def test_create_session_offline_token(keycloak_server, admin_username, admin_password): direct_access_token_response = auth.direct_access_grant_token( admin_username, admin_password, include_offline=True) session = auth.AuthSession( offline_token=direct_access_token_response['refresh_token']) assert session.get_access_token() is not None
def test_merge_client_preferred(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) created_client = kc_admin.realm('master').create_client('test-merge-prefer-client', "openid-connect") merging_client = client.Client(session, dict_rep={'clientId': 'test-merge-prefer-client', 'enabled': True, 'protocol': 'openid-connect', 'directAccessGrantsEnabled': False }) merged_client = created_client.merge(merging_client, prefer_self=True) assert merged_client.json['directAccessGrantsEnabled'] == True
def test_delete_realm(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) new_realm = kc_admin.add_realm('delete-realm-test') assert new_realm.id == 'delete-realm-test', 'could not successfully add new realm for delete test' kc_admin.delete_realm('delete-realm-test') assert kc_admin.realm('delete_realm_test') is None
def test_update_client(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) created_client = kc_admin.realm('master').create_client('test-update-client', "openid-connect") created_client.json['name'] = 'Test Update Client' updated_client = kc_admin.realm('master').update_client(created_client.json) assert updated_client.json['name'] == 'Test Update Client', 'Failed to properly update client'
def test_get_none_auth_flow_by_id(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') auth_flow = master_realm.auth_flow( id='cdf3b8b6-5cdc-439d-b54a-5d375788af85') assert auth_flow is None
def test_get_execution(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') executions = master_realm.auth_flow(alias='browser').executions() execution = master_realm.auth_flow(alias='browser').execution( id=executions[0]['id']) assert execution is not None
def test_get_filtered_executions(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') executions = master_realm.auth_flow(alias='browser').executions( provider='auth-cookie') assert len(executions) == 1 assert executions[0]['displayName'] == 'Cookie'
def test_merge_realm_preferring_self(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) new_realm = kc_admin.add_realm('merge-realm-test2') assert new_realm.id == 'merge-realm-test2', 'could not successfully add new realm for update test' merge_realm = realm.Realm(session, dict_rep={'id': 'merge-realm-test2', 'accessCodeLifespan': 33}) merge_result = new_realm.merge(merge_realm, prefer_self=True) assert merge_result.json['accessCodeLifespan'] != 33
def test_create_execution(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') form_execution = json.loads( json.dumps({'provider': 'auth-username-password-form'})) created_execution = master_realm.auth_flow( alias='test flow').create_execution(form_execution) assert created_execution is not None
def test_update_realm(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) new_realm = kc_admin.add_realm('update-realm-test') assert new_realm.id == 'update-realm-test', 'could not successfully add new realm for update test' assert new_realm.json['sslRequired'] != 'none', 'sslRequired flag already set to "none", cannot perform update test' new_realm.json['sslRequired'] = 'none' updated_realm = kc_admin.update_realm(new_realm) assert updated_realm.json['sslRequired'] == 'none'
def test_update_fed_provider(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kerb_provider = admin.Admin(session).realm('master').federation_provider( name='Test Kerb Provider') kerb_provider['config']['debug'] = ['true'] updated_kerb_provider = admin.Admin(session).realm( 'master').update_federation_provider(kerb_provider) assert updated_kerb_provider['config']['debug'] == ['true']
def test_delete_execution(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') executions = master_realm.auth_flow(alias='test flow').executions() executions_before_delete = len(executions) response = master_realm.auth_flow(alias='test flow').delete_execution( executions[0]['id']) assert response.status_code == 204 assert len(master_realm.auth_flow( alias='test flow').executions()) < executions_before_delete
def test_update_execution(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') form_execution = json.loads( json.dumps({'provider': 'auth-username-password-form'})) created_execution = master_realm.auth_flow( alias='test flow').create_execution(form_execution) assert created_execution.json[ 'requirement'] != 'REQUIRED', "test is brittle, assumes pre-conditions, and fails" created_execution.json['requirement'] = 'REQUIRED' assert master_realm.auth_flow(alias='test flow').update_execution( created_execution.json).json['requirement'] == 'REQUIRED'
def test_create_auth_flow(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) auth_flow = { 'alias': 'test flow', 'providerId': 'basic-flow', 'description': 'This flow is used for test purposes', 'topLevel': 'true', 'builtIn': 'false' } created_auth_flow = admin.Admin(session).realm('master').create_auth_flow( json.loads(json.dumps(auth_flow))) assert created_auth_flow is not None
def test_get_offline_token(keycloak_server, admin_username, admin_password): # First, have to make sure that admin-cli has access to all roles, otherwise offline_token requests will fail session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) admin_cli = kc_admin.realm('master').client_id('admin-cli') admin_cli.json['fullScopeAllowed'] = 'true' kc_admin.realm('master').update_client(admin_cli.json) token_response = auth.direct_access_grant_token(admin_username, admin_password, include_offline=True) assert token_response.get('refresh_token') != None
def test_get_fed_provider_by_id(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) fed_providers = admin.Admin(session).realm('master').federation_providers() assert len( fed_providers ) == 1, "Unanticipated number of federation providers. Brittle test is unusable." fed_provider_by_id = admin.Admin(session).realm( 'master').federation_provider(id=fed_providers[0]['id']) assert fed_provider_by_id is not None
def test_get_valid_config(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') executions = master_realm.auth_flow( alias='first broker login').executions() auth_config = next( filter( lambda execution: execution.get('authenticationConfig') is not None, executions), None) assert auth_config is not None, "couldn't find a configurable execution" print(auth_config['authenticationConfig']) assert master_realm.auth_config( auth_config['authenticationConfig']) is not None
def test_delete_all_executions(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') auth_flow = { 'alias': 'test flow2', 'providerId': 'basic-flow', 'description': 'This flow is used for test purposes', 'topLevel': 'true', 'builtIn': 'false' } test_flow2 = admin.Admin(session).realm('master').create_auth_flow( json.loads(json.dumps(auth_flow))) test_flow2.create_execution({'provider': 'auth-username-password-form'}) test_flow2.create_execution({'provider': 'identity-provider-redirector'}) test_flow2.create_execution({'provider': 'auth-spnego'}) assert len(master_realm.auth_flow(alias='test flow2').executions()) == 3 test_flow2.delete_all_executions() assert len(master_realm.auth_flow(alias='test flow2').executions()) == 0
def test_create_config(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') auth_flow = { 'alias': 'test create config flow', 'providerId': 'basic-flow', 'description': 'This flow is used for testing config creation', 'topLevel': 'true', 'builtIn': 'false' } created_auth_flow = master_realm.create_auth_flow(auth_flow) idp_redirector = {'provider': 'identity-provider-redirector'} created_execution = created_auth_flow.create_execution(idp_redirector) new_config = created_execution.create_config({ 'alias': 'test create config', 'config': { 'defaultProvider': 'https://www.github.com' } }) assert new_config is not None
def test_add_fed_provider(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) provider_to_add = { 'name': 'Test Kerb Provider', 'providerId': 'kerberos', 'providerType': 'org.keycloak.storage.UserStorageProvider', 'parentId': 'master' } provider_to_add['config'] = { 'priority': [0], 'kerberosRealm': ['TESTKERB.COM'], 'serverPrincipal': ['HTTP/[email protected]'], 'keytab': ['/etc/krb5.keytab'], 'debug': ['false'], 'allowPasswordAuthentication': ['false'] } provider_json = json.loads(json.dumps(provider_to_add)) new_provider = admin.Admin(session).realm( 'master').add_federation_provider(provider_json) assert new_provider is not None fed_providers = admin.Admin(session).realm('master').federation_providers() assert len(fed_providers) == 1
def test_delete_client(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) created_client = kc_admin.realm('master').create_client('test-delete-client', "openid-connect") kc_admin.realm('master').delete_client(created_client.json['id']) assert kc_admin.realm('master').client_id('test-delete-client') is None
def test_get_client_by_id(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) admin_cli = kc_admin.realm('master').client_id('admin-cli') assert admin_cli is not None, 'Could not retrieve admin-cli by clientId'
def test_get_client(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) clients = kc_admin.realm('master').clients() kc_admin.realm('master').client(clients[0]['id'])
def test_get_auth_flows(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) auth_flows = admin.Admin(session).realm('master').auth_flows() assert auth_flows is not None
def test_get_empty_executions(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') executions = master_realm.auth_flow(alias='test flow').executions() assert len(executions) == 0
def test_get_nonexistent_client_by_id(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) none_client = kc_admin.realm('master').client_id('XXXXXX') assert none_client is None, 'Returned client object for non-existent clientId'
def test_get_none_auth_flow(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') auth_flow = master_realm.auth_flow(alias='not there') assert auth_flow is None
def test_get_auth_flow_by_id(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) master_realm = admin.Admin(session).realm('master') auth_flow = master_realm.auth_flow(alias='test flow') auth_flow_by_id = master_realm.auth_flow(id=auth_flow.id) assert auth_flow_by_id is not None
def test_create_client(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) created_client = kc_admin.realm('master').create_client('test-create-client', "openid-connect") assert created_client is not None
def test_list_clients(keycloak_server, admin_username, admin_password): session = auth.AuthSession(admin_username, admin_password) kc_admin = admin.Admin(session) clients = kc_admin.realm('master').clients() assert len(clients) != 0, "No clients returned by /clients endpoint"