Fix offline servlets and refactoring

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/page/OfflineToken.java

@@ -6,12 +6,16 @@
 import org.keycloak.representations.RefreshToken;
 import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
 import org.keycloak.util.JsonSerialization;
+import org.openqa.selenium.By;
 import org.openqa.selenium.WebElement;
 import org.openqa.selenium.support.FindBy;
 
 import java.io.IOException;
 import java.net.URL;
 
+import static org.keycloak.testsuite.util.WaitUtils.pause;
+import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
+
 /**
  * @author <a href="mailto:bruno@abstractj.org">Bruno Oliveira</a>.
  */
@@ -56,4 +60,11 @@ public RefreshToken getRefreshToken() {
         }
         return null;
     }
+
+    public void logout() {
+        log.info("Logging out, navigating to: " + getUriBuilder().path("/logout").build().toASCIIString());
+        driver.navigate().to(getUriBuilder().path("/logout").build().toASCIIString());
+        pause(300); // this is needed for FF for some reason
+        waitUntilElement(By.tagName("body")).is().visible();
+    }
 }

testsuite/integration-arquillian/tests/base/src/main/java/org/keycloak/testsuite/adapter/servlet/OfflineTokenServlet.java

@@ -21,8 +21,12 @@
  */
 public class OfflineTokenServlet extends HttpServlet {
 
-    private static final String OFFLINE_CLIENT_APP_URI = "http://localhost:8280/offline-client";
-    private static final String ADAPTER_ROOT_URL = "http://localhost:8180";
+    private static final String OFFLINE_CLIENT_APP_URI = (System.getProperty("app.server.ssl.required", "false").equals("true")) ?
+            System.getProperty("app.server.ssl.base.url", "https://localhost:8643") + "/offline-client" :
+            System.getProperty("app.server.base.url", "http://localhost:8280") + "/offline-client";
+    private static final String ADAPTER_ROOT_URL = (System.getProperty("auth.server.ssl.required", "false").equals("true")) ?
+            System.getProperty("auth.server.ssl.base.url", "https://localhost:8543") :
+            System.getProperty("auth.server.base.url", "http://localhost:8180");
 
     @Override
     protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/servlet/AbstractOfflineServletsAdapterTest.java

@@ -7,7 +7,6 @@
 import org.junit.Rule;
 import org.junit.Test;
 import org.keycloak.OAuth2Constants;
-import org.keycloak.common.util.Time;
 import org.keycloak.events.Details;
 import org.keycloak.events.EventType;
 import org.keycloak.representations.idm.RealmRepresentation;
@@ -19,24 +18,27 @@
 import org.keycloak.testsuite.pages.OAuthGrantPage;
 import org.keycloak.testsuite.util.ClientManager;
 import org.keycloak.util.TokenUtil;
+import org.openqa.selenium.By;
 
 import javax.ws.rs.core.UriBuilder;
 import java.util.List;
 
 import static org.keycloak.testsuite.auth.page.AuthRealm.TEST;
 import static org.keycloak.testsuite.util.IOUtil.loadRealm;
+import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlDoesntStartWith;
+import static org.keycloak.testsuite.util.URLAssert.assertCurrentUrlStartsWith;
+import static org.keycloak.testsuite.util.WaitUtils.pause;
+import static org.keycloak.testsuite.util.WaitUtils.waitUntilElement;
 
 /**
  * @author <a href="mailto:bruno@abstractj.org">Bruno Oliveira</a>.
  */
 public abstract class AbstractOfflineServletsAdapterTest extends AbstractServletsAdapterTest {
 
-    private static final String OFFLINE_CLIENT_APP_URI = "http://localhost:8280/offline-client";
-
     @Rule
     public AssertEvents events = new AssertEvents(this);
     @Page
-    protected OfflineToken offlineToken;
+    protected OfflineToken offlineTokenPage;
     @Page
     protected LoginPage loginPage;
     @Page
@@ -64,107 +66,116 @@ public void addAdapterTestRealms(List<RealmRepresentation> testRealms) {
 
     @Test
     public void testServlet() throws Exception {
-        String servletUri = UriBuilder.fromUri(OFFLINE_CLIENT_APP_URI)
+        String servletUri = UriBuilder.fromUri(offlineTokenPage.toString())
                 .queryParam(OAuth2Constants.SCOPE, OAuth2Constants.OFFLINE_ACCESS)
                 .build().toString();
-        oauth.doLogin("test-user@localhost", "password");
 
         driver.navigate().to(servletUri);
+        waitUntilElement(By.tagName("body")).is().visible();
+
+        loginPage.login("test-user@localhost", "password");
 
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(OFFLINE_CLIENT_APP_URI));
+        assertCurrentUrlStartsWith(offlineTokenPage);
 
-        Assert.assertEquals(offlineToken.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
-        Assert.assertEquals(offlineToken.getRefreshToken().getExpiration(), 0);
+        Assert.assertEquals(offlineTokenPage.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
+        Assert.assertEquals(offlineTokenPage.getRefreshToken().getExpiration(), 0);
 
-        String accessTokenId = offlineToken.getAccessToken().getId();
-        String refreshTokenId = offlineToken.getRefreshToken().getId();
+        String accessTokenId = offlineTokenPage.getAccessToken().getId();
+        String refreshTokenId = offlineTokenPage.getRefreshToken().getId();
 
-        setAdapterTimeOffset(9999);
+        setAdapterAndServerTimeOffset(9999);
 
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(OFFLINE_CLIENT_APP_URI));
-        Assert.assertNotEquals(offlineToken.getRefreshToken().getId(), refreshTokenId);
-        Assert.assertNotEquals(offlineToken.getAccessToken().getId(), accessTokenId);
+        assertCurrentUrlStartsWith(offlineTokenPage);
+        Assert.assertNotEquals(offlineTokenPage.getRefreshToken().getId(), refreshTokenId);
+        Assert.assertNotEquals(offlineTokenPage.getAccessToken().getId(), accessTokenId);
 
         // Ensure that logout works for webapp (even if offline token will be still valid in Keycloak DB)
-        driver.navigate().to(OFFLINE_CLIENT_APP_URI + "/logout");
+        offlineTokenPage.logout();
         loginPage.assertCurrent();
-        driver.navigate().to(OFFLINE_CLIENT_APP_URI);
+        offlineTokenPage.navigateTo();
         loginPage.assertCurrent();
 
-        setAdapterTimeOffset(0);
+        setAdapterAndServerTimeOffset(0);
         events.clear();
     }
 
     @Test
     public void testServletWithRevoke() {
         // Login to servlet first with offline token
-        String servletUri = UriBuilder.fromUri(OFFLINE_CLIENT_APP_URI)
+        String servletUri = UriBuilder.fromUri(offlineTokenPage.toString())
                 .queryParam(OAuth2Constants.SCOPE, OAuth2Constants.OFFLINE_ACCESS)
                 .build().toString();
         driver.navigate().to(servletUri);
+        waitUntilElement(By.tagName("body")).is().visible();
+
         loginPage.login("test-user@localhost", "password");
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(OFFLINE_CLIENT_APP_URI));
+        assertCurrentUrlStartsWith(offlineTokenPage);
 
-        Assert.assertEquals(offlineToken.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
+        Assert.assertEquals(offlineTokenPage.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
 
         // Assert refresh works with increased time
-        setAdapterTimeOffset(9999);
-        driver.navigate().to(OFFLINE_CLIENT_APP_URI);
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(OFFLINE_CLIENT_APP_URI));
-        setAdapterTimeOffset(0);
+        setAdapterAndServerTimeOffset(9999);
+        offlineTokenPage.navigateTo();
+        assertCurrentUrlStartsWith(offlineTokenPage);
+        setAdapterAndServerTimeOffset(0);
 
         events.clear();
 
         // Go to account service and revoke grant
         accountAppPage.open();
+
         List<String> additionalGrants = accountAppPage.getApplications().get("offline-client").getAdditionalGrants();
         Assert.assertEquals(additionalGrants.size(), 1);
         Assert.assertEquals(additionalGrants.get(0), "Offline Token");
         accountAppPage.revokeGrant("offline-client");
+        pause(500);
         Assert.assertEquals(accountAppPage.getApplications().get("offline-client").getAdditionalGrants().size(), 0);
 
         events.expect(EventType.REVOKE_GRANT)
                 .client("account").detail(Details.REVOKED_CLIENT, "offline-client").assertEvent();
 
         // Assert refresh doesn't work now (increase time one more time)
-        setAdapterTimeOffset(9999);
-        driver.navigate().to(OFFLINE_CLIENT_APP_URI);
-        Assert.assertFalse(driver.getCurrentUrl().startsWith(OFFLINE_CLIENT_APP_URI));
+        setAdapterAndServerTimeOffset(9999);
+        offlineTokenPage.navigateTo();
+        assertCurrentUrlDoesntStartWith(offlineTokenPage);
         loginPage.assertCurrent();
-        setAdapterTimeOffset(0);
+        setAdapterAndServerTimeOffset(0);
     }
 
     @Test
     public void testServletWithConsent() {
         ClientManager.realm(adminClient.realm("test")).clientId("offline-client").consentRequired(true);
 
         // Assert grant page doesn't have 'Offline Access' role when offline token is not requested
-        driver.navigate().to(OFFLINE_CLIENT_APP_URI);
+        offlineTokenPage.navigateTo();
         loginPage.login("test-user@localhost", "password");
         oauthGrantPage.assertCurrent();
-        Assert.assertFalse(driver.getPageSource().contains("Offline access"));
+        waitUntilElement(By.xpath("//body")).text().not().contains("Offline access");
         oauthGrantPage.cancel();
 
         // Assert grant page has 'Offline Access' role now
-        String servletUri = UriBuilder.fromUri(OFFLINE_CLIENT_APP_URI)
+        String servletUri = UriBuilder.fromUri(offlineTokenPage.toString())
                 .queryParam(OAuth2Constants.SCOPE, OAuth2Constants.OFFLINE_ACCESS)
                 .build().toString();
         driver.navigate().to(servletUri);
+        waitUntilElement(By.tagName("body")).is().visible();
+
         loginPage.login("test-user@localhost", "password");
         oauthGrantPage.assertCurrent();
-        Assert.assertTrue(driver.getPageSource().contains("Offline access"));
+        waitUntilElement(By.xpath("//body")).text().contains("Offline access");
+
         oauthGrantPage.accept();
 
-        Assert.assertTrue(driver.getCurrentUrl().startsWith(OFFLINE_CLIENT_APP_URI));
-        Assert.assertEquals(offlineToken.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
+        assertCurrentUrlStartsWith(offlineTokenPage);
+        Assert.assertEquals(offlineTokenPage.getRefreshToken().getType(), TokenUtil.TOKEN_TYPE_OFFLINE);
 
         accountAppPage.open();
         AccountApplicationsPage.AppEntry offlineClient = accountAppPage.getApplications().get("offline-client");
         Assert.assertTrue(offlineClient.getRolesGranted().contains("Offline access"));
         Assert.assertTrue(offlineClient.getAdditionalGrants().contains("Offline Token"));
 
         //This was necessary to be introduced, otherwise other testcases will fail
-        driver.navigate().to(OFFLINE_CLIENT_APP_URI + "/logout");
+        offlineTokenPage.logout();
         loginPage.assertCurrent();
 
         events.clear();
@@ -174,13 +185,15 @@ public void testServletWithConsent() {
 
     }
 
-    private void setAdapterTimeOffset(int timeOffset) {
-        Time.setOffset(timeOffset);
-        String timeOffsetUri = UriBuilder.fromUri(OFFLINE_CLIENT_APP_URI)
+    private void setAdapterAndServerTimeOffset(int timeOffset) {
+        setTimeOffset(timeOffset);
+        String timeOffsetUri = UriBuilder.fromUri(offlineTokenPage.toString())
                 .queryParam("timeOffset", timeOffset)
                 .build().toString();
 
         driver.navigate().to(timeOffsetUri);
+        waitUntilElement(By.tagName("body")).is().visible();
+
     }
 
 }

testsuite/integration-arquillian/tests/other/adapters/pom.xml

@@ -56,8 +56,11 @@
 
         <adapter.test.props>
             -Dapp.server.base.url=http://localhost:${app.server.http.port}
+            -Dauth.server.base.url=http://localhost:${auth.server.http.port}
             -Dapp.server.ssl.base.url=https://localhost:${app.server.https.port}
             -Dapp.server.ssl.required=${app.server.ssl.required}
+            -Dauth.server.ssl.base.url=https://localhost:${auth.server.https.port}
+            -Dauth.server.ssl.required=${auth.server.ssl.required}
             -Dmy.host.name=localhost
             -Djava.security.krb5.conf=${project.build.directory}/dependency/kerberos/test-krb5.conf
         </adapter.test.props>