Keycloak

Форк
0
/
user_fed_ldap_test.spec.ts 
572 строки · 19.2 Кб
1
import LoginPage from "../support/pages/LoginPage";
2
import SidebarPage from "../support/pages/admin-ui/SidebarPage";
3
import ProviderPage from "../support/pages/admin-ui/manage/providers/ProviderPage";
4
import Masthead from "../support/pages/admin-ui/Masthead";
5
import ModalUtils from "../support/util/ModalUtils";
6
import { keycloakBefore } from "../support/util/keycloak_hooks";
7

8
const loginPage = new LoginPage();
9
const masthead = new Masthead();
10
const sidebarPage = new SidebarPage();
11
const providersPage = new ProviderPage();
12
const modalUtils = new ModalUtils();
13

14
const provider = "ldap";
15
const allCapProvider = provider.toUpperCase();
16

17
const firstLdapName = "my-ldap";
18
const firstLdapVendor = "Active Directory";
19
const secondLdapName = `${firstLdapName}-2`;
20
const secondLdapVendor = "Other";
21
const updatedLdapName = `${firstLdapName}-updated`;
22

23
// connection and authentication settings
24
const connectionUrlValid = "ldap://localhost:3004";
25
const bindTypeSimple = "simple";
26
const truststoreSpiAlways = "Always";
27
const connectionTimeoutTwoSecs = "2000";
28
const bindDnCnDc = "cn=user,dc=test";
29
const bindCredsValid = "user";
30

31
const connectionUrlInvalid = "ldap://nowhere.com";
32
const bindTypeNone = "none";
33
const truststoreSpiNever = "Never";
34
const bindDnCnOnly = "cn=read-only-admin";
35
const bindCredsInvalid = "not-my-password";
36

37
// kerberos integration settings
38
const kerberosRealm = "FOO.ORG";
39
const serverPrincipal = "HTTP/host.foo.org@FOO.ORG";
40
const keyTab = "/etc/krb5.keytab";
41

42
// ldap synchronization settings
43
const batchSize = "100";
44
const fullSyncPeriod = "604800";
45
const userSyncPeriod = "86400";
46

47
// ldap searching and updating
48
const editModeReadOnly = "READ_ONLY";
49
const editModeWritable = "WRITABLE";
50
const editModeUnsynced = "UNSYNCED";
51

52
const firstUsersDn = "user-dn-1";
53
const firstUserLdapAtt = "uid";
54
const firstRdnLdapAtt = "uid";
55
const firstUuidLdapAtt = "entryUUID";
56
const firstUserObjClasses = "inetOrgPerson, organizationalPerson";
57
const firstUserLdapFilter = "(first-filter)";
58
const firstReadTimeout = "5000";
59

60
const searchScopeOneLevel = "One Level";
61
const searchScopeSubtree = "Subtree";
62

63
const secondUsersDn = "user-dn-2";
64
const secondUserLdapAtt = "cn";
65
const secondRdnLdapAtt = "cn";
66
const secondUuidLdapAtt = "objectGUID";
67
const secondUserObjClasses = "person, organizationalPerson, user";
68
const secondUserLdapFilter = "(second-filter)";
69
const secondReadTimeout = "5000";
70

71
const defaultPolicy = "DEFAULT";
72
const weeklyPolicy = "EVICT_WEEKLY";
73
const dailyPolicy = "EVICT_DAILY";
74
const lifespanPolicy = "MAX_LIFESPAN";
75
const noCachePolicy = "NO_CACHE";
76
const defaultLdapDay = "Sunday";
77
const defaultLdapHour = "00";
78
const defaultLdapMinute = "00";
79
const newLdapDay = "Wednesday";
80
const newLdapHour = "15";
81
const newLdapMinute = "55";
82
const maxLifespan = 5;
83

84
const addProviderMenu = "Add new provider";
85
const createdSuccessMessage = "User federation provider successfully created";
86
const savedSuccessMessage = "User federation provider successfully saved";
87
const deletedSuccessMessage = "The user federation provider has been deleted.";
88
const deleteModalTitle = "Delete user federation provider?";
89
const disableModalTitle = "Disable user federation provider?";
90
const validatePasswordPolicyFailMessage =
91
  "User federation provider could not be saved: Validate Password Policy is applicable only with WRITABLE edit mode";
92
const userImportingDisabledFailMessage =
93
  "User federation provider could not be saved: Can not disable Importing users when LDAP provider mode is UNSYNCED";
94

95
const ldapTestSuccessMsg = "Successfully connected to LDAP";
96
const ldapTestFailMsg =
97
  "Error when trying to connect to LDAP: 'CommunicationError'";
98

99
describe("User Federation LDAP tests", () => {
100
  beforeEach(() => {
101
    loginPage.logIn();
102
    keycloakBefore();
103
    sidebarPage.goToUserFederation();
104
    cy.intercept("GET", "/admin/realms/master").as("getProvider");
105
  });
106

107
  it("Should create LDAP provider from empty state", () => {
108
    // if tests don't start at empty state, e.g. user has providers configured locally,
109
    // create a new card from the card view instead
110
    cy.get("body").then(($body) => {
111
      if ($body.find(`[data-testid=ldap-card]`).length > 0) {
112
        providersPage.clickNewCard(provider);
113
      } else {
114
        providersPage.clickMenuCommand(addProviderMenu, allCapProvider);
115
      }
116
    });
117
    providersPage.fillLdapGeneralData(firstLdapName, firstLdapVendor);
118
    providersPage.fillLdapConnectionData(
119
      connectionUrlInvalid,
120
      bindTypeSimple,
121
      truststoreSpiNever,
122
      connectionTimeoutTwoSecs,
123
      bindDnCnOnly,
124
      bindCredsInvalid,
125
    );
126
    providersPage.fillLdapSearchingData(
127
      editModeReadOnly,
128
      firstUsersDn,
129
      firstUserLdapAtt,
130
      firstRdnLdapAtt,
131
      firstUuidLdapAtt,
132
      firstUserObjClasses,
133
      firstUserLdapFilter,
134
      searchScopeOneLevel,
135
      firstReadTimeout,
136
    );
137
    providersPage.save(provider);
138
    masthead.checkNotificationMessage(createdSuccessMessage);
139
    sidebarPage.goToUserFederation();
140
  });
141

142
  it("Should fail updating advanced settings", () => {
143
    providersPage.clickExistingCard(firstLdapName);
144
    providersPage.toggleSwitch(providersPage.ldapv3PwSwitch);
145
    providersPage.toggleSwitch(providersPage.validatePwPolicySwitch);
146
    providersPage.toggleSwitch(providersPage.trustEmailSwitch);
147
    providersPage.save(provider);
148
    masthead.checkNotificationMessage(validatePasswordPolicyFailMessage);
149
    sidebarPage.goToUserFederation();
150
  });
151

152
  it("Should update advanced settings", () => {
153
    providersPage.clickExistingCard(firstLdapName);
154
    providersPage.toggleSwitch(providersPage.ldapv3PwSwitch);
155
    providersPage.toggleSwitch(providersPage.validatePwPolicySwitch);
156
    providersPage.toggleSwitch(providersPage.trustEmailSwitch);
157
    providersPage.fillLdapSearchingData(
158
      editModeWritable,
159
      secondUsersDn,
160
      secondUserLdapAtt,
161
      secondRdnLdapAtt,
162
      secondUuidLdapAtt,
163
      secondUserObjClasses,
164
    );
165
    providersPage.save(provider);
166
    masthead.checkNotificationMessage(savedSuccessMessage);
167
    sidebarPage.goToUserFederation();
168
    providersPage.clickExistingCard(firstLdapName);
169
    providersPage.verifyToggle(providersPage.ldapv3PwSwitch, "on");
170
    providersPage.verifyToggle(providersPage.validatePwPolicySwitch, "on");
171
    providersPage.verifyToggle(providersPage.trustEmailSwitch, "on");
172
  });
173

174
  it("Should set cache policy to evict_daily", () => {
175
    providersPage.clickExistingCard(firstLdapName);
176
    providersPage.selectCacheType(dailyPolicy);
177
    providersPage.changeCacheTime("hour", newLdapHour);
178
    providersPage.changeCacheTime("minute", newLdapMinute);
179
    providersPage.save(provider);
180

181
    masthead.checkNotificationMessage(savedSuccessMessage);
182
    sidebarPage.goToUserFederation();
183
    providersPage.clickExistingCard(firstLdapName);
184

185
    expect(cy.contains(dailyPolicy).should("exist"));
186
    expect(cy.contains(defaultPolicy).should("not.exist"));
187
  });
188

189
  it("Should set cache policy to default", () => {
190
    providersPage.clickExistingCard(firstLdapName);
191
    providersPage.selectCacheType(defaultPolicy);
192
    providersPage.save(provider);
193

194
    masthead.checkNotificationMessage(savedSuccessMessage);
195
    sidebarPage.goToUserFederation();
196
    providersPage.clickExistingCard(firstLdapName);
197

198
    expect(cy.contains(defaultPolicy).should("exist"));
199
    expect(cy.contains(dailyPolicy).should("not.exist"));
200
  });
201

202
  it("Should set cache policy to evict_weekly", () => {
203
    providersPage.clickExistingCard(firstLdapName);
204
    providersPage.selectCacheType(weeklyPolicy);
205
    providersPage.changeCacheTime("day", newLdapDay);
206
    providersPage.changeCacheTime("hour", newLdapHour);
207
    providersPage.changeCacheTime("minute", newLdapMinute);
208
    providersPage.save(provider);
209

210
    masthead.checkNotificationMessage(savedSuccessMessage);
211
    sidebarPage.goToUserFederation();
212
    providersPage.clickExistingCard(firstLdapName);
213

214
    expect(cy.contains(weeklyPolicy).should("exist"));
215
    expect(cy.contains(defaultPolicy).should("not.exist"));
216
  });
217

218
  it("Update connection and authentication settings and save", () => {
219
    providersPage.clickExistingCard(firstLdapName);
220

221
    providersPage.fillLdapConnectionData(
222
      connectionUrlInvalid,
223
      bindTypeNone,
224
      truststoreSpiNever,
225
      connectionTimeoutTwoSecs,
226
    );
227
    providersPage.toggleSwitch(providersPage.enableStartTls);
228
    providersPage.toggleSwitch(providersPage.connectionPooling);
229

230
    providersPage.save(provider);
231
    masthead.checkNotificationMessage(savedSuccessMessage);
232

233
    // now verify
234
    sidebarPage.goToUserFederation();
235
    providersPage.clickExistingCard(firstLdapName);
236
    providersPage.verifyTextField(
237
      providersPage.connectionUrlInput,
238
      connectionUrlInvalid,
239
    );
240
    providersPage.verifyTextField(
241
      providersPage.connectionTimeoutInput,
242
      connectionTimeoutTwoSecs,
243
    );
244
    providersPage.verifySelect(
245
      providersPage.truststoreSpiInput,
246
      truststoreSpiNever,
247
    );
248
    providersPage.verifySelect(providersPage.bindTypeInput, bindTypeNone);
249
    providersPage.verifyToggle(providersPage.enableStartTls, "on");
250
    providersPage.verifyToggle(providersPage.connectionPooling, "on");
251
    sidebarPage.goToUserFederation();
252
  });
253

254
  it("Should fail connection and authentication tests", () => {
255
    providersPage.clickExistingCard(firstLdapName);
256

257
    providersPage.testConnection();
258
    masthead.checkNotificationMessage(ldapTestFailMsg);
259

260
    providersPage.testAuthorization();
261
    masthead.checkNotificationMessage(ldapTestFailMsg);
262

263
    sidebarPage.goToUserFederation();
264
  });
265

266
  it("Should make changes and pass connection and authentication tests", () => {
267
    providersPage.clickExistingCard(firstLdapName);
268

269
    providersPage.fillLdapConnectionData(
270
      connectionUrlValid,
271
      bindTypeSimple,
272
      truststoreSpiAlways,
273
      connectionTimeoutTwoSecs,
274
      bindDnCnDc,
275
      bindCredsValid,
276
    );
277
    providersPage.toggleSwitch(providersPage.enableStartTls);
278
    providersPage.toggleSwitch(providersPage.connectionPooling);
279

280
    providersPage.save(provider);
281

282
    providersPage.testConnection();
283
    masthead.checkNotificationMessage(ldapTestSuccessMsg);
284

285
    providersPage.testAuthorization();
286
    masthead.checkNotificationMessage(ldapTestSuccessMsg);
287

288
    sidebarPage.goToUserFederation();
289
  });
290

291
  it("Should update Kerberos integration settings and save", () => {
292
    providersPage.clickExistingCard(firstLdapName);
293

294
    providersPage.toggleSwitch(providersPage.allowKerberosAuth);
295
    providersPage.toggleSwitch(providersPage.debug);
296
    providersPage.toggleSwitch(providersPage.useKerberosForPwAuth);
297

298
    providersPage.fillTextField(
299
      providersPage.ldapKerberosRealmInput,
300
      kerberosRealm,
301
    );
302
    providersPage.fillTextField(
303
      providersPage.ldapServerPrincipalInput,
304
      serverPrincipal,
305
    );
306
    providersPage.fillTextField(providersPage.ldapKeyTabInput, keyTab);
307

308
    providersPage.save(provider);
309
    masthead.checkNotificationMessage(savedSuccessMessage);
310

311
    // now verify
312
    sidebarPage.goToUserFederation();
313
    providersPage.clickExistingCard(firstLdapName);
314
    providersPage.verifyTextField(
315
      providersPage.ldapKerberosRealmInput,
316
      kerberosRealm,
317
    );
318
    providersPage.verifyTextField(
319
      providersPage.ldapServerPrincipalInput,
320
      serverPrincipal,
321
    );
322
    providersPage.verifyTextField(providersPage.ldapKeyTabInput, keyTab);
323
    providersPage.verifyToggle(providersPage.allowKerberosAuth, "on");
324
    providersPage.verifyToggle(providersPage.debug, "on");
325
    providersPage.verifyToggle(providersPage.useKerberosForPwAuth, "on");
326

327
    sidebarPage.goToUserFederation();
328
  });
329

330
  it("Should update Synchronization settings and save", () => {
331
    providersPage.clickExistingCard(firstLdapName);
332

333
    providersPage.toggleSwitch(providersPage.importUsers);
334
    providersPage.toggleSwitch(providersPage.periodicFullSync);
335
    providersPage.toggleSwitch(providersPage.periodicUsersSync);
336

337
    providersPage.fillTextField(providersPage.ldapBatchSizeInput, batchSize);
338
    providersPage.fillTextField(
339
      providersPage.ldapFullSyncPeriodInput,
340
      fullSyncPeriod,
341
    );
342
    providersPage.fillTextField(
343
      providersPage.ldapUsersSyncPeriodInput,
344
      userSyncPeriod,
345
    );
346

347
    providersPage.save(provider);
348
    masthead.checkNotificationMessage(savedSuccessMessage);
349

350
    // now verify
351
    sidebarPage.goToUserFederation();
352
    providersPage.clickExistingCard(firstLdapName);
353
    providersPage.verifyTextField(providersPage.ldapBatchSizeInput, batchSize);
354
    providersPage.verifyTextField(
355
      providersPage.ldapFullSyncPeriodInput,
356
      fullSyncPeriod,
357
    );
358
    providersPage.verifyTextField(
359
      providersPage.ldapUsersSyncPeriodInput,
360
      userSyncPeriod,
361
    );
362
    providersPage.verifyToggle(providersPage.periodicFullSync, "on");
363
    providersPage.verifyToggle(providersPage.periodicUsersSync, "on");
364
    providersPage.verifyToggle(providersPage.importUsers, "on");
365
    sidebarPage.goToUserFederation();
366
  });
367

368
  it("Should update LDAP searching and updating settings and save", () => {
369
    providersPage.clickExistingCard(firstLdapName);
370

371
    providersPage.fillLdapSearchingData(
372
      editModeWritable,
373
      secondUsersDn,
374
      secondUserLdapAtt,
375
      secondRdnLdapAtt,
376
      secondUuidLdapAtt,
377
      secondUserObjClasses,
378
      secondUserLdapFilter,
379
      searchScopeSubtree,
380
      secondReadTimeout,
381
    );
382
    providersPage.toggleSwitch(providersPage.ldapPagination);
383

384
    providersPage.save(provider);
385
    masthead.checkNotificationMessage(savedSuccessMessage);
386

387
    // now verify
388
    sidebarPage.goToUserFederation();
389
    providersPage.clickExistingCard(firstLdapName);
390

391
    providersPage.verifySelect(
392
      providersPage.ldapEditModeInput,
393
      editModeWritable,
394
    );
395
    providersPage.verifyTextField(
396
      providersPage.ldapUsersDnInput,
397
      secondUsersDn,
398
    );
399
    providersPage.verifyTextField(
400
      providersPage.ldapUserLdapAttInput,
401
      secondUserLdapAtt,
402
    );
403
    providersPage.verifyTextField(
404
      providersPage.ldapRdnLdapAttInput,
405
      secondRdnLdapAtt,
406
    );
407
    providersPage.verifyTextField(
408
      providersPage.ldapUuidLdapAttInput,
409
      secondUuidLdapAtt,
410
    );
411
    providersPage.verifyTextField(
412
      providersPage.ldapUserObjClassesInput,
413
      secondUserObjClasses,
414
    );
415
    providersPage.verifyTextField(
416
      providersPage.ldapUserLdapFilter,
417
      secondUserLdapFilter,
418
    );
419
    providersPage.verifySelect(
420
      providersPage.ldapSearchScopeInput,
421
      searchScopeSubtree,
422
    );
423
    providersPage.verifyTextField(
424
      providersPage.ldapReadTimeout,
425
      secondReadTimeout,
426
    );
427
    providersPage.verifyToggle(providersPage.ldapPagination, "on");
428

429
    sidebarPage.goToUserFederation();
430
    providersPage.clickExistingCard(firstLdapName);
431

432
    providersPage.fillSelect(providersPage.ldapEditModeInput, editModeUnsynced);
433

434
    providersPage.toggleSwitch(providersPage.importUsers);
435

436
    providersPage.save(provider);
437
    masthead.checkNotificationMessage(validatePasswordPolicyFailMessage);
438

439
    providersPage.toggleSwitch(providersPage.importUsers);
440
    providersPage.toggleSwitch(providersPage.validatePwPolicySwitch);
441
    providersPage.save(provider);
442

443
    masthead.checkNotificationMessage(userImportingDisabledFailMessage);
444

445
    providersPage.toggleSwitch(providersPage.importUsers);
446

447
    providersPage.save(provider);
448
    masthead.checkNotificationMessage(savedSuccessMessage);
449

450
    // now verify
451
    sidebarPage.goToUserFederation();
452
    providersPage.clickExistingCard(firstLdapName);
453

454
    providersPage.verifySelect(
455
      providersPage.ldapEditModeInput,
456
      editModeUnsynced,
457
    );
458
  });
459

460
  it("Should update display name", () => {
461
    providersPage.clickExistingCard(firstLdapName);
462
    providersPage.fillLdapGeneralData(updatedLdapName);
463

464
    providersPage.save(provider);
465
    masthead.checkNotificationMessage(savedSuccessMessage);
466

467
    sidebarPage.goToUserFederation();
468
    providersPage.clickExistingCard(updatedLdapName);
469

470
    sidebarPage.goToUserFederation();
471
  });
472

473
  it("Should update existing LDAP provider and cancel", () => {
474
    providersPage.clickExistingCard(firstLdapName);
475
    providersPage.selectCacheType(weeklyPolicy);
476

477
    providersPage.changeCacheTime("day", defaultLdapDay);
478
    providersPage.changeCacheTime("hour", defaultLdapHour);
479
    providersPage.changeCacheTime("minute", defaultLdapMinute);
480

481
    providersPage.cancel(provider);
482

483
    providersPage.clickExistingCard(updatedLdapName);
484
    providersPage.selectCacheType(weeklyPolicy);
485

486
    providersPage.verifyChangedHourInput(newLdapHour, defaultLdapHour);
487

488
    sidebarPage.goToUserFederation();
489
  });
490

491
  it("Should set cache policy to max_lifespan", () => {
492
    providersPage.clickExistingCard(firstLdapName);
493
    providersPage.selectCacheType(lifespanPolicy);
494
    providersPage.fillMaxLifespanData(maxLifespan);
495
    providersPage.save(provider);
496

497
    masthead.checkNotificationMessage(savedSuccessMessage);
498
    sidebarPage.goToUserFederation();
499
    providersPage.clickExistingCard(firstLdapName);
500

501
    expect(cy.contains(lifespanPolicy).should("exist"));
502
    expect(cy.contains(weeklyPolicy).should("not.exist"));
503
  });
504

505
  it("Should set cache policy to no_cache", () => {
506
    providersPage.clickExistingCard(firstLdapName);
507
    providersPage.selectCacheType(noCachePolicy);
508
    providersPage.save(provider);
509

510
    masthead.checkNotificationMessage(savedSuccessMessage);
511
    sidebarPage.goToUserFederation();
512
    providersPage.clickExistingCard(firstLdapName);
513

514
    expect(cy.contains(noCachePolicy).should("exist"));
515
    expect(cy.contains(lifespanPolicy).should("not.exist"));
516
  });
517

518
  it("Should disable an existing LDAP provider", () => {
519
    providersPage.clickExistingCard(firstLdapName);
520
    cy.wait("@getProvider");
521
    providersPage.disableEnabledSwitch(allCapProvider);
522
    modalUtils.checkModalTitle(disableModalTitle).confirmModal();
523
    masthead.checkNotificationMessage(savedSuccessMessage);
524
    sidebarPage.goToUserFederation();
525
    expect(cy.contains("Disabled").should("exist"));
526
  });
527

528
  it("Should enable a previously-disabled LDAP provider", () => {
529
    providersPage.clickExistingCard(firstLdapName);
530
    cy.wait("@getProvider");
531
    providersPage.enableEnabledSwitch(allCapProvider);
532
    masthead.checkNotificationMessage(savedSuccessMessage);
533
    sidebarPage.goToUserFederation();
534
    expect(cy.contains("Enabled").should("exist"));
535
  });
536

537
  it("Should create new LDAP provider using New Provider dropdown", () => {
538
    providersPage.clickMenuCommand(addProviderMenu, allCapProvider);
539
    providersPage.fillLdapGeneralData(secondLdapName, secondLdapVendor);
540
    providersPage.fillLdapConnectionData(
541
      connectionUrlValid,
542
      bindTypeSimple,
543
      truststoreSpiNever,
544
      connectionTimeoutTwoSecs,
545
      bindDnCnOnly,
546
      bindCredsInvalid,
547
    );
548
    providersPage.fillLdapSearchingData(
549
      editModeWritable,
550
      secondUsersDn,
551
      secondUserLdapAtt,
552
      secondRdnLdapAtt,
553
      secondUuidLdapAtt,
554
      secondUserObjClasses,
555
    );
556
    providersPage.save(provider);
557
    masthead.checkNotificationMessage(createdSuccessMessage);
558
    sidebarPage.goToUserFederation();
559
  });
560

561
  it("Should delete LDAP provider from card view using card menu", () => {
562
    providersPage.deleteCardFromCard(secondLdapName);
563
    modalUtils.checkModalTitle(deleteModalTitle).confirmModal();
564
    masthead.checkNotificationMessage(deletedSuccessMessage);
565
  });
566

567
  it("Should delete LDAP provider using Settings view Action menu", () => {
568
    providersPage.deleteCardFromMenu(firstLdapName);
569
    modalUtils.checkModalTitle(deleteModalTitle).confirmModal();
570
    masthead.checkNotificationMessage(deletedSuccessMessage);
571
  });
572
});
573

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.