npm - keycloak-api-manager - Versions diffs - 3.2.1 → 4.0.1 - Mend

keycloak-api-manager 3.2.1 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/.env.example +27 -0
package/Handlers/clientsHandler.js +240 -30
package/Handlers/groupsHandler.js +16 -1
package/Handlers/httpApiHelper.js +87 -0
package/Handlers/realmsHandler.js +26 -4
package/Handlers/usersHandler.js +43 -10
package/README.md +341 -10
package/index.js +159 -29
package/package.json +3 -14
package/test/.mocharc.json +4 -0
package/test/TESTING.md +327 -0
package/test/config/CONFIGURATION.md +170 -0
package/test/config/default.json +36 -0
package/test/config/local.json.example +7 -0
package/test/config/secrets.json.example +7 -0
package/test/diagnostic-protocol-mappers.js +189 -0
package/test/docker-keycloak/DEPLOYMENT_GUIDE.md +262 -0
package/test/docker-keycloak/certs/.gitkeep +7 -0
package/test/docker-keycloak/docker-compose-https.yml +50 -0
package/test/docker-keycloak/docker-compose.yml +59 -0
package/test/docker-keycloak/setup-keycloak.js +501 -0
package/test/enableServerFeatures.js +315 -0
package/test/helpers/config.js +218 -0
package/test/helpers/docker-helpers.js +513 -0
package/test/helpers/setup.js +186 -0
package/test/package.json +18 -0
package/test/setup.js +194 -0
package/test/specs/authenticationManagement.test.js +224 -0
package/test/specs/clientCredentials.test.js +76 -0
package/test/specs/clientScopes.test.js +388 -0
package/test/specs/clients.test.js +791 -0
package/test/specs/components.test.js +151 -0
package/test/specs/debugClientLibrary.test.js +88 -0
package/test/specs/groups.test.js +362 -0
package/test/specs/identityProviders.test.js +292 -0
package/test/specs/realms.test.js +390 -0
package/test/specs/roles.test.js +322 -0
package/test/specs/users.test.js +445 -0
package/test/testConfig.js +69 -0
package/.mocharc.json +0 -7
package/docker-compose.yml +0 -27
package/test/authenticationManagement.test.js +0 -329
package/test/clientScopes.test.js +0 -256
package/test/clients.test.js +0 -284
package/test/components.test.js +0 -122
package/test/config.js +0 -137
package/test/docker-helpers.js +0 -111
package/test/groups.test.js +0 -284
package/test/identityProviders.test.js +0 -197
package/test/mocha.env.js +0 -55
package/test/realms.test.js +0 -349
package/test/roles.test.js +0 -215
package/test/users.test.js +0 -405

package/test/specs/users.test.js ADDED Viewed

@@ -0,0 +1,445 @@
+const path = require('path');
+const http = require('http');
+const https = require('https');
+const { expect } = require('chai');
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+const { conf } = require('propertiesmanager');
+const keycloakManager = require('keycloak-api-manager');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+function requestAdmin(baseUrl, token, apiPath, method = 'GET', body) {
+  const url = new URL(apiPath, baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+  const payload = body ? JSON.stringify(body) : null;
+  const options = {
+    method,
+    headers: {
+      Accept: 'application/json',
+      Authorization: `Bearer ${token}`,
+      ...(payload ? { 'Content-Type': 'application/json' } : {}),
+    },
+  };
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        let parsed = data;
+        try {
+          parsed = data ? JSON.parse(data) : null;
+        } catch (err) {
+          parsed = data;
+        }
+        resolve({ status: res.statusCode, body: parsed });
+      });
+    });
+    req.on('error', reject);
+    if (payload) {
+      req.write(payload);
+    }
+    req.end();
+  });
+}
+async function getAdminToken(baseUrl, username, password) {
+  const url = new URL('/realms/master/protocol/openid-connect/token', baseUrl);
+  const transport = url.protocol === 'https:' ? https : http;
+  const params = new URLSearchParams({
+    grant_type: 'password',
+    client_id: 'admin-cli',
+    username,
+    password,
+  });
+  const options = {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/x-www-form-urlencoded',
+    },
+  };
+  return new Promise((resolve, reject) => {
+    const req = transport.request(url, options, (res) => {
+      let data = '';
+      res.on('data', (chunk) => {
+        data += chunk;
+      });
+      res.on('end', () => {
+        if (res.statusCode === 200) {
+          const parsed = JSON.parse(data);
+          resolve(parsed.access_token);
+        } else {
+          reject(new Error(`HTTP ${res.statusCode}: ${data}`));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.write(params.toString());
+    req.end();
+  });
+}
+function shouldSkipFeature(err) {
+  if (!err || !err.message) {
+    return false;
+  }
+  const text = err.message.toLowerCase();
+  return (
+    text.includes('feature not enabled') ||
+    text.includes('not enabled') ||
+    text.includes('not supported') ||
+    text.includes('http 404') ||
+    text.includes('unknown_error')
+  );
+}
+describe('Users Handler', function () {
+  this.timeout(60000);
+  const keycloakConfig = (conf && conf.keycloak) || {};
+  const testUserName = generateUniqueName('users-test');
+  const testEmail = `${testUserName}@example.com`;
+  const testPassword = 'UsersTest!123';
+  const testGroupName = generateUniqueName('users-group');
+  const testRealmRoleName = generateUniqueName('users-realm-role');
+  const testClientId = generateUniqueName('users-client');
+  const testClientRoleName = generateUniqueName('users-client-role');
+  let adminToken = null;
+  let userId = null;
+  let groupId = null;
+  let realmRole = null;
+  let client = null;
+  let clientRole = null;
+  before(async function () {
+    await keycloakManager.configure({
+      baseUrl: keycloakConfig.baseUrl,
+      realmName: keycloakConfig.realmName,
+      clientId: keycloakConfig.clientId,
+      clientSecret: keycloakConfig.clientSecret,
+      username: keycloakConfig.username,
+      password: keycloakConfig.password,
+      grantType: keycloakConfig.grantType,
+      tokenLifeSpan: keycloakConfig.tokenLifeSpan,
+      scope: keycloakConfig.scope,
+    });
+    adminToken = await getAdminToken(
+      keycloakConfig.baseUrl,
+      keycloakConfig.username,
+      keycloakConfig.password
+    );
+    // Use shared test realm (created by enableServerFeatures)
+    keycloakManager.setConfig({ realmName: TEST_REALM });
+    const createdUser = await keycloakManager.users.create({
+      username: testUserName,
+      email: testEmail,
+      enabled: true,
+      firstName: 'Users',
+      lastName: 'Test',
+    });
+    userId = createdUser.id;
+    await keycloakManager.users.resetPassword({
+      id: userId,
+      credential: {
+        type: 'password',
+        value: testPassword,
+        temporary: false,
+      },
+    });
+    const createdGroup = await keycloakManager.groups.create({
+      name: testGroupName,
+    });
+    groupId = createdGroup.id;
+    await keycloakManager.roles.create({ name: testRealmRoleName });
+    realmRole = await keycloakManager.roles.findOneByName({ name: testRealmRoleName });
+    await keycloakManager.clients.create({
+      clientId: testClientId,
+      name: testClientId,
+      enabled: true,
+      publicClient: false,
+      protocol: 'openid-connect',
+      directAccessGrantsEnabled: true,
+      standardFlowEnabled: true,
+    });
+    const clients = await keycloakManager.clients.find({ clientId: testClientId });
+    client = clients[0];
+    await keycloakManager.clients.createRole({
+      id: client.id,
+      name: testClientRoleName,
+      description: 'Users test client role',
+    });
+    clientRole = await keycloakManager.clients.findRole({
+      id: client.id,
+      roleName: testClientRoleName,
+    });
+  });
+  after(async function () {
+    try {
+      keycloakManager.setConfig({ realmName: TEST_REALM });
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+    try {
+      if (userId) {
+        await keycloakManager.users.del({ id: userId });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+    try {
+      if (client) {
+        await keycloakManager.clients.del({ id: client.id });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+    try {
+      if (realmRole) {
+        await keycloakManager.roles.delByName({ name: realmRole.name });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+    try {
+      if (groupId) {
+        await keycloakManager.groups.del({ id: groupId });
+      }
+    } catch (err) {
+      // Best-effort cleanup.
+    }
+    // Don't delete shared test realm
+    if (typeof keycloakManager.stop === 'function') {
+      keycloakManager.stop();
+    }
+  });
+  it('should find, findOne, count and update users', async function () {
+    const users = await keycloakManager.users.find({ username: testUserName });
+    expect(users).to.be.an('array');
+    expect(users.some((item) => item.id === userId)).to.equal(true);
+    const one = await keycloakManager.users.findOne({ id: userId });
+    expect(one).to.be.an('object');
+    expect(one.username).to.equal(testUserName);
+    const count = await keycloakManager.users.count({ username: testUserName });
+    expect(count).to.be.a('number');
+    expect(count).to.be.greaterThan(0);
+    const newFirstName = `UsersUpdated-${Date.now()}`;
+    await keycloakManager.users.update(
+      { id: userId },
+      { firstName: newFirstName }
+    );
+    const updated = await keycloakManager.users.findOne({ id: userId });
+    expect(updated.firstName).to.equal(newFirstName);
+    const direct = await requestAdmin(
+      keycloakConfig.baseUrl,
+      adminToken,
+      `/admin/realms/${TEST_REALM}/users/${userId}`
+    );
+    expect(direct.status).to.equal(200);
+    expect(direct.body.firstName).to.equal(newFirstName);
+  });
+  it('should manage password and credentials', async function () {
+    const credentials = await keycloakManager.users.getCredentials({ id: userId });
+    expect(credentials).to.be.an('array');
+    const storageTypes = await keycloakManager.users.getUserStorageCredentialTypes({ id: userId });
+    expect(storageTypes).to.be.an('array');
+    if (!credentials.length) {
+      this.skip();
+      return;
+    }
+    const credential = credentials[0];
+    await keycloakManager.users.updateCredentialLabel(
+      { id: userId, credentialId: credential.id },
+      `label-${Date.now()}`
+    );
+  });
+  it('should manage group membership', async function () {
+    await keycloakManager.users.addToGroup({ id: userId, groupId });
+    const groups = await keycloakManager.users.listGroups({ id: userId });
+    expect(groups).to.be.an('array');
+    expect(groups.some((group) => group.id === groupId)).to.equal(true);
+    const count = await keycloakManager.users.countGroups({ id: userId });
+    expect(count).to.be.a('number');
+    expect(count).to.be.greaterThan(0);
+    const direct = await requestAdmin(
+      keycloakConfig.baseUrl,
+      adminToken,
+      `/admin/realms/${TEST_REALM}/users/${userId}/groups`
+    );
+    expect(direct.status).to.equal(200);
+    expect(Array.isArray(direct.body)).to.equal(true);
+    await keycloakManager.users.delFromGroup({ id: userId, groupId });
+    const groupsAfter = await keycloakManager.users.listGroups({ id: userId });
+    expect(groupsAfter.some((group) => group.id === groupId)).to.equal(false);
+  });
+  it('should manage realm role mappings', async function () {
+    await keycloakManager.users.addRealmRoleMappings({
+      id: userId,
+      roles: [{ id: realmRole.id, name: realmRole.name }],
+    });
+    const directRealmRoles = await keycloakManager.users.listRealmRoleMappings({ id: userId });
+    expect(directRealmRoles.some((role) => role.id === realmRole.id)).to.equal(true);
+    const compositeRealmRoles = await keycloakManager.users.listCompositeRealmRoleMappings({ id: userId });
+    expect(compositeRealmRoles).to.be.an('array');
+    const roleMappings = await keycloakManager.users.listRoleMappings({ id: userId });
+    expect(roleMappings).to.be.an('object');
+    const available = await keycloakManager.users.listAvailableRealmRoleMappings({ id: userId });
+    expect(available).to.be.an('array');
+    await keycloakManager.users.delRealmRoleMappings({
+      id: userId,
+      roles: [{ id: realmRole.id, name: realmRole.name }],
+    });
+    const afterDelete = await keycloakManager.users.listRealmRoleMappings({ id: userId });
+    expect(afterDelete.some((role) => role.id === realmRole.id)).to.equal(false);
+  });
+  it('should manage client role mappings', async function () {
+    await keycloakManager.users.addClientRoleMappings({
+      id: userId,
+      clientUniqueId: client.id,
+      roles: [{ id: clientRole.id, name: clientRole.name }],
+    });
+    const roles = await keycloakManager.users.listClientRoleMappings({
+      id: userId,
+      clientUniqueId: client.id,
+    });
+    expect(roles).to.be.an('array');
+    expect(roles.some((role) => role.id === clientRole.id)).to.equal(true);
+    const composite = await keycloakManager.users.listCompositeClientRoleMappings({
+      id: userId,
+      clientUniqueId: client.id,
+    });
+    expect(composite).to.be.an('array');
+    const available = await keycloakManager.users.listAvailableClientRoleMappings({
+      id: userId,
+      clientUniqueId: client.id,
+    });
+    expect(available).to.be.an('array');
+    await keycloakManager.users.delClientRoleMappings({
+      id: userId,
+      clientUniqueId: client.id,
+      roles: [{ id: clientRole.id, name: clientRole.name }],
+    });
+    const rolesAfter = await keycloakManager.users.listClientRoleMappings({
+      id: userId,
+      clientUniqueId: client.id,
+    });
+    expect(rolesAfter.some((role) => role.id === clientRole.id)).to.equal(false);
+  });
+  it('should list sessions and support logout', async function () {
+    const sessions = await keycloakManager.users.listSessions({ id: userId });
+    expect(sessions).to.be.an('array');
+    try {
+      const offlineSessions = await keycloakManager.users.listOfflineSessions({
+        id: userId,
+        clientId: testClientId,
+      });
+      expect(offlineSessions).to.be.an('array');
+    } catch (err) {
+      if (shouldSkipFeature(err)) {
+        this.skip();
+        return;
+      }
+      throw err;
+    }
+    await keycloakManager.users.logout({ id: userId });
+  });
+  it('should support impersonation when enabled', async function () {
+    try {
+      const response = await keycloakManager.users.impersonation({ id: userId });
+      expect(response).to.be.an('object');
+    } catch (err) {
+      if (shouldSkipFeature(err)) {
+        this.skip();
+        return;
+      }
+      throw err;
+    }
+  });
+  it('should list federated identities and handle optional provider linkage', async function () {
+    const identities = await keycloakManager.users.listFederatedIdentities({ id: userId });
+    expect(identities).to.be.an('array');
+    try {
+      await keycloakManager.users.addToFederatedIdentity({
+        id: userId,
+        federatedIdentityId: 'google',
+        federatedIdentity: {
+          identityProvider: 'google',
+          userId: `federated-${Date.now()}`,
+          userName: `federated-${Date.now()}`,
+        },
+      });
+      await keycloakManager.users.delFromFederatedIdentity({
+        id: userId,
+        federatedIdentityId: 'google',
+      });
+    } catch (err) {
+      if (shouldSkipFeature(err)) {
+        this.skip();
+        return;
+      }
+      throw err;
+    }
+  });
+});

package/test/testConfig.js ADDED Viewed

@@ -0,0 +1,69 @@
+const path = require('path');
+// Set up environment for propertiesmanager
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, 'config');
+const { conf } = require('propertiesmanager');
+/**
+ * Shared Test Configuration Module
+ *
+ * This module centralizes all test configuration using propertiesmanager.
+ * It loads configuration from test/config/ directory with the following merge order:
+ *
+ * 1. default.json - Base configuration for all environments
+ * 2. secrets.json - Sensitive credentials (gitignored)
+ * 3. local.json - Developer-specific overrides (gitignored, optional)
+ *
+ * Configuration Structure:
+ * - All files use environment wrappers: { "test": { ... } }
+ * - NODE_ENV determines which section to load (default: "test")
+ * - propertiesmanager automatically merges configs based on NODE_ENV
+ *
+ * Exports:
+ * - KEYCLOAK_CONFIG: Admin connection settings (baseUrl, username, password, etc.)
+ * - TEST_REALM: Name of the shared test realm
+ * - TEST_CLIENT_*: Client configuration for tests
+ * - TEST_USER_*: Test user credentials and details
+ * - TEST_ROLES: Array of role names to create
+ * - TEST_GROUP_NAME: Name of test group
+ * - TEST_CLIENT_SCOPE: Name of test client scope
+ * - generateUniqueName: Helper to create unique resource names
+ *
+ * Usage in tests:
+ *   const { KEYCLOAK_CONFIG, TEST_REALM, TEST_USER_USERNAME } = require('./testConfig');
+ */
+const realmConfig = conf?.realm || {};
+module.exports = {
+    // Keycloak Admin Config (for admin connections)
+    KEYCLOAK_CONFIG: conf?.keycloak || {},
+    // Test Realm Configuration
+    TEST_REALM: realmConfig.name || 'keycloak-api-manager-test-realm',
+    // Test Client Configuration
+    TEST_CLIENT_ID: realmConfig.client?.clientId || 'test-client',
+    TEST_CLIENT_SECRET: realmConfig.client?.clientSecret || 'test-client-secret',
+    // Test User Configuration
+    TEST_USER_USERNAME: realmConfig.user?.username || 'test-user',
+    TEST_USER_PASSWORD: realmConfig.user?.password || 'test-password',
+    TEST_USER_EMAIL: realmConfig.user?.email || 'test-user@test.local',
+    TEST_USER_FIRSTNAME: realmConfig.user?.firstName || 'Test',
+    TEST_USER_LASTNAME: realmConfig.user?.lastName || 'User',
+    // Test Roles
+    TEST_ROLES: realmConfig.roles || ['test-role-1', 'test-role-2', 'test-admin-role'],
+    // Test Group
+    TEST_GROUP_NAME: realmConfig.group?.name || 'test-group',
+    // Test Client Scope
+    TEST_CLIENT_SCOPE: realmConfig.clientScope?.name || 'test-scope',
+    // Helper to generate unique names when needed
+    generateUniqueName: (prefix) => `${prefix}-${Date.now()}`
+};

package/.mocharc.json DELETED Viewed

@@ -1,7 +0,0 @@
-{
-  "require": ["test/mocha.env.js"],
-  "timeout": 15000,
-  "spec": "test/**/*.test.js",
-  "reporter": "spec",
-  "parallel": false
-}

package/docker-compose.yml DELETED Viewed

@@ -1,27 +0,0 @@
-version: '3.8'
-services:
-  keycloak:
-    image: keycloak/keycloak:latest
-    container_name: keycloak-test
-    ports:
-      - "8080:8080"
-    environment:
-      KEYCLOAK_ADMIN: admin
-      KEYCLOAK_ADMIN_PASSWORD: admin
-      KC_DB: dev-mem
-      KC_METRICS_ENABLED: 'false'
-      KC_HEALTH_ENABLED: 'true'
-    command:
-      - start-dev
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8080/health/ready"]
-      interval: 5s
-      timeout: 5s
-      retries: 12
-    networks:
-      - keycloak-network
-networks:
-  keycloak-network:
-    driver: bridge