test: extend token verified tests (#20)

src/main/resources/application.properties

@@ -38,15 +38,17 @@ tkit.dataimport.configurations.permission.stop-at-error=true
 
 # TEST
 quarkus.test.integration-test-profile=test
-%test.onecx.permission.token.verified=false
+%test.onecx.permission.token.verified=true
+%test.onecx.permission.token.claim.path=groups
 %test.tkit.rs.context.tenant-id.enabled=true
 %test.tkit.rs.context.tenant-id.mock.enabled=true
 %test.tkit.rs.context.tenant-id.mock.default-tenant=default
 %test.tkit.rs.context.tenant-id.mock.claim-org-id=orgId
 %test.tkit.rs.context.tenant-id.mock.data.org1=100
 %test.tkit.rs.context.tenant-id.mock.data.org2=200
 %test.tkit.rs.context.tenant-id.mock.data.i100=i100
-%test.quarkus.keycloak.devservices.roles.bob=n3
+%test.quarkus.keycloak.devservices.roles.alice=n3
+%test.quarkus.keycloak.devservices.roles.bob=n3-100
 %test.smallrye.jwt.verify.key.location=${keycloak.url}/realms/quarkus/protocol/openid-connect/certs
 %test.tkit.rs.context.token.header-param=apm-principal-token
 

src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTenantTest.java

@@ -24,11 +24,12 @@ class PermissionRestControllerTenantTest extends AbstractTest {
     @Test
     void getApplicationPermissionsTest() {
 
-        var accessToken = createToken("org1", List.of("n3-100"));
+        var accessToken = createAccessTokenBearer(USER_BOB);
+        var idToken = createToken("org1", List.of("n3-100"));
 
         var dto = given()
                 .contentType(APPLICATION_JSON)
-                .header(APM_HEADER_PARAM, accessToken)
+                .header(APM_HEADER_PARAM, idToken)
                 .body(new PermissionRequestDTOV1().token(accessToken))
                 .post("app1")
                 .then()
@@ -45,11 +46,13 @@ void getApplicationPermissionsTest() {
     @Test
     void getApplicationsPermissionsTest() {
 
-        var accessToken = createToken("org1", List.of("n3-100"));
+        var accessToken = createAccessTokenBearer(USER_BOB);
+
+        var idToken = createToken("org1", List.of("n3-100"));
 
         var dto = given()
                 .contentType(APPLICATION_JSON)
-                .header(APM_HEADER_PARAM, accessToken)
+                .header(APM_HEADER_PARAM, idToken)
                 .body(new PermissionRequestDTOV1().token(accessToken))
                 .post()
                 .then()
@@ -62,7 +65,7 @@ void getApplicationsPermissionsTest() {
 
         dto = given()
                 .contentType(APPLICATION_JSON)
-                .header(APM_HEADER_PARAM, accessToken)
+                .header(APM_HEADER_PARAM, idToken)
                 .body(new PermissionRequestDTOV1().token(accessToken))
                 .post()
                 .then()

src/test/java/org/tkit/onecx/permission/rs/external/v1/PermissionRestControllerTest.java

@@ -5,7 +5,6 @@
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.jboss.resteasy.reactive.RestResponse.Status.*;
 
-import java.util.List;
 import java.util.stream.Stream;
 
 import org.junit.jupiter.api.Test;
@@ -30,7 +29,7 @@ class PermissionRestControllerTest extends AbstractTest {
     void getApplicationPermissionsTest() {
 
         // bearer prefix
-        var accessToken = createTokenBearer(List.of("n3"));
+        var accessToken = createAccessTokenBearer(USER_ALICE);
 
         var dto = given()
                 .contentType(APPLICATION_JSON)
@@ -46,7 +45,7 @@ void getApplicationPermissionsTest() {
         assertThat(dto.getPermissions().get("o1")).isNotNull().hasSize(1).containsExactly("a3");
 
         // without bearer prefix
-        accessToken = createToken(null, List.of("n3"));
+        accessToken = createAccessToken(USER_ALICE);
 
         dto = given()
                 .contentType(APPLICATION_JSON)
@@ -100,7 +99,7 @@ void getApplicationPermissionsWrongTongTest() {
     @Test
     void getApplicationsPermissionsTest() {
 
-        var accessToken = createTokenBearer(List.of("n3"));
+        var accessToken = createAccessTokenBearer(USER_ALICE);
 
         var dto = given()
                 .contentType(APPLICATION_JSON)

src/test/java/org/tkit/onecx/permission/test/AbstractTest.java

@@ -22,6 +22,7 @@
 import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
 
 import io.quarkus.test.Mock;
+import io.quarkus.test.keycloak.client.KeycloakTestClient;
 import io.restassured.config.RestAssuredConfig;
 import io.smallrye.config.SmallRyeConfig;
 import io.smallrye.jwt.build.Jwt;
@@ -50,8 +51,18 @@ protected static String createToken(String organizationId) {
         return createToken(organizationId, null);
     }
 
-    protected static String createTokenBearer(List<String> roles) {
-        return "Bearer " + createToken(null, roles);
+    protected static final String USER_ALICE = "alice";
+
+    protected static final String USER_BOB = "bob";
+
+    KeycloakTestClient keycloakClient = new KeycloakTestClient();
+
+    protected String createAccessTokenBearer(String user) {
+        return "Bearer " + createAccessToken(user);
+    }
+
+    protected String createAccessToken(String user) {
+        return keycloakClient.getAccessToken(user);
     }
 
     protected static String createToken(String organizationId, List<String> roles) {