Keycloak
663 строки · 18.8 Кб
1// tslint:disable:no-unused-expression
2import * as chai from "chai";
3import { KeycloakAdminClient } from "../src/client.js";
4import type ClientRepresentation from "../src/defs/clientRepresentation.js";
5import type ClientScopeRepresentation from "../src/defs/clientScopeRepresentation.js";
6import type ProtocolMapperRepresentation from "../src/defs/protocolMapperRepresentation.js";
7import { credentials } from "./constants.js";
8
9const expect = chai.expect;
10
11describe("Client Scopes", () => {
12let kcAdminClient: KeycloakAdminClient;
13let currentClientScope: ClientScopeRepresentation;
14let currentClientScopeName: string;
15let currentClient: ClientRepresentation;
16
17before(async () => {
18kcAdminClient = new KeycloakAdminClient();
19await kcAdminClient.auth(credentials);
20});
21
22beforeEach(async () => {
23currentClientScopeName = "best-of-the-bests-scope";
24await kcAdminClient.clientScopes.create({
25name: currentClientScopeName,
26});
27currentClientScope = (await kcAdminClient.clientScopes.findOneByName({
28name: currentClientScopeName,
29}))!;
30});
31
32afterEach(async () => {
33// cleanup default client scopes
34try {
35await kcAdminClient.clientScopes.delDefaultClientScope({
36id: currentClientScope.id!,
37});
38} catch (e) {
39// ignore
40}
41
42// cleanup optional client scopes
43try {
44await kcAdminClient.clientScopes.delDefaultOptionalClientScope({
45id: currentClientScope.id!,
46});
47} catch (e) {
48// ignore
49}
50
51// cleanup client scopes
52try {
53await kcAdminClient.clientScopes.delByName({
54name: currentClientScopeName,
55});
56} catch (e) {
57// ignore
58}
59});
60
61it("list client scopes", async () => {
62const scopes = await kcAdminClient.clientScopes.find();
63expect(scopes).to.be.ok;
64});
65
66it("create client scope and get by name", async () => {
67// ensure that the scope does not exist
68try {
69await kcAdminClient.clientScopes.delByName({
70name: currentClientScopeName,
71});
72} catch (e) {
73// ignore
74}
75
76await kcAdminClient.clientScopes.create({
77name: currentClientScopeName,
78});
79
80const scope = (await kcAdminClient.clientScopes.findOneByName({
81name: currentClientScopeName,
82}))!;
83expect(scope).to.be.ok;
84expect(scope.name).to.equal(currentClientScopeName);
85});
86
87it("create client scope and return id", async () => {
88// ensure that the scope does not exist
89try {
90await kcAdminClient.clientScopes.delByName({
91name: currentClientScopeName,
92});
93} catch (e) {
94// ignore
95}
96
97const { id } = await kcAdminClient.clientScopes.create({
98name: currentClientScopeName,
99});
100
101const scope = (await kcAdminClient.clientScopes.findOne({
102id,
103}))!;
104expect(scope).to.be.ok;
105expect(scope.name).to.equal(currentClientScopeName);
106});
107
108it("find scope by id", async () => {
109const scope = await kcAdminClient.clientScopes.findOne({
110id: currentClientScope.id!,
111});
112expect(scope).to.be.ok;
113expect(scope).to.eql(currentClientScope);
114});
115
116it("find scope by name", async () => {
117const scope = (await kcAdminClient.clientScopes.findOneByName({
118name: currentClientScopeName,
119}))!;
120expect(scope).to.be.ok;
121expect(scope.name).to.eql(currentClientScopeName);
122});
123
124it("return null if scope not found by id", async () => {
125const scope = await kcAdminClient.clientScopes.findOne({
126id: "I do not exist",
127});
128expect(scope).to.be.null;
129});
130
131it("return null if scope not found by name", async () => {
132const scope = await kcAdminClient.clientScopes.findOneByName({
133name: "I do not exist",
134});
135expect(scope).to.be.undefined;
136});
137
138it.skip("update client scope", async () => {
139const { id, description: oldDescription } = currentClientScope;
140const description = "This scope is totally awesome.";
141
142await kcAdminClient.clientScopes.update({ id: id! }, { description });
143const updatedScope = (await kcAdminClient.clientScopes.findOne({
144id: id!,
145}))!;
146expect(updatedScope).to.be.ok;
147expect(updatedScope).not.to.eql(currentClientScope);
148expect(updatedScope.description).to.eq(description);
149expect(updatedScope.description).not.to.eq(oldDescription);
150});
151
152it("delete single client scope by id", async () => {
153await kcAdminClient.clientScopes.del({
154id: currentClientScope.id!,
155});
156const scope = await kcAdminClient.clientScopes.findOne({
157id: currentClientScope.id!,
158});
159expect(scope).not.to.be.ok;
160});
161
162it("delete single client scope by name", async () => {
163await kcAdminClient.clientScopes.delByName({
164name: currentClientScopeName,
165});
166const scope = await kcAdminClient.clientScopes.findOneByName({
167name: currentClientScopeName,
168});
169expect(scope).not.to.be.ok;
170});
171
172describe("default client scope", () => {
173it("list default client scopes", async () => {
174const defaultClientScopes =
175await kcAdminClient.clientScopes.listDefaultClientScopes();
176expect(defaultClientScopes).to.be.ok;
177});
178
179it("add default client scope", async () => {
180const { id } = currentClientScope;
181await kcAdminClient.clientScopes.addDefaultClientScope({ id: id! });
182
183const defaultClientScopeList =
184await kcAdminClient.clientScopes.listDefaultClientScopes();
185const defaultClientScope = defaultClientScopeList.find(
186(scope) => scope.id === id,
187)!;
188
189expect(defaultClientScope).to.be.ok;
190expect(defaultClientScope.id).to.equal(currentClientScope.id);
191expect(defaultClientScope.name).to.equal(currentClientScope.name);
192});
193
194it("delete default client scope", async () => {
195const { id } = currentClientScope;
196await kcAdminClient.clientScopes.addDefaultClientScope({ id: id! });
197
198await kcAdminClient.clientScopes.delDefaultClientScope({ id: id! });
199
200const defaultClientScopeList =
201await kcAdminClient.clientScopes.listDefaultClientScopes();
202const defaultClientScope = defaultClientScopeList.find(
203(scope) => scope.id === id,
204);
205
206expect(defaultClientScope).not.to.be.ok;
207});
208});
209
210describe("default optional client scopes", () => {
211it("list default optional client scopes", async () => {
212const defaultOptionalClientScopes =
213await kcAdminClient.clientScopes.listDefaultOptionalClientScopes();
214expect(defaultOptionalClientScopes).to.be.ok;
215});
216
217it("add default optional client scope", async () => {
218const { id } = currentClientScope;
219await kcAdminClient.clientScopes.addDefaultOptionalClientScope({
220id: id!,
221});
222
223const defaultOptionalClientScopeList =
224await kcAdminClient.clientScopes.listDefaultOptionalClientScopes();
225const defaultOptionalClientScope = defaultOptionalClientScopeList.find(
226(scope) => scope.id === id,
227)!;
228
229expect(defaultOptionalClientScope).to.be.ok;
230expect(defaultOptionalClientScope.id).to.eq(currentClientScope.id);
231expect(defaultOptionalClientScope.name).to.eq(currentClientScope.name);
232});
233
234it("delete default optional client scope", async () => {
235const { id } = currentClientScope;
236await kcAdminClient.clientScopes.addDefaultOptionalClientScope({
237id: id!,
238});
239await kcAdminClient.clientScopes.delDefaultOptionalClientScope({
240id: id!,
241});
242
243const defaultOptionalClientScopeList =
244await kcAdminClient.clientScopes.listDefaultOptionalClientScopes();
245const defaultOptionalClientScope = defaultOptionalClientScopeList.find(
246(scope) => scope.id === id,
247);
248
249expect(defaultOptionalClientScope).not.to.be.ok;
250});
251});
252
253describe("protocol mappers", () => {
254let dummyMapper: ProtocolMapperRepresentation;
255
256beforeEach(() => {
257dummyMapper = {
258name: "mapping-maps-mapper",
259protocol: "openid-connect",
260protocolMapper: "oidc-audience-mapper",
261};
262});
263
264afterEach(async () => {
265try {
266const { id } = currentClientScope;
267const { id: mapperId } =
268(await kcAdminClient.clientScopes.findProtocolMapperByName({
269id: id!,
270name: dummyMapper.name!,
271}))!;
272await kcAdminClient.clientScopes.delProtocolMapper({
273id: id!,
274mapperId: mapperId!,
275});
276} catch (e) {
277// ignore
278}
279});
280
281it("list protocol mappers", async () => {
282const { id } = currentClientScope;
283const mapperList = await kcAdminClient.clientScopes.listProtocolMappers({
284id: id!,
285});
286expect(mapperList).to.be.ok;
287});
288
289it("add multiple protocol mappers", async () => {
290const { id } = currentClientScope;
291await kcAdminClient.clientScopes.addMultipleProtocolMappers({ id: id! }, [
292dummyMapper,
293]);
294
295const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
296{
297id: id!,
298name: dummyMapper.name!,
299},
300))!;
301expect(mapper).to.be.ok;
302expect(mapper.protocol).to.eq(dummyMapper.protocol);
303expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
304});
305
306it("add single protocol mapper", async () => {
307const { id } = currentClientScope;
308await kcAdminClient.clientScopes.addProtocolMapper(
309{ id: id! },
310dummyMapper,
311);
312
313const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
314{
315id: id!,
316name: dummyMapper.name!,
317},
318))!;
319expect(mapper).to.be.ok;
320expect(mapper.protocol).to.eq(dummyMapper.protocol);
321expect(mapper.protocolMapper).to.eq(dummyMapper.protocolMapper);
322});
323
324it("find protocol mapper by id", async () => {
325const { id } = currentClientScope;
326await kcAdminClient.clientScopes.addProtocolMapper(
327{ id: id! },
328dummyMapper,
329);
330
331const { id: mapperId } =
332(await kcAdminClient.clientScopes.findProtocolMapperByName({
333id: id!,
334name: dummyMapper.name!,
335}))!;
336
337const mapper = await kcAdminClient.clientScopes.findProtocolMapper({
338id: id!,
339mapperId: mapperId!,
340});
341
342expect(mapper).to.be.ok;
343expect(mapper?.id).to.eql(mapperId);
344});
345
346it("find protocol mapper by name", async () => {
347const { id } = currentClientScope;
348await kcAdminClient.clientScopes.addProtocolMapper(
349{ id: id! },
350dummyMapper,
351);
352
353const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
354{
355id: id!,
356name: dummyMapper.name!,
357},
358))!;
359
360expect(mapper).to.be.ok;
361expect(mapper.name).to.eql(dummyMapper.name);
362});
363
364it("find protocol mappers by protocol", async () => {
365const { id } = currentClientScope;
366await kcAdminClient.clientScopes.addProtocolMapper(
367{ id: id! },
368dummyMapper,
369);
370
371const mapperList =
372await kcAdminClient.clientScopes.findProtocolMappersByProtocol({
373id: id!,
374protocol: dummyMapper.protocol!,
375});
376
377expect(mapperList).to.be.ok;
378expect(mapperList.length).to.be.gte(1);
379
380const mapper = mapperList.find((item) => item.name === dummyMapper.name);
381expect(mapper).to.be.ok;
382});
383
384it("update protocol mapper", async () => {
385const { id } = currentClientScope;
386
387dummyMapper.config = { "access.token.claim": "true" };
388await kcAdminClient.clientScopes.addProtocolMapper(
389{ id: id! },
390dummyMapper,
391);
392const mapper = (await kcAdminClient.clientScopes.findProtocolMapperByName(
393{
394id: id!,
395name: dummyMapper.name!,
396},
397))!;
398
399expect(mapper.config!["access.token.claim"]).to.eq("true");
400
401mapper.config = { "access.token.claim": "false" };
402
403await kcAdminClient.clientScopes.updateProtocolMapper(
404{ id: id!, mapperId: mapper.id! },
405mapper,
406);
407
408const updatedMapper =
409(await kcAdminClient.clientScopes.findProtocolMapperByName({
410id: id!,
411name: dummyMapper.name!,
412}))!;
413
414expect(updatedMapper.config!["access.token.claim"]).to.eq("false");
415});
416
417it("delete protocol mapper", async () => {
418const { id } = currentClientScope;
419await kcAdminClient.clientScopes.addProtocolMapper(
420{ id: id! },
421dummyMapper,
422);
423
424const { id: mapperId } =
425(await kcAdminClient.clientScopes.findProtocolMapperByName({
426id: id!,
427name: dummyMapper.name!,
428}))!;
429
430await kcAdminClient.clientScopes.delProtocolMapper({
431id: id!,
432mapperId: mapperId!,
433});
434
435const mapper = await kcAdminClient.clientScopes.findProtocolMapperByName({
436id: id!,
437name: dummyMapper.name!,
438});
439
440expect(mapper).not.to.be.ok;
441});
442});
443
444describe("scope mappings", () => {
445it("list client and realm scope mappings", async () => {
446const { id } = currentClientScope;
447const scopes = await kcAdminClient.clientScopes.listScopeMappings({
448id: id!,
449});
450expect(scopes).to.be.ok;
451});
452
453describe("client", () => {
454const dummyClientId = "scopeMappings-dummy";
455const dummyRoleName = "scopeMappingsRole-dummy";
456
457beforeEach(async () => {
458const { id } = await kcAdminClient.clients.create({
459clientId: dummyClientId,
460});
461currentClient = (await kcAdminClient.clients.findOne({
462id,
463}))!;
464
465await kcAdminClient.clients.createRole({
466id,
467name: dummyRoleName,
468});
469});
470
471afterEach(async () => {
472const { id } = currentClient;
473await kcAdminClient.clients.delRole({
474id: id!,
475roleName: dummyRoleName,
476});
477await kcAdminClient.clients.del({ id: id! });
478});
479
480it("add scope mappings", async () => {
481const { id } = currentClientScope;
482const { id: clientUniqueId } = currentClient;
483
484const availableRoles =
485await kcAdminClient.clientScopes.listAvailableClientScopeMappings({
486id: id!,
487client: clientUniqueId!,
488});
489
490const filteredRoles = availableRoles.filter((role) => !role.composite);
491
492await kcAdminClient.clientScopes.addClientScopeMappings(
493{
494id: id!,
495client: clientUniqueId!,
496},
497filteredRoles,
498);
499
500const roles = await kcAdminClient.clientScopes.listClientScopeMappings({
501id: id!,
502client: clientUniqueId!,
503});
504
505expect(roles).to.be.ok;
506expect(roles).to.be.eql(filteredRoles);
507});
508
509it("list scope mappings", async () => {
510const { id } = currentClientScope;
511const { id: clientUniqueId } = currentClient;
512const roles = await kcAdminClient.clientScopes.listClientScopeMappings({
513id: id!,
514client: clientUniqueId!,
515});
516expect(roles).to.be.ok;
517});
518
519it("list available scope mappings", async () => {
520const { id } = currentClientScope;
521const { id: clientUniqueId } = currentClient;
522const roles =
523await kcAdminClient.clientScopes.listAvailableClientScopeMappings({
524id: id!,
525client: clientUniqueId!,
526});
527expect(roles).to.be.ok;
528});
529
530it("list composite scope mappings", async () => {
531const { id } = currentClientScope;
532const { id: clientUniqueId } = currentClient;
533const roles =
534await kcAdminClient.clientScopes.listCompositeClientScopeMappings({
535id: id!,
536client: clientUniqueId!,
537});
538expect(roles).to.be.ok;
539});
540
541it("delete scope mappings", async () => {
542const { id } = currentClientScope;
543const { id: clientUniqueId } = currentClient;
544
545const rolesBefore =
546await kcAdminClient.clientScopes.listClientScopeMappings({
547id: id!,
548client: clientUniqueId!,
549});
550
551await kcAdminClient.clientScopes.delClientScopeMappings(
552{
553id: id!,
554client: clientUniqueId!,
555},
556rolesBefore,
557);
558
559const rolesAfter =
560await kcAdminClient.clientScopes.listClientScopeMappings({
561id: id!,
562client: clientUniqueId!,
563});
564
565expect(rolesAfter).to.be.ok;
566expect(rolesAfter).to.eql([]);
567});
568});
569
570describe("realm", () => {
571const dummyRoleName = "realmScopeMappingsRole-dummy";
572
573beforeEach(async () => {
574await kcAdminClient.roles.create({
575name: dummyRoleName,
576});
577});
578
579afterEach(async () => {
580try {
581await kcAdminClient.roles.delByName({
582name: dummyRoleName,
583});
584} catch (e) {
585// ignore
586}
587});
588
589it("add scope mappings", async () => {
590const { id } = currentClientScope;
591
592const availableRoles =
593await kcAdminClient.clientScopes.listAvailableRealmScopeMappings({
594id: id!,
595});
596
597const filteredRoles = availableRoles.filter((role) => !role.composite);
598
599await kcAdminClient.clientScopes.addRealmScopeMappings(
600{ id: id! },
601filteredRoles,
602);
603
604const roles = await kcAdminClient.clientScopes.listRealmScopeMappings({
605id: id!,
606});
607
608expect(roles).to.be.ok;
609expect(roles).to.include.deep.members(filteredRoles);
610});
611
612it("list scope mappings", async () => {
613const { id } = currentClientScope;
614const roles = await kcAdminClient.clientScopes.listRealmScopeMappings({
615id: id!,
616});
617expect(roles).to.be.ok;
618});
619
620it("list available scope mappings", async () => {
621const { id } = currentClientScope;
622const roles =
623await kcAdminClient.clientScopes.listAvailableRealmScopeMappings({
624id: id!,
625});
626expect(roles).to.be.ok;
627});
628
629it("list composite scope mappings", async () => {
630const { id } = currentClientScope;
631const roles =
632await kcAdminClient.clientScopes.listCompositeRealmScopeMappings({
633id: id!,
634});
635expect(roles).to.be.ok;
636});
637
638it("delete scope mappings", async () => {
639const { id } = currentClientScope;
640
641const rolesBefore =
642await kcAdminClient.clientScopes.listRealmScopeMappings({
643id: id!,
644});
645
646await kcAdminClient.clientScopes.delRealmScopeMappings(
647{
648id: id!,
649},
650rolesBefore,
651);
652
653const rolesAfter =
654await kcAdminClient.clientScopes.listRealmScopeMappings({
655id: id!,
656});
657
658expect(rolesAfter).to.be.ok;
659expect(rolesAfter).to.eql([]);
660});
661});
662});
663});
664