Prosoft Git

keycloak-aplcache

KEYCLOAK-2204 Add test to make sure disabled client can't refresh

1/4/2016 10:15:18 AM
Stian Thorgersen

Stian Thorgersen

Commit: e7009ca

Tree: 676ebfe

Parents: eece368

Changes

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java 42(+42 -0)

Details

testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java 42(+42 -0) 

diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
index a69b733..b8002d3 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
@@ -332,6 +332,48 @@ public class RefreshTokenTest {
     }
 
     @Test
+    public void refreshTokenClientDisabled() throws Exception {
+        oauth.doLogin("test-user@localhost", "password");
+
+        Event loginEvent = events.expectLogin().assertEvent();
+
+        String sessionId = loginEvent.getSessionId();
+        String codeId = loginEvent.getDetails().get(Details.CODE_ID);
+
+        String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+
+        AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+        String refreshTokenString = response.getRefreshToken();
+        RefreshToken refreshToken = oauth.verifyRefreshToken(refreshTokenString);
+
+        events.expectCodeToToken(codeId, sessionId).assertEvent();
+
+        try {
+            keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+                @Override
+                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                    appRealm.getClientByClientId(oauth.getClientId()).setEnabled(false);
+                }
+            });
+
+            response = oauth.doRefreshTokenRequest(refreshTokenString, "password");
+
+            assertEquals(400, response.getStatusCode());
+            assertEquals("invalid_client", response.getError());
+
+            events.expectRefresh(refreshToken.getId(), sessionId).user((String) null).session((String) null).clearDetails().error(Errors.CLIENT_DISABLED).assertEvent();
+        } finally {
+            keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+                @Override
+                public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+                    appRealm.getClientByClientId(oauth.getClientId()).setEnabled(true);
+                }
+            });
+
+        }
+    }
+
+    @Test
     public void refreshTokenUserSessionExpired() {
         oauth.doLogin("test-user@localhost", "password");

Bonobo Git Server (6.3.0.632) © 2015 Jakub Chodounský · Official Page · Github