keycloak-api-manager 4.0.1 → 5.0.0

package/test/specs/matrix/matrix-users-roles-groups.test.js

@@ -0,0 +1,68 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', '..', 'config');
+
+const keycloakManager = require('keycloak-api-manager');
+const { TEST_REALM } = require('../../testConfig');
+const { loadMatrix, uniqueName } = require('../../helpers/matrix');
+
+describe('Matrix - Users, Roles, Groups', function () {
+  this.timeout(30000);
+
+  const matrix = loadMatrix('users-roles-groups');
+
+  before(function () {
+    keycloakManager.setConfig({ realmName: TEST_REALM });
+  });
+
+  matrix.cases.forEach((testCase) => {
+    it(`user-role-group case: ${testCase.name}`, async function () {
+      const roleName = uniqueName(`matrix-role-${testCase.name}`);
+      const groupName = uniqueName(`matrix-group-${testCase.name}`);
+      const username = uniqueName(`matrix-user-${testCase.name}`);
+      const email = `${username}@example.test`;
+
+      await keycloakManager.roles.create({
+        name: roleName,
+        description: `Role for ${testCase.name}`,
+      });
+
+      const group = await keycloakManager.groups.create({
+        name: groupName,
+        attributes: { description: ['Matrix group'] },
+      });
+
+      const user = await keycloakManager.users.create({
+        username,
+        email,
+        enabled: testCase.user.enabled,
+        emailVerified: testCase.user.emailVerified,
+        firstName: 'Matrix',
+        lastName: 'User',
+      });
+
+      await keycloakManager.users.addToGroup({
+        id: user.id,
+        groupId: group.id,
+      });
+
+      const role = await keycloakManager.roles.findOneByName({ name: roleName });
+      await keycloakManager.users.addRealmRoleMappings({
+        id: user.id,
+        roles: [role],
+      });
+
+      const userGroups = await keycloakManager.users.listGroups({ id: user.id });
+      expect(userGroups.map((g) => g.id)).to.include(group.id);
+
+      const roleMappings = await keycloakManager.users.listRealmRoleMappings({ id: user.id });
+      expect(roleMappings.map((r) => r.name)).to.include(roleName);
+
+      await keycloakManager.users.del({ id: user.id });
+      await keycloakManager.groups.del({ id: group.id });
+      await keycloakManager.roles.delByName({ name: roleName });
+    });
+  });
+});

package/test/specs/organizations.test.js

@@ -0,0 +1,183 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const KeycloakManager = require('../../index');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+
+const config = {
+    baseUrl: conf.keycloak.baseUrl,
+    realmName: conf.keycloak.realmName,
+    clientId: conf.keycloak.clientId,
+    clientSecret: conf.keycloak.clientSecret,
+    grantType: conf.keycloak.grantType,
+    username: conf.keycloak.username,
+    password: conf.keycloak.password,
+    tokenLifeSpan: conf.keycloak.tokenLifeSpan
+};
+
+/**
+ * Integration tests for Organizations Handler
+ * Tests organization CRUD, members, identity providers (Keycloak 25+)
+ */
+describe('Organizations Handler Tests', function () {
+    this.timeout(10000);
+
+    const testOrgData = {
+        name: `test-org-${Date.now()}`,
+        domains: [],
+        attributes: {
+            customAttr: ['value1']
+        }
+    };
+
+    let createdOrgId;
+    let testUserId;
+
+    before(async function () {
+        await KeycloakManager.configure(config);
+        
+        // Switch to test realm for operations
+        KeycloakManager.setConfig({ realmName: TEST_REALM });
+        
+        // Create a test user for member operations in test realm
+        const userResult = await KeycloakManager.users.create({
+            username: `org-test-user-${Date.now()}`,
+            email: 'orguser@test.com',
+            enabled: true
+        });
+        testUserId = userResult.id;
+    });
+
+    after(async function () {
+        // Clean up
+        if (createdOrgId) {
+            try {
+                await KeycloakManager.organizations.del({ id: createdOrgId });
+            } catch (e) {
+                // Org might already be deleted
+            }
+        }
+        if (testUserId) {
+            try {
+                await KeycloakManager.users.del({ id: testUserId });
+            } catch (e) {
+                // User might already be deleted
+            }
+        }
+        KeycloakManager.stop();
+    });
+
+    describe('Organization CRUD Operations', function () {
+        it('should create an organization', async function () {
+            const result = await KeycloakManager.organizations.create(testOrgData);
+            expect(result).to.have.property('id');
+            createdOrgId = result.id;
+        });
+
+        it('should find all organizations', async function () {
+            if (!createdOrgId) this.skip();
+            
+            const orgs = await KeycloakManager.organizations.find({});
+            expect(orgs).to.be.an('array');
+            expect(orgs.length).to.be.greaterThan(0);
+        });
+
+        it('should find one organization by ID', async function () {
+            if (!createdOrgId) this.skip();
+            
+            const org = await KeycloakManager.organizations.findOne({ id: createdOrgId });
+            expect(org).to.have.property('id', createdOrgId);
+            expect(org).to.have.property('name', testOrgData.name);
+        });
+
+        it('should update an organization', async function () {
+            if (!createdOrgId) this.skip();
+            
+            const updatedData = {
+                attributes: {
+                    customAttr: ['updatedValue']
+                }
+            };
+            
+            await KeycloakManager.organizations.update({ id: createdOrgId }, updatedData);
+            
+            const org = await KeycloakManager.organizations.findOne({ id: createdOrgId });
+            expect(org.attributes.customAttr).to.deep.equal(['updatedValue']);
+        });
+    });
+
+    describe('Organization Members', function () {
+        it('should add a member to organization', async function () {
+            if (!createdOrgId || !testUserId) this.skip();
+            
+            await KeycloakManager.organizations.addMember({
+                id: createdOrgId,
+                userId: testUserId
+            });
+            
+            expect(true).to.be.true;
+        });
+
+        it('should list organization members', async function () {
+            if (!createdOrgId) this.skip();
+            
+            const members = await KeycloakManager.organizations.listMembers({
+                id: createdOrgId
+            });
+            
+            expect(members).to.be.an('array');
+        });
+
+        it('should remove a member from organization', async function () {
+            if (!createdOrgId || !testUserId) this.skip();
+            
+            await KeycloakManager.organizations.delMember({
+                id: createdOrgId,
+                userId: testUserId
+            });
+            
+            expect(true).to.be.true;
+        });
+    });
+
+    describe('Organization Identity Providers', function () {
+        it('should list identity providers for organization', async function () {
+            if (!createdOrgId) this.skip();
+            
+            try {
+                const idps = await KeycloakManager.organizations.listIdentityProviders({
+                    id: createdOrgId
+                });
+                
+                expect(idps).to.be.an('array');
+            } catch (error) {
+                // Method might not be available
+                if (error.response?.status === 404) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+    });
+
+    describe('Organization Deletion', function () {
+        it('should delete an organization', async function () {
+            if (!createdOrgId) this.skip();
+            
+            await KeycloakManager.organizations.del({ id: createdOrgId });
+            
+            try {
+                await KeycloakManager.organizations.findOne({ id: createdOrgId });
+                throw new Error('Organization should have been deleted');
+            } catch (error) {
+                expect(error.response?.status).to.equal(404);
+            }
+            
+            createdOrgId = null; // Prevent cleanup attempt
+        });
+    });
+});

package/test/specs/serverInfo.test.js

@@ -0,0 +1,140 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const KeycloakManager = require('../../index');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+
+const config = {
+    baseUrl: conf.keycloak.baseUrl,
+    realmName: conf.keycloak.realmName,
+    clientId: conf.keycloak.clientId,
+    clientSecret: conf.keycloak.clientSecret,
+    grantType: conf.keycloak.grantType,
+    username: conf.keycloak.username,
+    password: conf.keycloak.password,
+    tokenLifeSpan: conf.keycloak.tokenLifeSpan
+};
+
+/**
+ * Integration tests for Server Info Handler
+ * Tests server information and metadata retrieval
+ */
+describe('Server Info Handler Tests', function () {
+    this.timeout(10000);
+
+    before(async function () {
+        await KeycloakManager.configure(config);
+    });
+
+    after(async function () {
+        KeycloakManager.stop();
+    });
+
+    describe('Server Information', function () {
+        let serverInfo;
+
+        it('should get comprehensive server information', async function () {
+            serverInfo = await KeycloakManager.serverInfo.getInfo();
+            
+            expect(serverInfo).to.exist;
+            expect(serverInfo).to.be.an('object');
+        });
+
+        it('should contain system information', async function () {
+            if (!serverInfo) this.skip();
+            
+            expect(serverInfo).to.have.property('systemInfo');
+            expect(serverInfo.systemInfo).to.be.an('object');
+            
+            // System info typically includes version, uptime, etc.
+            if (serverInfo.systemInfo.version) {
+                expect(serverInfo.systemInfo.version).to.be.a('string');
+            }
+        });
+
+        it('should contain memory information', async function () {
+            if (!serverInfo) this.skip();
+            
+            expect(serverInfo).to.have.property('memoryInfo');
+            expect(serverInfo.memoryInfo).to.be.an('object');
+        });
+
+        it('should contain profile information', async function () {
+            if (!serverInfo) this.skip();
+            
+            expect(serverInfo).to.have.property('profileInfo');
+            expect(serverInfo.profileInfo).to.be.an('object');
+        });
+
+        it('should contain available themes', async function () {
+            if (!serverInfo) this.skip();
+            
+            expect(serverInfo).to.have.property('themes');
+            expect(serverInfo.themes).to.be.an('object');
+            
+            // Themes should include login, account, admin, etc.
+            const themeTypes = Object.keys(serverInfo.themes);
+            expect(themeTypes.length).to.be.greaterThan(0);
+        });
+
+        it('should contain available providers', async function () {
+            if (!serverInfo) this.skip();
+            
+            expect(serverInfo).to.have.property('providers');
+            expect(serverInfo.providers).to.be.an('object');
+            
+            // Providers should include various SPIs
+            const providerTypes = Object.keys(serverInfo.providers);
+            expect(providerTypes.length).to.be.greaterThan(0);
+        });
+
+        it('should contain protocol mapper types', async function () {
+            if (!serverInfo) this.skip();
+            
+            expect(serverInfo).to.have.property('protocolMapperTypes');
+            expect(serverInfo.protocolMapperTypes).to.be.an('object');
+        });
+
+        it('should contain component types', async function () {
+            if (!serverInfo) this.skip();
+            
+            if (serverInfo.componentTypes) {
+                expect(serverInfo.componentTypes).to.be.an('object');
+            }
+        });
+
+        it('should contain password policies', async function () {
+            if (!serverInfo) this.skip();
+            
+            if (serverInfo.passwordPolicies) {
+                expect(serverInfo.passwordPolicies).to.be.an('array');
+            }
+        });
+
+        it('should contain enums', async function () {
+            if (!serverInfo) this.skip();
+            
+            if (serverInfo.enums) {
+                expect(serverInfo.enums).to.be.an('object');
+            }
+        });
+
+        it('should verify specific provider categories exist', async function () {
+            if (!serverInfo || !serverInfo.providers) this.skip();
+            
+            const providers = serverInfo.providers;
+            
+            // Check for common provider categories
+            // Note: These may vary by Keycloak version
+            const commonProviders = ['login-protocol', 'realm-cache', 'user-storage'];
+            const foundProviders = commonProviders.filter(p => providers[p]);
+            
+            // At least some common providers should exist
+            expect(foundProviders.length).to.be.greaterThan(0);
+        });
+    });
+});

package/test/specs/userProfile.test.js

@@ -0,0 +1,135 @@
+const path = require('path');
+const { expect } = require('chai');
+
+process.env.NODE_ENV = process.env.NODE_ENV || 'test';
+process.env.PROPERTIES_PATH = path.join(__dirname, '..', 'config');
+
+const { conf } = require('propertiesmanager');
+const KeycloakManager = require('../../index');
+const { TEST_REALM, generateUniqueName } = require('../testConfig');
+
+const config = {
+    baseUrl: conf.keycloak.baseUrl,
+    realmName: conf.keycloak.realmName,
+    clientId: conf.keycloak.clientId,
+    clientSecret: conf.keycloak.clientSecret,
+    grantType: conf.keycloak.grantType,
+    username: conf.keycloak.username,
+    password: conf.keycloak.password,
+    tokenLifeSpan: conf.keycloak.tokenLifeSpan
+};
+
+/**
+ * Integration tests for User Profile Handler
+ * Tests user profile configuration and metadata (Keycloak 15+)
+ */
+describe('User Profile Handler Tests', function () {
+    this.timeout(10000);
+
+    before(async function () {
+        await KeycloakManager.configure(config);
+    });
+
+    after(async function () {
+        KeycloakManager.stop();
+    });
+
+    describe('User Profile Configuration', function () {
+        let originalConfig;
+
+        it('should get user profile configuration', async function () {
+            try {
+                const profileConfig = await KeycloakManager.userProfile.getConfiguration({});
+                
+                expect(profileConfig).to.exist;
+                expect(profileConfig).to.have.property('attributes');
+                expect(profileConfig.attributes).to.be.an('array');
+                
+                // Save original config for restoration
+                originalConfig = profileConfig;
+            } catch (error) {
+                // User Profile API only available in Keycloak 15+
+                if (error.response?.status === 404 || error.message?.includes('getProfile')) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+
+        it('should verify standard attributes exist in profile', async function () {
+            if (!originalConfig) this.skip();
+            
+            const attributeNames = originalConfig.attributes.map(attr => attr.name);
+            
+            // Standard attributes that should exist
+            expect(attributeNames).to.include('username');
+            expect(attributeNames).to.include('email');
+        });
+
+        it('should update user profile configuration', async function () {
+            if (!originalConfig) this.skip();
+            if (!originalConfig.attributes || !Array.isArray(originalConfig.attributes)) this.skip();
+            
+            // Add a custom attribute to the configuration
+            const updatedConfig = JSON.parse(JSON.stringify(originalConfig));
+            
+            // Check if test attribute already exists
+            const testAttrIndex = updatedConfig.attributes.findIndex(
+                attr => attr.name === 'testCustomAttribute'
+            );
+            
+            if (testAttrIndex === -1) {
+                // Add new test attribute
+                updatedConfig.attributes.push({
+                    name: 'testCustomAttribute',
+                    displayName: 'Test Custom Attribute',
+                    validations: {},
+                    permissions: {
+                        view: ['admin', 'user'],
+                        edit: ['admin']
+                    },
+                    multivalued: false
+                });
+            }
+
+            try {
+                await KeycloakManager.userProfile.updateConfiguration({}, updatedConfig);
+                
+                // Verify the update
+                const verifyConfig = await KeycloakManager.userProfile.getConfiguration({});
+                const customAttrExists = verifyConfig.attributes.some(
+                    attr => attr.name === 'testCustomAttribute'
+                );
+                
+                expect(customAttrExists).to.be.true;
+                
+                // Restore original configuration
+                await KeycloakManager.userProfile.updateConfiguration({}, originalConfig);
+            } catch (error) {
+                // Restore on error
+                if (originalConfig) {
+                    await KeycloakManager.userProfile.updateConfiguration({}, originalConfig);
+                }
+                throw error;
+            }
+        });
+    });
+
+    describe('User Profile Metadata', function () {
+        it('should get user profile metadata', async function () {
+            try {
+                const metadata = await KeycloakManager.userProfile.getMetadata({});
+                
+                expect(metadata).to.exist;
+                // Metadata typically contains validators, attribute types, etc.
+                // Structure may vary by Keycloak version
+            } catch (error) {
+                // Metadata endpoint might not be available in all versions
+                if (error.response?.status === 404 || error.message?.includes('getProfileMetadata')) {
+                    this.skip();
+                }
+                throw error;
+            }
+        });
+    });
+});

package/test/{enableServerFeatures.js → support/enableServerFeatures.js}

@@ -42,9 +42,9 @@ const path = require('path');
 
 // Ensure NODE_ENV and config path are set before requiring testConfig
 process.env.NODE_ENV = process.env.NODE_ENV || 'test';
-process.env.PROPERTIES_PATH = path.join(__dirname, 'config');
+process.env.PROPERTIES_PATH = path.join(__dirname, '../config');
 
-const keycloakManager = require('../index');
+const keycloakManager = require('../../index');
 const {
     TEST_REALM,
     TEST_CLIENT_ID,
@@ -103,11 +103,21 @@ async function enableServerFeatures() {
                 duplicateEmailsAllowed: false,
                 resetPasswordAllowed: true,
                 editUsernameAllowed: false,
-                bruteForceProtected: false
+                bruteForceProtected: false,
+                organizationsEnabled: true  // Enable Organizations (requires 'organization' feature flag)
             });
             console.log(`   ✓ Test realm created: ${TEST_REALM}`);
         } else {
             console.log(`   ✓ Test realm already exists: ${TEST_REALM}`);
+            // Update existing realm to ensure all required settings are enabled
+            await keycloakManager.realms.update(
+                { realm: TEST_REALM },
+                {
+                    enabled: true,
+                    bruteForceProtected: false,
+                    organizationsEnabled: true
+                }
+            );
         }
 
         // Switch to test realm for all subsequent operations
@@ -201,56 +211,63 @@ async function enableServerFeatures() {
         // 5. Create test group
         console.log('\n5. Setting up test groups...');
         const groups = await keycloakManager.groups.find();
+        let testGroupId;
         if (!groups.some(g => g.name === TEST_GROUP_NAME)) {
-            await keycloakManager.groups.create({
+            const groupResult = await keycloakManager.groups.create({
                 name: TEST_GROUP_NAME,
                 attributes: {
                     description: ['Test group for API testing']
                 }
             });
+            testGroupId = groupResult.id;
             console.log('   ✓ Test group created');
         } else {
+            testGroupId = groups.find(g => g.name === TEST_GROUP_NAME).id;
             console.log('   ✓ Test group already exists');
         }
 
         // 6. Enable fine-grained admin permissions
         console.log('\n6. Enabling fine-grained admin permissions...');
         try {
-            const currentPerms = await keycloakManager.realms.getUsersManagementPermissions({
+            // Enable users management permissions
+            const currentUserPerms = await keycloakManager.realms.getUsersManagementPermissions({
                 realm: TEST_REALM
             });
             
-            if (!currentPerms.enabled) {
+            if (!currentUserPerms.enabled) {
                 await keycloakManager.realms.updateUsersManagementPermissions({
                     realm: TEST_REALM,
                     enabled: true
                 });
-                console.log('   ✓ Fine-grained admin permissions enabled');
+                console.log('   ✓ Users fine-grained admin permissions enabled');
             } else {
-                console.log('   ✓ Fine-grained admin permissions already enabled');
+                console.log('   ✓ Users fine-grained admin permissions already enabled');
             }
-        } catch (err) {
-            console.log(`   ⚠ Fine-grained permissions: ${err.message}`);
-            console.log(`   ℹ This is typically a server configuration setting that requires`);
-            console.log(`     enabling "authorizationServicesEnabled" in realm settings`);
-        }
-
-        // 7. Update realm to enable protocol mappers and installation providers
-        console.log('\n7. Enabling realm features...');
-        try {
-            await keycloakManager.realms.update(
-                { realm: TEST_REALM },
-                {
-                    installationProviders: ['docker-compose', 'docker', 'kubernetes', 'openshift'],
-                    installationProvidersEnabled: true
+            
+            // Enable groups management permissions for the test group
+            if (testGroupId) {
+                try {
+                    const groupPerms = await keycloakManager.groups.listPermissions({ id: testGroupId });
+                    if (!groupPerms.enabled) {
+                        await keycloakManager.groups.setPermissions(
+                            { id: testGroupId },
+                            { enabled: true }
+                        );
+                        console.log('   ✓ Groups fine-grained permissions enabled');
+                    } else {
+                        console.log('   ✓ Groups fine-grained permissions already enabled');
+                    }
+                } catch (groupPermErr) {
+                    console.log(`   ⚠ Groups permissions: ${groupPermErr.message}`);
                 }
-            );
-            console.log('   ✓ Installation providers enabled');
+            }
         } catch (err) {
-            console.log(`   ⚠ Installation providers: ${err.message}`);
+            console.log(`   ⚠ Fine-grained permissions: ${err.message}`);
+            console.log(`   ℹ This feature requires 'admin-fine-grained-authz' to be enabled`);
+            console.log(`     in KC_FEATURES environment variable`);
         }
 
-        // 7. Update realm to enable protocol mappers and installation providers
+        // 7. Realm features requiring server-side configuration
         console.log('\n7. Enabling realm features...');
         try {
             // Note: Some features like installation providers cannot be enabled via API

package/test/{setup.js → support/setup.js}

@@ -31,7 +31,7 @@ const { exec } = require('child_process');
 const path = require('path');
 const fs = require('fs');
 const os = require('os');
-const keycloakManager = require('../index');
+const keycloakManager = require('../../index');
 
 let sshTunnelProcess = null;
 
@@ -92,7 +92,7 @@ before(async function() {
                     console.log(`✓ SSH tunnel created: http://${sshTunnelUrl}\n`);
                     
                     // Update config to use tunnel
-                    const configPath = path.join(__dirname, 'config/local.json');
+                    const configPath = path.join(__dirname, '../config/local.json');
                     let config = {};
                     
                     if (fs.existsSync(configPath)) {
@@ -169,7 +169,7 @@ after(async function() {
         
         // Clean up SSH tunnel config file if it was created
         try {
-            const configPath = path.join(__dirname, 'config/local.json');
+            const configPath = path.join(__dirname, '../config/local.json');
             if (fs.existsSync(configPath)) {
                 const config = JSON.parse(fs.readFileSync(configPath, 'utf8'));
                 // Only delete local.json if it contains SSH tunnel config