|
|
|
@ -1220,7 +1220,10 @@ def test_clients(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
admin.get_client_service_account_user(client_id=client_id) |
|
|
|
assert err.match(UNKOWN_ERROR_REGEX) |
|
|
|
|
|
|
|
assert ('b\'{"error":"Service account not enabled for the client' in str(err)) or err.match( |
|
|
|
UNKOWN_ERROR_REGEX |
|
|
|
) |
|
|
|
|
|
|
|
# Test delete client |
|
|
|
res = admin.delete_client(client_id=auth_client_id) |
|
|
|
@ -1665,7 +1668,7 @@ def test_client_default_client_scopes(admin: KeycloakAdmin, realm: str, client: |
|
|
|
# Test get client default scopes |
|
|
|
# keycloak default roles: web-origins, acr, profile, roles, email |
|
|
|
default_client_scopes = admin.get_client_default_client_scopes(client_id) |
|
|
|
assert len(default_client_scopes) == 5, default_client_scopes |
|
|
|
assert len(default_client_scopes) in [6, 5], default_client_scopes |
|
|
|
|
|
|
|
# Test add a client scope to client default scopes |
|
|
|
default_client_scope = "test-client-default-scope" |
|
|
|
@ -1685,12 +1688,12 @@ def test_client_default_client_scopes(admin: KeycloakAdmin, realm: str, client: |
|
|
|
client_id, new_client_scope_id, new_default_client_scope_data |
|
|
|
) |
|
|
|
default_client_scopes = admin.get_client_default_client_scopes(client_id) |
|
|
|
assert len(default_client_scopes) == 6, default_client_scopes |
|
|
|
assert len(default_client_scopes) in [6, 7], default_client_scopes |
|
|
|
|
|
|
|
# Test remove a client default scope |
|
|
|
admin.delete_client_default_client_scope(client_id, new_client_scope_id) |
|
|
|
default_client_scopes = admin.get_client_default_client_scopes(client_id) |
|
|
|
assert len(default_client_scopes) == 5, default_client_scopes |
|
|
|
assert len(default_client_scopes) in [5, 6], default_client_scopes |
|
|
|
|
|
|
|
|
|
|
|
def test_client_optional_client_scopes(admin: KeycloakAdmin, realm: str, client: str): |
|
|
|
@ -2170,7 +2173,7 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
# Test copying |
|
|
|
with pytest.raises(KeycloakPostError) as err: |
|
|
|
admin.copy_authentication_flow(payload=dict(), flow_alias="bad") |
|
|
|
assert err.match("404: b''") |
|
|
|
assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") |
|
|
|
|
|
|
|
res = admin.copy_authentication_flow(payload={"newName": "test-browser"}, flow_alias="browser") |
|
|
|
assert res == b"", res |
|
|
|
@ -2193,14 +2196,16 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
assert len(res) == 8, res |
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
admin.get_authentication_flow_executions(flow_alias="bad") |
|
|
|
assert err.match("404: b''") |
|
|
|
assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") |
|
|
|
exec_id = res[0]["id"] |
|
|
|
|
|
|
|
res = admin.get_authentication_flow_execution(execution_id=exec_id) |
|
|
|
assert set(res.keys()) == { |
|
|
|
assert set(res.keys()).issubset( |
|
|
|
{ |
|
|
|
"alternative", |
|
|
|
"authenticator", |
|
|
|
"authenticatorFlow", |
|
|
|
"autheticatorFlow", |
|
|
|
"conditional", |
|
|
|
"disabled", |
|
|
|
"enabled", |
|
|
|
@ -2209,7 +2214,8 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
"priority", |
|
|
|
"required", |
|
|
|
"requirement", |
|
|
|
}, res |
|
|
|
} |
|
|
|
), res.keys() |
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
admin.get_authentication_flow_execution(execution_id="bad") |
|
|
|
assert err.match(ILLEGAL_EXECUTION_REGEX) |
|
|
|
@ -2232,7 +2238,7 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
payload = admin.get_authentication_flow_executions(flow_alias="test-create")[0] |
|
|
|
payload["displayName"] = "test" |
|
|
|
res = admin.update_authentication_flow_executions(payload=payload, flow_alias="test-create") |
|
|
|
assert res |
|
|
|
assert res or (res == {}) |
|
|
|
|
|
|
|
exec_id = admin.get_authentication_flow_executions(flow_alias="test-create")[0]["id"] |
|
|
|
res = admin.delete_authentication_flow_execution(execution_id=exec_id) |
|
|
|
@ -2278,7 +2284,9 @@ def test_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
assert res == dict() |
|
|
|
with pytest.raises(KeycloakDeleteError) as err: |
|
|
|
admin.delete_authentication_flow(flow_id=flow_id) |
|
|
|
assert err.match('404: b\'{"error":"Could not find flow with id".*}\'') |
|
|
|
assert ('b\'{"error":"Could not find flow with id"' in str(err)) or ( |
|
|
|
'b\'{"error":"Flow not found"' in str(err) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
def test_authentication_configs(admin: KeycloakAdmin, realm: str): |
|
|
|
@ -2348,7 +2356,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
# Test get client scopes |
|
|
|
res = admin.get_client_scopes() |
|
|
|
scope_names = {x["name"] for x in res} |
|
|
|
assert len(res) == 10 |
|
|
|
assert len(res) in [10, 11] |
|
|
|
assert "email" in scope_names |
|
|
|
assert "profile" in scope_names |
|
|
|
assert "offline_access" in scope_names |
|
|
|
@ -2364,12 +2372,18 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
assert res[0] == scope |
|
|
|
|
|
|
|
# Test create client scope |
|
|
|
res = admin.create_client_scope(payload={"name": "test-scope"}, skip_exists=True) |
|
|
|
res = admin.create_client_scope( |
|
|
|
payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True |
|
|
|
) |
|
|
|
assert res |
|
|
|
res2 = admin.create_client_scope(payload={"name": "test-scope"}, skip_exists=True) |
|
|
|
res2 = admin.create_client_scope( |
|
|
|
payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True |
|
|
|
) |
|
|
|
assert res == res2 |
|
|
|
with pytest.raises(KeycloakPostError) as err: |
|
|
|
admin.create_client_scope(payload={"name": "test-scope"}, skip_exists=False) |
|
|
|
admin.create_client_scope( |
|
|
|
payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=False |
|
|
|
) |
|
|
|
assert err.match('409: b\'{"errorMessage":"Client Scope test-scope already exists"}\'') |
|
|
|
|
|
|
|
# Test update client scope |
|
|
|
@ -2433,7 +2447,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
# Test default default scopes |
|
|
|
res_defaults = admin.get_default_default_client_scopes() |
|
|
|
assert len(res_defaults) == 6 |
|
|
|
assert len(res_defaults) in [6, 7] |
|
|
|
|
|
|
|
with pytest.raises(KeycloakPutError) as err: |
|
|
|
admin.add_default_default_client_scope(scope_id="does-not-exist") |
|
|
|
@ -2441,7 +2455,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
res_add = admin.add_default_default_client_scope(scope_id=res) |
|
|
|
assert res_add == dict() |
|
|
|
assert len(admin.get_default_default_client_scopes()) == 7 |
|
|
|
assert len(admin.get_default_default_client_scopes()) in [7, 8] |
|
|
|
|
|
|
|
with pytest.raises(KeycloakDeleteError) as err: |
|
|
|
admin.delete_default_default_client_scope(scope_id="does-not-exist") |
|
|
|
@ -2449,7 +2463,7 @@ def test_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
res_del = admin.delete_default_default_client_scope(scope_id=res) |
|
|
|
assert res_del == dict() |
|
|
|
assert len(admin.get_default_default_client_scopes()) == 6 |
|
|
|
assert len(admin.get_default_default_client_scopes()) in [6, 7] |
|
|
|
|
|
|
|
# Test default optional scopes |
|
|
|
res_defaults = admin.get_default_optional_client_scopes() |
|
|
|
@ -4193,7 +4207,9 @@ async def test_a_clients(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
await admin.a_get_client_service_account_user(client_id=client_id) |
|
|
|
assert err.match(UNKOWN_ERROR_REGEX) |
|
|
|
assert ('b\'{"error":"Service account not enabled for the client' in str(err)) or err.match( |
|
|
|
UNKOWN_ERROR_REGEX |
|
|
|
) |
|
|
|
|
|
|
|
# Test delete client |
|
|
|
res = await admin.a_delete_client(client_id=auth_client_id) |
|
|
|
@ -4654,7 +4670,7 @@ async def test_a_client_default_client_scopes(admin: KeycloakAdmin, realm: str, |
|
|
|
# Test get client default scopes |
|
|
|
# keycloak default roles: web-origins, acr, profile, roles, email |
|
|
|
default_client_scopes = await admin.a_get_client_default_client_scopes(client_id) |
|
|
|
assert len(default_client_scopes) == 5, default_client_scopes |
|
|
|
assert len(default_client_scopes) in [6, 5], default_client_scopes |
|
|
|
|
|
|
|
# Test add a client scope to client default scopes |
|
|
|
default_client_scope = "test-client-default-scope" |
|
|
|
@ -4674,12 +4690,12 @@ async def test_a_client_default_client_scopes(admin: KeycloakAdmin, realm: str, |
|
|
|
client_id, new_client_scope_id, new_default_client_scope_data |
|
|
|
) |
|
|
|
default_client_scopes = await admin.a_get_client_default_client_scopes(client_id) |
|
|
|
assert len(default_client_scopes) == 6, default_client_scopes |
|
|
|
assert len(default_client_scopes) in [6, 7], default_client_scopes |
|
|
|
|
|
|
|
# Test remove a client default scope |
|
|
|
await admin.a_delete_client_default_client_scope(client_id, new_client_scope_id) |
|
|
|
default_client_scopes = await admin.a_get_client_default_client_scopes(client_id) |
|
|
|
assert len(default_client_scopes) == 5, default_client_scopes |
|
|
|
assert len(default_client_scopes) in [5, 6], default_client_scopes |
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.asyncio |
|
|
|
@ -5200,7 +5216,7 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
# Test copying |
|
|
|
with pytest.raises(KeycloakPostError) as err: |
|
|
|
await admin.a_copy_authentication_flow(payload=dict(), flow_alias="bad") |
|
|
|
assert err.match("404: b''") |
|
|
|
assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") |
|
|
|
|
|
|
|
res = await admin.a_copy_authentication_flow( |
|
|
|
payload={"newName": "test-browser"}, flow_alias="browser" |
|
|
|
@ -5227,14 +5243,16 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
assert len(res) == 8, res |
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
await admin.a_get_authentication_flow_executions(flow_alias="bad") |
|
|
|
assert err.match("404: b''") |
|
|
|
assert ('b\'{"error":"Flow not found"' in str(err)) or err.match("404: b''") |
|
|
|
exec_id = res[0]["id"] |
|
|
|
|
|
|
|
res = await admin.a_get_authentication_flow_execution(execution_id=exec_id) |
|
|
|
assert set(res.keys()) == { |
|
|
|
assert set(res.keys()).issubset( |
|
|
|
{ |
|
|
|
"alternative", |
|
|
|
"authenticator", |
|
|
|
"authenticatorFlow", |
|
|
|
"autheticatorFlow", |
|
|
|
"conditional", |
|
|
|
"disabled", |
|
|
|
"enabled", |
|
|
|
@ -5243,7 +5261,8 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
"priority", |
|
|
|
"required", |
|
|
|
"requirement", |
|
|
|
}, res |
|
|
|
} |
|
|
|
), res.keys() |
|
|
|
with pytest.raises(KeycloakGetError) as err: |
|
|
|
await admin.a_get_authentication_flow_execution(execution_id="bad") |
|
|
|
assert err.match(ILLEGAL_EXECUTION_REGEX) |
|
|
|
@ -5268,7 +5287,7 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
res = await admin.a_update_authentication_flow_executions( |
|
|
|
payload=payload, flow_alias="test-create" |
|
|
|
) |
|
|
|
assert res |
|
|
|
assert res or (res == {}) |
|
|
|
|
|
|
|
exec_id = (await admin.a_get_authentication_flow_executions(flow_alias="test-create"))[0]["id"] |
|
|
|
res = await admin.a_delete_authentication_flow_execution(execution_id=exec_id) |
|
|
|
@ -5314,7 +5333,9 @@ async def test_a_auth_flows(admin: KeycloakAdmin, realm: str): |
|
|
|
assert res == dict() |
|
|
|
with pytest.raises(KeycloakDeleteError) as err: |
|
|
|
await admin.a_delete_authentication_flow(flow_id=flow_id) |
|
|
|
assert err.match('404: b\'{"error":"Could not find flow with id".*}\'') |
|
|
|
assert ('b\'{"error":"Could not find flow with id"' in str(err)) or ( |
|
|
|
'b\'{"error":"Flow not found"' in str(err) |
|
|
|
) |
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.asyncio |
|
|
|
@ -5387,7 +5408,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
# Test get client scopes |
|
|
|
res = await admin.a_get_client_scopes() |
|
|
|
scope_names = {x["name"] for x in res} |
|
|
|
assert len(res) == 10 |
|
|
|
assert len(res) in [10, 11] |
|
|
|
assert "email" in scope_names |
|
|
|
assert "profile" in scope_names |
|
|
|
assert "offline_access" in scope_names |
|
|
|
@ -5403,12 +5424,18 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
assert res[0] == scope |
|
|
|
|
|
|
|
# Test create client scope |
|
|
|
res = await admin.a_create_client_scope(payload={"name": "test-scope"}, skip_exists=True) |
|
|
|
res = await admin.a_create_client_scope( |
|
|
|
payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True |
|
|
|
) |
|
|
|
assert res |
|
|
|
res2 = await admin.a_create_client_scope(payload={"name": "test-scope"}, skip_exists=True) |
|
|
|
res2 = await admin.a_create_client_scope( |
|
|
|
payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=True |
|
|
|
) |
|
|
|
assert res == res2 |
|
|
|
with pytest.raises(KeycloakPostError) as err: |
|
|
|
await admin.a_create_client_scope(payload={"name": "test-scope"}, skip_exists=False) |
|
|
|
await admin.a_create_client_scope( |
|
|
|
payload={"name": "test-scope", "protocol": "openid-connect"}, skip_exists=False |
|
|
|
) |
|
|
|
assert err.match('409: b\'{"errorMessage":"Client Scope test-scope already exists"}\'') |
|
|
|
|
|
|
|
# Test update client scope |
|
|
|
@ -5471,7 +5498,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
# Test default default scopes |
|
|
|
res_defaults = await admin.a_get_default_default_client_scopes() |
|
|
|
assert len(res_defaults) == 6 |
|
|
|
assert len(res_defaults) in [6, 7] |
|
|
|
|
|
|
|
with pytest.raises(KeycloakPutError) as err: |
|
|
|
await admin.a_add_default_default_client_scope(scope_id="does-not-exist") |
|
|
|
@ -5479,7 +5506,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
res_add = await admin.a_add_default_default_client_scope(scope_id=res) |
|
|
|
assert res_add == dict() |
|
|
|
assert len(await admin.a_get_default_default_client_scopes()) == 7 |
|
|
|
assert len(admin.get_default_default_client_scopes()) in [7, 8] |
|
|
|
|
|
|
|
with pytest.raises(KeycloakDeleteError) as err: |
|
|
|
await admin.a_delete_default_default_client_scope(scope_id="does-not-exist") |
|
|
|
@ -5487,7 +5514,7 @@ async def test_a_client_scopes(admin: KeycloakAdmin, realm: str): |
|
|
|
|
|
|
|
res_del = await admin.a_delete_default_default_client_scope(scope_id=res) |
|
|
|
assert res_del == dict() |
|
|
|
assert len(await admin.a_get_default_default_client_scopes()) == 6 |
|
|
|
assert len(admin.get_default_default_client_scopes()) in [6, 7] |
|
|
|
|
|
|
|
# Test default optional scopes |
|
|
|
res_defaults = await admin.a_get_default_optional_client_scopes() |
|
|
|
|
Richard Nemeth
5 months ago