Skip to content

Commit

Permalink
Authenticator Flows now get an appropriate priority and secrets insid…
Browse files Browse the repository at this point in the history 
…e identity providers are replaced by stars

Signed-off-by: Jonas Voelcker <barmer@jonas-voelcker.de>
  • Loading branch information
@jonasvoelcker
jonasvoelcker committed Jun 17, 2024
1 parent 07b22bb commit e3a7d68
Show file tree
Hide file tree
Showing 2 changed files with 57 additions and 10 deletions.
17 changes: 14 additions & 3 deletions src/test/java/de/adorsys/keycloak/config/service/ImportAuthenticationFlowsIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
import de.adorsys.keycloak.config.exception.ImportProcessingException;
import de.adorsys.keycloak.config.exception.InvalidImportException;
import de.adorsys.keycloak.config.model.RealmImport;
import de.adorsys.keycloak.config.util.VersionUtil;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.condition.DisabledIfSystemProperty;
Expand All @@ -32,12 +33,12 @@
import java.io.IOException;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;

import static de.adorsys.keycloak.config.test.util.KeycloakRepository.getAuthenticatorConfig;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.*;
import static org.hamcrest.core.Is.is;
import static org.hamcrest.core.IsNull.nullValue;
import static org.junit.jupiter.api.Assertions.assertThrows;

@SuppressWarnings({"java:S5961", "java:S5976", "deprecation"})
Expand Down Expand Up @@ -451,9 +452,14 @@ void shouldChangeBrowserFlow() throws IOException {
AuthenticationExecutionExportRepresentation myForms2 = getExecutionFlowFromFlow(flow, "my forms 2");
assertThat(myForms2, notNullValue());
assertThat(myForms2.getRequirement(), is("ALTERNATIVE"));
assertThat(myForms2.getPriority(), is(4));
assertThat(myForms2.isUserSetupAllowed(), is(false));
assertThat(myForms2.isAutheticatorFlow(), is(true));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(myForms2.getPriority(), is(27));
} else {
assertThat(myForms2.getPriority(), is(4));
}
}

AuthenticationFlowRepresentation assertThatBrowserFlowIsUpdated(int expectedNumberOfExecutionsInFlow) {
Expand All @@ -472,10 +478,15 @@ AuthenticationFlowRepresentation assertThatBrowserFlowIsUpdated(int expectedNumb
AuthenticationExecutionExportRepresentation myForms = getExecutionFlowFromFlow(flow, "my forms");
assertThat(myForms, notNullValue());
assertThat(myForms.getRequirement(), is("ALTERNATIVE"));
assertThat(myForms.getPriority(), is(3));
assertThat(myForms.isUserSetupAllowed(), is(false));
assertThat(myForms.isAutheticatorFlow(), is(true));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(myForms.getPriority(), is(26));
} else {
assertThat(myForms.getPriority(), is(3));
}

return flow;
}

Expand Down
50 changes: 43 additions & 7 deletions src/test/java/de/adorsys/keycloak/config/service/ImportIdentityProvidersIT.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
package de.adorsys.keycloak.config.service;

import de.adorsys.keycloak.config.AbstractImportIT;
import de.adorsys.keycloak.config.util.VersionUtil;
import org.junit.jupiter.api.Order;
import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.*;
Expand Down Expand Up @@ -249,11 +250,16 @@ void shouldCreateOidcIdentityProvider() throws IOException {
assertThat(updatedIdentityProviderConfig.get("logoutUrl"), is("https://example.com/protocol/openid-connect/logout"));
assertThat(updatedIdentityProviderConfig.get("syncMode"), is("FORCE"));
assertThat(updatedIdentityProviderConfig.get("clientId"), is("example-client-id"));
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
assertThat(updatedIdentityProviderConfig.get("backchannelSupported"), is("true"));
assertThat(updatedIdentityProviderConfig.get("defaultScope"), nullValue());
assertThat(updatedIdentityProviderConfig.get("guiOrder"), is("0"));
assertThat(updatedIdentityProviderConfig.get("useJwksUrl"), is("true"));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("**********"));
} else {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
}
}

@Test
Expand Down Expand Up @@ -293,11 +299,16 @@ void shouldUpdateOidcIdentityProvider() throws IOException {
assertThat(updatedIdentityProviderConfig.get("logoutUrl"), is("https://example.com/protocol/openid-connect/logout"));
assertThat(updatedIdentityProviderConfig.get("syncMode"), is("FORCE"));
assertThat(updatedIdentityProviderConfig.get("clientId"), is("changed-example-client-id"));
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
assertThat(updatedIdentityProviderConfig.get("backchannelSupported"), is("true"));
assertThat(updatedIdentityProviderConfig.get("defaultScope"), nullValue());
assertThat(updatedIdentityProviderConfig.get("guiOrder"), is("0"));
assertThat(updatedIdentityProviderConfig.get("useJwksUrl"), is("true"));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("**********"));
} else {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
}
}

@Test
Expand Down Expand Up @@ -337,12 +348,17 @@ void shouldUpdateOidcIdentityProviderWithMapper() throws IOException {
assertThat(updatedIdentityProviderConfig.get("logoutUrl"), is("https://example.com/protocol/openid-connect/logout"));
assertThat(updatedIdentityProviderConfig.get("syncMode"), is("FORCE"));
assertThat(updatedIdentityProviderConfig.get("clientId"), is("example-client-id"));
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
assertThat(updatedIdentityProviderConfig.get("backchannelSupported"), is("true"));
assertThat(updatedIdentityProviderConfig.get("defaultScope"), nullValue());
assertThat(updatedIdentityProviderConfig.get("guiOrder"), is("0"));
assertThat(updatedIdentityProviderConfig.get("useJwksUrl"), is("true"));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("**********"));
} else {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
}

List<IdentityProviderMapperRepresentation> identityProviderMappers = createdRealm.getIdentityProviderMappers();
assertThat(identityProviderMappers.size(), is(1));

Expand Down Expand Up @@ -396,12 +412,17 @@ void shouldUpdateOidcIdentityProviderWithUpdatedMapper() throws IOException {
assertThat(updatedIdentityProviderConfig.get("logoutUrl"), is("https://example.com/protocol/openid-connect/logout"));
assertThat(updatedIdentityProviderConfig.get("syncMode"), is("FORCE"));
assertThat(updatedIdentityProviderConfig.get("clientId"), is("example-client-id"));
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
assertThat(updatedIdentityProviderConfig.get("backchannelSupported"), is("true"));
assertThat(updatedIdentityProviderConfig.get("defaultScope"), nullValue());
assertThat(updatedIdentityProviderConfig.get("guiOrder"), is("0"));
assertThat(updatedIdentityProviderConfig.get("useJwksUrl"), is("true"));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("**********"));
} else {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
}

List<IdentityProviderMapperRepresentation> identityProviderMappers = createdRealm.getIdentityProviderMappers();
assertThat(identityProviderMappers.size(), is(1));

Expand Down Expand Up @@ -455,12 +476,17 @@ void shouldUpdateOidcIdentityProviderWithUpdatedMapperWithPseudoId() throws IOEx
assertThat(updatedIdentityProviderConfig.get("logoutUrl"), is("https://example.com/protocol/openid-connect/logout"));
assertThat(updatedIdentityProviderConfig.get("syncMode"), is("FORCE"));
assertThat(updatedIdentityProviderConfig.get("clientId"), is("example-client-id"));
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
assertThat(updatedIdentityProviderConfig.get("backchannelSupported"), is("true"));
assertThat(updatedIdentityProviderConfig.get("defaultScope"), nullValue());
assertThat(updatedIdentityProviderConfig.get("guiOrder"), is("0"));
assertThat(updatedIdentityProviderConfig.get("useJwksUrl"), is("true"));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("**********"));
} else {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
}

List<IdentityProviderMapperRepresentation> identityProviderMappers = createdRealm.getIdentityProviderMappers();
assertThat(identityProviderMappers.size(), is(1));

Expand Down Expand Up @@ -514,12 +540,17 @@ void shouldUpdateOidcIdentityProviderWithReplacedMapper() throws IOException {
assertThat(updatedIdentityProviderConfig.get("logoutUrl"), is("https://example.com/protocol/openid-connect/logout"));
assertThat(updatedIdentityProviderConfig.get("syncMode"), is("FORCE"));
assertThat(updatedIdentityProviderConfig.get("clientId"), is("example-client-id"));
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
assertThat(updatedIdentityProviderConfig.get("backchannelSupported"), is("true"));
assertThat(updatedIdentityProviderConfig.get("defaultScope"), nullValue());
assertThat(updatedIdentityProviderConfig.get("guiOrder"), is("0"));
assertThat(updatedIdentityProviderConfig.get("useJwksUrl"), is("true"));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("**********"));
} else {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
}

List<IdentityProviderMapperRepresentation> identityProviderMappers = createdRealm.getIdentityProviderMappers();
assertThat(identityProviderMappers.size(), is(1));

Expand Down Expand Up @@ -573,12 +604,17 @@ void shouldUpdateOidcIdentityProviderWithDeleteAllMappers() throws IOException {
assertThat(updatedIdentityProviderConfig.get("logoutUrl"), is("https://example.com/protocol/openid-connect/logout"));
assertThat(updatedIdentityProviderConfig.get("syncMode"), is("FORCE"));
assertThat(updatedIdentityProviderConfig.get("clientId"), is("example-client-id"));
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
assertThat(updatedIdentityProviderConfig.get("backchannelSupported"), is("true"));
assertThat(updatedIdentityProviderConfig.get("defaultScope"), nullValue());
assertThat(updatedIdentityProviderConfig.get("guiOrder"), is("0"));
assertThat(updatedIdentityProviderConfig.get("useJwksUrl"), is("true"));

if (VersionUtil.ge(KEYCLOAK_VERSION, "25")) {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("**********"));
} else {
assertThat(updatedIdentityProviderConfig.get("clientSecret"), is("example-client-secret"));
}

List<IdentityProviderMapperRepresentation> identityProviderMappers = createdRealm.getIdentityProviderMappers();
assertThat(identityProviderMappers, empty());
}
Expand Down

0 comments on commit e3a7d68

Please sign in to comment.