keycloak-developers

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
index 8aaaf0b..667538d 100644
--- a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractBrokerTest.java
@@ -3,7 +3,6 @@ package org.keycloak.testsuite.broker;
 import org.hamcrest.MatcherAssert;
 import org.hamcrest.Matchers;
 import org.jboss.arquillian.drone.api.annotation.Drone;
-import org.junit.Before;
 import org.junit.Test;
 
 import org.keycloak.admin.client.resource.IdentityProviderResource;
@@ -42,77 +41,21 @@ import org.openqa.selenium.WebElement;
 
 import javax.ws.rs.core.Response;
 
-import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.hasItems;
 import static org.hamcrest.Matchers.not;
 import static org.junit.Assert.assertThat;
 import static org.keycloak.testsuite.broker.BrokerTestTools.*;
 
-public abstract class AbstractBrokerTest extends AbstractBaseBrokerTest {
+public abstract class AbstractBrokerTest extends AbstractInitializedBaseBrokerTest {
 
     public static final String ROLE_USER = "user";
     public static final String ROLE_MANAGER = "manager";
     public static final String ROLE_FRIENDLY_MANAGER = "friendly-manager";
 
-    protected IdentityProviderResource identityProviderResource;
-
     @Drone
     @SecondBrowser
     protected WebDriver driver2;
 
-    @Before
-    public void beforeBrokerTest() {
-        log.debug("creating user for realm " + bc.providerRealmName());
-
-        UserRepresentation user = new UserRepresentation();
-        user.setUsername(bc.getUserLogin());
-        user.setEmail(bc.getUserEmail());
-        user.setEmailVerified(true);
-        user.setEnabled(true);
-
-        RealmResource realmResource = adminClient.realm(bc.providerRealmName());
-        userId = createUserWithAdminClient(realmResource, user);
-
-        resetUserPassword(realmResource.users().get(userId), bc.getUserPassword(), false);
-
-        if (testContext.isInitialized()) {
-            if (identityProviderResource == null) {
-                identityProviderResource = (IdentityProviderResource) testContext.getCustomValue("identityProviderResource");
-            }
-            return;
-        }
-
-        log.debug("adding identity provider to realm " + bc.consumerRealmName());
-        RealmResource realm = adminClient.realm(bc.consumerRealmName());
-        realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)).close();
-        identityProviderResource = realm.identityProviders().get(bc.getIDPAlias());
-        testContext.setCustomValue("identityProviderResource", identityProviderResource);
-
-        // addClients
-        List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
-        if (clients != null) {
-            RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
-            for (ClientRepresentation client : clients) {
-                log.debug("adding client " + client.getClientId()+ " to realm " + bc.providerRealmName());
-
-                providerRealm.clients().create(client).close();
-            }
-        }
-
-        clients = bc.createConsumerClients(suiteContext);
-        if (clients != null) {
-            RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
-            for (ClientRepresentation client : clients) {
-                log.debug("adding client " + client.getClientId() + " to realm " + bc.consumerRealmName());
-
-                consumerRealm.clients().create(client).close();
-            }
-        }
-
-        testContext.setInitialized(true);
-    }
-
-
     @Test
     public void testLogInAsUserInIDP() {
         loginUser();

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractInitializedBaseBrokerTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractInitializedBaseBrokerTest.java
new file mode 100644
index 0000000..d0afd8d
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/AbstractInitializedBaseBrokerTest.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2019 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.broker;
+
+import org.junit.Before;
+
+import org.keycloak.admin.client.resource.IdentityProviderResource;
+import org.keycloak.admin.client.resource.RealmResource;
+import org.keycloak.representations.idm.ClientRepresentation;
+import org.keycloak.representations.idm.UserRepresentation;
+import java.util.List;
+import static org.keycloak.testsuite.admin.ApiUtil.createUserWithAdminClient;
+import static org.keycloak.testsuite.admin.ApiUtil.resetUserPassword;
+
+/**
+ * @author Stan Silvert ssilvert@redhat.com (C) 2019 Red Hat Inc.
+ */
+public abstract class AbstractInitializedBaseBrokerTest extends AbstractBaseBrokerTest {
+
+    protected IdentityProviderResource identityProviderResource;
+
+    @Before
+    public void beforeBrokerTest() {
+        log.debug("creating user for realm " + bc.providerRealmName());
+
+        UserRepresentation user = new UserRepresentation();
+        user.setUsername(bc.getUserLogin());
+        user.setEmail(bc.getUserEmail());
+        user.setEmailVerified(true);
+        user.setEnabled(true);
+
+        RealmResource realmResource = adminClient.realm(bc.providerRealmName());
+        userId = createUserWithAdminClient(realmResource, user);
+
+        resetUserPassword(realmResource.users().get(userId), bc.getUserPassword(), false);
+
+        if (testContext.isInitialized()) {
+            if (identityProviderResource == null) {
+                identityProviderResource = (IdentityProviderResource) testContext.getCustomValue("identityProviderResource");
+            }
+            return;
+        }
+
+        log.debug("adding identity provider to realm " + bc.consumerRealmName());
+        RealmResource realm = adminClient.realm(bc.consumerRealmName());
+        realm.identityProviders().create(bc.setUpIdentityProvider(suiteContext)).close();
+        identityProviderResource = realm.identityProviders().get(bc.getIDPAlias());
+        testContext.setCustomValue("identityProviderResource", identityProviderResource);
+
+        // addClients
+        List<ClientRepresentation> clients = bc.createProviderClients(suiteContext);
+        if (clients != null) {
+            RealmResource providerRealm = adminClient.realm(bc.providerRealmName());
+            for (ClientRepresentation client : clients) {
+                log.debug("adding client " + client.getClientId()+ " to realm " + bc.providerRealmName());
+
+                providerRealm.clients().create(client).close();
+            }
+        }
+
+        clients = bc.createConsumerClients(suiteContext);
+        if (clients != null) {
+            RealmResource consumerRealm = adminClient.realm(bc.consumerRealmName());
+            for (ClientRepresentation client : clients) {
+                log.debug("adding client " + client.getClientId() + " to realm " + bc.consumerRealmName());
+
+                consumerRealm.clients().create(client).close();
+            }
+        }
+
+        testContext.setInitialized(true);
+    }
+
+}
\ No newline at end of file

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerHiddenIdpHintTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerHiddenIdpHintTest.java
new file mode 100644
index 0000000..cf01ebb
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerHiddenIdpHintTest.java
@@ -0,0 +1,73 @@
+/*
+ * Copyright 2019 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.broker;
+
+import java.util.Map;
+import org.junit.Test;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
+import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
+
+import org.keycloak.testsuite.Assert;
+import org.keycloak.testsuite.arquillian.SuiteContext;
+import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_ALIAS;
+import static org.keycloak.testsuite.broker.BrokerTestConstants.IDP_OIDC_PROVIDER_ID;
+import static org.keycloak.testsuite.broker.BrokerTestTools.createIdentityProvider;
+
+/**
+ * Migrated from old testsuite.  Previous version by Pedro Igor.
+ * 
+ * @author Stan Silvert ssilvert@redhat.com (C) 2019 Red Hat Inc.
+ * @author pedroigor
+ */
+public class KcOidcBrokerHiddenIdpHintTest extends AbstractInitializedBaseBrokerTest {
+
+    @Override
+    protected BrokerConfiguration getBrokerConfiguration() {
+        return new KcOidcHiddenBrokerConfiguration();
+    }
+    
+    private class KcOidcHiddenBrokerConfiguration extends KcOidcBrokerConfiguration {
+        
+        @Override
+        public IdentityProviderRepresentation setUpIdentityProvider(SuiteContext suiteContext) {
+            IdentityProviderRepresentation idp = createIdentityProvider(IDP_OIDC_ALIAS, IDP_OIDC_PROVIDER_ID);
+
+            Map<String, String> config = idp.getConfig();
+            applyDefaultConfiguration(suiteContext, config);
+            config.put("hideOnLoginPage", "true");
+            return idp;
+        }
+    }
+
+    @Test
+    public void testSuccessfulRedirectToProviderHiddenOnLoginPage() {
+        driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
+        waitForPage(driver, "log in to", true);
+        String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
+        driver.navigate().to(url);
+        waitForPage(driver, "log in to", true);
+        Assert.assertTrue("Driver should be on the provider realm page right now",
+                driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
+
+        log.debug("Logging in");
+        accountLoginPage.login(bc.getUserLogin(), bc.getUserPassword());
+        
+        // authenticated and redirected to app
+        Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
+    }
+        
+}
\ No newline at end of file

diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerIdpHintTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerIdpHintTest.java
new file mode 100644
index 0000000..63c0f87
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/broker/KcOidcBrokerIdpHintTest.java
@@ -0,0 +1,91 @@
+/*
+ * Copyright 2019 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.testsuite.broker;
+
+import org.junit.Test;
+import static org.keycloak.testsuite.broker.BrokerTestTools.waitForPage;
+
+import org.keycloak.testsuite.Assert;
+
+/**
+ * Migrated from old testsuite.  Previous version by Pedro Igor.
+ * 
+ * @author Stan Silvert ssilvert@redhat.com (C) 2019 Red Hat Inc.
+ * @author pedroigor
+ */
+public class KcOidcBrokerIdpHintTest extends AbstractInitializedBaseBrokerTest {
+
+    @Override
+    protected BrokerConfiguration getBrokerConfiguration() {
+        return new KcOidcBrokerConfiguration();
+    }
+
+    @Test
+    public void testSuccessfulRedirect() {
+        driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
+        waitForPage(driver, "log in to", true);
+        String url = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();
+        driver.navigate().to(url);
+        waitForPage(driver, "log in to", true);
+        Assert.assertTrue("Driver should be on the provider realm page right now",
+                driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
+
+        log.debug("Logging in");
+        accountLoginPage.login(bc.getUserLogin(), bc.getUserPassword());
+        
+        // authenticated and redirected to app
+        Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
+    }
+    
+    // KEYCLOAK-5260
+    @Test
+    public void testSuccessfulRedirectToProviderAfterLoginPageShown() {
+        driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
+        waitForPage(driver, "log in to", true);
+        
+        String urlWithHint = driver.getCurrentUrl() + "&kc_idp_hint=" + bc.getIDPAlias();        
+        driver.navigate().to(urlWithHint);
+        waitForPage(driver, "log in to", true);
+        Assert.assertTrue("Driver should be on the provider realm page right now",
+                driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
+        
+        // do the same thing a second time
+        driver.navigate().to(urlWithHint);
+        waitForPage(driver, "log in to", true);
+        Assert.assertTrue("Driver should be on the provider realm page right now",
+                driver.getCurrentUrl().contains("/auth/realms/" + bc.providerRealmName() + "/"));
+        
+        // redirect shouldn't happen
+        driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
+        waitForPage(driver, "log in to", true);
+        Assert.assertTrue("Driver should be on the consumer realm page",
+                driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
+    }
+    
+        @Test
+    public void testInvalidIdentityProviderHint() {
+        driver.navigate().to(getAccountUrl(bc.consumerRealmName()));
+        waitForPage(driver, "log in to", true);
+        String url = driver.getCurrentUrl() + "&kc_idp_hint=bogus-idp";
+        driver.navigate().to(url);
+        waitForPage(driver, "log in to", true);
+        
+        // Still on consumer login page
+        Assert.assertTrue(driver.getCurrentUrl().contains("/auth/realms/" + bc.consumerRealmName() + "/"));
+    }
+    
+}
\ No newline at end of file

diff --git a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
index acd524b..a364d87 100755
--- a/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
+++ b/testsuite/integration-deprecated/src/test/java/org/keycloak/testsuite/broker/AbstractFirstBrokerLoginTest.java
@@ -276,37 +276,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractIdentityProvi
      * Tests that duplication is detected and user wants to link federatedIdentity with existing account. He will confirm link by email
      */
     @Test
-    public void testLinkAccountByEmailVerification() throws Exception {
-        setUpdateProfileFirstLogin(IdentityProviderRepresentation.UPFLM_OFF);
-
-        loginIDP("pedroigor");
-
-        this.idpConfirmLinkPage.assertCurrent();
-        Assert.assertEquals("User with email psilva@redhat.com already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
-        this.idpConfirmLinkPage.clickLinkAccount();
-
-        // Confirm linking account by email
-        this.idpLinkEmailPage.assertCurrent();
-        Assert.assertEquals("An email with instructions to link " + ObjectUtil.capitalize(getProviderId()) + " account pedroigor with your " + APP_REALM_ID + " account has been sent to you.", this.idpLinkEmailPage.getMessage());
-
-        Assert.assertEquals(1, greenMail.getReceivedMessages().length);
-        MimeMessage message = greenMail.getReceivedMessages()[0];
-        String linkFromMail = getVerificationEmailLink(message);
-
-        driver.navigate().to(linkFromMail.trim());
-
-        // authenticated and redirected to app. User is linked with identity provider
-        assertFederatedUser("pedroigor", "psilva@redhat.com", "pedroigor");
-
-        // Assert user's email is verified now
-        UserModel user = getFederatedUser();
-        Assert.assertTrue(user.isEmailVerified());
-    }
-
-    /**
-     * Tests that duplication is detected and user wants to link federatedIdentity with existing account. He will confirm link by email
-     */
-    @Test
     public void testLinkAccountByEmailVerificationTwice() throws Exception {
         setUpdateProfileFirstLogin(IdentityProviderRepresentation.UPFLM_OFF);
 
@@ -355,61 +324,6 @@ public abstract class AbstractFirstBrokerLoginTest extends AbstractIdentityProvi
         Assert.assertThat(infoPage.getInfo(), startsWith("You successfully verified your email. Please go back to your original browser and continue there with the login."));
     }
 
-    /**
-     * Tests that duplication is detected and user wants to link federatedIdentity with existing account. He will confirm link by email
-     */
-    @Test
-    public void testLinkAccountByEmailVerificationDifferentBrowser() throws Exception, Throwable {
-        setUpdateProfileFirstLogin(IdentityProviderRepresentation.UPFLM_OFF);
-
-        loginIDP("pedroigor");
-
-        this.idpConfirmLinkPage.assertCurrent();
-        Assert.assertEquals("User with email psilva@redhat.com already exists. How do you want to continue?", this.idpConfirmLinkPage.getMessage());
-        this.idpConfirmLinkPage.clickLinkAccount();
-
-        // Confirm linking account by email
-        this.idpLinkEmailPage.assertCurrent();
-        Assert.assertThat(
-          this.idpLinkEmailPage.getMessage(),
-          is("An email with instructions to link " + ObjectUtil.capitalize(getProviderId()) + " account pedroigor with your " + APP_REALM_ID + " account has been sent to you.")
-        );
-
-        Assert.assertEquals(1, greenMail.getReceivedMessages().length);
-        MimeMessage message = greenMail.getReceivedMessages()[0];
-        String linkFromMail = getVerificationEmailLink(message);
-
-        WebRule webRule2 = new WebRule(this);
-        try {
-            webRule2.initProperties();
-
-            WebDriver driver2 = webRule2.getDriver();
-            InfoPage infoPage2 = webRule2.getPage(InfoPage.class);
-            ProceedPage proceedPage2 = webRule2.getPage(ProceedPage.class);
-
-            driver2.navigate().to(linkFromMail.trim());
-
-            // authenticated, but not redirected to app. Just seeing info page.
-            proceedPage2.assertCurrent();
-            Assert.assertThat(proceedPage2.getInfo(), Matchers.containsString("Confirm linking the account"));
-            proceedPage2.clickProceedLink();
-            infoPage2.assertCurrent();
-            Assert.assertThat(infoPage2.getInfo(), startsWith("You successfully verified your email. Please go back to your original browser and continue there with the login."));
-        } finally {
-            // Revert everything
-            webRule2.after();
-        }
-
-        this.idpLinkEmailPage.clickContinueFlowLink();
-
-        // authenticated and redirected to app. User is linked with identity provider
-        assertFederatedUser("pedroigor", "psilva@redhat.com", "pedroigor");
-
-        // Assert user's email is verified now
-        UserModel user = getFederatedUser();
-        Assert.assertTrue(user.isEmailVerified());
-    }
-
     @Test
     public void testLinkAccountByEmailVerificationResendEmail() throws Exception, Throwable {
         setUpdateProfileFirstLogin(IdentityProviderRepresentation.UPFLM_OFF);