From 5436be9e79c8875b338188c2b33fa4ef54dfd6ea Mon Sep 17 00:00:00 2001 From: Marie Daly Date: Thu, 30 Apr 2026 06:18:08 +0100 Subject: [PATCH] Migrate PasswordPolicyTest to new test framework (#48583) * Closes #48150, migrate PasswordPolicyTest to new test framework Signed-off-by: Marie Daly * Clean up DatabaseTestSuite by removing unused import Removed unused import for PasswordPolicyTest. Signed-off-by: Marie Daly * Closes #48150, update following spotless check Signed-off-by: Marie Daly * Closes #48150, resolve failing test in CI Signed-off-by: Marie Daly --------- Signed-off-by: Marie Daly Signed-off-by: Marie Daly --- .../tests}/policy/PasswordPolicyTest.java | 89 +++++++++++++------ .../keycloak/tests/suites/Base2TestSuite.java | 1 + .../keycloak/tests/suites/JDKTestSuite.java | 2 + .../test-password-blacklist.txt | 0 .../tests/base/testsuites/database-suite | 1 - .../tests/base/testsuites/jdk-suite | 1 - 6 files changed, 64 insertions(+), 30 deletions(-) rename {testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite => tests/base/src/test/java/org/keycloak/tests}/policy/PasswordPolicyTest.java (84%) rename {testsuite/integration-arquillian/tests => tests}/base/src/test/resources/password-blacklists/test-password-blacklist.txt (100%) diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/policy/PasswordPolicyTest.java b/tests/base/src/test/java/org/keycloak/tests/policy/PasswordPolicyTest.java similarity index 84% rename from testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/policy/PasswordPolicyTest.java rename to tests/base/src/test/java/org/keycloak/tests/policy/PasswordPolicyTest.java index 8064500e138..578e2dfe1dd 100755 --- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/policy/PasswordPolicyTest.java +++ b/tests/base/src/test/java/org/keycloak/tests/policy/PasswordPolicyTest.java @@ -15,10 +15,12 @@ * limitations under the License. */ -package org.keycloak.testsuite.policy; +package org.keycloak.tests.policy; import java.io.File; -import java.util.List; +import java.net.URISyntaxException; +import java.net.URL; +import java.nio.file.Paths; import org.keycloak.models.ModelException; import org.keycloak.models.PasswordPolicy; @@ -29,12 +31,19 @@ import org.keycloak.policy.MaximumLengthPasswordPolicyProviderFactory; import org.keycloak.policy.PasswordPolicyManagerProvider; import org.keycloak.policy.PasswordPolicyProvider; import org.keycloak.provider.ProviderFactory; -import org.keycloak.representations.idm.RealmRepresentation; +import org.keycloak.testframework.annotations.InjectRealm; +import org.keycloak.testframework.annotations.KeycloakIntegrationTest; +import org.keycloak.testframework.realm.ManagedRealm; import org.keycloak.testframework.realm.RealmBuilder; -import org.keycloak.testsuite.AbstractKeycloakTest; +import org.keycloak.testframework.realm.RealmConfig; +import org.keycloak.testframework.remote.runonserver.InjectRunOnServer; +import org.keycloak.testframework.remote.runonserver.RunOnServerClient; +import org.keycloak.testframework.server.KeycloakServerConfig; +import org.keycloak.testframework.server.KeycloakServerConfigBuilder; +import org.keycloak.tests.suites.DatabaseTest; -import org.junit.Test; import org.junit.jupiter.api.Assertions; +import org.junit.jupiter.api.Test; import static org.hamcrest.CoreMatchers.instanceOf; import static org.hamcrest.MatcherAssert.assertThat; @@ -48,11 +57,19 @@ import static org.junit.jupiter.api.Assertions.fail; /** * @author Stian Thorgersen */ -public class PasswordPolicyTest extends AbstractKeycloakTest { +@KeycloakIntegrationTest(config = PasswordPolicyTest.PasswordPolicyServerConfig.class) +@DatabaseTest +public class PasswordPolicyTest { + + @InjectRealm(config = PasswordPolicyRealmConfig.class) + ManagedRealm managedRealm; + + @InjectRunOnServer + RunOnServerClient runOnServer; @Test public void testLength() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -72,7 +89,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testMaximumLength() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -96,7 +113,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testDigits() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -114,7 +131,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testLowerCase() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -132,7 +149,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testUpperCase() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -150,7 +167,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testSpecialChars() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -170,8 +187,8 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { * KEYCLOAK-5244 */ @Test - public void testBlacklistPasswordPolicyWithTestBlacklist() throws Exception { - testingClient.server("passwordPolicy").run(session -> { + public void testBlacklistPasswordPolicyWithTestBlacklist() { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -186,10 +203,10 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { } @Test - public void testBlacklistPasswordPolicyDefaultPath() throws Exception { + public void testBlacklistPasswordPolicyDefaultPath() { final String SEPARATOR = File.separator; - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { ProviderFactory passPolicyFact = session.getKeycloakSessionFactory().getProviderFactory( PasswordPolicyProvider.class, BlacklistPasswordPolicyProviderFactory.ID); assertThat(passPolicyFact, instanceOf(BlacklistPasswordPolicyProviderFactory.class)); @@ -200,7 +217,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testNotUsername() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -212,9 +229,8 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testInvalidPolicyName() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); - PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); try { realmModel.setPasswordPolicy(PasswordPolicy.parse(session, "noSuchPolicy")); @@ -227,11 +243,10 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testRegexPatterns() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); - PasswordPolicy policy = null; try { realmModel.setPasswordPolicy(PasswordPolicy.parse(session, "regexPattern")); fail("Expected NullPointerException: Regex Pattern cannot be null."); @@ -257,7 +272,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { realmModel.setPasswordPolicy(PasswordPolicy.parse(session, "regexPattern(jdoe) and regexPattern(j*d)")); Assertions.assertEquals("invalidPasswordRegexPatternMessage", policyManager.validate("jdoe", "jdoe").getMessage()); - ////Fails to match all of the regex patterns + //Fails to match all of the regex patterns realmModel.setPasswordPolicy(PasswordPolicy.parse(session, "regexPattern(j*p) and regexPattern(j*d) and regexPattern(adoe)")); Assertions.assertEquals("invalidPasswordRegexPatternMessage", policyManager.validate("jdoe", "jdoe").getMessage()); @@ -274,7 +289,7 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testComplex() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { RealmModel realmModel = session.getContext().getRealm(); PasswordPolicyManagerProvider policyManager = session.getProvider(PasswordPolicyManagerProvider.class); @@ -293,10 +308,10 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { @Test public void testBuilder() { - testingClient.server("passwordPolicy").run(session -> { + runOnServer.run(session -> { PasswordPolicy.Builder builder = PasswordPolicy.parse(session, "hashIterations(20000)").toBuilder(); assertFalse(builder.contains(PasswordPolicy.HASH_ALGORITHM_ID)); - assertTrue("20000".equals(builder.get(PasswordPolicy.HASH_ITERATIONS_ID))); + assertEquals("20000", builder.get(PasswordPolicy.HASH_ITERATIONS_ID)); builder.remove(PasswordPolicy.HASH_ITERATIONS_ID); @@ -315,9 +330,27 @@ public class PasswordPolicyTest extends AbstractKeycloakTest { }); } - @Override - public void addTestRealms(List testRealms) { - testRealms.add(RealmBuilder.create().name("passwordPolicy").build()); + public static class PasswordPolicyServerConfig implements KeycloakServerConfig { + @Override + public KeycloakServerConfigBuilder configure(KeycloakServerConfigBuilder config) { + try { + URL resourceUrl = PasswordPolicyTest.class.getResource("/password-blacklists"); + if (resourceUrl == null) { + throw new RuntimeException("Unable to find the password-blacklists file in the classpath for PasswordPolicyTest"); + } + String resourcePath = Paths.get(resourceUrl.toURI()).toString(); + return config.spiOption("password-policy", "password-blacklist", "blacklists-path", resourcePath); + + } catch (URISyntaxException e) { + throw new RuntimeException(e); + } + } } + public static class PasswordPolicyRealmConfig implements RealmConfig { + @Override + public RealmBuilder configure(RealmBuilder realm) { + return realm.name("passwordPolicy"); + } + } } diff --git a/tests/base/src/test/java/org/keycloak/tests/suites/Base2TestSuite.java b/tests/base/src/test/java/org/keycloak/tests/suites/Base2TestSuite.java index 3a6978058a2..865f96bcbb0 100644 --- a/tests/base/src/test/java/org/keycloak/tests/suites/Base2TestSuite.java +++ b/tests/base/src/test/java/org/keycloak/tests/suites/Base2TestSuite.java @@ -23,6 +23,7 @@ import org.junit.platform.suite.api.Suite; "org.keycloak.tests.oauth", "org.keycloak.tests.organization", "org.keycloak.tests.oid4vc", + "org.keycloak.tests.policy", "org.keycloak.tests.securityprofile", "org.keycloak.tests.session", "org.keycloak.tests.sessionlimits", diff --git a/tests/base/src/test/java/org/keycloak/tests/suites/JDKTestSuite.java b/tests/base/src/test/java/org/keycloak/tests/suites/JDKTestSuite.java index 7bc01d89720..03481ea79bf 100644 --- a/tests/base/src/test/java/org/keycloak/tests/suites/JDKTestSuite.java +++ b/tests/base/src/test/java/org/keycloak/tests/suites/JDKTestSuite.java @@ -4,6 +4,7 @@ import org.keycloak.tests.admin.client.CredentialsTest; import org.keycloak.tests.forms.SSOTest; import org.keycloak.tests.keys.GeneratedRsaKeyProviderTest; import org.keycloak.tests.keys.JavaKeystoreKeyProviderTest; +import org.keycloak.tests.policy.PasswordPolicyTest; import org.keycloak.tests.transactions.TransactionsTest; import org.junit.platform.suite.api.SelectClasses; @@ -14,6 +15,7 @@ import org.junit.platform.suite.api.Suite; CredentialsTest.class, GeneratedRsaKeyProviderTest.class, JavaKeystoreKeyProviderTest.class, + PasswordPolicyTest.class, SSOTest.class, TransactionsTest.class }) diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/password-blacklists/test-password-blacklist.txt b/tests/base/src/test/resources/password-blacklists/test-password-blacklist.txt similarity index 100% rename from testsuite/integration-arquillian/tests/base/src/test/resources/password-blacklists/test-password-blacklist.txt rename to tests/base/src/test/resources/password-blacklists/test-password-blacklist.txt diff --git a/testsuite/integration-arquillian/tests/base/testsuites/database-suite b/testsuite/integration-arquillian/tests/base/testsuites/database-suite index 6c190cf3c75..a36cef720ce 100644 --- a/testsuite/integration-arquillian/tests/base/testsuites/database-suite +++ b/testsuite/integration-arquillian/tests/base/testsuites/database-suite @@ -6,7 +6,6 @@ ExportImportTest KcOidcBrokerTest LDAPUserLoginTest LoginTest -PasswordPolicyTest RequiredActionUpdateProfileTest SamlClientTest UserProfileTest diff --git a/testsuite/integration-arquillian/tests/base/testsuites/jdk-suite b/testsuite/integration-arquillian/tests/base/testsuites/jdk-suite index c626c771dfc..2afa04e6c2c 100644 --- a/testsuite/integration-arquillian/tests/base/testsuites/jdk-suite +++ b/testsuite/integration-arquillian/tests/base/testsuites/jdk-suite @@ -7,7 +7,6 @@ KerberosLdapTest LDAPUserLoginTest LoginTest MutualTLSClientTest -PasswordPolicyTest SamlClientTest X509BrowserLoginTest ThemeResourceProviderTest