509_CERTIFICATE_ISSUER_DISTINGUISHED_NAME, Matchers.startsWith("EMAILADDRESS=contact@keycloak.org"));
MatcherAssert.assertThat(eventRep.getDetails().get(Details.X509_CERTIFICATE_SERIAL_NUMBER), Matchers.not(is(emptyOrNullString())));
MatcherAssert.assertThat(eventRep.getDetails().get(Details.X509_CERTIFICATE_SUBJECT_DISTINGUISHED_NAME), Matchers.startsWith("EMAILADDRESS=test-user@localhost"));
MatcherAssert.assertThat(eventRep.getDetails().get(Details.X509_CERTIFICATE_ISSUER_DISTINGUISHED_NAME), Matchers.startsWith("EMAILADDRESS=contact@keycloak.org"));
}
}
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/x509/X509BrowserCRLTest.java
+4 -5
View File
@@ -21,6 +21,7 @@ import org.keycloak.authentication.authenticators.x509.X509AuthenticatorConfigMo
import org.keycloak.events.Details;
import org.keycloak.models.Constants;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.testframework.events.EventAssertion;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.util.AccountHelper;
import org.keycloak.testsuite.util.ContainerAssume;
@@ -324,10 +325,8 @@ public class X509BrowserCRLTest extends AbstractX509AuthenticationTest {
Assertions.assertEquals(AppPage.RequestType.AUTH_RESPONSE, appPage.getRequestType());
Assertions.assertNotNull(oauth.parseLoginResponse().getCode());
events.expectLogin()
.user(userId)
.detail(Details.USERNAME, "test-user@localhost")
.removeDetail(Details.REDIRECT_URI)
.assertEvent();
EventAssertion.expectLoginSuccess(events.poll())
.userId(userId)
.details(Details.USERNAME, "test-user@localhost");
}
}

Some files were not shown because too many files have changed in this diff Show More