URI grantUri = OpenIDConnectService.grantAccessTokenUrl(builder).build("test");
WebTarget grantTarget = client.target(grantUri);
{ // test checkSsl
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
realm.setSslRequired(SslRequired.ALL);
session.getTransaction().commit();
session.close();
}
Response response = executeGrantAccessTokenRequest(grantTarget);
Assert.assertEquals(403, response.getStatus());
response.close();
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
realm.setSslRequired(SslRequired.EXTERNAL);
session.getTransaction().commit();
session.close();
}
}
{ // test null username
String header = BasicAuthHelper.createHeader("test-app", "password");
Form form = new Form();
form.param("password", "password");
Response response = grantTarget.request()
.header(HttpHeaders.AUTHORIZATION, header)
.post(Entity.form(form));
Assert.assertEquals(401, response.getStatus());
response.close();
}
{ // test no password
String header = BasicAuthHelper.createHeader("test-app", "password");
Form form = new Form();
form.param("username", "test-user@localhost");
Response response = grantTarget.request()
.header(HttpHeaders.AUTHORIZATION, header)
.post(Entity.form(form));
Assert.assertEquals(400, response.getStatus());
response.close();
}
{ // test bearer-only
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
ApplicationModel clientModel = realm.getApplicationByName("test-app");
clientModel.setBearerOnly(true);
session.getTransaction().commit();
session.close();
}
Response response = executeGrantAccessTokenRequest(grantTarget);
Assert.assertEquals(400, response.getStatus());
response.close();
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
ApplicationModel clientModel = realm.getApplicationByName("test-app");
clientModel.setBearerOnly(false);
session.getTransaction().commit();
session.close();
}
}
{ // test realm disabled
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
realm.setEnabled(false);
session.getTransaction().commit();
session.close();
}
Response response = executeGrantAccessTokenRequest(grantTarget);
Assert.assertEquals(401, response.getStatus());
response.close();
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
realm.setEnabled(true);
session.getTransaction().commit();
session.close();
}
}
{ // test application disabled
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
ClientModel clientModel = realm.findClient("test-app");
clientModel.setEnabled(false);
session.getTransaction().commit();
session.close();
}
Response response = executeGrantAccessTokenRequest(grantTarget);
Assert.assertEquals(400, response.getStatus());
response.close();
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
ClientModel clientModel = realm.findClient("test-app");
clientModel.setEnabled(true);
session.getTransaction().commit();
session.close();
}
}
{ // test user action required
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
UserModel user = session.users().getUserByUsername("test-user@localhost", realm);
user.addRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
session.getTransaction().commit();
session.close();
}
Response response = executeGrantAccessTokenRequest(grantTarget);
Assert.assertEquals(400, response.getStatus());
response.close();
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
UserModel user = session.users().getUserByUsername("test-user@localhost", realm);
user.removeRequiredAction(UserModel.RequiredAction.UPDATE_PASSWORD);
session.getTransaction().commit();
session.close();
}
}
{ // test user disabled
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
UserModel user = session.users().getUserByUsername("test-user@localhost", realm);
user.setEnabled(false);
session.getTransaction().commit();
session.close();
}
Response response = executeGrantAccessTokenRequest(grantTarget);
Assert.assertEquals(400, response.getStatus());
response.close();
{
KeycloakSession session = keycloakRule.startSession();
RealmModel realm = session.realms().getRealmByName("test");
UserModel user = session.users().getUserByUsername("test-user@localhost", realm);
user.setEnabled(true);
session.getTransaction().commit();
session.close();
}
}