keycloak-api-manager 4.0.0 → 5.0.0

package/test/specs/attackDetection.test.js

@@ -0,0 +1,102 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const KeycloakManager = require('../../index');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+
+const config = {
+    baseUrl: conf.keycloak.baseUrl,
+    realmName: conf.keycloak.realmName,
+    clientId: conf.keycloak.clientId,
+    clientSecret: conf.keycloak.clientSecret,
+    grantType: conf.keycloak.grantType,
+    username: conf.keycloak.username,
+    password: conf.keycloak.password,
+    tokenLifeSpan: conf.keycloak.tokenLifeSpan
+};
+
+/**
+ * Integration tests for Attack Detection Handler
+ * Tests brute force detection, login failure management
+ */
+describe('Attack Detection Handler Tests', function () {
+    this.timeout(10000);
+
+    const testUserData = {
+        username: 'test-bruteforce-user',
+        email: 'bruteforce@test.com',
+        enabled: true,
+        credentials: [{ type: 'password', value: 'wrongpassword123', temporary: false }]
+    };
+
+    let createdUserId;
+
+    before(async function () {
+        await KeycloakManager.configure(config);
+        
+        // Create a test user for brute force testing
+        const result = await KeycloakManager.users.create(testUserData);
+        createdUserId = result.id;
+    });
+
+    after(async function () {
+        // Clean up test user
+        if (createdUserId) {
+            await KeycloakManager.users.del({ id: createdUserId });
+        }
+        KeycloakManager.stop();
+    });
+
+    describe('Brute Force Status', function () {
+        it('should get brute force status for user', async function () {
+            try {
+                const status = await KeycloakManager.attackDetection.getUserBruteForceStatus({
+                    id: createdUserId
+                });
+                
+                // Status should exist (even if no failures yet)
+                expect(status).to.exist;
+            } catch (error) {
+                // API might not be available in all Keycloak versions
+                if (error.response?.status === 404) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+
+        it('should clear user login failures', async function () {
+            try {
+                await KeycloakManager.attackDetection.clearUserLoginFailures({
+                    id: createdUserId
+                });
+                // If no error thrown, operation succeeded
+                expect(true).to.be.true;
+            } catch (error) {
+                // API might not be available in all Keycloak versions
+                if (error.response?.status === 404) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+
+        it('should clear all login failures in realm', async function () {
+            try {
+                await KeycloakManager.attackDetection.clearAllLoginFailures({});
+                // If no error thrown, operation succeeded
+                expect(true).to.be.true;
+            } catch (error) {
+                // API might not be available in all Keycloak versions
+                if (error.response?.status === 404) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+    });
+});

package/test/specs/clientCredentials.test.js

@@ -0,0 +1,79 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const keycloakManager = require('keycloak-api-manager');
+const { KEYCLOAK_CONFIG, TEST_CLIENT_ID, TEST_REALM } = require('../testConfig');
+
+function buildConfig(overrides = {}) {
+  return {
+    ...KEYCLOAK_CONFIG,
+    ...overrides,
+  };
+}
+
+describe('Authentication - client_credentials grant', function () {
+  this.timeout(20000);
+
+  let testClientId = null;
+  let testClientSecret = null;
+
+  before(async function () {
+    // Ensure we're using the test realm
+    keycloakManager.setConfig({ realmName: TEST_REALM });
+    
+    const clients = await keycloakManager.clients.find({ clientId: TEST_CLIENT_ID });
+    const testClient = clients.find((client) => client.clientId === TEST_CLIENT_ID);
+
+    if (!testClient) {
+      this.skip();
+      return;
+    }
+
+    testClientId = testClient.clientId;
+    const secret = await keycloakManager.clients.getClientSecret({ id: testClient.id });
+    testClientSecret = secret?.value;
+
+    if (!testClientSecret) {
+      this.skip();
+    }
+  });
+
+  after(async function () {
+    if (!KEYCLOAK_CONFIG?.username || !KEYCLOAK_CONFIG?.password) {
+      return;
+    }
+
+    await keycloakManager.configure(
+      buildConfig({
+        grantType: KEYCLOAK_CONFIG.grantType || 'password',
+        tokenLifeSpan: KEYCLOAK_CONFIG.tokenLifeSpan || 60,
+      })
+    );
+  });
+
+  it('authenticates without refresh token errors', async function () {
+    if (!testClientId || !testClientSecret) {
+      this.skip();
+      return;
+    }
+
+    await keycloakManager.configure(
+      buildConfig({
+        realmName: TEST_REALM,
+        clientId: testClientId,
+        clientSecret: testClientSecret,
+        grantType: 'client_credentials',
+        tokenLifeSpan: 60,
+        username: undefined,
+        password: undefined,
+      })
+    );
+
+    const token = keycloakManager.getToken();
+    expect(token).to.have.property('accessToken');
+    expect(token.accessToken).to.be.a('string').and.to.have.length.greaterThan(0);
+  });
+});

package/test/specs/clientPolicies.test.js

@@ -0,0 +1,162 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const KeycloakManager = require('../../index');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+
+const config = {
+    baseUrl: conf.keycloak.baseUrl,
+    realmName: conf.keycloak.realmName,
+    clientId: conf.keycloak.clientId,
+    clientSecret: conf.keycloak.clientSecret,
+    grantType: conf.keycloak.grantType,
+    username: conf.keycloak.username,
+    password: conf.keycloak.password,
+    tokenLifeSpan: conf.keycloak.tokenLifeSpan
+};
+
+/**
+ * Integration tests for Client Policies Handler
+ * Tests client policies and profiles configuration (Keycloak 12+)
+ */
+describe('Client Policies Handler Tests', function () {
+    this.timeout(10000);
+
+    before(async function () {
+        await KeycloakManager.configure(config);
+    });
+
+    after(async function () {
+        KeycloakManager.stop();
+    });
+
+    describe('Client Policies', function () {
+        let originalPolicies;
+
+        it('should get client policies', async function () {
+            try {
+                const policiesResult = await KeycloakManager.clientPolicies.getPolicies({});
+                
+                expect(policiesResult).to.exist;
+                expect(policiesResult).to.have.property('policies');
+                expect(policiesResult.policies).to.be.an('array');
+                
+                originalPolicies = policiesResult;
+            } catch (error) {
+                // Client Policies API only available in Keycloak 12+
+                if (error.response?.status === 404 || error.message?.includes('clientPolicies')) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+
+        it('should update client policies', async function () {
+            if (!originalPolicies) this.skip();
+            
+            const updatedPolicies = JSON.parse(JSON.stringify(originalPolicies));
+            
+            // Add a test policy if it doesn't exist
+            const testPolicyExists = updatedPolicies.policies.some(
+                p => p.name === 'test-policy'
+            );
+            
+            if (!testPolicyExists) {
+                updatedPolicies.policies.push({
+                    name: 'test-policy',
+                    description: 'Test policy for integration tests',
+                    enabled: false,
+                    conditions: [],
+                    profiles: []
+                });
+            }
+
+            try {
+                await KeycloakManager.clientPolicies.updatePolicies({}, updatedPolicies);
+                
+                // Verify the update
+                const verifyPolicies = await KeycloakManager.clientPolicies.getPolicies({});
+                const testPolicyFound = verifyPolicies.policies.some(
+                    p => p.name === 'test-policy'
+                );
+                
+                expect(testPolicyFound).to.be.true;
+                
+                // Restore original policies
+                await KeycloakManager.clientPolicies.updatePolicies({}, originalPolicies);
+            } catch (error) {
+                // Restore on error
+                if (originalPolicies) {
+                    await KeycloakManager.clientPolicies.updatePolicies({}, originalPolicies);
+                }
+                throw error;
+            }
+        });
+    });
+
+    describe('Client Profiles', function () {
+        let originalProfiles;
+
+        it('should get client profiles', async function () {
+            try {
+                const profilesResult = await KeycloakManager.clientPolicies.getProfiles({});
+                
+                expect(profilesResult).to.exist;
+                expect(profilesResult).to.have.property('profiles');
+                expect(profilesResult.profiles).to.be.an('array');
+                
+                originalProfiles = profilesResult;
+            } catch (error) {
+                // API might not be available
+                if (error.response?.status === 404) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+
+        it('should update client profiles', async function () {
+            if (!originalProfiles) this.skip();
+            
+            const updatedProfiles = JSON.parse(JSON.stringify(originalProfiles));
+            
+            // Add a test profile if it doesn't exist
+            const testProfileExists = updatedProfiles.profiles.some(
+                p => p.name === 'test-profile'
+            );
+            
+            if (!testProfileExists) {
+                updatedProfiles.profiles.push({
+                    name: 'test-profile',
+                    description: 'Test profile for integration tests',
+                    executors: []
+                });
+            }
+
+            try {
+                await KeycloakManager.clientPolicies.updateProfiles({}, updatedProfiles);
+                
+                // Verify the update
+                const verifyProfiles = await KeycloakManager.clientPolicies.getProfiles({});
+                const testProfileFound = verifyProfiles.profiles.some(
+                    p => p.name === 'test-profile'
+                );
+                
+                expect(testProfileFound).to.be.true;
+                
+                // Restore original profiles
+                await KeycloakManager.clientPolicies.updateProfiles({}, originalProfiles);
+            } catch (error) {
+                // Restore on error
+                if (originalProfiles) {
+                    await KeycloakManager.clientPolicies.updateProfiles({}, originalProfiles);
+                }
+                throw error;
+            }
+        });
+    });
+});

package/test/specs/{debugClientLibrary.test.js → diagnostics/debugClientLibrary.test.js}

@@ -4,11 +4,11 @@ const https = require('https');
 const { expect } = require('chai');
 
 process.env.NODE_ENV = process.env.NODE_ENV || 'test';
-process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', '..', 'config');
 
 const { conf } = require('propertiesmanager');
 const keycloakManager = require('keycloak-api-manager');
-const { TEST_REALM } = require('../testConfig');
+const { TEST_REALM } = require('../../testConfig');
 
 describe('Protocol Mappers - Debug Client Library', function () {
   this.timeout(10000);

package/test/specs/groupPermissions.test.js

@@ -0,0 +1,87 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const KeycloakManager = require('../../index');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+
+const config = {
+    baseUrl: conf.keycloak.baseUrl,
+    realmName: conf.keycloak.realmName,
+    clientId: conf.keycloak.clientId,
+    clientSecret: conf.keycloak.clientSecret,
+    grantType: conf.keycloak.grantType,
+    username: conf.keycloak.username,
+    password: conf.keycloak.password,
+    tokenLifeSpan: conf.keycloak.tokenLifeSpan
+};
+
+/**
+ * Integration tests for Group Permissions
+ * Tests new permission management methods added to groupsHandler
+ */
+describe('Group Permissions Tests', function () {
+    this.timeout(10000);
+
+    const testGroupData = {
+        name: `test-permissions-group-${Date.now()}`
+    };
+
+    let createdGroupId;
+
+    before(async function () {
+        await KeycloakManager.configure(config);
+        
+        // Create a test group
+        const result = await KeycloakManager.groups.create(testGroupData);
+        createdGroupId = result.id;
+    });
+
+    after(async function () {
+        // Clean up test group
+        if (createdGroupId) {
+            await KeycloakManager.groups.del({ id: createdGroupId });
+        }
+        KeycloakManager.stop();
+    });
+
+    describe('Group Permission Management', function () {
+        it('should enable permissions for a group', async function () {
+            await KeycloakManager.groups.setPermissions(
+                { id: createdGroupId },
+                { enabled: true }
+            );
+            
+            expect(true).to.be.true;
+        });
+
+        it('should get group permissions', async function () {
+            const permissions = await KeycloakManager.groups.listPermissions({
+                id: createdGroupId
+            });
+            
+            expect(permissions).to.exist;
+            expect(permissions).to.have.property('enabled');
+            expect(permissions.enabled).to.be.true;
+            
+            // Should have resource information when enabled
+            expect(permissions).to.have.property('resource');
+        });
+
+        it('should disable permissions for a group', async function () {
+            await KeycloakManager.groups.setPermissions(
+                { id: createdGroupId },
+                { enabled: false }
+            );
+            
+            const permissions = await KeycloakManager.groups.listPermissions({
+                id: createdGroupId
+            });
+            
+            expect(permissions.enabled).to.be.false;
+        });
+    });
+});

package/test/specs/matrix/matrix-auth.test.js

@@ -0,0 +1,112 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', '..', 'config');
+
+const keycloakManager = require('keycloak-api-manager');
+const { KEYCLOAK_CONFIG, TEST_REALM, TEST_CLIENT_ID, TEST_USER_USERNAME, TEST_USER_PASSWORD } = require('../../testConfig');
+const { loadMatrix } = require('../../helpers/matrix');
+
+function buildConfig(overrides = {}) {
+  return {
+    ...KEYCLOAK_CONFIG,
+    ...overrides,
+  };
+}
+
+describe('Matrix - Authentication', function () {
+  this.timeout(30000);
+
+  const matrix = loadMatrix('auth');
+
+  let clientSecret = null;
+
+  before(async function () {
+    // Ensure we're using the test realm
+    keycloakManager.setConfig({ realmName: TEST_REALM });
+    
+    const clients = await keycloakManager.clients.find({ clientId: TEST_CLIENT_ID });
+    const testClient = clients.find((client) => client.clientId === TEST_CLIENT_ID);
+    if (!testClient) {
+      this.skip();
+      return;
+    }
+
+    const secret = await keycloakManager.clients.getClientSecret({ id: testClient.id });
+    clientSecret = secret?.value || null;
+  });
+
+  after(async function () {
+    await keycloakManager.configure(
+      buildConfig({
+        grantType: KEYCLOAK_CONFIG.grantType || 'password',
+        tokenLifeSpan: KEYCLOAK_CONFIG.tokenLifeSpan || 60,
+      })
+    );
+  });
+
+  matrix.cases.forEach((testCase) => {
+    it(`auth case: ${testCase.name}`, async function () {
+      if (testCase.grantType === 'client_credentials' && !clientSecret) {
+        this.skip();
+        return;
+      }
+
+      if (testCase.grantType === 'refresh_token') {
+        // First obtain a refresh token using password grant
+        await keycloakManager.configure(
+          buildConfig({
+            realmName: TEST_REALM,
+            username: TEST_USER_USERNAME,
+            password: TEST_USER_PASSWORD,
+            grantType: 'password',
+            tokenLifeSpan: 60,
+          })
+        );
+        const token = keycloakManager.getToken();
+        if (!token?.refreshToken) {
+          this.skip();
+          return;
+        }
+
+        await keycloakManager.configure(
+          buildConfig({
+            realmName: TEST_REALM,
+            grantType: 'refresh_token',
+            refreshToken: token.refreshToken,
+            tokenLifeSpan: 60,
+          })
+        );
+      } else if (testCase.grantType === 'client_credentials') {
+        await keycloakManager.configure(
+          buildConfig({
+            realmName: TEST_REALM,
+            clientId: TEST_CLIENT_ID,
+            clientSecret,
+            grantType: 'client_credentials',
+            tokenLifeSpan: 60,
+            username: undefined,
+            password: undefined,
+          })
+        );
+      } else {
+        await keycloakManager.configure(
+          buildConfig({
+            realmName: TEST_REALM,
+            username: TEST_USER_USERNAME,
+            password: TEST_USER_PASSWORD,
+            grantType: testCase.grantType,
+            offlineToken: testCase.offlineToken || false,
+            scope: testCase.scope,
+            tokenLifeSpan: 60,
+          })
+        );
+      }
+
+      const token = keycloakManager.getToken();
+      expect(token).to.have.property('accessToken');
+      expect(token.accessToken).to.be.a('string').and.to.have.length.greaterThan(0);
+    });
+  });
+});

package/test/specs/matrix/matrix-clients.test.js

@@ -0,0 +1,59 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', '..', 'config');
+
+const keycloakManager = require('keycloak-api-manager');
+const { TEST_REALM } = require('../../testConfig');
+const { loadMatrix, uniqueName } = require('../../helpers/matrix');
+
+describe('Matrix - Clients', function () {
+  this.timeout(30000);
+
+  const matrix = loadMatrix('clients');
+
+  before(function () {
+    keycloakManager.setConfig({ realmName: TEST_REALM });
+  });
+
+  matrix.cases.forEach((testCase) => {
+    it(`client case: ${testCase.name}`, async function () {
+      const clientId = uniqueName(`matrix-client-${testCase.name}`);
+
+      const created = await keycloakManager.clients.create({
+        clientId,
+        enabled: true,
+        protocol: 'openid-connect',
+        publicClient: testCase.publicClient,
+        serviceAccountsEnabled: testCase.serviceAccountsEnabled,
+        directAccessGrantsEnabled: testCase.directAccessGrantsEnabled,
+        standardFlowEnabled: testCase.standardFlowEnabled,
+        consentRequired: testCase.consentRequired,
+        redirectUris: ['http://localhost:*'],
+        webOrigins: ['*'],
+      });
+
+      expect(created).to.exist;
+
+      const found = await keycloakManager.clients.find({ clientId });
+      expect(found).to.be.an('array');
+      const stored = found.find((item) => item.clientId === clientId);
+      expect(stored).to.exist;
+
+      await keycloakManager.clients.update(
+        { id: stored.id },
+        {
+          description: `updated-${clientId}`,
+          consentRequired: false,
+        }
+      );
+
+      const updated = await keycloakManager.clients.findOne({ id: stored.id });
+      expect(updated).to.exist;
+      expect(updated.description).to.equal(`updated-${clientId}`);
+
+      await keycloakManager.clients.del({ id: stored.id });
+    });
+  });
+});