keycloak-api-manager 3.2.0 → 4.0.0

package/test/specs/identityProviders.test.js

@@ -0,0 +1,292 @@
+const path = require('path');
+const http = require('http');
+const https = require('https');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const keycloakManager = require('keycloak-api-manager');
+
+function requestAdmin(baseUrl, token, apiPath, method = 'GET', body) {
+  const url = new URL(apiPath, baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+  const payload = body ? JSON.stringify(body) : null;
+
+  const options = {
+    method,
+    headers: {
+      Accept: 'application/json',
+      Authorization: `Bearer ${token}`,
+      ...(payload ? { 'Content-Type': 'application/json' } : {}),
+    },
+  };
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        let parsed = data;
+        try {
+          parsed = data ? JSON.parse(data) : null;
+        } catch (err) {
+          parsed = data;
+        }
+        resolve({ status: res.statusCode, body: parsed });
+      });
+    });
+
+    req.on('error', reject);
+    if (payload) {
+      req.write(payload);
+    }
+    req.end();
+  });
+}
+
+async function getAdminToken(baseUrl, username, password) {
+  const url = new URL('/realms/master/protocol/openid-connect/token', baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+
+  const params = new URLSearchParams({
+    grant_type: 'password',
+    client_id: 'admin-cli',
+    username,
+    password,
+  });
+
+  const options = {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+  };
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        if (res.statusCode === 200) {
+          const parsed = JSON.parse(data);
+          resolve(parsed.access_token);
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}: ${data}`));
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.write(params.toString());
+    req.end();
+  });
+}
+
+function shouldSkipFeature(err) {
+  if (!err || !err.message) {
+    return false;
+  }
+  const text = err.message.toLowerCase();
+  return (
+    text.includes('provider') && text.includes('not found') ||
+    text.includes('feature not enabled') ||
+    text.includes('not supported') ||
+    text.includes('http 404') ||
+    text.includes('unknown_error')
+  );
+}
+
+describe('IdentityProviders Handler', function () {
+  this.timeout(60000);
+
+  const keycloakConfig = (conf && conf.keycloak) || {};
+  const testRealm = `idp-realm-${Date.now()}`;
+  const idpAlias = `idp-oidc-${Date.now()}`;
+  const mapperName = `idp-mapper-${Date.now()}`;
+
+  let adminToken = null;
+  let idpCreated = false;
+  let mapperId = null;
+
+  before(async function () {
+    await keycloakManager.configure({
+      baseUrl: keycloakConfig.baseUrl,
+      realmName: keycloakConfig.realmName,
+      clientId: keycloakConfig.clientId,
+      clientSecret: keycloakConfig.clientSecret,
+      username: keycloakConfig.username,
+      password: keycloakConfig.password,
+      grantType: keycloakConfig.grantType,
+      tokenLifeSpan: keycloakConfig.tokenLifeSpan,
+      scope: keycloakConfig.scope,
+    });
+
+    adminToken = await getAdminToken(
+      keycloakConfig.baseUrl,
+      keycloakConfig.username,
+      keycloakConfig.password
+    );
+
+    await keycloakManager.realms.create({ realm: testRealm, enabled: true });
+    keycloakManager.setConfig({ realmName: testRealm });
+
+    try {
+      await keycloakManager.identityProviders.create({
+        alias: idpAlias,
+        providerId: 'oidc',
+        enabled: true,
+        trustEmail: false,
+        storeToken: false,
+        addReadTokenRoleOnCreate: false,
+        authenticateByDefault: false,
+        config: {
+          authorizationUrl: 'https://example.com/auth',
+          tokenUrl: 'https://example.com/token',
+          userInfoUrl: 'https://example.com/userinfo',
+          clientId: 'dummy-client-id',
+          clientSecret: 'dummy-client-secret',
+          defaultScope: 'openid profile email',
+        },
+      });
+      idpCreated = true;
+    } catch (err) {
+      if (shouldSkipFeature(err)) {
+        idpCreated = false;
+      } else {
+        throw err;
+      }
+    }
+  });
+
+  after(async function () {
+    try {
+      keycloakManager.setConfig({ realmName: testRealm });
+    } catch (err) {
+      // best effort
+    }
+
+    try {
+      if (mapperId && idpCreated) {
+        await keycloakManager.identityProviders.delMapper({ alias: idpAlias, id: mapperId });
+      }
+    } catch (err) {
+      // best effort
+    }
+
+    try {
+      if (idpCreated) {
+        await keycloakManager.identityProviders.del({ alias: idpAlias });
+      }
+    } catch (err) {
+      // best effort
+    }
+
+    try {
+      await keycloakManager.realms.del({ realm: testRealm });
+    } catch (err) {
+      // best effort
+    }
+
+    if (typeof keycloakManager.stop === 'function') {
+      keycloakManager.stop();
+    }
+  });
+
+  it('should list identity providers and find factory', async function () {
+    const providers = await keycloakManager.identityProviders.find();
+    expect(providers).to.be.an('array');
+
+    const factory = await keycloakManager.identityProviders.findFactory({ providerId: 'oidc' });
+    expect(factory).to.exist;
+  });
+
+  it('should create/findOne/update/delete identity provider when supported', async function () {
+    if (!idpCreated) {
+      this.skip();
+      return;
+    }
+
+    const one = await keycloakManager.identityProviders.findOne({ alias: idpAlias });
+    expect(one).to.be.an('object');
+    expect(one.alias).to.equal(idpAlias);
+
+    await keycloakManager.identityProviders.update(
+      { alias: idpAlias },
+      {
+        ...one,
+        displayName: 'Updated OIDC Provider',
+      }
+    );
+
+    const updated = await keycloakManager.identityProviders.findOne({ alias: idpAlias });
+    expect(updated.displayName).to.equal('Updated OIDC Provider');
+
+    const direct = await requestAdmin(
+      keycloakConfig.baseUrl,
+      adminToken,
+      `/admin/realms/${testRealm}/identity-provider/instances/${idpAlias}`
+    );
+    expect(direct.status).to.equal(200);
+    expect(direct.body.alias).to.equal(idpAlias);
+  });
+
+  it('should manage idp mappers when supported', async function () {
+    if (!idpCreated) {
+      this.skip();
+      return;
+    }
+
+    try {
+      const created = await keycloakManager.identityProviders.createMapper({
+        alias: idpAlias,
+        identityProviderMapper: {
+          name: mapperName,
+          identityProviderAlias: idpAlias,
+          identityProviderMapper: 'oidc-user-attribute-idp-mapper',
+          config: {
+            'claim': 'email',
+            'user.attribute': 'email',
+            'syncMode': 'INHERIT',
+          },
+        },
+      });
+
+      mapperId = created.id;
+      expect(mapperId).to.exist;
+
+      const mappers = await keycloakManager.identityProviders.findMappers({ alias: idpAlias });
+      expect(mappers).to.be.an('array');
+
+      const one = await keycloakManager.identityProviders.findOneMapper({ alias: idpAlias, id: mapperId });
+      expect(one).to.be.an('object');
+      expect(one.name).to.equal(mapperName);
+
+      await keycloakManager.identityProviders.updateMapper(
+        { alias: idpAlias, id: mapperId },
+        {
+          ...one,
+          name: `${mapperName}-updated`,
+        }
+      );
+
+      const updated = await keycloakManager.identityProviders.findOneMapper({ alias: idpAlias, id: mapperId });
+      expect(updated.name).to.equal(`${mapperName}-updated`);
+
+      await keycloakManager.identityProviders.delMapper({ alias: idpAlias, id: mapperId });
+      mapperId = null;
+    } catch (err) {
+      if (shouldSkipFeature(err)) {
+        this.skip();
+        return;
+      }
+      throw err;
+    }
+  });
+
+});

package/test/specs/realms.test.js

@@ -0,0 +1,390 @@
+const path = require('path');
+const http = require('http');
+const https = require('https');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const keycloakManager = require('keycloak-api-manager');
+
+async function expectReject(promise, message) {
+  try {
+    await promise;
+    throw new Error(message || 'Expected promise to reject');
+  } catch (err) {
+    expect(err).to.be.instanceOf(Error);
+  }
+}
+
+function requestAdmin(baseUrl, token, apiPath, method = 'GET', body) {
+  const url = new URL(apiPath, baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+  const payload = body ? JSON.stringify(body) : null;
+
+  const options = {
+    method,
+    headers: {
+      Accept: 'application/json',
+      Authorization: `Bearer ${token}`,
+      ...(payload ? { 'Content-Type': 'application/json' } : {}),
+    },
+  };
+
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        let parsed = data;
+        try {
+          parsed = data ? JSON.parse(data) : null;
+        } catch (err) {
+          parsed = data;
+        }
+        resolve({ status: res.statusCode, body: parsed });
+      });
+    });
+
+    req.on('error', reject);
+    if (payload) {
+      req.write(payload);
+    }
+    req.end();
+  });
+}
+
+describe('Realms Handler', function () {
+  this.timeout(30000);
+
+  const keycloakConfig = (conf && conf.keycloak) || {};
+  const testRealm = `test-realm-${Date.now()}`;
+  const testGroupName = `test-group-${Date.now()}`;
+  const locale = 'en';
+  const localizationKey = `test-key-${Date.now()}`;
+  let initialAccessTokenId = null;
+  let groupId = null;
+  let adminBaseUrl = null;
+  let accessToken = null;
+  let tempRealmForDelete = null;
+
+  before(async function () {
+    await keycloakManager.configure({
+      baseUrl: keycloakConfig.baseUrl,
+      realmName: keycloakConfig.realmName,
+      clientId: keycloakConfig.clientId,
+      clientSecret: keycloakConfig.clientSecret,
+      username: keycloakConfig.username,
+      password: keycloakConfig.password,
+      grantType: keycloakConfig.grantType,
+      tokenLifeSpan: keycloakConfig.tokenLifeSpan,
+      scope: keycloakConfig.scope,
+    });
+
+    adminBaseUrl = keycloakConfig.baseUrl;
+    accessToken = keycloakManager.getToken().accessToken;
+
+    await keycloakManager.realms.create({
+      realm: testRealm,
+      enabled: true,
+    });
+
+    const group = await keycloakManager.groups.create({
+      realm: testRealm,
+      name: testGroupName,
+    });
+    groupId = group.id;
+  });
+
+  after(async function () {
+    try {
+      if (initialAccessTokenId) {
+        await keycloakManager.realms.delClientsInitialAccess({
+          realm: testRealm,
+          id: initialAccessTokenId,
+        });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    try {
+      await keycloakManager.realms.del({ realm: testRealm });
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    try {
+      if (tempRealmForDelete) {
+        await keycloakManager.realms.del({ realm: tempRealmForDelete });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+
+    if (typeof keycloakManager.stop === 'function') {
+      keycloakManager.stop();
+    }
+  });
+
+  it('should find all realms', async function () {
+    const realms = await keycloakManager.realms.find();
+    expect(realms).to.be.an('array');
+  });
+
+  it('should create realm and verify via admin API', async function () {
+    const tempRealm = `create-realm-${Date.now()}`;
+    await keycloakManager.realms.create({
+      realm: tempRealm,
+      enabled: true,
+    });
+
+    const response = await requestAdmin(
+      adminBaseUrl,
+      accessToken,
+      `/admin/realms/${tempRealm}`
+    );
+    expect(response.status).to.equal(200);
+    expect(response.body.realm).to.equal(tempRealm);
+
+    tempRealmForDelete = tempRealm;
+  });
+
+  it('should find realm by name', async function () {
+    const realm = await keycloakManager.realms.findOne({ realm: testRealm });
+    expect(realm).to.be.an('object');
+    expect(realm.realm).to.equal(testRealm);
+  });
+
+  it('should update realm', async function () {
+    const displayName = `Updated-${Date.now()}`;
+    await keycloakManager.realms.update(
+      { realm: testRealm },
+      { displayName }
+    );
+
+    const updated = await keycloakManager.realms.findOne({ realm: testRealm });
+    expect(updated.displayName).to.equal(displayName);
+
+    const response = await requestAdmin(
+      adminBaseUrl,
+      accessToken,
+      `/admin/realms/${testRealm}`
+    );
+    expect(response.status).to.equal(200);
+    expect(response.body.displayName).to.equal(displayName);
+  });
+
+  it('should export realm configuration', async function () {
+    const exported = await keycloakManager.realms.export({
+      realm: testRealm,
+      exportClients: false,
+      exportGroupsAndRoles: false,
+    });
+    expect(exported).to.be.an('object');
+  });
+
+  it('should perform partial import', async function () {
+    const result = await keycloakManager.realms.partialImport({
+      realm: testRealm,
+      ifResourceExists: 'SKIP',
+      rep: {
+        realm: testRealm,
+        users: [],
+        roles: { realm: [] },
+        groups: [],
+      },
+    });
+    expect(result).to.be.an('object');
+  });
+
+  it('should get client registration policy providers', async function () {
+    const providers = await keycloakManager.realms.getClientRegistrationPolicyProviders({
+      realm: testRealm,
+    });
+    expect(providers).to.be.an('array');
+  });
+
+  it('should manage initial access tokens', async function () {
+    const created = await keycloakManager.realms.createClientsInitialAccess(
+      { realm: testRealm },
+      { count: 1, expiration: 3600 }
+    );
+
+    expect(created).to.be.an('object');
+    expect(created.id).to.exist;
+    initialAccessTokenId = created.id;
+
+    const tokens = await keycloakManager.realms.getClientsInitialAccess({
+      realm: testRealm,
+    });
+    expect(tokens).to.be.an('array');
+
+    await keycloakManager.realms.delClientsInitialAccess({
+      realm: testRealm,
+      id: initialAccessTokenId,
+    });
+    initialAccessTokenId = null;
+  });
+
+  it('should manage default groups and group paths', async function () {
+    await keycloakManager.realms.addDefaultGroup({
+      realm: testRealm,
+      id: groupId,
+    });
+
+    const defaults = await keycloakManager.realms.getDefaultGroups({
+      realm: testRealm,
+    });
+    expect(defaults).to.be.an('array');
+
+    const groupByPath = await keycloakManager.realms.getGroupByPath({
+      realm: testRealm,
+      path: `/${testGroupName}`,
+    });
+    expect(groupByPath).to.be.an('object');
+
+    await keycloakManager.realms.removeDefaultGroup({
+      realm: testRealm,
+      id: groupId,
+    });
+  });
+
+  it('should manage event configuration and events', async function () {
+    const config = await keycloakManager.realms.getConfigEvents({
+      realm: testRealm,
+    });
+    expect(config).to.be.an('object');
+
+    await keycloakManager.realms.updateConfigEvents(
+      { realm: testRealm },
+      {
+        eventsEnabled: true,
+        adminEventsEnabled: true,
+        adminEventsDetailsEnabled: true,
+        eventsListeners: ['jboss-logging'],
+      }
+    );
+
+    const events = await keycloakManager.realms.findEvents({
+      realm: testRealm,
+      max: 5,
+    });
+    expect(events).to.be.an('array');
+
+    const adminEvents = await keycloakManager.realms.findAdminEvents({
+      realm: testRealm,
+      max: 5,
+    });
+    expect(adminEvents).to.be.an('array');
+
+    await keycloakManager.realms.clearEvents({ realm: testRealm });
+    await keycloakManager.realms.clearAdminEvents({ realm: testRealm });
+  });
+
+  it('should read realm keys and session stats', async function () {
+    const keys = await keycloakManager.realms.getKeys({ realm: testRealm });
+    expect(keys).to.be.an('object');
+
+    const stats = await keycloakManager.realms.getClientSessionStats({
+      realm: testRealm,
+    });
+    expect(stats).to.be.an('array');
+  });
+
+  it('should push revocation and logout all', async function () {
+    await keycloakManager.realms.pushRevocation({ realm: testRealm });
+    await keycloakManager.realms.logoutAll({ realm: testRealm });
+  });
+
+  it('should manage localization texts', async function () {
+    await keycloakManager.realms.addLocalization(
+      {
+        realm: testRealm,
+        selectedLocale: locale,
+        key: localizationKey,
+      },
+      'Test Value'
+    );
+
+    const texts = await keycloakManager.realms.getRealmLocalizationTexts({
+      realm: testRealm,
+      selectedLocale: locale,
+    });
+    expect(texts).to.be.an('object');
+    expect(texts[localizationKey]).to.equal('Test Value');
+
+    const locales = await keycloakManager.realms.getRealmSpecificLocales({
+      realm: testRealm,
+      selectedLocale: locale,
+    });
+    expect(locales).to.be.an('array');
+
+    await keycloakManager.realms.deleteRealmLocalizationTexts({
+      realm: testRealm,
+      selectedLocale: locale,
+      key: localizationKey,
+    });
+  });
+
+  it('should return errors for invalid LDAP/SMTP configs', async function () {
+    await expectReject(
+      keycloakManager.realms.testLDAPConnection(
+        { realm: testRealm },
+        {
+          action: 'testConnection',
+          connectionUrl: 'ldap://invalid-host:389',
+          bindDn: 'cn=admin,dc=example,dc=org',
+          bindCredential: 'invalid',
+        }
+      ),
+      'LDAP connection should fail'
+    );
+
+    await expectReject(
+      keycloakManager.realms.ldapServerCapabilities(
+        { realm: testRealm },
+        {
+          action: 'testConnection',
+          connectionUrl: 'ldap://invalid-host:389',
+          bindDn: 'cn=admin,dc=example,dc=org',
+          bindCredential: 'invalid',
+        }
+      ),
+      'LDAP capabilities should fail'
+    );
+
+    await expectReject(
+      keycloakManager.realms.testSMTPConnection(
+        { realm: testRealm },
+        {
+          from: 'noreply@example.com',
+          host: 'smtp.invalid',
+          port: 25,
+          auth: 'true',
+          user: 'invalid',
+          password: 'invalid',
+        }
+      ),
+      'SMTP connection should fail'
+    );
+  });
+
+  it('should delete realm and verify via admin API', async function () {
+    if (!tempRealmForDelete) {
+      this.skip();
+    }
+
+    await keycloakManager.realms.del({ realm: tempRealmForDelete });
+    const response = await requestAdmin(
+      adminBaseUrl,
+      accessToken,
+      `/admin/realms/${tempRealmForDelete}`
+    );
+    expect(response.status).to.equal(404);
+    tempRealmForDelete = null;
+  });
+});