Expand test suite to include MailPassRestResource tests

a7698ea0 · Ira ¯\_(ツ)_/¯ · 7f1b0411 · a7698ea0 · a7698ea0
Verified Commit a7698ea0 authored 4 years ago by $Ira ¯\_(ツ)_/¯'s avatar$ Ira ¯\_(ツ)_/¯
--- a/roles/keycloak/files/providers/keycloak-mailpass-rest/src/integrationTest/java/org/archlinux/keycloak/mailpass/rest/MailPassRestResourceIntegrationTest.java
+++ b/roles/keycloak/files/providers/keycloak-mailpass-rest/src/integrationTest/java/org/archlinux/keycloak/mailpass/rest/MailPassRestResourceIntegrationTest.java
+package org.archlinux.keycloak.mailpass.rest;
+
+import com.palantir.docker.compose.DockerComposeRule;
+import com.palantir.docker.compose.connection.waiting.HealthChecks;
+
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+
+import io.restassured.http.ContentType;
+import io.restassured.response.Response;
+
+import static io.restassured.RestAssured.given;
+import static org.junit.Assert.assertEquals;
+
+import java.text.MessageFormat;
+
+public class MailPassRestResourceIntegrationTest {
+        private final static String ROOT_URI = "http://localhost:{0,number,#}/auth/realms/master/mailpass/roleauth";
+        private final static String ALT_URI = "http://localhost:{0,number,#}/auth/realms/develop/mailpass/roleauth";
+        private final static String TOKEN_GEN_URI = "http://localhost:{0,number,#}/auth/realms/master/protocol/openid-connect/token";
+
+        private static String testToken;
+        private static int port;
+
+        @ClassRule
+        public static DockerComposeRule docker = DockerComposeRule.builder()
+                        .file("src/integrationTest/resources/docker-compose.yml")
+                        .waitingForService("keycloak", HealthChecks.toRespondOverHttp(8080,
+                                        (port) -> port.inFormat("http://$HOST:$EXTERNAL_PORT/auth/realms/master")))
+                        .build();
+
+        @BeforeClass
+        public static void setup() {
+                port = docker.containers().container("keycloak").port(8080).getExternalPort();
+
+                Response response = given().accept(ContentType.JSON).contentType(ContentType.URLENC)
+                                .body("grant_type=password&username=test&password=test&client_id=admin-cli")
+                                .post(MessageFormat.format(TOKEN_GEN_URI, port));
+
+                testToken = response.jsonPath().getString("access_token");
+        }
+
+        @Test
+        public void testInvalidRoleReturnsForbidden403() {
+
+                Response response = given().header("Authorization", "Bearer " + testToken).contentType(ContentType.JSON)
+                                .body("{ \"password\": \"password\" }").when()
+                                .post(MessageFormat.format(ROOT_URI, port) + "/compute-password-hash");
+                assertEquals(403, response.getStatusCode());
+        }
+
+        @Test
+        public void testInvalidRoleMessage() {
+
+                Response response = given().header("Authorization", "Bearer " + testToken).contentType(ContentType.JSON)
+                                .body("{ \"password\": \"password\" }").when()
+                                .post(MessageFormat.format(ROOT_URI, port) + "/compute-password-hash");
+
+                String error = response.jsonPath().getString("error");
+
+                assertEquals("Does not have realm admin role", error);
+        }
+
+        @Test
+        public void testInvalidRealmReturnsForbidden403() {
+
+                Response response = given().header("Authorization", "Bearer " + testToken).contentType(ContentType.JSON)
+                                .body("{ \"password\": \"password\" }").when()
+                                .post(MessageFormat.format(ALT_URI, port) + "/compute-password-hash");
+                assertEquals(403, response.getStatusCode());
+        }
+
+        @Test
+        public void testInvalidRealmMessage() {
+
+                Response response = given().header("Authorization", "Bearer " + testToken).contentType(ContentType.JSON)
+                                .body("{ \"password\": \"password\" }").when()
+                                .post(MessageFormat.format(ALT_URI, port) + "/compute-password-hash");
+
+                String error = response.jsonPath().getString("error");
+
+                assertEquals("Operation not allowed on this realm", error);
+        }
+
+}
--- a/roles/keycloak/files/providers/keycloak-mailpass-rest/src/main/java/org/archlinux/keycloak/mailpass/rest/MailPassRestResource.java
+++ b/roles/keycloak/files/providers/keycloak-mailpass-rest/src/main/java/org/archlinux/keycloak/mailpass/rest/MailPassRestResource.java
@@ -38,7 +38,7 @@ public class MailPassRestResource {
  private void checkRealm() {
    String requestedRealm = session.getContext().getRealm().getName();
    if (!requestedRealm.equals(realmName)) {
-      throw new ForbiddenException("Operation not allowed on this realm: " + requestedRealm);
+      throw new ForbiddenException("Operation not allowed on this realm");
    }
  }