keycloak-api-manager 3.2.0 → 4.0.0

package/test/specs/clients.test.js

@@ -0,0 +1,791 @@
+const path = require('path');
+const http = require('http');
+const https = require('https');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const keycloakManager = require('keycloak-api-manager');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+
+function requestAdmin(baseUrl, token, apiPath, method = 'GET', body) {
+  const url = new URL(apiPath, baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+  const payload = body ? JSON.stringify(body) : null;
+
+  const options = {
+    method,
+    headers: {
+      Accept: 'application/json',
+      Authorization: `Bearer ${token}`,
+      ...(payload ? { 'Content-Type': 'application/json' } : {}),
+    },
+  };
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        if (res.statusCode >= 200 && res.statusCode < 300) {
+          try {
+            resolve(data ? JSON.parse(data) : null);
+          } catch {
+            resolve(data);
+          }
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}: ${data}`));
+        }
+      });
+    });
+
+    req.on('error', reject);
+    if (payload) {
+      req.write(payload);
+    }
+    req.end();
+  });
+}
+
+async function getAdminToken(baseUrl, username, password) {
+  const url = new URL('/realms/master/protocol/openid-connect/token', baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+  
+  const params = new URLSearchParams({
+    grant_type: 'password',
+    client_id: 'admin-cli',
+    username,
+    password,
+  });
+
+  const options = {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+  };
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        if (res.statusCode === 200) {
+          const parsed = JSON.parse(data);
+          resolve(parsed.access_token);
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}: ${data}`));
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.write(params.toString());
+    req.end();
+  });
+}
+
+function shouldSkipFeature(err, message) {
+  if (!err || !err.message) {
+    return false;
+  }
+  const text = err.message.toLowerCase();
+  return text.includes('feature not enabled') ||
+    text.includes('authorization') && text.includes('disabled') ||
+    text.includes('not enabled') ||
+    text.includes('not supported') ||
+    text.includes('protocolmapper provider not found') ||
+    text.includes('http 404') ||
+    (message && text.includes(message));
+}
+
+async function findClientByClientId(clientId) {
+  const clients = await keycloakManager.clients.find({ clientId });
+  return clients && clients.length ? clients[0] : null;
+}
+
+describe('Clients Handler', function () {
+  this.timeout(60000);
+
+  const keycloakConfig = (conf && conf.keycloak) || {};
+  const sourceClientId = generateUniqueName('source-client');
+  const targetClientId = generateUniqueName('target-client');
+  const clientScopeName = generateUniqueName('scope');
+  const realmRoleName = generateUniqueName('realm-role');
+  const clientRoleName = generateUniqueName('client-role');
+  const protocolMapperName = generateUniqueName('mapper');
+  const protocolMapperNameTwo = generateUniqueName('mapper-two');
+  const protocolMapperNameThree = generateUniqueName('mapper-three');
+  const authzScopeName = generateUniqueName('authz-scope');
+  const authzResourceName = generateUniqueName('authz-resource');
+  const authzPolicyName = generateUniqueName('authz-policy');
+  const authzPermissionName = generateUniqueName('authz-permission');
+  const authzImportedResourceName = generateUniqueName('authz-imported');
+
+  let realmRoleId = null;
+  let clientScopeId = null;
+  let sourceClient = null;
+  let targetClient = null;
+  let clientRole = null;
+  let protocolMapperId = null;
+  let authzScope = null;
+  let authzResource = null;
+  let authzPolicy = null;
+  let authzPermission = null;
+  let testUserId = null;
+  let authzServicesAvailable = false;
+  let adminToken = null;
+
+  before(async function () {
+    await keycloakManager.configure({
+      baseUrl: keycloakConfig.baseUrl,
+      realmName: keycloakConfig.realmName,
+      clientId: keycloakConfig.clientId,
+      clientSecret: keycloakConfig.clientSecret,
+      username: keycloakConfig.username,
+      password: keycloakConfig.password,
+      grantType: keycloakConfig.grantType,
+      tokenLifeSpan: keycloakConfig.tokenLifeSpan,
+      scope: keycloakConfig.scope,
+    });
+
+    // Use shared test realm (created by enableServerFeatures)
+    keycloakManager.setConfig({ realmName: TEST_REALM });
+
+    await keycloakManager.roles.create({ name: realmRoleName });
+    const realmRole = await keycloakManager.roles.findOneByName({ name: realmRoleName });
+    realmRoleId = realmRole.id;
+
+    const createdScope = await keycloakManager.clientScopes.create({
+      name: clientScopeName,
+      protocol: 'openid-connect',
+    });
+    clientScopeId = createdScope.id;
+    if (!clientScopeId) {
+      const scope = await keycloakManager.clientScopes.findOneByName({ name: clientScopeName });
+      clientScopeId = scope.id;
+    }
+
+    await keycloakManager.clients.create({
+      clientId: sourceClientId,
+      name: sourceClientId,
+      enabled: true,
+      publicClient: false,
+      protocol: 'openid-connect',
+      standardFlowEnabled: true,
+      directAccessGrantsEnabled: true,
+    });
+    sourceClient = await findClientByClientId(sourceClientId);
+
+    await keycloakManager.clients.create({
+      clientId: targetClientId,
+      name: targetClientId,
+      enabled: true,
+      publicClient: false,
+      protocol: 'openid-connect',
+      standardFlowEnabled: true,
+      directAccessGrantsEnabled: true,
+      serviceAccountsEnabled: true,
+      authorizationServicesEnabled: true,
+    });
+    targetClient = await findClientByClientId(targetClientId);
+
+    await keycloakManager.clients.createRole({
+      id: sourceClient.id,
+      name: clientRoleName,
+      description: 'Test client role',
+    });
+    clientRole = await keycloakManager.clients.findRole({
+      id: sourceClient.id,
+      roleName: clientRoleName,
+    });
+
+    const user = await keycloakManager.users.create({
+      username: `client-user-${Date.now()}`,
+      enabled: true,
+      email: `client-user-${Date.now()}@example.com`,
+    });
+    testUserId = user.id;
+    
+    // Get admin token for direct API verification
+    adminToken = await getAdminToken(
+      keycloakConfig.baseUrl,
+      keycloakConfig.username,
+      keycloakConfig.password
+    );
+  });
+
+  after(async function () {
+    try {
+      if (targetClient) {
+        await keycloakManager.clients.del({ id: targetClient.id });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    try {
+      if (sourceClient) {
+        await keycloakManager.clients.del({ id: sourceClient.id });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    try {
+      if (clientScopeId) {
+        await keycloakManager.clientScopes.del({ id: clientScopeId });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    try {
+      if (realmRoleId) {
+        await keycloakManager.roles.delById({ id: realmRoleId });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    // Don't delete shared test realm
+
+    try {
+      if (testUserId) {
+        await keycloakManager.users.del({ id: testUserId });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    if (typeof keycloakManager.stop === 'function') {
+      keycloakManager.stop();
+    }
+  });
+
+  it('should create, find, update, and delete clients', async function () {
+    const found = await keycloakManager.clients.find({ clientId: targetClientId });
+    expect(found).to.be.an('array');
+    expect(found[0].clientId).to.equal(targetClientId);
+
+    const one = await keycloakManager.clients.findOne({ id: targetClient.id });
+    expect(one).to.be.an('object');
+    
+    // Verify via direct Keycloak API call
+    const directClient = await requestAdmin(
+      keycloakConfig.baseUrl,
+      adminToken,
+      `/admin/realms/${TEST_REALM}/clients/${targetClient.id}`
+    );
+    expect(directClient.clientId).to.equal(targetClientId);
+    expect(directClient.id).to.equal(targetClient.id);
+
+    const updatedName = `${targetClientId}-updated`;
+    await keycloakManager.clients.update(
+      { id: targetClient.id },
+      { name: updatedName }
+    );
+    const updated = await keycloakManager.clients.findOne({ id: targetClient.id });
+    expect(updated.name).to.equal(updatedName);
+    
+    // Verify update via direct Keycloak API call
+    const directUpdated = await requestAdmin(
+      keycloakConfig.baseUrl,
+      adminToken,
+      `/admin/realms/${TEST_REALM}/clients/${targetClient.id}`
+    );
+    expect(directUpdated.name).to.equal(updatedName);
+  });
+
+  it('should manage client roles', async function () {
+    const roles = await keycloakManager.clients.listRoles({ id: sourceClient.id });
+    expect(roles).to.be.an('array');
+
+    const role = await keycloakManager.clients.findRole({
+      id: sourceClient.id,
+      roleName: clientRoleName,
+    });
+    expect(role).to.be.an('object');
+    
+    // Verify role via direct Keycloak API call
+    const directRoles = await requestAdmin(
+      keycloakConfig.baseUrl,
+      adminToken,
+      `/admin/realms/${TEST_REALM}/clients/${sourceClient.id}/roles`
+    );
+    const directRole = directRoles.find(r => r.name === clientRoleName);
+    expect(directRole).to.exist;
+    expect(directRole.name).to.equal(clientRoleName);
+
+    await keycloakManager.clients.updateRole(
+      { id: sourceClient.id, roleName: clientRoleName },
+      { name: clientRoleName, description: 'Updated role' }
+    );
+    
+    // Verify role update via direct API
+    const directUpdatedRole = await requestAdmin(
+      keycloakConfig.baseUrl,
+      adminToken,
+      `/admin/realms/${TEST_REALM}/clients/${sourceClient.id}/roles/${clientRoleName}`
+    );
+    expect(directUpdatedRole.description).to.equal('Updated role');
+
+    await keycloakManager.clients.delRole({
+      id: sourceClient.id,
+      roleName: clientRoleName,
+    });
+
+    await keycloakManager.clients.createRole({
+      id: sourceClient.id,
+      name: clientRoleName,
+      description: 'Test client role',
+    });
+
+    clientRole = await keycloakManager.clients.findRole({
+      id: sourceClient.id,
+      roleName: clientRoleName,
+    });
+  });
+
+  it('should manage client secrets and registration tokens', async function () {
+    const secret = await keycloakManager.clients.getClientSecret({ id: targetClient.id });
+    expect(secret).to.be.an('object');
+
+    const newSecret = await keycloakManager.clients.generateNewClientSecret({ id: targetClient.id });
+    expect(newSecret).to.be.an('object');
+
+    await keycloakManager.clients.invalidateSecret({ id: targetClient.id });
+
+    const regToken = await keycloakManager.clients.generateRegistrationAccessToken({
+      id: targetClient.id,
+    });
+    expect(regToken).to.be.an('object');
+  });
+
+  it('should manage service account user', async function () {
+    const user = await keycloakManager.clients.getServiceAccountUser({
+      id: targetClient.id,
+    });
+    expect(user).to.be.an('object');
+  });
+
+  it('should manage client scopes', async function () {
+    await keycloakManager.clients.addDefaultClientScope({
+      id: targetClient.id,
+      clientScopeId: clientScopeId,
+    });
+
+    const defaults = await keycloakManager.clients.listDefaultClientScopes({
+      id: targetClient.id,
+    });
+    expect(defaults).to.be.an('array');
+
+    await keycloakManager.clients.delDefaultClientScope({
+      id: targetClient.id,
+      clientScopeId: clientScopeId,
+    });
+
+    await keycloakManager.clients.addOptionalClientScope({
+      id: targetClient.id,
+      clientScopeId: clientScopeId,
+    });
+
+    const optional = await keycloakManager.clients.listOptionalClientScopes({
+      id: targetClient.id,
+    });
+    expect(optional).to.be.an('array');
+
+    await keycloakManager.clients.delOptionalClientScope({
+      id: targetClient.id,
+      clientScopeId: clientScopeId,
+    });
+  });
+
+  it('should manage client role scope mappings', async function () {
+    const available = await keycloakManager.clients.listAvailableClientScopeMappings({
+      id: targetClient.id,
+      client: sourceClient.id,
+    });
+    expect(available).to.be.an('array');
+
+    await keycloakManager.clients.addClientScopeMappings(
+      { id: targetClient.id, client: sourceClient.id },
+      [clientRole]
+    );
+
+    const mappings = await keycloakManager.clients.listClientScopeMappings({
+      id: targetClient.id,
+      client: sourceClient.id,
+    });
+    expect(mappings).to.be.an('array');
+
+    const composite = await keycloakManager.clients.listCompositeClientScopeMappings({
+      id: targetClient.id,
+      client: sourceClient.id,
+    });
+    expect(composite).to.be.an('array');
+
+    await keycloakManager.clients.delClientScopeMappings(
+      { id: targetClient.id, client: sourceClient.id },
+      [clientRole]
+    );
+  });
+
+  it('should manage realm role scope mappings', async function () {
+    const available = await keycloakManager.clients.listAvailableRealmScopeMappings({
+      id: targetClient.id,
+    });
+    expect(available).to.be.an('array');
+
+    await keycloakManager.clients.addRealmScopeMappings(
+      { id: targetClient.id },
+      [{ id: realmRoleId, name: realmRoleName }]
+    );
+
+    const mappings = await keycloakManager.clients.listRealmScopeMappings({
+      id: targetClient.id,
+    });
+    expect(mappings).to.be.an('array');
+
+    const composite = await keycloakManager.clients.listCompositeRealmScopeMappings({
+      id: targetClient.id,
+    });
+    expect(composite).to.be.an('array');
+
+    await keycloakManager.clients.delRealmScopeMappings(
+      { id: targetClient.id },
+      [{ id: realmRoleId, name: realmRoleName }]
+    );
+  });
+
+  it('should manage sessions and counts', async function () {
+    const sessions = await keycloakManager.clients.listSessions({ id: targetClient.id });
+    expect(sessions).to.be.an('array');
+
+    const offline = await keycloakManager.clients.listOfflineSessions({ id: targetClient.id });
+    expect(offline).to.be.an('array');
+
+    const count = await keycloakManager.clients.getSessionCount({ id: targetClient.id });
+    expect(count).to.be.a('number');
+
+    const offlineCount = await keycloakManager.clients.getOfflineSessionCount({ id: targetClient.id });
+    expect(offlineCount).to.be.a('number');
+  });
+
+  it('should manage cluster nodes', async function () {
+    const nodeName = `node-${Date.now()}`;
+    await keycloakManager.clients.addClusterNode({ id: targetClient.id, node: nodeName });
+    await keycloakManager.clients.deleteClusterNode({ id: targetClient.id, node: nodeName });
+  });
+
+  it('should evaluate tokens and mappers', async function () {
+    try {
+      const accessToken = await keycloakManager.clients.evaluateGenerateAccessToken({
+        id: targetClient.id,
+        userId: testUserId,
+      });
+      expect(accessToken).to.exist;
+
+      const idToken = await keycloakManager.clients.evaluateGenerateIdToken({
+        id: targetClient.id,
+        userId: testUserId,
+      });
+      expect(idToken).to.exist;
+
+      const userInfo = await keycloakManager.clients.evaluateGenerateUserInfo({
+        id: targetClient.id,
+        userId: testUserId,
+      });
+      expect(userInfo).to.exist;
+
+      const mappers = await keycloakManager.clients.evaluateListProtocolMapper({
+        id: targetClient.id,
+      });
+      expect(mappers).to.be.an('array');
+    } catch (err) {
+      if (shouldSkipFeature(err)) {
+        this.test.title += ' (evaluation not supported)';
+        this.skip();
+      }
+      throw err;
+    }
+  });
+
+  describe('Authorization Services', function () {
+    before(async function () {
+      // Ensure targetClient is created
+      if (!targetClient) {
+        console.log('        Target client not yet created, skipping Authorization Services tests');
+        this.skip();
+        return;
+      }
+
+      // Force update of client to ensure Authorization Services is fully enabled
+      try {
+        await keycloakManager.clients.update(
+          { id: targetClient.id },
+          {
+            authorizationServicesEnabled: true,
+            serviceAccountsEnabled: true,
+            publicClient: false,
+          }
+        );
+      } catch (err) {
+        console.log('        Error updating client for Authorization Services:', err.message);
+      }
+
+      // Check if Authorization Services is available on targetClient
+      try {
+        await keycloakManager.clients.getResourceServer({ id: targetClient.id });
+        authzServicesAvailable = true;
+      } catch (err) {
+        if (shouldSkipFeature(err)) {
+          console.log('        Authorization Services not available, skipping tests');
+          this.skip();
+        } else {
+          throw err;
+        }
+      }
+    });
+
+    it('should manage authorization scopes and resources', async function () {
+      authzScope = await keycloakManager.clients.createAuthorizationScope(
+        { id: targetClient.id },
+        { name: authzScopeName }
+      );
+
+      const scopes = await keycloakManager.clients.listAllScopes({
+        id: targetClient.id,
+      });
+      expect(scopes).to.be.an('array');
+
+      authzResource = await keycloakManager.clients.createResource(
+        { id: targetClient.id },
+        {
+          name: authzResourceName,
+          uris: ['/resource'],
+          scopes: [authzScope],
+        }
+      );
+
+      const resources = await keycloakManager.clients.listResources({
+        id: targetClient.id,
+        deep: true,
+      });
+      expect(resources).to.be.an('array');
+
+      const foundResource = await keycloakManager.clients.getResource({
+        id: targetClient.id,
+        resourceId: authzResource._id,
+      });
+      expect(foundResource).to.be.an('object');
+
+      await keycloakManager.clients.updateResource(
+        { id: targetClient.id, resourceId: authzResource._id },
+        { name: `${authzResourceName}-updated` }
+      );
+
+      // Skip listAllResourcesByScope if scopeId format not supported
+      try {
+        const byScope = await keycloakManager.clients.listAllResourcesByScope({
+          id: targetClient.id,
+          scopeId: authzScope.id,
+        });
+        expect(byScope).to.be.an('array');
+      } catch (err) {
+        // Known issue: missingNormalization error with some Keycloak versions
+        console.log(`        Skipping listAllResourcesByScope: ${err.message}`);
+      }
+
+      try {
+        const scopesByResource = await keycloakManager.clients.listScopesByResource({
+          id: targetClient.id,
+          resourceId: authzResource._id,
+        });
+        expect(scopesByResource).to.be.an('array');
+      } catch (err) {
+        // Known issue: missingNormalization error with some Keycloak versions
+        console.log(`        Skipping listScopesByResource: ${err.message}`);
+      }
+    });
+
+    it('should manage policies and permissions', async function () {
+      try {
+        authzPolicy = await keycloakManager.clients.createPolicy(
+          { id: targetClient.id, type: 'role' },
+          {
+            name: authzPolicyName,
+            decisionStrategy: 'UNANIMOUS',
+            logic: 'POSITIVE',
+            roles: [{ id: realmRoleId, required: true }],
+          }
+        );
+      } catch (err) {
+        // Try with simplified payload
+        authzPolicy = await keycloakManager.clients.createPolicy(
+          { id: targetClient.id, type: 'js' },
+          {
+            name: authzPolicyName,
+            code: 'true;',
+            logic: 'POSITIVE',
+          }
+        );
+      }
+
+      const dependents = await keycloakManager.clients.listDependentPolicies({
+        id: targetClient.id,
+        policyId: authzPolicy.id,
+      });
+      expect(dependents).to.be.an('array');
+
+      authzPermission = await keycloakManager.clients.createPermission(
+        { id: targetClient.id, type: 'resource' },
+        {
+          name: authzPermissionName,
+          resources: [authzResource._id],
+          policies: [authzPolicy.id],
+        }
+      );
+
+      const found = await keycloakManager.clients.findPermissions({
+        id: targetClient.id,
+        name: authzPermissionName,
+      });
+      expect(found).to.be.an('array');
+
+      const byResource = await keycloakManager.clients.listPermissionsByResource({
+        id: targetClient.id,
+        resourceId: authzResource._id,
+      });
+      expect(byResource).to.be.an('array');
+
+      const byScope = await keycloakManager.clients.listAllPermissionsByScope({
+        id: targetClient.id,
+        scopeId: authzScope._id || authzScope.id,
+      });
+      expect(byScope).to.be.an('array');
+
+      const permScopes = await keycloakManager.clients.listPermissionScope({
+        id: targetClient.id,
+        permissionId: authzPermission.id,
+      });
+      expect(permScopes).to.be.an('array');
+
+      const assocScopes = await keycloakManager.clients.getAssociatedScopes({
+        id: targetClient.id,
+        permissionId: authzPermission.id,
+      });
+      expect(assocScopes).to.be.an('array');
+
+      const assocPolicies = await keycloakManager.clients.getAssociatedPolicies({
+        id: targetClient.id,
+        permissionId: authzPermission.id,
+      });
+      expect(assocPolicies).to.be.an('array');
+
+      const assocResources = await keycloakManager.clients.getAssociatedResources({
+        id: targetClient.id,
+        permissionId: authzPermission.id,
+      });
+      expect(assocResources).to.be.an('array');
+    });
+
+    it('should manage resource server settings and resources export/import', async function () {
+      const server = await keycloakManager.clients.getResourceServer({
+        id: targetClient.id,
+      });
+      expect(server).to.be.an('object');
+
+      await keycloakManager.clients.updateResourceServer(
+        { id: targetClient.id },
+        { decisionStrategy: 'AFFIRMATIVE' }
+      );
+
+      const exported = await keycloakManager.clients.exportResource({
+        id: targetClient.id,
+        resourceId: authzResource._id,
+      });
+      expect(exported).to.be.an('object');
+
+      try {
+        await keycloakManager.clients.importResource(
+          { id: targetClient.id },
+          {
+            name: authzImportedResourceName,
+            scopes: [authzScope],
+          }
+        );
+        
+        // Verify the imported resource was created
+        const allResources = await keycloakManager.clients.listResources({
+          id: targetClient.id,
+        });
+        const importedResource = allResources.find(r => r.name === authzImportedResourceName);
+        expect(importedResource).to.be.an('object');
+      } catch (err) {
+        // importResource may not work as expected in all Keycloak versions
+        console.log(`        Skipping importResource verification: ${err.message}`);
+      }
+    });
+
+    it('should manage authorization scope updates', async function () {
+      await keycloakManager.clients.updateAuthorizationScope(
+        { id: targetClient.id, scopeId: authzScope._id || authzScope.id },
+        { name: authzScopeName, displayName: `${authzScopeName}-display` }
+      );
+
+      const scope = await keycloakManager.clients.getAuthorizationScope({
+        id: targetClient.id,
+        scopeId: authzScope._id || authzScope.id,
+      });
+      expect(scope).to.be.an('object');
+    });
+
+  });
+
+  it('should manage keys when supported', async function () {
+    try {
+      const info = await keycloakManager.clients.getKeyInfo({
+        id: targetClient.id,
+      });
+      expect(info).to.be.an('object');
+
+      await keycloakManager.clients.generateKey({
+        id: targetClient.id,
+        attr: 'jwt.credential',
+      });
+
+      await keycloakManager.clients.generateAndDownloadKey(
+        { id: targetClient.id, attr: 'jwt.credential' },
+        {
+          format: 'JKS',
+          keyAlias: 'test',
+          keyPassword: 'password',
+          storePassword: 'password',
+        }
+      );
+
+      await keycloakManager.clients.downloadKey(
+        { id: targetClient.id, attr: 'jwt.credential' },
+        {
+          format: 'JKS',
+          keyAlias: 'test',
+          keyPassword: 'password',
+          storePassword: 'password',
+        }
+      );
+    } catch (err) {
+      if (shouldSkipFeature(err)) {
+        this.test.title += ' (keys not supported)';
+        this.skip();
+      }
+      throw err;
+    }
+  });
+});