feat: support keycloak 24 (defenseunicorns#44)

* feat: support keycloak 24 style truststore directory

* renovate update kc to 24 and plugin test rework (defenseunicorns#49)

Co-authored-by: UnicornChance <[email protected]>

* support keycloak 23

* feat: modify theme to allow identity provider login (defenseunicorns#45)

* modify theme to allow identity provider login

* css cleanup

* update default realm allowing unmanaged attributes

* integration test against 24

* pull keycloak 23 style keystore

---------

Co-authored-by: UnicornChance <[email protected]>
Co-authored-by: Chance <[email protected]>

.github/workflows/test.yaml

@@ -82,7 +82,7 @@ jobs:
       - name: Environment setup
         uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.10.3
 
-      - name: Test building the docker image
+      - name: Smoke Tests
         run: uds run uds-core-smoke-test
 
   uds_core_cypress_integration:
@@ -99,5 +99,5 @@ jobs:
       - name: Environment setup
         uses: defenseunicorns/uds-common/.github/actions/setup@5e4414dc25302739063bb58aa96b8afef5be9851 # v0.10.3
 
-      - name: Test building the docker image
+      - name: Cypress Integration Tests
         run: uds run uds-core-integration-tests

src/Dockerfile

@@ -52,7 +52,7 @@ COPY --chown=nonroot --from=plugin /home/build/target/*.jar .
 
 # Copy the DOD Unclass PEM and truststore for Istio & Keycloak Auth
 COPY --chown=nonroot --from=truststore /home/build/authorized_certs.pem .
-COPY --chown=nonroot --from=truststore /home/build/truststore.jks .
+COPY --chown=nonroot --from=truststore /home/build/certs ./certs
 
 # The realm.json is loaded into Keycloak on startup only if the realm does not exist
 ARG REALM_FILE=realm.json

src/plugin/pom.xml

@@ -12,7 +12,7 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <maven.compiler.source>17</maven.compiler.source>
         <maven.compiler.target>17</maven.compiler.target>
-        <keycloak.version>23.0.4</keycloak.version>
+        <keycloak.version>24.0.2</keycloak.version>
     </properties>
 
     <dependencies>

src/plugin/src/test/java/com/defenseunicorns/uds/keycloak/plugin/RegistrationValidation2Test.java

@@ -1,7 +1,5 @@
 package com.defenseunicorns.uds.keycloak.plugin;
 
-import org.apache.commons.io.FilenameUtils;
-import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
 import org.keycloak.authentication.FormContext;
 import org.keycloak.http.HttpRequest;
 import org.junit.Before;
@@ -22,7 +20,6 @@
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
-import org.yaml.snakeyaml.Yaml;
 
 import com.defenseunicorns.uds.keycloak.plugin.utils.CommonConfig;
 import com.defenseunicorns.uds.keycloak.plugin.utils.NewObjectProvider;
@@ -33,7 +30,9 @@
 import java.io.FileInputStream;
 import java.security.GeneralSecurityException;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.stream.Stream;
 
@@ -42,12 +41,9 @@
 import static org.mockito.ArgumentMatchers.anyString;
 import static org.powermock.api.mockito.PowerMockito.mockStatic;
 
-
 @RunWith(PowerMockRunner.class)
-@PrepareForTest({ Yaml.class, FileInputStream.class, File.class,
-        CommonConfig.class, FilenameUtils.class, NewObjectProvider.class,
-        X509Tools.class,
-})
+@PrepareForTest({ FileInputStream.class, File.class, CommonConfig.class, NewObjectProvider.class,
+        X509Tools.class })
 @PowerMockIgnore("javax.management.*")
 class RegistrationValidation2Test {
 
@@ -80,7 +76,8 @@ class RegistrationValidation2Test {
     @Mock
     GroupProvider groupProvider;
 
-    public RegistrationValidation2Test() {}
+    public RegistrationValidation2Test() {
+    }
 
     @Before
     public void setupMockBehavior() throws Exception {
@@ -137,30 +134,34 @@ public void testSuccess() {
         PowerMockito.when(validationContext.getUser()).thenReturn(userModelDefaultMethodsImpl);
         PowerMockito.when(validationContext.getRealm()).thenReturn(realmModel);
 
-        MultivaluedMapImpl<String, String> formData = new MultivaluedMapImpl<>();
-        formData.add(Validation.FIELD_EMAIL, "[email protected]");
-
-        PowerMockito.when(validationContext.getHttpRequest().getDecodedFormParameters()).thenReturn(formData);
+        // Populate form data
+        Map<String, List<String>> formDataMap = new HashMap<>();
+        formDataMap.put(Validation.FIELD_EMAIL, Collections.singletonList("[email protected]"));
+
+        PowerMockito.when(validationContext.getHttpRequest().getDecodedFormParameters()).thenReturn(Utils.formDataUtil(formDataMap));
 
         RegistrationValidation registrationValidation = new RegistrationValidation();
         registrationValidation.success(validationContext);
     }
 
     @Test
     public void testSuccessNoX509() throws GeneralSecurityException {
-
-        // force no cert
+        // Force no certificate
         PowerMockito.when(x509ClientCertificateLookup.getCertificateChain(httpRequest)).thenReturn(null);
-
+
+        // Mock user and realm
         UserModelDefaultMethodsImpl userModelDefaultMethodsImpl = new UserModelDefaultMethodsImpl();
         PowerMockito.when(validationContext.getUser()).thenReturn(userModelDefaultMethodsImpl);
         PowerMockito.when(validationContext.getRealm()).thenReturn(realmModel);
-
-        MultivaluedMapImpl<String, String> formData = new MultivaluedMapImpl<>();
-        formData.add(Validation.FIELD_EMAIL, "[email protected]");
-
-        PowerMockito.when(validationContext.getHttpRequest().getDecodedFormParameters()).thenReturn(formData);
-
+
+        // Populate form data
+        Map<String, List<String>> formDataMap = new HashMap<>();
+        formDataMap.put(Validation.FIELD_EMAIL, Collections.singletonList("[email protected]"));
+
+        // Mock the behavior to return the populated form data
+        PowerMockito.when(validationContext.getHttpRequest().getDecodedFormParameters()).thenReturn(Utils.formDataUtil(formDataMap));
+
+        // Call the method under test
         RegistrationValidation registrationValidation = new RegistrationValidation();
         registrationValidation.success(validationContext);
     }

src/plugin/src/test/java/com/defenseunicorns/uds/keycloak/plugin/RegistrationValidationTest.java

@@ -1,7 +1,5 @@
 package com.defenseunicorns.uds.keycloak.plugin;
 
-import org.apache.commons.io.FilenameUtils;
-import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
@@ -17,7 +15,6 @@
 import org.powermock.core.classloader.annotations.PowerMockIgnore;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
-import org.yaml.snakeyaml.Yaml;
 
 import com.defenseunicorns.uds.keycloak.plugin.utils.NewObjectProvider;
 import com.defenseunicorns.uds.keycloak.plugin.utils.ValidationUtils;
@@ -34,7 +31,7 @@
 import static org.mockito.Mockito.*;
 
 @RunWith(PowerMockRunner.class)
-@PrepareForTest({ Yaml.class, FileInputStream.class, File.class, X509Tools.class, FilenameUtils.class, NewObjectProvider.class })
+@PrepareForTest({ FileInputStream.class, File.class, X509Tools.class, NewObjectProvider.class })
 @PowerMockIgnore("javax.management.*")
 public class RegistrationValidationTest {
 
@@ -44,113 +41,132 @@ public void setup() throws Exception {
         setupFileMocks();
     }
 
-
     @Test
     public void testInvalidFields() {
         String[] errorEvent = new String[1];
         List<FormMessage> errors = new ArrayList<>();
-        MultivaluedMapImpl<String, String> valueMap = new MultivaluedMapImpl<>();
+        Map<String, List<String>> valueMap = new HashMap<>();
+
+        // Populate the valueMap with test data
+        valueMap.put("firstName", new ArrayList<>());
+        valueMap.put("lastName", new ArrayList<>());
+        valueMap.put("username", new ArrayList<>());
+        valueMap.put("user.attributes.affiliation", new ArrayList<>());
+        valueMap.put("user.attributes.rank", new ArrayList<>());
+        valueMap.put("user.attributes.organization", new ArrayList<>());
+        valueMap.put("email", new ArrayList<>());
+
+        // Set up your test context
         ValidationContext context = ValidationUtils.setupVariables(errorEvent, errors, valueMap);
         RegistrationValidation validation = new RegistrationValidation();
         validation.validate(context);
-        Assert.assertEquals(errorEvent[0], Errors.INVALID_REGISTRATION);
+
+        // Assertions
+        Assert.assertEquals(Errors.INVALID_REGISTRATION, errorEvent[0]);
         Set<String> errorFields = errors.stream().map(FormMessage::getField).collect(Collectors.toSet());
-
-        Assert.assertTrue(errorFields.contains("firstName"));
-        Assert.assertTrue(errorFields.contains("lastName"));
-        Assert.assertTrue(errorFields.contains("username"));
-        Assert.assertTrue(errorFields.contains("user.attributes.affiliation"));
-        Assert.assertTrue(errorFields.contains("user.attributes.rank"));
-        Assert.assertTrue(errorFields.contains("user.attributes.organization"));
-        Assert.assertTrue(errorFields.contains("email"));
+        Set<String> expectedErrorFields = new HashSet<>(List.of("firstName", "lastName", "username", "user.attributes.affiliation", "user.attributes.rank", "user.attributes.organization", "email"));
+        Assert.assertEquals(expectedErrorFields, errorFields);
         Assert.assertEquals(7, errors.size());
     }
 
     @Test
     public void testEmailValidation() {
         String[] errorEvent = new String[1];
         List<FormMessage> errors = new ArrayList<>();
-        MultivaluedMapImpl<String, String> valueMap = new MultivaluedMapImpl<>();
-        valueMap.putSingle("firstName", "Jone");
-        valueMap.putSingle("lastName", "Doe");
-        valueMap.putSingle("username", "tester");
-        valueMap.putSingle("user.attributes.affiliation", "AF");
-        valueMap.putSingle("user.attributes.rank", "E2");
-        valueMap.putSingle("user.attributes.organization", "Com");
-        valueMap.putSingle("user.attributes.location", "42");
-        valueMap.putSingle("email", "[email protected]");
-
+        Map<String, List<String>> valueMap = new HashMap<>();
+
+        // Populate the valueMap with test data
+        valueMap.put("firstName", List.of("Jone"));
+        valueMap.put("lastName", List.of("Doe"));
+        valueMap.put("username", List.of("tester"));
+        valueMap.put("user.attributes.affiliation", List.of("AF"));
+        valueMap.put("user.attributes.rank", List.of("E2"));
+        valueMap.put("user.attributes.organization", List.of("Com"));
+        valueMap.put("user.attributes.location", List.of("42"));
+        valueMap.put("email", List.of("[email protected]"));
+
+        // Set up your test context
         ValidationContext context = ValidationUtils.setupVariables(errorEvent, errors, valueMap);
-
         RegistrationValidation validation = new RegistrationValidation();
         validation.validate(context);
+
+        // Assert the validation result for the first set of values
         Assert.assertEquals(0, errors.size());
-
-        // test an email address already in use
-        valueMap.putSingle("email", "[email protected]");
+    
+        // Test an email address already in use
+        valueMap.put("email", List.of("[email protected]"));
         errorEvent = new String[1];
         errors = new ArrayList<>();
         context = ValidationUtils.setupVariables(errorEvent, errors, valueMap);
-
+    
         validation = new RegistrationValidation();
         validation.validate(context);
+
+        // Assert the validation result for the second set of values
         Assert.assertEquals(Errors.EMAIL_IN_USE, errorEvent[0]);
         Assert.assertEquals(1, errors.size());
         Assert.assertEquals(RegistrationPage.FIELD_EMAIL, errors.get(0).getField());
-
     }
 
     @Test
     public void testGroupAutoJoinByEmail() {
         String[] errorEvent = new String[1];
         List<FormMessage> errors = new ArrayList<>();
-        MultivaluedMapImpl<String, String> valueMap = new MultivaluedMapImpl<>();
-        valueMap.putSingle("firstName", "Jone");
-        valueMap.putSingle("lastName", "Doe");
-        valueMap.putSingle("username", "tester");
-        valueMap.putSingle("user.attributes.affiliation", "AF");
-        valueMap.putSingle("user.attributes.rank", "E2");
-        valueMap.putSingle("user.attributes.organization", "Com");
-        valueMap.putSingle("user.attributes.location", "42");
-        valueMap.putSingle("email", "[email protected]");
-
+        Map<String, List<String>> valueMap = new HashMap<>();
+
+        // Populate the valueMap with test data
+        valueMap.put("firstName", List.of("Jone"));
+        valueMap.put("lastName", List.of("Doe"));
+        valueMap.put("username", List.of("tester"));
+        valueMap.put("user.attributes.affiliation", List.of("AF"));
+        valueMap.put("user.attributes.rank", List.of("E2"));
+        valueMap.put("user.attributes.organization", List.of("Com"));
+        valueMap.put("user.attributes.location", List.of("42"));
+        valueMap.put("email", List.of("[email protected]"));
+
+        // Set up your test context
         ValidationContext context = ValidationUtils.setupVariables(errorEvent, errors, valueMap);
-
         RegistrationValidation validation = new RegistrationValidation();
         validation.validate(context);
+
+        // Assert the validation result for the first set of values
         Assert.assertEquals(0, errors.size());
-
-        // test valid IL2 email with custom domains
-        valueMap.putSingle("email", "[email protected]");
+    
+        // Test valid IL2 email with custom domains
+        valueMap.put("email", List.of("[email protected]"));
         errorEvent = new String[1];
         errors = new ArrayList<>();
         context = ValidationUtils.setupVariables(errorEvent, errors, valueMap);
-
         validation = new RegistrationValidation();
         validation.validate(context);
+
+        // Assert the validation result for the second set of values
         Assert.assertNull(errorEvent[0]);
         Assert.assertEquals(0, errors.size());
-
-        // test valid IL4 email with custom domains
-        valueMap.putSingle("email", "[email protected]");
+    
+        // Test valid IL4 email with custom domains
+        valueMap.put("email", List.of("[email protected]"));
         errorEvent = new String[1];
         errors = new ArrayList<>();
         context = ValidationUtils.setupVariables(errorEvent, errors, valueMap);
-
         validation = new RegistrationValidation();
         validation.validate(context);
+
+        // Assert the validation result for the third set of values
         Assert.assertNull(errorEvent[0]);
         Assert.assertEquals(0, errors.size());
-
-        // Test existing x509 registration
+    
+        // Test existing X509 registration
         errorEvent = new String[1];
         errors = new ArrayList<>();
         context = ValidationUtils.setupVariables(errorEvent, errors, valueMap);
-
+
+        // Mock the behavior of X509Tools
         PowerMockito.when(X509Tools.isX509Registered(any(FormContext.class))).thenReturn(true);
-
         validation = new RegistrationValidation();
         validation.validate(context);
+
+        // Assert the validation result for the fourth set of values
         Assert.assertEquals(Errors.INVALID_REGISTRATION, errorEvent[0]);
     }