Keycloak

Форк
0
/
clientScopes.spec.ts 
663 строки · 18.8 Кб
1
// tslint:disable:no-unused-expression
2
import * as chai from "chai";
3
import { KeycloakAdminClient } from "../src/client.js";
4
import type ClientRepresentation from "../src/defs/clientRepresentation.js";
5
import type ClientScopeRepresentation from "../src/defs/clientScopeRepresentation.js";
6
import type ProtocolMapperRepresentation from "../src/defs/protocolMapperRepresentation.js";
7
import { credentials } from "./constants.js";
8

9
const expect = chai.expect;
10

11
describe("Client Scopes", () => {
12
  let kcAdminClient: KeycloakAdminClient;
13
  let currentClientScope: ClientScopeRepresentation;
14
  let currentClientScopeName: string;
15
  let currentClient: ClientRepresentation;
16

17
  before(async () => {
18
    kcAdminClient = new KeycloakAdminClient();
19
    await kcAdminClient.auth(credentials);
20
  });
21

22
  beforeEach(async () => {
23
    currentClientScopeName = "best-of-the-bests-scope";
24
    await kcAdminClient.clientScopes.create({
25
      name: currentClientScopeName,
26
    });
27
    currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
28
      name: currentClientScopeName,
29
    }))!;
30
  });
31

32
  afterEach(async () => {
33
    // cleanup default client scopes
34
    try {
35
      await kcAdminClient.clientScopes.delDefaultClientScope({
36
        id: currentClientScope.id!,
37
      });
38
    } catch (e) {
39
      // ignore
40
    }
41

42
    // cleanup optional client scopes
43
    try {
44
      await kcAdminClient.clientScopes.delDefaultOptionalClientScope({
45
        id: currentClientScope.id!,
46
      });
47
    } catch (e) {
48
      // ignore
49
    }
50

51
    // cleanup client scopes
52
    try {
53
      await kcAdminClient.clientScopes.delByName({
54
        name: currentClientScopeName,
55
      });
56
    } catch (e) {
57
      // ignore
58
    }
59
  });
60

61
  it("list client scopes", async () => {
62
    const scopes = await kcAdminClient.clientScopes.find();
63
    expect(scopes).to.be.ok;
64
  });
65

66
  it("create client scope and get by name", async () => {
67
    // ensure that the scope does not exist
68
    try {
69
      await kcAdminClient.clientScopes.delByName({
70
        name: currentClientScopeName,
71
      });
72
    } catch (e) {
73
      // ignore
74
    }
75

76
    await kcAdminClient.clientScopes.create({
77
      name: currentClientScopeName,
78
    });
79

80
    const scope = (await kcAdminClient.clientScopes.findOneByName({
81
      name: currentClientScopeName,
82
    }))!;
83
    expect(scope).to.be.ok;
84
    expect(scope.name).to.equal(currentClientScopeName);
85
  });
86

87
  it("create client scope and return id", async () => {
88
    // ensure that the scope does not exist
89
    try {
90
      await kcAdminClient.clientScopes.delByName({
91
        name: currentClientScopeName,
92
      });
93
    } catch (e) {
94
      // ignore
95
    }
96

97
    const { id } = await kcAdminClient.clientScopes.create({
98
      name: currentClientScopeName,
99
    });
100

101
    const scope = (await kcAdminClient.clientScopes.findOne({
102
      id,
103
    }))!;
104
    expect(scope).to.be.ok;
105
    expect(scope.name).to.equal(currentClientScopeName);
106
  });
107

108
  it("find scope by id", async () => {
109
    const scope = await kcAdminClient.clientScopes.findOne({
110
      id: currentClientScope.id!,
111
    });
112
    expect(scope).to.be.ok;
113
    expect(scope).to.eql(currentClientScope);
114
  });
115

116
  it("find scope by name", async () => {
117
    const scope = (await kcAdminClient.clientScopes.findOneByName({
118
      name: currentClientScopeName,
119
    }))!;
120
    expect(scope).to.be.ok;
121
    expect(scope.name).to.eql(currentClientScopeName);
122
  });
123

124
  it("return null if scope not found by id", async () => {
125
    const scope = await kcAdminClient.clientScopes.findOne({
126
      id: "I do not exist",
127
    });
128
    expect(scope).to.be.null;
129
  });
130

131
  it("return null if scope not found by name", async () => {
132
    const scope = await kcAdminClient.clientScopes.findOneByName({
133
      name: "I do not exist",
134
    });
135
    expect(scope).to.be.undefined;
136
  });
137

138
  it.skip("update client scope", async () => {
139
    const { id, description: oldDescription } = currentClientScope;
140
    const description = "This scope is totally awesome.";
141

142
    await kcAdminClient.clientScopes.update({ id: id! }, { description });
143
    const updatedScope = (await kcAdminClient.clientScopes.findOne({
144
      id: id!,
145
    }))!;
146
    expect(updatedScope).to.be.ok;
147
    expect(updatedScope).not.to.eql(currentClientScope);
148
    expect(updatedScope.description).to.eq(description);
149
    expect(updatedScope.description).not.to.eq(oldDescription);
150
  });
151

152
  it("delete single client scope by id", async () => {
153
    await kcAdminClient.clientScopes.del({
154
      id: currentClientScope.id!,
155
    });
156
    const scope = await kcAdminClient.clientScopes.findOne({
157
      id: currentClientScope.id!,
158
    });
159
    expect(scope).not.to.be.ok;
160
  });
161

162
  it("delete single client scope by name", async () => {
163
    await kcAdminClient.clientScopes.delByName({
164
      name: currentClientScopeName,
165
    });
166
    const scope = await kcAdminClient.clientScopes.findOneByName({
167
      name: currentClientScopeName,
168
    });
169
    expect(scope).not.to.be.ok;
170
  });
171

172
  describe("default client scope", () => {
173
    it("list default client scopes", async () => {
174
      const defaultClientScopes =
175
        await kcAdminClient.clientScopes.listDefaultClientScopes();
176
      expect(defaultClientScopes).to.be.ok;
177
    });
178

179
    it("add default client scope", async () => {
180
      const { id } = currentClientScope;
181
      await kcAdminClient.clientScopes.addDefaultClientScope({ id: id! });
182

183
      const defaultClientScopeList =
184
        await kcAdminClient.clientScopes.listDefaultClientScopes();
185
      const defaultClientScope = defaultClientScopeList.find(
186
        (scope) => scope.id === id,
187
      )!;
188

189
      expect(defaultClientScope).to.be.ok;
190
      expect(defaultClientScope.id).to.equal(currentClientScope.id);
191
      expect(defaultClientScope.name).to.equal(currentClientScope.name);
192
    });
193

194
    it("delete default client scope", async () => {
195
      const { id } = currentClientScope;
196
      await kcAdminClient.clientScopes.addDefaultClientScope({ id: id! });
197

198
      await kcAdminClient.clientScopes.delDefaultClientScope({ id: id! });
199

200
      const defaultClientScopeList =
201
        await kcAdminClient.clientScopes.listDefaultClientScopes();
202
      const defaultClientScope = defaultClientScopeList.find(
203
        (scope) => scope.id === id,
204
      );
205

206
      expect(defaultClientScope).not.to.be.ok;
207
    });
208
  });
209

210
  describe("default optional client scopes", () => {
211
    it("list default optional client scopes", async () => {
212
      const defaultOptionalClientScopes =
213
        await kcAdminClient.clientScopes.listDefaultOptionalClientScopes();
214
      expect(defaultOptionalClientScopes).to.be.ok;
215
    });
216

217
    it("add default optional client scope", async () => {
218
      const { id } = currentClientScope;
219
      await kcAdminClient.clientScopes.addDefaultOptionalClientScope({
220
        id: id!,
221
      });
222

223
      const defaultOptionalClientScopeList =
224
        await kcAdminClient.clientScopes.listDefaultOptionalClientScopes();
225
      const defaultOptionalClientScope = defaultOptionalClientScopeList.find(
226
        (scope) => scope.id === id,
227
      )!;
228

229
      expect(defaultOptionalClientScope).to.be.ok;
230
      expect(defaultOptionalClientScope.id).to.eq(currentClientScope.id);
231
      expect(defaultOptionalClientScope.name).to.eq(currentClientScope.name);
232
    });
233

234
    it("delete default optional client scope", async () => {
235
      const { id } = currentClientScope;
236
      await kcAdminClient.clientScopes.addDefaultOptionalClientScope({
237
        id: id!,
238
      });
239
      await kcAdminClient.clientScopes.delDefaultOptionalClientScope({
240
        id: id!,
241
      });
242

243
      const defaultOptionalClientScopeList =
244
        await kcAdminClient.clientScopes.listDefaultOptionalClientScopes();
245
      const defaultOptionalClientScope = defaultOptionalClientScopeList.find(
246
        (scope) => scope.id === id,
247
      );
248

249
      expect(defaultOptionalClientScope).not.to.be.ok;
250
    });
251
  });
252

253
  describe("protocol mappers", () => {
254
    let dummyMapper: ProtocolMapperRepresentation;
255

256
    beforeEach(() => {
257
      dummyMapper = {
258
        name: "mapping-maps-mapper",
259
        protocol: "openid-connect",
260
        protocolMapper: "oidc-audience-mapper",
261
      };
262
    });
263

264
    afterEach(async () => {
265
      try {
266
        const { id } = currentClientScope;
267
        const { id: mapperId } =
268
          (await kcAdminClient.clientScopes.findProtocolMapperByName({
269
            id: id!,
270
            name: dummyMapper.name!,
271
          }))!;
272
        await kcAdminClient.clientScopes.delProtocolMapper({
273
          id: id!,
274
          mapperId: mapperId!,
275
        });
276
      } catch (e) {
277
        // ignore
278
      }
279
    });
280

281
    it("list protocol mappers", async () => {
282
      const { id } = currentClientScope;
283
      const mapperList = await kcAdminClient.clientScopes.listProtocolMappers({
284
        id: id!,
285
      });
286
      expect(mapperList).to.be.ok;
287
    });
288

289
    it("add multiple protocol mappers", async () => {
290
      const { id } = currentClientScope;
291
      await kcAdminClient.clientScopes.addMultipleProtocolMappers({ id: id! }, [
292
        dummyMapper,
293
      ]);
294

295
      const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
296
        {
297
          id: id!,
298
          name: dummyMapper.name!,
299
        },
300
      ))!;
301
      expect(mapper).to.be.ok;
302
      expect(mapper.protocol).to.eq(dummyMapper.protocol);
303
      expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
304
    });
305

306
    it("add single protocol mapper", async () => {
307
      const { id } = currentClientScope;
308
      await kcAdminClient.clientScopes.addProtocolMapper(
309
        { id: id! },
310
        dummyMapper,
311
      );
312

313
      const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
314
        {
315
          id: id!,
316
          name: dummyMapper.name!,
317
        },
318
      ))!;
319
      expect(mapper).to.be.ok;
320
      expect(mapper.protocol).to.eq(dummyMapper.protocol);
321
      expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
322
    });
323

324
    it("find protocol mapper by id", async () => {
325
      const { id } = currentClientScope;
326
      await kcAdminClient.clientScopes.addProtocolMapper(
327
        { id: id! },
328
        dummyMapper,
329
      );
330

331
      const { id: mapperId } =
332
        (await kcAdminClient.clientScopes.findProtocolMapperByName({
333
          id: id!,
334
          name: dummyMapper.name!,
335
        }))!;
336

337
      const mapper = await kcAdminClient.clientScopes.findProtocolMapper({
338
        id: id!,
339
        mapperId: mapperId!,
340
      });
341

342
      expect(mapper).to.be.ok;
343
      expect(mapper?.id).to.eql(mapperId);
344
    });
345

346
    it("find protocol mapper by name", async () => {
347
      const { id } = currentClientScope;
348
      await kcAdminClient.clientScopes.addProtocolMapper(
349
        { id: id! },
350
        dummyMapper,
351
      );
352

353
      const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
354
        {
355
          id: id!,
356
          name: dummyMapper.name!,
357
        },
358
      ))!;
359

360
      expect(mapper).to.be.ok;
361
      expect(mapper.name).to.eql(dummyMapper.name);
362
    });
363

364
    it("find protocol mappers by protocol", async () => {
365
      const { id } = currentClientScope;
366
      await kcAdminClient.clientScopes.addProtocolMapper(
367
        { id: id! },
368
        dummyMapper,
369
      );
370

371
      const mapperList =
372
        await kcAdminClient.clientScopes.findProtocolMappersByProtocol({
373
          id: id!,
374
          protocol: dummyMapper.protocol!,
375
        });
376

377
      expect(mapperList).to.be.ok;
378
      expect(mapperList.length).to.be.gte(1);
379

380
      const mapper = mapperList.find((item) => item.name === dummyMapper.name);
381
      expect(mapper).to.be.ok;
382
    });
383

384
    it("update protocol mapper", async () => {
385
      const { id } = currentClientScope;
386

387
      dummyMapper.config = { "access.token.claim": "true" };
388
      await kcAdminClient.clientScopes.addProtocolMapper(
389
        { id: id! },
390
        dummyMapper,
391
      );
392
      const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
393
        {
394
          id: id!,
395
          name: dummyMapper.name!,
396
        },
397
      ))!;
398

399
      expect(mapper.config!["access.token.claim"]).to.eq("true");
400

401
      mapper.config = { "access.token.claim": "false" };
402

403
      await kcAdminClient.clientScopes.updateProtocolMapper(
404
        { id: id!, mapperId: mapper.id! },
405
        mapper,
406
      );
407

408
      const updatedMapper =
409
        (await kcAdminClient.clientScopes.findProtocolMapperByName({
410
          id: id!,
411
          name: dummyMapper.name!,
412
        }))!;
413

414
      expect(updatedMapper.config!["access.token.claim"]).to.eq("false");
415
    });
416

417
    it("delete protocol mapper", async () => {
418
      const { id } = currentClientScope;
419
      await kcAdminClient.clientScopes.addProtocolMapper(
420
        { id: id! },
421
        dummyMapper,
422
      );
423

424
      const { id: mapperId } =
425
        (await kcAdminClient.clientScopes.findProtocolMapperByName({
426
          id: id!,
427
          name: dummyMapper.name!,
428
        }))!;
429

430
      await kcAdminClient.clientScopes.delProtocolMapper({
431
        id: id!,
432
        mapperId: mapperId!,
433
      });
434

435
      const mapper = await kcAdminClient.clientScopes.findProtocolMapperByName({
436
        id: id!,
437
        name: dummyMapper.name!,
438
      });
439

440
      expect(mapper).not.to.be.ok;
441
    });
442
  });
443

444
  describe("scope mappings", () => {
445
    it("list client and realm scope mappings", async () => {
446
      const { id } = currentClientScope;
447
      const scopes = await kcAdminClient.clientScopes.listScopeMappings({
448
        id: id!,
449
      });
450
      expect(scopes).to.be.ok;
451
    });
452

453
    describe("client", () => {
454
      const dummyClientId = "scopeMappings-dummy";
455
      const dummyRoleName = "scopeMappingsRole-dummy";
456

457
      beforeEach(async () => {
458
        const { id } = await kcAdminClient.clients.create({
459
          clientId: dummyClientId,
460
        });
461
        currentClient = (await kcAdminClient.clients.findOne({
462
          id,
463
        }))!;
464

465
        await kcAdminClient.clients.createRole({
466
          id,
467
          name: dummyRoleName,
468
        });
469
      });
470

471
      afterEach(async () => {
472
        const { id } = currentClient;
473
        await kcAdminClient.clients.delRole({
474
          id: id!,
475
          roleName: dummyRoleName,
476
        });
477
        await kcAdminClient.clients.del({ id: id! });
478
      });
479

480
      it("add scope mappings", async () => {
481
        const { id } = currentClientScope;
482
        const { id: clientUniqueId } = currentClient;
483

484
        const availableRoles =
485
          await kcAdminClient.clientScopes.listAvailableClientScopeMappings({
486
            id: id!,
487
            client: clientUniqueId!,
488
          });
489

490
        const filteredRoles = availableRoles.filter((role) => !role.composite);
491

492
        await kcAdminClient.clientScopes.addClientScopeMappings(
493
          {
494
            id: id!,
495
            client: clientUniqueId!,
496
          },
497
          filteredRoles,
498
        );
499

500
        const roles = await kcAdminClient.clientScopes.listClientScopeMappings({
501
          id: id!,
502
          client: clientUniqueId!,
503
        });
504

505
        expect(roles).to.be.ok;
506
        expect(roles).to.be.eql(filteredRoles);
507
      });
508

509
      it("list scope mappings", async () => {
510
        const { id } = currentClientScope;
511
        const { id: clientUniqueId } = currentClient;
512
        const roles = await kcAdminClient.clientScopes.listClientScopeMappings({
513
          id: id!,
514
          client: clientUniqueId!,
515
        });
516
        expect(roles).to.be.ok;
517
      });
518

519
      it("list available scope mappings", async () => {
520
        const { id } = currentClientScope;
521
        const { id: clientUniqueId } = currentClient;
522
        const roles =
523
          await kcAdminClient.clientScopes.listAvailableClientScopeMappings({
524
            id: id!,
525
            client: clientUniqueId!,
526
          });
527
        expect(roles).to.be.ok;
528
      });
529

530
      it("list composite scope mappings", async () => {
531
        const { id } = currentClientScope;
532
        const { id: clientUniqueId } = currentClient;
533
        const roles =
534
          await kcAdminClient.clientScopes.listCompositeClientScopeMappings({
535
            id: id!,
536
            client: clientUniqueId!,
537
          });
538
        expect(roles).to.be.ok;
539
      });
540

541
      it("delete scope mappings", async () => {
542
        const { id } = currentClientScope;
543
        const { id: clientUniqueId } = currentClient;
544

545
        const rolesBefore =
546
          await kcAdminClient.clientScopes.listClientScopeMappings({
547
            id: id!,
548
            client: clientUniqueId!,
549
          });
550

551
        await kcAdminClient.clientScopes.delClientScopeMappings(
552
          {
553
            id: id!,
554
            client: clientUniqueId!,
555
          },
556
          rolesBefore,
557
        );
558

559
        const rolesAfter =
560
          await kcAdminClient.clientScopes.listClientScopeMappings({
561
            id: id!,
562
            client: clientUniqueId!,
563
          });
564

565
        expect(rolesAfter).to.be.ok;
566
        expect(rolesAfter).to.eql([]);
567
      });
568
    });
569

570
    describe("realm", () => {
571
      const dummyRoleName = "realmScopeMappingsRole-dummy";
572

573
      beforeEach(async () => {
574
        await kcAdminClient.roles.create({
575
          name: dummyRoleName,
576
        });
577
      });
578

579
      afterEach(async () => {
580
        try {
581
          await kcAdminClient.roles.delByName({
582
            name: dummyRoleName,
583
          });
584
        } catch (e) {
585
          // ignore
586
        }
587
      });
588

589
      it("add scope mappings", async () => {
590
        const { id } = currentClientScope;
591

592
        const availableRoles =
593
          await kcAdminClient.clientScopes.listAvailableRealmScopeMappings({
594
            id: id!,
595
          });
596

597
        const filteredRoles = availableRoles.filter((role) => !role.composite);
598

599
        await kcAdminClient.clientScopes.addRealmScopeMappings(
600
          { id: id! },
601
          filteredRoles,
602
        );
603

604
        const roles = await kcAdminClient.clientScopes.listRealmScopeMappings({
605
          id: id!,
606
        });
607

608
        expect(roles).to.be.ok;
609
        expect(roles).to.include.deep.members(filteredRoles);
610
      });
611

612
      it("list scope mappings", async () => {
613
        const { id } = currentClientScope;
614
        const roles = await kcAdminClient.clientScopes.listRealmScopeMappings({
615
          id: id!,
616
        });
617
        expect(roles).to.be.ok;
618
      });
619

620
      it("list available scope mappings", async () => {
621
        const { id } = currentClientScope;
622
        const roles =
623
          await kcAdminClient.clientScopes.listAvailableRealmScopeMappings({
624
            id: id!,
625
          });
626
        expect(roles).to.be.ok;
627
      });
628

629
      it("list composite scope mappings", async () => {
630
        const { id } = currentClientScope;
631
        const roles =
632
          await kcAdminClient.clientScopes.listCompositeRealmScopeMappings({
633
            id: id!,
634
          });
635
        expect(roles).to.be.ok;
636
      });
637

638
      it("delete scope mappings", async () => {
639
        const { id } = currentClientScope;
640

641
        const rolesBefore =
642
          await kcAdminClient.clientScopes.listRealmScopeMappings({
643
            id: id!,
644
          });
645

646
        await kcAdminClient.clientScopes.delRealmScopeMappings(
647
          {
648
            id: id!,
649
          },
650
          rolesBefore,
651
        );
652

653
        const rolesAfter =
654
          await kcAdminClient.clientScopes.listRealmScopeMappings({
655
            id: id!,
656
          });
657

658
        expect(rolesAfter).to.be.ok;
659
        expect(rolesAfter).to.eql([]);
660
      });
661
    });
662
  });
663
});
664

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.