keycloak-api-manager 3.1.0 → 3.2.1

package/test/clients.test.js

@@ -0,0 +1,284 @@
+const { expect } = require('chai');
+const { getAdminClient } = require('./config');
+
+describe('Clients Handler', function () {
+  this.timeout(15000);
+  let client;
+  let testClientId;
+  let testRoleId;
+
+  before(async function () {
+    client = getAdminClient();
+
+    // Create a test role for client role mappings
+    const role = await client.roles.create(
+      { realm: 'test-realm' },
+      { name: 'clients-test-role' }
+    );
+    testRoleId = role.id;
+  });
+
+  // ==================== CLIENT CRUD ====================
+  describe('CRUD Operations', function () {
+    describe('create', function () {
+      it('should create a client with valid representation', async function () {
+        const clientRep = {
+          clientId: `test-client-${Date.now()}`,
+          name: 'Integration Test Client',
+          enabled: true,
+          publicClient: false,
+          standardFlowEnabled: true,
+          directAccessGrantsEnabled: true,
+        };
+
+        const result = await client.clients.create(
+          { realm: 'test-realm' },
+          clientRep
+        );
+
+        expect(result).to.have.property('id');
+        testClientId = result.id;
+      });
+
+      it('should fail creating duplicate clientId', async function () {
+        const clientId = `unique-client-${Date.now()}`;
+
+        await client.clients.create({ realm: 'test-realm' }, {
+          clientId,
+          enabled: true,
+        });
+
+        try {
+          await client.clients.create({ realm: 'test-realm' }, {
+            clientId,
+            enabled: true,
+          });
+          expect.fail('Should have thrown error for duplicate clientId');
+        } catch (err) {
+          expect(err).to.exist;
+        }
+      });
+    });
+
+    describe('find', function () {
+      it('should list all clients in realm', async function () {
+        const clients = await client.clients.find({ realm: 'test-realm' });
+
+        expect(clients).to.be.an('array');
+        expect(clients.length).to.be.greaterThan(0);
+      });
+
+      it('should search clients by clientId', async function () {
+        const foundClients = await client.clients.find({
+          realm: 'test-realm',
+          clientId: `test-client-${Date.now()}`,
+        });
+
+        expect(foundClients).to.be.an('array');
+      });
+    });
+
+    describe('findOne', function () {
+      it('should find a specific client by id', async function () {
+        const foundClient = await client.clients.findOne({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(foundClient).to.exist;
+        expect(foundClient.id).to.equal(testClientId);
+      });
+    });
+
+    describe('update', function () {
+      it('should update client attributes', async function () {
+        const updateRep = {
+          name: 'Updated Client Name',
+          description: 'Updated description',
+          publicClient: true,
+          attributes: {
+            'custom-attr': 'value',
+          },
+        };
+
+        await client.clients.update(
+          { realm: 'test-realm', id: testClientId },
+          updateRep
+        );
+
+        const updated = await client.clients.findOne({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(updated.name).to.equal('Updated Client Name');
+        expect(updated.description).to.equal('Updated description');
+      });
+    });
+  });
+
+  // ==================== CLIENT SECRETS ====================
+  describe('Secret Management', function () {
+    describe('generateNewClientSecret', function () {
+      it('should generate a new client secret', async function () {
+        const secret = await client.clients.generateNewClientSecret({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(secret).to.have.property('value');
+        expect(secret.value).to.be.a('string');
+        expect(secret.value.length).to.be.greaterThan(0);
+      });
+    });
+
+    describe('getClientSecret', function () {
+      it('should retrieve the current client secret', async function () {
+        const secret = await client.clients.getClientSecret({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(secret).to.have.property('value');
+        expect(secret.value).to.be.a('string');
+      });
+    });
+  });
+
+  // ==================== CLIENT CREDENTIALS ====================
+  describe('Credential Management', function () {
+    describe('listClientCredentials', function () {
+      it('should list all client credentials', async function () {
+        const creds = await client.clients.getCredentials({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(creds).to.be.an('array');
+      });
+    });
+  });
+
+  // ==================== CLIENT SESSIONS ====================
+  describe('Session Management', function () {
+    describe('getUserConsents', function () {
+      it('should retrieve user consents for client', async function () {
+        // This might be empty but should not error
+        try {
+          const consents = await client.clients.getUserConsents({
+            realm: 'test-realm',
+            id: testClientId,
+          });
+
+          expect(consents).to.be.an('array');
+        } catch (err) {
+          // Some versions might not support this
+        }
+      });
+    });
+
+    describe('getActiveSessions', function () {
+      it('should retrieve active sessions for client', async function () {
+        const sessions = await client.clients.getActiveSessions({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(sessions).to.be.an('array');
+      });
+    });
+
+    describe('getOfflineSessions', function () {
+      it('should retrieve offline sessions for client', async function () {
+        const sessions = await client.clients.getOfflineSessions({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(sessions).to.be.an('array');
+      });
+    });
+  });
+
+  // ==================== CLIENT ROLE MAPPINGS ====================
+  describe('Role Mappings', function () {
+    describe('listServiceAccountRoleMappings', function () {
+      it('should list service account role mappings', async function () {
+        try {
+          const mappings = await client.clients.listServiceAccountRoleMappings({
+            realm: 'test-realm',
+            id: testClientId,
+          });
+
+          expect(mappings).to.be.an('object');
+        } catch (err) {
+          // Service account might not be enabled
+        }
+      });
+    });
+  });
+
+  // ==================== PROTOCOL MAPPERS ====================
+  describe('Protocol Mappers', function () {
+    describe('listProtocolMappers', function () {
+      it('should list protocol mappers', async function () {
+        const mappers = await client.clients.listProtocolMappers({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(mappers).to.be.an('array');
+      });
+    });
+
+    describe('addProtocolMapper', function () {
+      it('should add a protocol mapper', async function () {
+        const mapper = {
+          name: 'test-mapper',
+          protocol: 'openid-connect',
+          protocolMapper: 'oidc-usermodel-attribute-mapper',
+          config: {
+            'user.attribute': 'email',
+            'claim.name': 'email',
+            'jsonType.label': 'String',
+          },
+        };
+
+        const result = await client.clients.addProtocolMapper(
+          { realm: 'test-realm', id: testClientId },
+          mapper
+        );
+
+        expect(result).to.exist;
+      });
+    });
+  });
+
+  // ==================== SCOPE MAPPINGS ====================
+  describe('Scope Mappings', function () {
+    describe('listScopeMappings', function () {
+      it('should list all scope mappings', async function () {
+        const mappings = await client.clients.listScopeMappings({
+          realm: 'test-realm',
+          id: testClientId,
+        });
+
+        expect(mappings).to.be.an('object');
+      });
+    });
+  });
+
+  // ==================== CLEANUP ====================
+  after(async function () {
+    try {
+      if (testClientId) {
+        await client.clients.del({ realm: 'test-realm', id: testClientId });
+      }
+      if (testRoleId) {
+        await client.roles.del({ realm: 'test-realm', id: testRoleId });
+      }
+    } catch (err) {
+      console.error('Cleanup error:', err.message);
+    }
+  });
+});

package/test/components.test.js

@@ -0,0 +1,122 @@
+const { expect } = require('chai');
+const { getAdminClient } = require('./config');
+
+describe('Components Handler', function () {
+  this.timeout(15000);
+  let client;
+  let testComponentId;
+
+  before(function () {
+    client = getAdminClient();
+  });
+
+  // ==================== COMPONENT CRUD ====================
+  describe('CRUD Operations', function () {
+    describe('create', function () {
+      it('should create a component with valid representation', async function () {
+        const componentRep = {
+          name: `test-component-${Date.now()}`,
+          providerId: 'org.keycloak.storage.UserStorageProvider',
+          providerType: 'org.keycloak.storage.UserStorageProvider',
+          config: {
+            priority: ['0'],
+          },
+        };
+
+        const result = await client.components.create(
+          { realm: 'test-realm' },
+          componentRep
+        );
+
+        expect(result).to.have.property('id');
+        testComponentId = result.id;
+      });
+    });
+
+    describe('find', function () {
+      it('should list all components', async function () {
+        const components = await client.components.find({ realm: 'test-realm' });
+
+        expect(components).to.be.an('array');
+      });
+
+      it('should filter components by type', async function () {
+        const components = await client.components.find({
+          realm: 'test-realm',
+          type: 'org.keycloak.storage.UserStorageProvider',
+        });
+
+        expect(components).to.be.an('array');
+      });
+
+      it('should filter components by provider id', async function () {
+        const components = await client.components.find({
+          realm: 'test-realm',
+          filter: 'org.keycloak.storage.UserStorageProvider',
+        });
+
+        expect(components).to.be.an('array');
+      });
+    });
+
+    describe('findOne', function () {
+      it('should find a specific component by id', async function () {
+        const component = await client.components.findOne({
+          realm: 'test-realm',
+          id: testComponentId,
+        });
+
+        expect(component).to.exist;
+        expect(component.id).to.equal(testComponentId);
+      });
+    });
+
+    describe('update', function () {
+      it('should update component attributes', async function () {
+        const updateRep = {
+          name: `updated-component-${Date.now()}`,
+          config: {
+            priority: ['1'],
+          },
+        };
+
+        await client.components.update(
+          { realm: 'test-realm', id: testComponentId },
+          updateRep
+        );
+
+        const updated = await client.components.findOne({
+          realm: 'test-realm',
+          id: testComponentId,
+        });
+
+        expect(updated.name).to.include('updated-component');
+      });
+    });
+  });
+
+  // ==================== SUBCOMPONENTS ====================
+  describe('Subcomponents', function () {
+    describe('listSubComponents', function () {
+      it('should list subcomponents', async function () {
+        const subcomponents = await client.components.listSubComponents({
+          realm: 'test-realm',
+          id: testComponentId,
+        });
+
+        expect(subcomponents).to.be.an('array');
+      });
+    });
+  });
+
+  // ==================== CLEANUP ====================
+  after(async function () {
+    try {
+      if (testComponentId) {
+        await client.components.del({ realm: 'test-realm', id: testComponentId });
+      }
+    } catch (err) {
+      console.error('Cleanup error:', err.message);
+    }
+  });
+});

package/test/config.js

@@ -0,0 +1,137 @@
+const KcAdmClient = require('@keycloak/keycloak-admin-client').default;
+const { delay } = require('async');
+
+const TEST_CONFIG = {
+  baseUrl: process.env.KEYCLOAK_URL || 'http://localhost:8080',
+  realmName: 'test-realm',
+  username: 'admin',
+  password: 'admin',
+  clientId: 'admin-cli',
+  grantType: 'password',
+};
+
+let adminClient = null;
+
+/**
+ * Inizializza il client Keycloak admin
+ * Aspetta che Keycloak sia pronto prima di connettersi
+ */
+async function initializeAdminClient() {
+  if (adminClient) {
+    return adminClient;
+  }
+
+  let retries = 30;
+  let lastError;
+
+  while (retries > 0) {
+    try {
+      adminClient = new KcAdmClient({
+        baseUrl: TEST_CONFIG.baseUrl,
+        realmName: TEST_CONFIG.realmName,
+      });
+
+      await adminClient.auth({
+        username: TEST_CONFIG.username,
+        password: TEST_CONFIG.password,
+        clientId: TEST_CONFIG.clientId,
+        grantType: TEST_CONFIG.grantType,
+      });
+
+      console.log('✓ Keycloak admin client initialized');
+      return adminClient;
+    } catch (err) {
+      lastError = err;
+      retries--;
+      if (retries > 0) {
+        console.log(`Waiting for Keycloak... (${retries} retries left)`);
+        await delay(2000);
+      }
+    }
+  }
+
+  throw new Error(`Failed to connect to Keycloak after retries: ${lastError.message}`);
+}
+
+/**
+ * Crea il realm di test
+ */
+async function setupTestRealm() {
+  const client = await initializeAdminClient();
+
+  // Switcha a master realm per creare il test realm
+  client.realmName = 'master';
+
+  try {
+    // Controlla se il realm esiste già
+    const realms = await client.realms.find();
+    const realmExists = realms.some((r) => r.realm === TEST_CONFIG.realmName);
+
+    if (!realmExists) {
+      await client.realms.create({
+        realm: TEST_CONFIG.realmName,
+        displayName: 'Test Realm',
+        enabled: true,
+        accessTokenLifespan: 3600,
+        refreshTokenMaxReuse: 0,
+        actionTokenGeneratedByAdminLifespan: 900,
+        actionTokenGeneratedByUserLifespan: 900,
+      });
+      console.log(`✓ Test realm '${TEST_CONFIG.realmName}' created`);
+    } else {
+      console.log(`✓ Test realm '${TEST_CONFIG.realmName}' already exists`);
+    }
+  } catch (err) {
+    if (err.response?.status === 409) {
+      console.log(`✓ Test realm '${TEST_CONFIG.realmName}' already exists`);
+    } else {
+      throw err;
+    }
+  }
+
+  // Switcha back al test realm
+  client.realmName = TEST_CONFIG.realmName;
+}
+
+/**
+ * Pulisce il realm di test
+ */
+async function cleanupTestRealm() {
+  if (!adminClient) return;
+
+  try {
+    adminClient.realmName = 'master';
+    await adminClient.realms.del({ realm: TEST_CONFIG.realmName });
+    console.log(`✓ Test realm '${TEST_CONFIG.realmName}' deleted`);
+  } catch (err) {
+    if (err.response?.status !== 404) {
+      console.warn(`Warning: Failed to delete test realm: ${err.message}`);
+    }
+  }
+}
+
+/**
+ * Ritorna il client admin configurato e autenticato
+ */
+function getAdminClient() {
+  if (!adminClient) {
+    throw new Error('Admin client not initialized. Call initializeAdminClient() first');
+  }
+  return adminClient;
+}
+
+/**
+ * Reset del client (principalmente per i test)
+ */
+function resetAdminClient() {
+  adminClient = null;
+}
+
+module.exports = {
+  TEST_CONFIG,
+  initializeAdminClient,
+  setupTestRealm,
+  cleanupTestRealm,
+  getAdminClient,
+  resetAdminClient,
+};

package/test/docker-helpers.js

@@ -0,0 +1,111 @@
+const docker = require('dockerode');
+const { spawn } = require('child_process');
+const { delay } = require('async');
+
+/**
+ * Starts Docker Compose services
+ */
+async function startDocker() {
+  console.log('Starting Docker Compose services...');
+
+  return new Promise((resolve, reject) => {
+    // Try docker compose (modern) or docker-compose (legacy)
+    const command = 'docker';
+    const args = ['compose', 'up', '-d'];
+
+    const compose = spawn(command, args, {
+      cwd: process.cwd(),
+      stdio: 'inherit',
+    });
+
+    compose.on('close', (code) => {
+      if (code !== 0) {
+        reject(new Error(`docker compose up failed with code ${code}`));
+      } else {
+        console.log('✓ Docker Compose services started');
+        resolve();
+      }
+    });
+
+    compose.on('error', reject);
+  });
+}
+
+/**
+ * Stops Docker Compose services
+ */
+async function stopDocker() {
+  console.log('Stopping Docker Compose services...');
+
+  return new Promise((resolve, reject) => {
+    const command = 'docker';
+    const args = ['compose', 'down', '--volumes'];
+
+    const compose = spawn(command, args, {
+      cwd: process.cwd(),
+      stdio: 'inherit',
+    });
+
+    compose.on('close', (code) => {
+      if (code !== 0) {
+        reject(new Error(`docker compose down failed with code ${code}`));
+      } else {
+        console.log('✓ Docker Compose services stopped');
+        resolve();
+      }
+    });
+
+    compose.on('error', reject);
+  });
+}
+
+/**
+ * Waits for a service to be healthy
+ */
+async function waitForHealthy(maxRetries = 30, delayMs = 2000) {
+  let retries = maxRetries;
+
+  while (retries > 0) {
+    try {
+      const dockerode = new docker();
+      const containers = await dockerode.listContainers();
+      const keycloakContainer = containers.find((c) => c.Names.includes('/keycloak-test'));
+
+      if (!keycloakContainer) {
+        throw new Error('Keycloak container not found');
+      }
+
+      const container = dockerode.getContainer(keycloakContainer.Id);
+      const inspect = await container.inspect();
+
+      if (inspect.State.Health?.Status === 'healthy') {
+        console.log('✓ Keycloak container is healthy');
+        return;
+      }
+
+      retries--;
+      if (retries > 0) {
+        console.log(
+          `Waiting for Keycloak to be healthy (${inspect.State.Health?.Status || 'unknown'})... (${retries} retries left)`
+        );
+        await delay(delayMs);
+      }
+    } catch (err) {
+      retries--;
+      if (retries > 0) {
+        console.log(`Waiting for services... (${retries} retries left)`);
+        await delay(delayMs);
+      } else {
+        throw err;
+      }
+    }
+  }
+
+  throw new Error('Service failed to become healthy in time');
+}
+
+module.exports = {
+  startDocker,
+  stopDocker,
+  waitForHealthy,
+};