re-enable e2e tests, update SpringBoot to 3.2.4, Keycloak to 22.0.4 (#…

…188) * re-enable e2e tests, update SpringBoot to 3.2.4, Keycloak to 22.0.4 * enable test * update dependencies
adorsys · Apr 9, 2024 · e9f80bc · e9f80bc
1 parent 0f854e8
commit e9f80bc
Show file tree

Hide file tree

Showing 49 changed files with 446 additions and 585 deletions.
diff --git a/dev.docker-compose.yml b/dev.docker-compose.yml
@@ -16,34 +16,38 @@ services:
     networks:
       - sts_network
   post_process:
-    image: adorsys/keycloak-config-cli:5.7.0-21.1.1
+    image: adorsys/keycloak-config-cli:5.12.0-22.0.4
     volumes:
       - ./keycloak-config/dev:/config
     environment:
       KEYCLOAK_PASSWORD: admin123
       KEYCLOAK_USER: admin
-      KEYCLOAK_URL: http://keycloak:8080
+      KEYCLOAK_URL: http://keycloak:8080/
       KEYCLOAK_ADMIN : admin
       KEYCLOAK_ADMIN_PASSWORD : admin123
-      WAIT_TIME_IN_SECONDS : 120
+      KEYCLOAK_AVAILABILITYCHECK_ENABLED: true
+      IMPORT_FILES_LOCATIONS: /config/*
       SPRING_PROFILES_INCLUDE : debug
     command: config-cli
     networks:
       - sts_network
 
   sts-mongo:
-    image: mongo:6.0.8
+    image: mongo:7.0.7
     container_name: sts_mongo
     environment:
       MONGO_INITDB_DATABASE: sts
       MONGO_INITDB_ROOT_USERNAME: root
       MONGO_INITDB_ROOT_PASSWORD: example
     volumes:
-      - "./.docker/sts-mongo:/data/db"
+      - mongodata:/data/db"
     ports:
       - 27017:27017
     networks:
       - sts_network
 
+volumes:
+  mongodata:
+
 networks:
   sts_network:
diff --git a/keycloak-config/dev/test.json b/keycloak-config/dev/test.json
@@ -1435,40 +1435,6 @@
         }
       ]
     },
-    {
-      "id": "92e388d8-f71a-41d7-9388-7a7f9c060c27",
-      "alias": "Authentication Options",
-      "description": "Authentication options.",
-      "providerId": "basic-flow",
-      "topLevel": false,
-      "builtIn": true,
-      "authenticationExecutions": [
-        {
-          "authenticator": "basic-auth",
-          "authenticatorFlow": false,
-          "requirement": "REQUIRED",
-          "priority": 10,
-          "autheticatorFlow": false,
-          "userSetupAllowed": false
-        },
-        {
-          "authenticator": "basic-auth-otp",
-          "authenticatorFlow": false,
-          "requirement": "DISABLED",
-          "priority": 20,
-          "autheticatorFlow": false,
-          "userSetupAllowed": false
-        },
-        {
-          "authenticator": "auth-spnego",
-          "authenticatorFlow": false,
-          "requirement": "DISABLED",
-          "priority": 30,
-          "autheticatorFlow": false,
-          "userSetupAllowed": false
-        }
-      ]
-    },
     {
       "id": "101a3e47-7d5e-4b8a-9c28-815bb9240b4c",
       "alias": "Browser - Conditional OTP",
@@ -1841,32 +1807,6 @@
         }
       ]
     },
-    {
-      "id": "79d82b14-a7fe-4802-9c84-7a9c51b30c79",
-      "alias": "http challenge",
-      "description": "An authentication flow based on challenge-response HTTP Authentication Schemes",
-      "providerId": "basic-flow",
-      "topLevel": true,
-      "builtIn": true,
-      "authenticationExecutions": [
-        {
-          "authenticator": "no-cookie-redirect",
-          "authenticatorFlow": false,
-          "requirement": "REQUIRED",
-          "priority": 10,
-          "autheticatorFlow": false,
-          "userSetupAllowed": false
-        },
-        {
-          "authenticatorFlow": true,
-          "requirement": "REQUIRED",
-          "priority": 20,
-          "autheticatorFlow": true,
-          "flowAlias": "Authentication Options",
-          "userSetupAllowed": false
-        }
-      ]
-    },
     {
       "id": "4ef01e99-8985-4b79-9c28-491606daa56c",
       "alias": "registration",
@@ -2090,7 +2030,7 @@
     "cibaInterval": "5",
     "realmReusableOtpCode": "false"
   },
-  "keycloakVersion": "21.0.2",
+  "keycloakVersion": "22.0.4",
   "userManagedAccessAllowed": false,
   "clientProfiles": {
     "profiles": []

diff --git a/keycloak-storage-provider/Dockerfile b/keycloak-storage-provider/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/keycloak/keycloak:21.0
+FROM quay.io/keycloak/keycloak:22.0.4
 
 COPY docker/root /
 

diff --git a/keycloak-storage-provider/pom.xml b/keycloak-storage-provider/pom.xml
@@ -28,6 +28,10 @@
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-services</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-model-legacy</artifactId>
+        </dependency>
     </dependencies>
 
     <build>

diff --git a/...-provider/src/main/java/de/adorsys/sts/keycloak/auth/CustomDirectAccessAuthenticator.java b/...-provider/src/main/java/de/adorsys/sts/keycloak/auth/CustomDirectAccessAuthenticator.java
@@ -2,14 +2,12 @@
 
 import de.adorsys.sts.keycloak.AuthenticatorUtil;
 import de.adorsys.sts.keycloak.Constants;
+import jakarta.ws.rs.core.Response;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.authenticators.directgrant.ValidatePassword;
-import org.keycloak.credential.CredentialInput;
 import org.keycloak.models.UserCredentialModel;
 
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.Status;
 import java.util.Optional;
 
 public class CustomDirectAccessAuthenticator extends ValidatePassword {
@@ -33,13 +31,12 @@ public void authenticate(AuthenticationFlowContext context) {
         Optional<String> scope = AuthenticatorUtil.readScope(context);
         scope.ifPresent(s -> credentialModel.setNote(Constants.CUSTOM_SCOPE_NOTE_KEY, s));
 
-        boolean valid = context.getSession().userCredentialManager().isValid(context.getRealm(), context.getUser(),
-                new CredentialInput[]{credentialModel});
+        boolean valid = context.getUser().credentialManager().isValid(credentialModel);
 
         if (!valid) {
             context.getEvent().user(context.getUser());
             context.getEvent().error("invalid_user_credentials");
-            Response challengeResponse = this.errorResponse(Status.UNAUTHORIZED.getStatusCode(), "invalid_grant",
+            Response challengeResponse = this.errorResponse(Response.Status.UNAUTHORIZED.getStatusCode(), "invalid_grant",
                     "Invalid user credentials");
             context.failure(AuthenticationFlowError.INVALID_USER, challengeResponse);
         } else {

diff --git a/...orage-provider/src/main/java/de/adorsys/sts/keycloak/auth/CustomUsernamePasswordForm.java b/...orage-provider/src/main/java/de/adorsys/sts/keycloak/auth/CustomUsernamePasswordForm.java
@@ -2,18 +2,17 @@
 
 import de.adorsys.sts.keycloak.AuthenticatorUtil;
 import de.adorsys.sts.keycloak.Constants;
+import jakarta.ws.rs.core.MultivaluedMap;
+import jakarta.ws.rs.core.Response;
 import org.keycloak.authentication.AuthenticationFlowContext;
 import org.keycloak.authentication.AuthenticationFlowError;
 import org.keycloak.authentication.authenticators.browser.UsernamePasswordForm;
 import org.keycloak.credential.CredentialInput;
 import org.keycloak.events.Errors;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
-import org.keycloak.models.credential.PasswordUserCredentialModel;
 import org.keycloak.representations.idm.CredentialRepresentation;
 
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Optional;
@@ -26,17 +25,17 @@ public class CustomUsernamePasswordForm extends UsernamePasswordForm {
      * TODO: Discuss issue with keycloak development team and send a patch.
      */
     @Override
-    public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData) {
+    public boolean validatePassword(AuthenticationFlowContext context, UserModel user, MultivaluedMap<String, String> inputData, boolean clearUser) {
         List<CredentialInput> credentials = new LinkedList<>();
         String password = inputData.getFirst(CredentialRepresentation.PASSWORD);
         // Patched
-        PasswordUserCredentialModel credentialModel = UserCredentialModel.password(password);
+        UserCredentialModel credentialModel = UserCredentialModel.password(password);
 
         Optional<String> scope = AuthenticatorUtil.readScope(context);
         scope.ifPresent(s -> credentialModel.setNote(Constants.CUSTOM_SCOPE_NOTE_KEY, s));
 
         credentials.add(credentialModel);
-        if (password != null && !password.isEmpty() && context.getSession().userCredentialManager().isValid(context.getRealm(), user, credentials)) {
+        if (password != null && !password.isEmpty() && user.credentialManager().isValid(credentials)) {
 
             // copy notes into the user session
             // Hint: it might have been interresting to distinguish between the different type of notes

diff --git a/...rovider/src/main/java/de/adorsys/sts/keycloak/auth/CustomUsernamePasswordFormFactory.java b/...rovider/src/main/java/de/adorsys/sts/keycloak/auth/CustomUsernamePasswordFormFactory.java
@@ -1,6 +1,5 @@
 package de.adorsys.sts.keycloak.auth;
 
-import org.keycloak.OAuth2Constants;
 import org.keycloak.authentication.Authenticator;
 import org.keycloak.authentication.authenticators.browser.UsernamePasswordForm;
 import org.keycloak.authentication.authenticators.browser.UsernamePasswordFormFactory;
@@ -16,13 +15,6 @@ public Authenticator create(KeycloakSession session) {
         return SINGLETON;
     }
 
-    @Override
-    public Authenticator createDisplay(KeycloakSession session, String displayType) {
-        if (displayType == null) return SINGLETON;
-        if (!OAuth2Constants.DISPLAY_CONSOLE.equalsIgnoreCase(displayType)) return null;
-        return UsernamePasswordFormFactory.SINGLETON;
-    }
-
     @Override
     public String getId() {
         return PROVIDER_ID;

diff --git a/keycloak-storage-provider/src/main/java/de/adorsys/sts/keycloak/rest/CustomRestClient.java b/keycloak-storage-provider/src/main/java/de/adorsys/sts/keycloak/rest/CustomRestClient.java
@@ -1,18 +1,14 @@
 package de.adorsys.sts.keycloak.rest;
 
+import jakarta.ws.rs.client.ClientBuilder;
+import jakarta.ws.rs.client.Entity;
+import jakarta.ws.rs.core.Response;
 import org.apache.http.HttpStatus;
 import org.keycloak.services.ServicesLogger;
 
-import javax.ws.rs.client.ClientBuilder;
-import javax.ws.rs.client.Entity;
-import javax.ws.rs.core.GenericType;
-import javax.ws.rs.core.Response;
 import java.util.List;
-import java.util.Map;
-
 
 public class CustomRestClient {
-    private static final GenericType<Map<String, String>> RESPONSE_GENERIC_TYPE = new GenericType<>(Map.class);
 
     public static String loadUserSecrets(
             String url,

diff --git a/...ak-storage-provider/src/main/java/de/adorsys/sts/keycloak/storageprovider/CustomUser.java b/...ak-storage-provider/src/main/java/de/adorsys/sts/keycloak/storageprovider/CustomUser.java
@@ -4,6 +4,7 @@
 import org.keycloak.component.ComponentModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
+import org.keycloak.models.SubjectCredentialManager;
 import org.keycloak.storage.adapter.AbstractUserAdapter;
 
 import java.util.List;
@@ -28,6 +29,11 @@ public String getUsername() {
         return username;
     }
 
+    @Override
+    public SubjectCredentialManager credentialManager() {
+        return this.credentialManager();
+    }
+
     @Override
     public List<String> getAttribute(String name) {
         return EMPTY;

diff --git a/...ider/src/main/java/de/adorsys/sts/keycloak/storageprovider/CustomUserStorageProvider.java b/...ider/src/main/java/de/adorsys/sts/keycloak/storageprovider/CustomUserStorageProvider.java
@@ -6,11 +6,11 @@
 import org.keycloak.component.ComponentModel;
 import org.keycloak.credential.CredentialInput;
 import org.keycloak.credential.CredentialInputValidator;
-import org.keycloak.credential.CredentialModel;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.RealmModel;
 import org.keycloak.models.UserCredentialModel;
 import org.keycloak.models.UserModel;
+import org.keycloak.models.credential.PasswordCredentialModel;
 import org.keycloak.storage.UserStorageProvider;
 import org.keycloak.storage.user.UserLookupProvider;
 
@@ -32,12 +32,12 @@ public class CustomUserStorageProvider implements UserStorageProvider, UserLooku
 
     @Override
     public boolean supportsCredentialType(String s) {
-        return CredentialModel.PASSWORD.equals(s);
+        return PasswordCredentialModel.TYPE.equals(s);
     }
 
     @Override
     public boolean isConfiguredFor(RealmModel realmModel, UserModel userModel, String s) {
-        return CredentialModel.PASSWORD.equals(s);
+        return PasswordCredentialModel.TYPE.equals(s);
     }
 
     @Override
@@ -83,9 +83,9 @@ private String extractUsernameFromId(String id) {
 
 
     @Override
-    public UserModel getUserById(String s, RealmModel realmModel) {
-        String username = extractUsernameFromId(s);
-        return getUserByUsername(realmModel, username);
+    public UserModel getUserById(RealmModel realm, String id) {
+        String username = extractUsernameFromId(id);
+        return getUserByUsername(realm, username);
     }
 
     @Override
@@ -98,18 +98,8 @@ public UserModel getUserByUsername(RealmModel realmModel, String s) {
                 .build();
     }
 
-    @Override
-    public UserModel getUserByUsername(String s, RealmModel realmModel) {
-        return null;
-    }
-
     @Override
     public UserModel getUserByEmail(RealmModel realmModel, String s) {
         return null;
     }
-
-    @Override
-    public UserModel getUserByEmail(String s, RealmModel realmModel) {
-        return null;
-    }
 }