Negative token expiration when changing client session max lifetime k…

…eycloak#24936 Signed-off-by: Douglas Palmer <dpalmer@redhat.com>
douglaspalmer · Feb 15, 2024 · e8b9365 · e8b9365
1 parent bb12f3f
commit e8b9365
Showing 1 changed file with 46 additions and 0 deletions.
diff --git a/...on-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/...on-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
@@ -20,6 +20,7 @@
 import com.gargoylesoftware.htmlunit.WebClient;
 import java.io.Closeable;
 import org.hamcrest.CoreMatchers;
+import org.jboss.arquillian.drone.api.annotation.Drone;
 import org.jboss.arquillian.drone.webdriver.htmlunit.DroneHtmlUnitDriver;
 import org.jboss.arquillian.graphene.page.Page;
 import org.junit.Assert;
@@ -62,6 +63,7 @@
 import org.keycloak.testsuite.AssertEvents;
 import org.keycloak.testsuite.admin.ApiUtil;
 import org.keycloak.testsuite.arquillian.undertow.lb.SimpleUndertowLoadBalancer;
+import org.keycloak.testsuite.drone.Different;
 import org.keycloak.testsuite.oidc.AbstractOIDCScopeTest;
 import org.keycloak.testsuite.pages.LoginPage;
 import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
@@ -87,6 +89,8 @@
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.UriBuilder;
+import org.openqa.selenium.WebDriver;
+
 import java.net.URI;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
@@ -130,6 +134,10 @@ public void beforeAbstractKeycloakTest() throws Exception {
         super.beforeAbstractKeycloakTest();
     }
 
+    @Drone
+    @Different
+    protected WebDriver driver2;
+
     @Before
     public void clientConfiguration() {
         ClientManager.realm(adminClient.realm("test")).clientId("test-app").directAccessGrant(true);
@@ -1635,6 +1643,44 @@ public void testClientSessionMaxLifespan() throws Exception {
         }
     }
 
+    @Test
+    public void testChangingMaxClientSessionLifespan() {
+        ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");
+        ClientRepresentation clientRepresentation = client.toRepresentation();
+
+        RealmResource realm = adminClient.realm("test");
+        RealmRepresentation rep = realm.toRepresentation();
+        Integer originalSsoSessionMaxLifespan = rep.getSsoSessionMaxLifespan();
+        Integer originalClientSessionMaxLifespan = rep.getClientSessionMaxLifespan();
+
+        try {
+            oauth.doLogin("test-user@localhost", "password");
+            String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+            OAuthClient.AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+            assertEquals(200, response.getStatusCode());
+            assertTrue(response.getRefreshExpiresIn() > 0);
+
+            rep.setClientSessionMaxLifespan(60);
+            realm.update(rep);
+
+            setTimeOffset(60);
+
+            OAuthClient oauth2 = new OAuthClient();
+            oauth2.init(driver2);
+            oauth2.doLogin("test-user@localhost", "password");
+            code = oauth2.getCurrentQuery().get(OAuth2Constants.CODE);
+            response = oauth2.doAccessTokenRequest(code, "password");
+            assertEquals(200, response.getStatusCode());
+            assertTrue(response.getRefreshExpiresIn() > 0);
+        } finally {
+            rep.setSsoSessionMaxLifespan(originalSsoSessionMaxLifespan);
+            rep.setClientSessionMaxLifespan(originalClientSessionMaxLifespan);
+            realm.update(rep);
+            clientRepresentation.getAttributes().put(OIDCConfigAttributes.CLIENT_SESSION_MAX_LIFESPAN, null);
+            client.update(clientRepresentation);
+        }
+    }
+
     @Test
     public void testClientSessionIdleTimeout() throws Exception {
         ClientResource client = ApiUtil.findClientByClientId(adminClient.realm("test"), "test-app");