mirror of
https://github.com/netzbegruenung/keycloak-2fa-sms-authenticator.git
synced 2024-04-27 16:44:53 +02:00
Add challenge API tests
This commit is contained in:
parent
3b25600e6a
commit
46b6303279
|
@ -8,3 +8,9 @@ indent_size = 4
|
|||
end_of_line = lf
|
||||
insert_final_newline = true
|
||||
trim_trailing_whitespace = true
|
||||
|
||||
[*.yml]
|
||||
indent_size = 2
|
||||
|
||||
[*.yaml]
|
||||
indent_size = 2
|
||||
|
|
|
@ -61,7 +61,7 @@
|
|||
|
||||
<dependency>
|
||||
<groupId>org.springframework.boot</groupId>
|
||||
<artifactId>spring-boot-starter-web</artifactId>
|
||||
<artifactId>spring-boot-starter-webflux</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
|
@ -77,6 +77,13 @@
|
|||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>netzbegruenung</groupId>
|
||||
<artifactId>dev</artifactId>
|
||||
<version>${revision}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
@ -93,4 +100,4 @@
|
|||
</plugins>
|
||||
</build>
|
||||
|
||||
</project>
|
||||
</project>
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package netzbegruenung.keycloak.app;
|
||||
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.junit.jupiter.api.extension.ExtendWith;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
@ -9,15 +8,13 @@ import org.springframework.boot.test.context.SpringBootTest;
|
|||
import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
|
||||
import org.springframework.boot.test.web.server.LocalServerPort;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.junit.jupiter.SpringExtension;
|
||||
|
||||
import netzbegruenung.keycloak.dev.AuthorizationServerApp;
|
||||
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
|
||||
@ExtendWith(SpringExtension.class)
|
||||
@SpringBootTest(classes = { AuthorizationServerApp.class }, webEnvironment = WebEnvironment.DEFINED_PORT)
|
||||
@ActiveProfiles("test")
|
||||
@ActiveProfiles("livetest")
|
||||
public class AppAuthenticatorLiveTest {
|
||||
|
||||
private static final Logger log = LoggerFactory.getLogger(AppAuthenticatorLiveTest.class);
|
||||
|
|
|
@ -0,0 +1,102 @@
|
|||
package netzbegruenung.keycloak.app.rest;
|
||||
|
||||
import netzbegruenung.keycloak.dev.AuthorizationServerApp;
|
||||
import org.junit.jupiter.api.BeforeAll;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.keycloak.common.Profile;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.test.autoconfigure.orm.jpa.AutoConfigureTestEntityManager;
|
||||
import org.springframework.boot.test.context.SpringBootTest;
|
||||
import org.springframework.test.context.ActiveProfiles;
|
||||
import org.springframework.test.context.jdbc.Sql;
|
||||
import org.springframework.test.context.jdbc.SqlConfig;
|
||||
import org.springframework.test.web.reactive.server.WebTestClient;
|
||||
|
||||
import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.AFTER_TEST_METHOD;
|
||||
import static org.springframework.test.context.jdbc.SqlConfig.TransactionMode.ISOLATED;
|
||||
|
||||
@SpringBootTest(classes = {AuthorizationServerApp.class}, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
|
||||
@AutoConfigureTestEntityManager
|
||||
@ActiveProfiles("test")
|
||||
@Sql(scripts = {"/import-challenges.sql"},
|
||||
config = @SqlConfig(transactionMode = ISOLATED))
|
||||
@Sql(
|
||||
scripts = "/delete-challenges.sql",
|
||||
config = @SqlConfig(transactionMode = ISOLATED),
|
||||
executionPhase = AFTER_TEST_METHOD
|
||||
)
|
||||
public class ChallengeResourceTest {
|
||||
|
||||
private final static String CHALLENGE_URI = "/realms/baeldung/challenges";
|
||||
|
||||
private final static String SIGNATURE_HEADER_NAME = "Signature";
|
||||
|
||||
private final static String SIGNATURE_HEADER_VALUE = "keyId:deviceId,created:%d,signature:base64encodedSignature";
|
||||
|
||||
private final static Long HALF_HOUR_MILLIS = 1800000L;
|
||||
|
||||
@Autowired
|
||||
private WebTestClient webClient;
|
||||
|
||||
@BeforeAll
|
||||
public static void initProfile() throws Exception {
|
||||
Profile profile = Profile.configure();
|
||||
Profile.init(profile.getName(), profile.getFeatures());
|
||||
}
|
||||
|
||||
@Test
|
||||
void testSignatureHeaderRejected() {
|
||||
webClient
|
||||
.get().uri(CHALLENGE_URI)
|
||||
.exchange()
|
||||
.expectStatus().isBadRequest()
|
||||
.expectBody()
|
||||
.jsonPath("$['error']").isEqualTo(ChallengeResource.CHALLENGE_REJECTED)
|
||||
.jsonPath("$['message']").hasJsonPath();
|
||||
}
|
||||
|
||||
@Test
|
||||
void testEmptyChallenges() {
|
||||
webClient
|
||||
.get().uri(CHALLENGE_URI)
|
||||
.header(SIGNATURE_HEADER_NAME, String.format(SIGNATURE_HEADER_VALUE, System.currentTimeMillis()))
|
||||
.exchange()
|
||||
.expectStatus().isOk()
|
||||
.expectBody()
|
||||
.json("[]");
|
||||
}
|
||||
|
||||
@Test
|
||||
void testChallengeExpired() {
|
||||
Long expiredTimestamp = System.currentTimeMillis() - HALF_HOUR_MILLIS;
|
||||
webClient
|
||||
.get().uri(uriBuilder -> uriBuilder
|
||||
.path(CHALLENGE_URI)
|
||||
.queryParam("device_id", "test_device_id")
|
||||
.build()
|
||||
)
|
||||
.header(SIGNATURE_HEADER_NAME, String.format(SIGNATURE_HEADER_VALUE, expiredTimestamp))
|
||||
.exchange()
|
||||
.expectStatus().isForbidden()
|
||||
.expectBody()
|
||||
.jsonPath("$['error']").isEqualTo(ChallengeResource.CHALLENGE_REJECTED)
|
||||
.jsonPath("$['message']").hasJsonPath();
|
||||
}
|
||||
|
||||
@Test
|
||||
void testNoCredentialsFound() {
|
||||
webClient
|
||||
.get().uri(uriBuilder -> uriBuilder
|
||||
.path(CHALLENGE_URI)
|
||||
.queryParam("device_id", "test_device_id")
|
||||
.build()
|
||||
)
|
||||
.header(SIGNATURE_HEADER_NAME, String.format(SIGNATURE_HEADER_VALUE, System.currentTimeMillis()))
|
||||
.exchange()
|
||||
.expectStatus().is5xxServerError()
|
||||
.expectBody()
|
||||
.jsonPath("$['error']").isEqualTo(ChallengeResource.INTERNAL_ERROR)
|
||||
.jsonPath("$['message']").hasJsonPath();
|
||||
}
|
||||
|
||||
}
|
|
@ -0,0 +1,8 @@
|
|||
server:
|
||||
port: 8083
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
username: sa
|
||||
password: sa
|
||||
url: jdbc:h2:file:~/dev/h2db/appauthdb;AUTO_SERVER=TRUE
|
|
@ -1,8 +1,5 @@
|
|||
server:
|
||||
port: 8083
|
||||
|
||||
spring:
|
||||
datasource:
|
||||
username: sa
|
||||
password: sa
|
||||
url: jdbc:h2:file:~/dev/h2db/appauthdb;AUTO_SERVER=TRUE
|
||||
url: jdbc:h2:mem:test
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
delete from APP_AUTH_CHALLENGE;
|
|
@ -0,0 +1,2 @@
|
|||
INSERT INTO APP_AUTH_CHALLENGE (id, realm_id, user_id, target_url, device_id, secret, updated_timestamp, ip_address, device, browser, os, os_version)
|
||||
VALUES (random_uuid(), 'baeldung', 'a5461470-33eb-4b2d-82d4-b0484e96ad7f', 'target_url', 'test_device_id', 'secret', DATEDIFF('SECOND', DATE '1970-01-01', CURRENT_TIMESTAMP()) * 1000, 'ip_address', 'device', 'browser', 'os', 'os_version');
|
|
@ -1656,4 +1656,4 @@
|
|||
},
|
||||
"keycloakVersion" : "8.0.0",
|
||||
"userManagedAccessAllowed" : false
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue