lionsdev/lions-user-manager
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migration complète vers PrimeFaces Freya - Corrections des incompatibilités et intégration de primefaces-freya-extension

Browse Source
This commit is contained in:
lionsdev
2025-12-27 00:18:31 +00:00
parent 5e272a8256
commit 5c996931a6
206 changed files with 36646 additions and 1593 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
lions-user-manager-server-impl-quarkus/Dockerfile.prod Normal file
View File

@@ -0,0 +1,86 @@
####
# Dockerfile de production pour Lions User Manager Server (Backend)
# Multi-stage build optimisé avec sécurité renforcée
# Basé sur la structure de btpxpress-server
####
## Stage 1 : Build avec Maven
FROM maven:3.9.6-eclipse-temurin-17 AS builder
WORKDIR /app
# Copier pom.xml et télécharger les dépendances (cache Docker)
COPY pom.xml .
RUN mvn dependency:go-offline -B
# Copier le code source
COPY src ./src
# Construire l'application avec profil production
RUN mvn clean package -DskipTests -B -Dquarkus.profile=prod
## Stage 2 : Image de production optimisée
FROM registry.access.redhat.com/ubi8/openjdk-17:1.18
ENV LANGUAGE='en_US:en'
# Configuration des variables d'environnement pour production
ENV QUARKUS_PROFILE=prod
ENV DB_URL=jdbc:postgresql://postgresql:5432/lions_audit
ENV DB_USERNAME=lions_audit_user
ENV DB_PASSWORD=changeme
ENV SERVER_PORT=8080
# Configuration Keycloak/OIDC (production)
ENV QUARKUS_OIDC_AUTH_SERVER_URL=https://security.lions.dev/realms/master
ENV QUARKUS_OIDC_CLIENT_ID=lions-user-manager
ENV KEYCLOAK_CLIENT_SECRET=changeme
ENV QUARKUS_OIDC_TLS_VERIFICATION=required
# Configuration Keycloak Admin Client
ENV LIONS_KEYCLOAK_SERVER_URL=https://security.lions.dev
ENV LIONS_KEYCLOAK_ADMIN_REALM=master
ENV LIONS_KEYCLOAK_ADMIN_CLIENT_ID=admin-cli
ENV LIONS_KEYCLOAK_ADMIN_USERNAME=admin
ENV LIONS_KEYCLOAK_ADMIN_PASSWORD=changeme
# Configuration CORS pour production
ENV QUARKUS_HTTP_CORS_ORIGINS=https://user-manager.lions.dev,https://admin.lions.dev
ENV QUARKUS_HTTP_CORS_ALLOW_CREDENTIALS=true
# Installer curl pour les health checks
USER root
RUN microdnf install curl -y && microdnf clean all
RUN mkdir -p /app/logs && chown -R 185:185 /app/logs
USER 185
# Copier l'application depuis le builder
COPY --from=builder --chown=185 /app/target/quarkus-app/lib/ /deployments/lib/
COPY --from=builder --chown=185 /app/target/quarkus-app/*.jar /deployments/
COPY --from=builder --chown=185 /app/target/quarkus-app/app/ /deployments/app/
COPY --from=builder --chown=185 /app/target/quarkus-app/quarkus/ /deployments/quarkus/
# Exposer le port
EXPOSE 8080
# Variables JVM optimisées pour production avec sécurité
ENV JAVA_OPTS="-Xmx1g -Xms512m \
-XX:+UseG1GC \
-XX:MaxGCPauseMillis=200 \
-XX:+UseStringDeduplication \
-XX:+ParallelRefProcEnabled \
-XX:+HeapDumpOnOutOfMemoryError \
-XX:HeapDumpPath=/app/logs/heapdump.hprof \
-Djava.security.egd=file:/dev/./urandom \
-Djava.awt.headless=true \
-Dfile.encoding=UTF-8 \
-Djava.util.logging.manager=org.jboss.logmanager.LogManager \
-Dquarkus.profile=${QUARKUS_PROFILE}"
# Point d'entrée avec profil production
ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /deployments/quarkus-run.jar"]
# Health check
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8080/q/health/ready || exit 1

12
lions-user-manager-server-impl-quarkus/pom.xml
View File

@@ -141,6 +141,18 @@
<artifactId>mockito-core</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-junit-jupiter</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-inline</artifactId>
<version>5.2.0</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>

6
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/client/KeycloakAdminClient.java
View File

@@ -51,6 +51,12 @@ public interface KeycloakAdminClient {
*/
boolean realmExists(String realmName);
/**
* Récupère tous les realms disponibles dans Keycloak
* @return liste des noms de realms
*/
java.util.List<String> getAllRealms();
/**
* Ferme la connexion Keycloak
*/

90
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/client/KeycloakAdminClientImpl.java
View File

@@ -1,11 +1,13 @@
package dev.lions.user.manager.client;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.runtime.Startup;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.MediaType;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.faulttolerance.CircuitBreaker;
@@ -19,6 +21,10 @@ import org.keycloak.admin.client.resource.UsersResource;
import jakarta.ws.rs.NotFoundException;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
/**
* Implémentation du client Keycloak Admin
@@ -29,19 +35,19 @@ import java.time.temporal.ChronoUnit;
@Slf4j
public class KeycloakAdminClientImpl implements KeycloakAdminClient {
@ConfigProperty(name = "lions.keycloak.server-url")
@ConfigProperty(name = "lions.keycloak.server-url", defaultValue = "")
String serverUrl;
@ConfigProperty(name = "lions.keycloak.admin-realm")
@ConfigProperty(name = "lions.keycloak.admin-realm", defaultValue = "master")
String adminRealm;
@ConfigProperty(name = "lions.keycloak.admin-client-id")
@ConfigProperty(name = "lions.keycloak.admin-client-id", defaultValue = "admin-cli")
String adminClientId;
@ConfigProperty(name = "lions.keycloak.admin-username")
@ConfigProperty(name = "lions.keycloak.admin-username", defaultValue = "admin")
String adminUsername;
@ConfigProperty(name = "lions.keycloak.admin-password")
@ConfigProperty(name = "lions.keycloak.admin-password", defaultValue = "")
String adminPassword;
@ConfigProperty(name = "lions.keycloak.connection-pool-size", defaultValue = "10")
@@ -54,6 +60,13 @@ public class KeycloakAdminClientImpl implements KeycloakAdminClient {
@PostConstruct
void init() {
// Ne pas initialiser si les propriétés essentielles sont vides (ex: en mode test)
if (serverUrl == null || serverUrl.isEmpty()) {
log.debug("Configuration Keycloak non disponible - mode test ou configuration manquante");
this.keycloak = null;
return;
}
log.info("========================================");
log.info("Initialisation du client Keycloak Admin");
log.info("========================================");
@@ -144,13 +157,70 @@ public class KeycloakAdminClientImpl implements KeycloakAdminClient {
@Override
public boolean realmExists(String realmName) {
try {
getRealm(realmName).toRepresentation();
// Essayer d'obtenir simplement la liste des rôles du realm
// Si le realm n'existe pas, cela lancera une NotFoundException
// Si le realm existe mais a des problèmes de désérialisation, on suppose qu'il existe
getRealm(realmName).roles().list();
return true;
} catch (NotFoundException e) {
log.debug("Realm {} n'existe pas", realmName);
return false;
} catch (Exception e) {
log.error("Erreur lors de la vérification de l'existence du realm {}: {}", realmName, e.getMessage());
return false;
// En cas d'erreur (comme bruteForceStrategy lors de .toRepresentation()),
// on suppose que le realm existe car l'erreur indique qu'on a pu le contacter
log.debug("Erreur lors de la vérification du realm {} (probablement il existe): {}",
realmName, e.getMessage());
return true;
}
}
@Override
@Retry(maxRetries = 3, delay = 2, delayUnit = ChronoUnit.SECONDS)
@Timeout(value = 30, unit = ChronoUnit.SECONDS)
@CircuitBreaker(requestVolumeThreshold = 10, failureRatio = 0.5, delay = 5000)
public List<String> getAllRealms() {
try {
log.debug("Récupération de tous les realms depuis Keycloak via API REST directe");
// Obtenir un token d'accès pour l'API REST
Keycloak keycloakInstance = getInstance();
String accessToken = keycloakInstance.tokenManager().getAccessTokenString();
// Utiliser un client HTTP REST pour appeler directement l'API Keycloak
// et parser uniquement les noms des realms depuis le JSON
Client client = ClientBuilder.newClient();
try {
String realmsUrl = serverUrl + "/admin/realms";
@SuppressWarnings("unchecked")
List<Map<String, Object>> realmsJson = client.target(realmsUrl)
.request(MediaType.APPLICATION_JSON)
.header(HttpHeaders.AUTHORIZATION, "Bearer " + accessToken)
.get(List.class);
List<String> realmNames = new ArrayList<>();
if (realmsJson != null) {
for (Map<String, Object> realm : realmsJson) {
Object realmNameObj = realm.get("realm");
if (realmNameObj != null) {
String realmName = realmNameObj.toString();
if (!realmName.isEmpty()) {
realmNames.add(realmName);
}
}
}
realmNames.sort(String::compareTo);
}
log.info("Récupération réussie: {} realms trouvés", realmNames.size());
return realmNames;
} finally {
client.close();
}
} catch (Exception e) {
log.error("Erreur lors de la récupération des realms: {}", e.getMessage(), e);
// En cas d'erreur, retourner une liste vide plutôt que des données fictives
return Collections.emptyList();
}
}

279
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/config/KeycloakTestUserConfig.java Normal file
View File

@@ -0,0 +1,279 @@
package dev.lions.user.manager.config;
import io.quarkus.runtime.StartupEvent;
import jakarta.enterprise.event.Observes;
import jakarta.inject.Inject;
import jakarta.inject.Singleton;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import java.util.*;
/**
* Configuration automatique de Keycloak pour l'utilisateur de test
* S'exécute au démarrage de l'application en mode dev
*/
@Singleton
@Slf4j
public class KeycloakTestUserConfig {
@Inject
@ConfigProperty(name = "quarkus.profile", defaultValue = "prod")
String profile;
@Inject
@ConfigProperty(name = "lions.keycloak.server-url")
String keycloakServerUrl;
@Inject
@ConfigProperty(name = "lions.keycloak.admin-realm", defaultValue = "master")
String adminRealm;
@Inject
@ConfigProperty(name = "lions.keycloak.admin-username", defaultValue = "admin")
String adminUsername;
@Inject
@ConfigProperty(name = "lions.keycloak.admin-password", defaultValue = "admin")
String adminPassword;
@Inject
@ConfigProperty(name = "lions.keycloak.authorized-realms")
String authorizedRealms;
private static final String TEST_REALM = "lions-user-manager";
private static final String TEST_USER = "test-user";
private static final String TEST_PASSWORD = "test123";
private static final String TEST_EMAIL = "test@lions.dev";
private static final String CLIENT_ID = "lions-user-manager-client";
private static final List<String> REQUIRED_ROLES = Arrays.asList(
"admin", "user_manager", "user_viewer",
"role_manager", "role_viewer", "auditor", "sync_manager"
);
void onStart(@Observes StartupEvent ev) {
// DÉSACTIVÉ: Configuration manuelle via script create-roles-and-assign.sh
// Cette configuration automatique cause des erreurs de compatibilité Keycloak
// (bruteForceStrategy, cpuInfo non reconnus par la version Keycloak client)
log.info("Configuration automatique de Keycloak DÉSACTIVÉE");
log.info("Utiliser le script create-roles-and-assign.sh pour configurer Keycloak manuellement");
return;
/* ANCIEN CODE DÉSACTIVÉ
// Ne s'exécuter qu'en mode dev
if (!"dev".equals(profile) && !"development".equals(profile)) {
log.debug("Mode non-dev détecté ({}), configuration Keycloak ignorée", profile);
return;
}
log.info("Configuration automatique de Keycloak pour l'utilisateur de test...");
Keycloak adminClient = null;
try {
// Connexion en tant qu'admin
adminClient = KeycloakBuilder.builder()
.serverUrl(keycloakServerUrl)
.realm(adminRealm)
.username(adminUsername)
.password(adminPassword)
.clientId("admin-cli")
.build();
// 1. Vérifier/Créer le realm
ensureRealmExists(adminClient);
// 2. Créer les rôles
ensureRolesExist(adminClient);
// 3. Créer l'utilisateur de test
String userId = ensureTestUserExists(adminClient);
// 4. Assigner les rôles
assignRolesToUser(adminClient, userId);
// 5. Vérifier/Créer le client et le mapper
ensureClientAndMapper(adminClient);
log.info("✓ Configuration Keycloak terminée avec succès");
log.info(" Utilisateur de test: {} / {}", TEST_USER, TEST_PASSWORD);
log.info(" Rôles assignés: {}", String.join(", ", REQUIRED_ROLES));
} catch (Exception e) {
log.error("Erreur lors de la configuration Keycloak: {}", e.getMessage(), e);
} finally {
if (adminClient != null) {
adminClient.close();
}
}
*/
}
private void ensureRealmExists(Keycloak adminClient) {
try {
adminClient.realms().realm(TEST_REALM).toRepresentation();
log.debug("Realm '{}' existe déjà", TEST_REALM);
} catch (jakarta.ws.rs.NotFoundException e) {
log.info("Création du realm '{}'...", TEST_REALM);
RealmRepresentation realm = new RealmRepresentation();
realm.setRealm(TEST_REALM);
realm.setEnabled(true);
adminClient.realms().create(realm);
log.info("✓ Realm '{}' créé", TEST_REALM);
}
}
private void ensureRolesExist(Keycloak adminClient) {
var rolesResource = adminClient.realms().realm(TEST_REALM).roles();
for (String roleName : REQUIRED_ROLES) {
try {
rolesResource.get(roleName).toRepresentation();
log.debug("Rôle '{}' existe déjà", roleName);
} catch (jakarta.ws.rs.NotFoundException e) {
log.info("Création du rôle '{}'...", roleName);
RoleRepresentation role = new RoleRepresentation();
role.setName(roleName);
role.setDescription("Rôle " + roleName + " pour lions-user-manager");
rolesResource.create(role);
log.info("✓ Rôle '{}' créé", roleName);
}
}
}
private String ensureTestUserExists(Keycloak adminClient) {
var usersResource = adminClient.realms().realm(TEST_REALM).users();
// Chercher l'utilisateur
List<UserRepresentation> users = usersResource.search(TEST_USER, true);
String userId;
if (users != null && !users.isEmpty()) {
userId = users.get(0).getId();
log.debug("Utilisateur '{}' existe déjà (ID: {})", TEST_USER, userId);
} else {
log.info("Création de l'utilisateur '{}'...", TEST_USER);
UserRepresentation user = new UserRepresentation();
user.setUsername(TEST_USER);
user.setEmail(TEST_EMAIL);
user.setFirstName("Test");
user.setLastName("User");
user.setEnabled(true);
user.setEmailVerified(true);
jakarta.ws.rs.core.Response response = usersResource.create(user);
userId = getCreatedId(response);
// Définir le mot de passe
CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue(TEST_PASSWORD);
credential.setTemporary(false);
usersResource.get(userId).resetPassword(credential);
log.info("✓ Utilisateur '{}' créé (ID: {})", TEST_USER, userId);
}
return userId;
}
private void assignRolesToUser(Keycloak adminClient, String userId) {
var usersResource = adminClient.realms().realm(TEST_REALM).users();
var rolesResource = adminClient.realms().realm(TEST_REALM).roles();
List<RoleRepresentation> rolesToAssign = new ArrayList<>();
for (String roleName : REQUIRED_ROLES) {
RoleRepresentation role = rolesResource.get(roleName).toRepresentation();
rolesToAssign.add(role);
}
usersResource.get(userId).roles().realmLevel().add(rolesToAssign);
log.info("✓ {} rôles assignés à l'utilisateur", rolesToAssign.size());
}
private void ensureClientAndMapper(Keycloak adminClient) {
try {
var clientsResource = adminClient.realms().realm(TEST_REALM).clients();
var clients = clientsResource.findByClientId(CLIENT_ID);
String clientId;
if (clients == null || clients.isEmpty()) {
log.info("Création du client '{}'...", CLIENT_ID);
org.keycloak.representations.idm.ClientRepresentation client = new org.keycloak.representations.idm.ClientRepresentation();
client.setClientId(CLIENT_ID);
client.setName(CLIENT_ID);
client.setDescription("Client OIDC pour lions-user-manager");
client.setEnabled(true);
client.setPublicClient(false);
client.setStandardFlowEnabled(true);
client.setDirectAccessGrantsEnabled(true);
client.setFullScopeAllowed(true); // IMPORTANT: Permet d'inclure tous les rôles dans le token
client.setRedirectUris(java.util.Arrays.asList(
"http://localhost:8080/*",
"http://localhost:8080/auth/callback"
));
client.setWebOrigins(java.util.Arrays.asList("http://localhost:8080"));
client.setSecret("NTuaQpk5E6qiMqAWTFrCOcIkOABzZzKO");
jakarta.ws.rs.core.Response response = clientsResource.create(client);
clientId = getCreatedId(response);
log.info("✓ Client '{}' créé (ID: {})", CLIENT_ID, clientId);
} else {
clientId = clients.get(0).getId();
log.debug("Client '{}' existe déjà (ID: {})", CLIENT_ID, clientId);
}
// Ajouter le scope "roles" par défaut au client
try {
var clientScopesResource = adminClient.realms().realm(TEST_REALM).clientScopes();
var defaultClientScopes = clientScopesResource.findAll();
var rolesScope = defaultClientScopes.stream()
.filter(s -> "roles".equals(s.getName()))
.findFirst();
if (rolesScope.isPresent()) {
var clientResource = clientsResource.get(clientId);
var defaultScopes = clientResource.getDefaultClientScopes();
boolean hasRolesScope = defaultScopes.stream()
.anyMatch(s -> "roles".equals(s.getName()));
if (!hasRolesScope) {
log.info("Ajout du scope 'roles' au client...");
clientResource.addDefaultClientScope(rolesScope.get().getId());
log.info("✓ Scope 'roles' ajouté au client");
} else {
log.debug("Scope 'roles' déjà présent sur le client");
}
} else {
log.warn("Scope 'roles' non trouvé dans les scopes par défaut du realm");
}
} catch (Exception e) {
log.warn("Erreur lors de l'ajout du scope 'roles': {}", e.getMessage());
}
// Le scope "roles" de Keycloak crée automatiquement realm_access.roles
// Pas besoin de mapper personnalisé si on utilise realm_access.roles
// Le mapper personnalisé peut créer des conflits (comme dans unionflow)
log.debug("Le scope 'roles' est utilisé pour créer realm_access.roles automatiquement");
} catch (Exception e) {
log.warn("Erreur lors de la vérification/création du client: {}", e.getMessage(), e);
}
}
private String getCreatedId(jakarta.ws.rs.core.Response response) {
jakarta.ws.rs.core.Response.StatusType statusInfo = response.getStatusInfo();
if (statusInfo.equals(jakarta.ws.rs.core.Response.Status.CREATED)) {
String location = response.getLocation().getPath();
return location.substring(location.lastIndexOf('/') + 1);
}
throw new RuntimeException("Erreur lors de la création: " + statusInfo.getStatusCode());
}
}

406
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/resource/RealmAssignmentResource.java Normal file
View File

@@ -0,0 +1,406 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.service.RealmAuthorizationService;
import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.*;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.media.Content;
import org.eclipse.microprofile.openapi.annotations.media.Schema;
import org.eclipse.microprofile.openapi.annotations.parameters.Parameter;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import java.util.List;
/**
* REST Resource pour la gestion des affectations de realms aux utilisateurs
* Permet le contrôle d'accès multi-tenant
*/
@Path("/api/realm-assignments")
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@Tag(name = "Realm Assignments", description = "Gestion des affectations de realms (contrôle d'accès multi-tenant)")
@Slf4j
public class RealmAssignmentResource {
@Inject
RealmAuthorizationService realmAuthorizationService;
@Context
SecurityContext securityContext;
// ==================== Endpoints de consultation ====================
@GET
@Operation(summary = "Lister toutes les affectations", description = "Liste toutes les affectations de realms")
@APIResponses({
@APIResponse(responseCode = "200", description = "Liste des affectations"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response getAllAssignments() {
log.info("GET /api/realm-assignments - Récupération de toutes les affectations");
try {
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAllAssignments();
return Response.ok(assignments).build();
} catch (Exception e) {
log.error("Erreur lors de la récupération des affectations", e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@GET
@Path("/user/{userId}")
@Operation(summary = "Affectations par utilisateur", description = "Liste les realms assignés à un utilisateur")
@APIResponses({
@APIResponse(responseCode = "200", description = "Liste des affectations"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin", "user_manager"})
public Response getAssignmentsByUser(
@Parameter(description = "ID de l'utilisateur") @PathParam("userId") @NotBlank String userId
) {
log.info("GET /api/realm-assignments/user/{}", userId);
try {
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByUser(userId);
return Response.ok(assignments).build();
} catch (Exception e) {
log.error("Erreur lors de la récupération des affectations pour l'utilisateur {}", userId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@GET
@Path("/realm/{realmName}")
@Operation(summary = "Affectations par realm", description = "Liste les utilisateurs ayant accès à un realm")
@APIResponses({
@APIResponse(responseCode = "200", description = "Liste des affectations"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response getAssignmentsByRealm(
@Parameter(description = "Nom du realm") @PathParam("realmName") @NotBlank String realmName
) {
log.info("GET /api/realm-assignments/realm/{}", realmName);
try {
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByRealm(realmName);
return Response.ok(assignments).build();
} catch (Exception e) {
log.error("Erreur lors de la récupération des affectations pour le realm {}", realmName, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@GET
@Path("/{assignmentId}")
@Operation(summary = "Récupérer une affectation", description = "Récupère une affectation par son ID")
@APIResponses({
@APIResponse(responseCode = "200", description = "Affectation trouvée"),
@APIResponse(responseCode = "404", description = "Affectation non trouvée"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response getAssignmentById(
@Parameter(description = "ID de l'affectation") @PathParam("assignmentId") @NotBlank String assignmentId
) {
log.info("GET /api/realm-assignments/{}", assignmentId);
try {
return realmAuthorizationService.getAssignmentById(assignmentId)
.map(assignment -> Response.ok(assignment).build())
.orElse(Response.status(Response.Status.NOT_FOUND)
.entity(new ErrorResponse("Affectation non trouvée"))
.build());
} catch (Exception e) {
log.error("Erreur lors de la récupération de l'affectation {}", assignmentId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
// ==================== Endpoints de vérification ====================
@GET
@Path("/check")
@Operation(summary = "Vérifier l'accès", description = "Vérifie si un utilisateur peut gérer un realm")
@APIResponses({
@APIResponse(responseCode = "200", description = "Vérification effectuée"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin", "user_manager"})
public Response canManageRealm(
@Parameter(description = "ID de l'utilisateur") @QueryParam("userId") @NotBlank String userId,
@Parameter(description = "Nom du realm") @QueryParam("realmName") @NotBlank String realmName
) {
log.info("GET /api/realm-assignments/check - userId: {}, realmName: {}", userId, realmName);
try {
boolean canManage = realmAuthorizationService.canManageRealm(userId, realmName);
return Response.ok(new CheckResponse(canManage, userId, realmName)).build();
} catch (Exception e) {
log.error("Erreur lors de la vérification d'accès", e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@GET
@Path("/authorized-realms/{userId}")
@Operation(summary = "Realms autorisés", description = "Liste les realms qu'un utilisateur peut gérer")
@APIResponses({
@APIResponse(responseCode = "200", description = "Liste des realms"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin", "user_manager"})
public Response getAuthorizedRealms(
@Parameter(description = "ID de l'utilisateur") @PathParam("userId") @NotBlank String userId
) {
log.info("GET /api/realm-assignments/authorized-realms/{}", userId);
try {
List<String> realms = realmAuthorizationService.getAuthorizedRealms(userId);
boolean isSuperAdmin = realmAuthorizationService.isSuperAdmin(userId);
return Response.ok(new AuthorizedRealmsResponse(realms, isSuperAdmin)).build();
} catch (Exception e) {
log.error("Erreur lors de la récupération des realms autorisés pour {}", userId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
// ==================== Endpoints de modification ====================
@POST
@Operation(summary = "Assigner un realm", description = "Assigne un realm à un utilisateur")
@APIResponses({
@APIResponse(responseCode = "201", description = "Affectation créée",
content = @Content(schema = @Schema(implementation = RealmAssignmentDTO.class))),
@APIResponse(responseCode = "400", description = "Données invalides"),
@APIResponse(responseCode = "409", description = "Affectation existe déjà"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response assignRealmToUser(@Valid @NotNull RealmAssignmentDTO assignment) {
log.info("POST /api/realm-assignments - Assignation du realm {} à l'utilisateur {}",
assignment.getRealmName(), assignment.getUserId());
try {
// Ajouter l'utilisateur qui fait l'assignation
if (securityContext.getUserPrincipal() != null) {
assignment.setAssignedBy(securityContext.getUserPrincipal().getName());
}
RealmAssignmentDTO createdAssignment = realmAuthorizationService.assignRealmToUser(assignment);
return Response.status(Response.Status.CREATED).entity(createdAssignment).build();
} catch (IllegalArgumentException e) {
log.warn("Données invalides lors de l'assignation: {}", e.getMessage());
return Response.status(Response.Status.CONFLICT)
.entity(new ErrorResponse(e.getMessage()))
.build();
} catch (Exception e) {
log.error("Erreur lors de l'assignation du realm", e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@DELETE
@Path("/user/{userId}/realm/{realmName}")
@Operation(summary = "Révoquer un realm", description = "Retire l'accès d'un utilisateur à un realm")
@APIResponses({
@APIResponse(responseCode = "204", description = "Affectation révoquée"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response revokeRealmFromUser(
@Parameter(description = "ID de l'utilisateur") @PathParam("userId") @NotBlank String userId,
@Parameter(description = "Nom du realm") @PathParam("realmName") @NotBlank String realmName
) {
log.info("DELETE /api/realm-assignments/user/{}/realm/{}", userId, realmName);
try {
realmAuthorizationService.revokeRealmFromUser(userId, realmName);
return Response.noContent().build();
} catch (Exception e) {
log.error("Erreur lors de la révocation du realm {} pour {}", realmName, userId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@DELETE
@Path("/user/{userId}")
@Operation(summary = "Révoquer tous les realms", description = "Retire tous les accès d'un utilisateur")
@APIResponses({
@APIResponse(responseCode = "204", description = "Affectations révoquées"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response revokeAllRealmsFromUser(
@Parameter(description = "ID de l'utilisateur") @PathParam("userId") @NotBlank String userId
) {
log.info("DELETE /api/realm-assignments/user/{}", userId);
try {
realmAuthorizationService.revokeAllRealmsFromUser(userId);
return Response.noContent().build();
} catch (Exception e) {
log.error("Erreur lors de la révocation de tous les realms pour {}", userId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@PUT
@Path("/{assignmentId}/deactivate")
@Operation(summary = "Désactiver une affectation", description = "Désactive une affectation sans la supprimer")
@APIResponses({
@APIResponse(responseCode = "204", description = "Affectation désactivée"),
@APIResponse(responseCode = "404", description = "Affectation non trouvée"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response deactivateAssignment(
@Parameter(description = "ID de l'affectation") @PathParam("assignmentId") @NotBlank String assignmentId
) {
log.info("PUT /api/realm-assignments/{}/deactivate", assignmentId);
try {
realmAuthorizationService.deactivateAssignment(assignmentId);
return Response.noContent().build();
} catch (IllegalArgumentException e) {
return Response.status(Response.Status.NOT_FOUND)
.entity(new ErrorResponse(e.getMessage()))
.build();
} catch (Exception e) {
log.error("Erreur lors de la désactivation de l'affectation {}", assignmentId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@PUT
@Path("/{assignmentId}/activate")
@Operation(summary = "Activer une affectation", description = "Réactive une affectation")
@APIResponses({
@APIResponse(responseCode = "204", description = "Affectation activée"),
@APIResponse(responseCode = "404", description = "Affectation non trouvée"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response activateAssignment(
@Parameter(description = "ID de l'affectation") @PathParam("assignmentId") @NotBlank String assignmentId
) {
log.info("PUT /api/realm-assignments/{}/activate", assignmentId);
try {
realmAuthorizationService.activateAssignment(assignmentId);
return Response.noContent().build();
} catch (IllegalArgumentException e) {
return Response.status(Response.Status.NOT_FOUND)
.entity(new ErrorResponse(e.getMessage()))
.build();
} catch (Exception e) {
log.error("Erreur lors de l'activation de l'affectation {}", assignmentId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
@PUT
@Path("/super-admin/{userId}")
@Operation(summary = "Définir super admin", description = "Définit ou retire le statut de super admin")
@APIResponses({
@APIResponse(responseCode = "204", description = "Statut modifié"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin"})
public Response setSuperAdmin(
@Parameter(description = "ID de l'utilisateur") @PathParam("userId") @NotBlank String userId,
@Parameter(description = "Super admin (true/false)") @QueryParam("superAdmin") @NotNull Boolean superAdmin
) {
log.info("PUT /api/realm-assignments/super-admin/{} - superAdmin: {}", userId, superAdmin);
try {
realmAuthorizationService.setSuperAdmin(userId, superAdmin);
return Response.noContent().build();
} catch (Exception e) {
log.error("Erreur lors de la modification du statut super admin pour {}", userId, e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse(e.getMessage()))
.build();
}
}
// ==================== Classes internes pour les réponses ====================
@Schema(description = "Réponse d'erreur")
public static class ErrorResponse {
@Schema(description = "Message d'erreur")
public String message;
public ErrorResponse(String message) {
this.message = message;
}
}
@Schema(description = "Réponse de vérification d'accès")
public static class CheckResponse {
@Schema(description = "L'utilisateur peut gérer le realm")
public boolean canManage;
@Schema(description = "ID de l'utilisateur")
public String userId;
@Schema(description = "Nom du realm")
public String realmName;
public CheckResponse(boolean canManage, String userId, String realmName) {
this.canManage = canManage;
this.userId = userId;
this.realmName = realmName;
}
}
@Schema(description = "Réponse des realms autorisés")
public static class AuthorizedRealmsResponse {
@Schema(description = "Liste des realms (vide si super admin)")
public List<String> realms;
@Schema(description = "L'utilisateur est super admin")
public boolean isSuperAdmin;
public AuthorizedRealmsResponse(List<String> realms, boolean isSuperAdmin) {
this.realms = realms;
this.isSuperAdmin = isSuperAdmin;
}
}
}

77
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/resource/RealmResource.java Normal file
View File

@@ -0,0 +1,77 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient;
import io.quarkus.security.identity.SecurityIdentity;
import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.ws.rs.GET;
import jakarta.ws.rs.Path;
import jakarta.ws.rs.Produces;
import jakarta.ws.rs.core.MediaType;
import jakarta.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j;
import org.eclipse.microprofile.openapi.annotations.Operation;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
import org.eclipse.microprofile.openapi.annotations.tags.Tag;
import java.util.List;
/**
* Ressource REST pour la gestion des realms Keycloak
*/
@Path("/api/realms")
@Tag(name = "Realms", description = "Gestion des realms Keycloak")
@Slf4j
public class RealmResource {
@Inject
KeycloakAdminClient keycloakAdminClient;
@Inject
SecurityIdentity securityIdentity;
@GET
@Path("/list")
@Produces(MediaType.APPLICATION_JSON)
@Operation(summary = "Lister tous les realms", description = "Récupère la liste de tous les realms disponibles dans Keycloak")
@APIResponses({
@APIResponse(responseCode = "200", description = "Liste des realms"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin", "user_manager", "user_viewer", "role_manager", "role_viewer"})
public Response getAllRealms() {
log.info("GET /api/realms/list");
try {
List<String> realms = keycloakAdminClient.getAllRealms();
log.info("Récupération réussie: {} realms trouvés", realms.size());
return Response.ok(realms).build();
} catch (Exception e) {
log.error("Erreur lors de la récupération des realms", e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
.entity(new ErrorResponse("Erreur lors de la récupération des realms: " + e.getMessage()))
.build();
}
}
/**
* Classe interne pour les réponses d'erreur
*/
public static class ErrorResponse {
private String message;
public ErrorResponse(String message) {
this.message = message;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
}
}

8
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/resource/RoleResource.java
View File

@@ -109,6 +109,7 @@ public class RoleResource {
@Operation(summary = "Lister tous les rôles realm", description = "Liste tous les rôles du realm")
@APIResponses({
@APIResponse(responseCode = "200", description = "Liste des rôles"),
@APIResponse(responseCode = "400", description = "Realm invalide ou inexistant"),
@APIResponse(responseCode = "500", description = "Erreur serveur")
})
@RolesAllowed({"admin", "role_manager", "role_viewer"})
@@ -120,6 +121,11 @@ public class RoleResource {
try {
List<RoleDTO> roles = roleService.getAllRealmRoles(realmName);
return Response.ok(roles).build();
} catch (IllegalArgumentException e) {
log.warn("Realm invalide ou inexistant: {}", e.getMessage());
return Response.status(Response.Status.BAD_REQUEST)
.entity(new ErrorResponse(e.getMessage()))
.build();
} catch (Exception e) {
log.error("Erreur lors de la récupération des rôles realm", e);
return Response.status(Response.Status.INTERNAL_SERVER_ERROR)
@@ -224,7 +230,7 @@ public class RoleResource {
clientId, realmName);
try {
RoleDTO createdRole = roleService.createClientRole(roleDTO, clientId, realmName);
RoleDTO createdRole = roleService.createClientRole(roleDTO, realmName, clientId);
return Response.status(Response.Status.CREATED).entity(createdRole).build();
} catch (IllegalArgumentException e) {
log.warn("Données invalides lors de la création du rôle client: {}", e.getMessage());

36
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/resource/UserResource.java
View File

@@ -4,6 +4,7 @@ import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
import dev.lions.user.manager.dto.user.UserSearchResultDTO;
import dev.lions.user.manager.service.UserService;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
@@ -31,6 +32,7 @@ import java.util.List;
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@Tag(name = "Users", description = "Gestion des utilisateurs Keycloak")
@PermitAll // DEV: Permet l'accès sans authentification (écrasé par @RolesAllowed sur les méthodes en PROD)
@Slf4j
public class UserResource {
@@ -162,12 +164,44 @@ public class UserResource {
@RolesAllowed({"admin", "user_manager"})
public Response updateUser(
@PathParam("userId") @NotBlank String userId,
@Valid @NotNull UserDTO user,
@NotNull UserDTO user,
@QueryParam("realm") @NotBlank String realmName
) {
log.info("PUT /api/users/{} - Mise à jour", userId);
try {
// Validation manuelle des champs obligatoires
if (user.getPrenom() == null || user.getPrenom().trim().isEmpty()) {
return Response.status(Response.Status.BAD_REQUEST)
.entity(new ErrorResponse("Le prénom est obligatoire"))
.build();
}
if (user.getPrenom().length() < 2 || user.getPrenom().length() > 100) {
return Response.status(Response.Status.BAD_REQUEST)
.entity(new ErrorResponse("Le prénom doit contenir entre 2 et 100 caractères"))
.build();
}
if (user.getNom() == null || user.getNom().trim().isEmpty()) {
return Response.status(Response.Status.BAD_REQUEST)
.entity(new ErrorResponse("Le nom est obligatoire"))
.build();
}
if (user.getNom().length() < 2 || user.getNom().length() > 100) {
return Response.status(Response.Status.BAD_REQUEST)
.entity(new ErrorResponse("Le nom doit contenir entre 2 et 100 caractères"))
.build();
}
if (user.getEmail() == null || user.getEmail().trim().isEmpty()) {
return Response.status(Response.Status.BAD_REQUEST)
.entity(new ErrorResponse("L'email est obligatoire"))
.build();
}
if (!user.getEmail().matches("^[A-Za-z0-9+_.-]+@(.+)$")) {
return Response.status(Response.Status.BAD_REQUEST)
.entity(new ErrorResponse("Format d'email invalide"))
.build();
}
UserDTO updatedUser = userService.updateUser(userId, user, realmName);
return Response.ok(updatedUser).build();
} catch (RuntimeException e) {

36
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/security/DevModeSecurityAugmentor.java Normal file
View File

@@ -0,0 +1,36 @@
package dev.lions.user.manager.security;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.SecurityIdentityAugmentor;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import jakarta.enterprise.context.ApplicationScoped;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import java.util.Set;
/**
* Augmenteur de sécurité pour le mode DEV
* Ajoute automatiquement les rôles admin et user_manager à toutes les requêtes
* Permet de tester l'API sans authentification Keycloak
*/
@ApplicationScoped
public class DevModeSecurityAugmentor implements SecurityIdentityAugmentor {
@ConfigProperty(name = "quarkus.oidc.enabled", defaultValue = "true")
boolean oidcEnabled;
@Override
public Uni<SecurityIdentity> augment(SecurityIdentity identity, AuthenticationRequestContext context) {
// Seulement actif si OIDC est désactivé (mode DEV)
if (!oidcEnabled && identity.isAnonymous()) {
// Créer une identité avec les rôles nécessaires pour DEV
return Uni.createFrom().item(QuarkusSecurityIdentity.builder(identity)
.setPrincipal(() -> "dev-user")
.addRoles(Set.of("admin", "user_manager", "user_viewer"))
.build());
}
return Uni.createFrom().item(identity);
}
}

22
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/security/DevSecurityContextProducer.java
View File

@@ -18,7 +18,7 @@ import java.security.Principal;
* En prod, laisse le SecurityContext réel de Quarkus
*/
@Provider
@Priority(Priorities.AUTHENTICATION - 1) // S'exécute avant l'authentification
@Priority(Priorities.AUTHENTICATION - 10) // S'exécute très tôt, avant l'authentification
public class DevSecurityContextProducer implements ContainerRequestFilter {
private static final Logger LOG = Logger.getLogger(DevSecurityContextProducer.class);
@@ -27,13 +27,27 @@ public class DevSecurityContextProducer implements ContainerRequestFilter {
@ConfigProperty(name = "quarkus.profile", defaultValue = "prod")
String profile;
@Inject
@ConfigProperty(name = "quarkus.oidc.enabled", defaultValue = "true")
boolean oidcEnabled;
@Override
public void filter(ContainerRequestContext requestContext) {
// En dev, remplacer le SecurityContext par un mock
if ("dev".equals(profile) || "development".equals(profile)) {
LOG.debug("Mode dev: remplacement du SecurityContext par un mock avec tous les rôles");
// Détecter le mode dev : si OIDC est désactivé, on est probablement en dev
// ou si le profil est explicitement "dev" ou "development"
boolean isDevMode = !oidcEnabled || "dev".equals(profile) || "development".equals(profile);
if (isDevMode) {
String path = requestContext.getUriInfo().getPath();
LOG.infof("Mode dev détecté (profile=%s, oidc.enabled=%s): remplacement du SecurityContext pour le chemin %s",
profile, oidcEnabled, path);
SecurityContext original = requestContext.getSecurityContext();
requestContext.setSecurityContext(new DevSecurityContext(original));
LOG.debugf("SecurityContext remplacé - isUserInRole('admin')=%s, isUserInRole('user_manager')=%s",
new DevSecurityContext(original).isUserInRole("admin"),
new DevSecurityContext(original).isUserInRole("user_manager"));
} else {
LOG.debugf("Mode prod - SecurityContext original conservé (profile=%s, oidc.enabled=%s)", profile, oidcEnabled);
}
}

72
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/service/exception/KeycloakServiceException.java Normal file
View File

@@ -0,0 +1,72 @@
package dev.lions.user.manager.service.exception;
/**
* Exception levée lorsqu'une erreur survient lors de l'appel au service Keycloak.
*
* @author Lions User Manager Team
* @version 1.0
*/
public class KeycloakServiceException extends RuntimeException {
private final int httpStatus;
private final String serviceName;
public KeycloakServiceException(String message) {
super(message);
this.httpStatus = 0;
this.serviceName = "Keycloak";
}
public KeycloakServiceException(String message, Throwable cause) {
super(message, cause);
this.httpStatus = 0;
this.serviceName = "Keycloak";
}
public KeycloakServiceException(String message, int httpStatus) {
super(message);
this.httpStatus = httpStatus;
this.serviceName = "Keycloak";
}
public KeycloakServiceException(String message, int httpStatus, Throwable cause) {
super(message, cause);
this.httpStatus = httpStatus;
this.serviceName = "Keycloak";
}
public int getHttpStatus() {
return httpStatus;
}
public String getServiceName() {
return serviceName;
}
/**
* Exception spécifique pour les erreurs de connexion (service indisponible)
*/
public static class ServiceUnavailableException extends KeycloakServiceException {
public ServiceUnavailableException(String message) {
super("Service Keycloak indisponible: " + message);
}
public ServiceUnavailableException(String message, Throwable cause) {
super("Service Keycloak indisponible: " + message, cause);
}
}
/**
* Exception spécifique pour les erreurs de timeout
*/
public static class TimeoutException extends KeycloakServiceException {
public TimeoutException(String message) {
super("Timeout lors de l'appel au service Keycloak: " + message);
}
public TimeoutException(String message, Throwable cause) {
super("Timeout lors de l'appel au service Keycloak: " + message, cause);
}
}
}

346
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/service/impl/RealmAuthorizationServiceImpl.java Normal file
View File

@@ -0,0 +1,346 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService;
import dev.lions.user.manager.service.RealmAuthorizationService;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import lombok.extern.slf4j.Slf4j;
import java.time.LocalDateTime;
import java.util.*;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.Collectors;
/**
* Implémentation du service d'autorisation multi-tenant par realm
*
* NOTE: Cette implémentation utilise un stockage en mémoire (ConcurrentHashMap)
* Pour la production, migrer vers une base de données PostgreSQL
*/
@ApplicationScoped
@Slf4j
public class RealmAuthorizationServiceImpl implements RealmAuthorizationService {
@Inject
AuditService auditService;
// Stockage temporaire en mémoire (à remplacer par BD en production)
private final Map<String, RealmAssignmentDTO> assignmentsById = new ConcurrentHashMap<>();
private final Map<String, Set<String>> userToRealms = new ConcurrentHashMap<>();
private final Map<String, Set<String>> realmToUsers = new ConcurrentHashMap<>();
private final Set<String> superAdmins = ConcurrentHashMap.newKeySet();
@Override
public List<RealmAssignmentDTO> getAllAssignments() {
log.debug("Récupération de toutes les assignations de realms");
return new ArrayList<>(assignmentsById.values());
}
@Override
public List<RealmAssignmentDTO> getAssignmentsByUser(@NotBlank String userId) {
log.debug("Récupération des assignations pour l'utilisateur: {}", userId);
return assignmentsById.values().stream()
.filter(assignment -> assignment.getUserId().equals(userId))
.filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired())
.collect(Collectors.toList());
}
@Override
public List<RealmAssignmentDTO> getAssignmentsByRealm(@NotBlank String realmName) {
log.debug("Récupération des assignations pour le realm: {}", realmName);
return assignmentsById.values().stream()
.filter(assignment -> assignment.getRealmName().equals(realmName))
.filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired())
.collect(Collectors.toList());
}
@Override
public Optional<RealmAssignmentDTO> getAssignmentById(@NotBlank String assignmentId) {
log.debug("Récupération de l'assignation: {}", assignmentId);
return Optional.ofNullable(assignmentsById.get(assignmentId));
}
@Override
public boolean canManageRealm(@NotBlank String userId, @NotBlank String realmName) {
log.debug("Vérification si {} peut gérer le realm {}", userId, realmName);
// Super admin peut tout gérer
if (isSuperAdmin(userId)) {
return true;
}
// Vérifier les assignations actives et non expirées
return assignmentsById.values().stream()
.anyMatch(assignment ->
assignment.getUserId().equals(userId) &&
assignment.getRealmName().equals(realmName) &&
assignment.isActive() &&
!assignment.isExpired()
);
}
@Override
public boolean isSuperAdmin(@NotBlank String userId) {
return superAdmins.contains(userId);
}
@Override
public List<String> getAuthorizedRealms(@NotBlank String userId) {
log.debug("Récupération des realms autorisés pour: {}", userId);
// Super admin retourne liste vide (convention: peut tout gérer)
if (isSuperAdmin(userId)) {
return Collections.emptyList();
}
// Retourner les realms assignés actifs et non expirés
return assignmentsById.values().stream()
.filter(assignment -> assignment.getUserId().equals(userId))
.filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired())
.map(RealmAssignmentDTO::getRealmName)
.distinct()
.collect(Collectors.toList());
}
@Override
public RealmAssignmentDTO assignRealmToUser(@Valid @NotNull RealmAssignmentDTO assignment) {
log.info("Assignation du realm {} à l'utilisateur {}",
assignment.getRealmName(), assignment.getUserId());
// Validation
if (assignment.getUserId() == null || assignment.getUserId().isBlank()) {
throw new IllegalArgumentException("L'ID utilisateur est obligatoire");
}
if (assignment.getRealmName() == null || assignment.getRealmName().isBlank()) {
throw new IllegalArgumentException("Le nom du realm est obligatoire");
}
// Vérifier si l'assignation existe déjà
if (assignmentExists(assignment.getUserId(), assignment.getRealmName())) {
throw new IllegalArgumentException(
String.format("L'utilisateur %s a déjà accès au realm %s",
assignment.getUserId(), assignment.getRealmName())
);
}
// Générer ID si absent
if (assignment.getId() == null) {
assignment.setId(UUID.randomUUID().toString());
}
// Compléter les métadonnées
assignment.setAssignedAt(LocalDateTime.now());
assignment.setActive(true);
assignment.setDateCreation(LocalDateTime.now());
// Stocker l'assignation
assignmentsById.put(assignment.getId(), assignment);
// Mettre à jour les index
userToRealms.computeIfAbsent(assignment.getUserId(), k -> ConcurrentHashMap.newKeySet())
.add(assignment.getRealmName());
realmToUsers.computeIfAbsent(assignment.getRealmName(), k -> ConcurrentHashMap.newKeySet())
.add(assignment.getUserId());
// Audit
auditService.logSuccess(
TypeActionAudit.REALM_ASSIGN,
"REALM_ASSIGNMENT",
assignment.getId(),
assignment.getUsername(),
assignment.getRealmName(),
assignment.getAssignedBy() != null ? assignment.getAssignedBy() : "system",
String.format("Assignation du realm %s à %s", assignment.getRealmName(), assignment.getUsername())
);
log.info("Realm {} assigné avec succès à {}", assignment.getRealmName(), assignment.getUserId());
return assignment;
}
@Override
public void revokeRealmFromUser(@NotBlank String userId, @NotBlank String realmName) {
log.info("Révocation du realm {} pour l'utilisateur {}", realmName, userId);
// Trouver et supprimer l'assignation
Optional<RealmAssignmentDTO> assignment = assignmentsById.values().stream()
.filter(a -> a.getUserId().equals(userId) && a.getRealmName().equals(realmName))
.findFirst();
if (assignment.isEmpty()) {
log.warn("Aucune assignation trouvée pour {} / {}", userId, realmName);
return;
}
RealmAssignmentDTO assignmentToRemove = assignment.get();
assignmentsById.remove(assignmentToRemove.getId());
// Mettre à jour les index
Set<String> realms = userToRealms.get(userId);
if (realms != null) {
realms.remove(realmName);
if (realms.isEmpty()) {
userToRealms.remove(userId);
}
}
Set<String> users = realmToUsers.get(realmName);
if (users != null) {
users.remove(userId);
if (users.isEmpty()) {
realmToUsers.remove(realmName);
}
}
// Audit
auditService.logSuccess(
TypeActionAudit.REALM_REVOKE,
"REALM_ASSIGNMENT",
assignmentToRemove.getId(),
assignmentToRemove.getUsername(),
realmName,
"system",
String.format("Révocation du realm %s pour %s", realmName, assignmentToRemove.getUsername())
);
log.info("Realm {} révoqué avec succès pour {}", realmName, userId);
}
@Override
public void revokeAllRealmsFromUser(@NotBlank String userId) {
log.info("Révocation de tous les realms pour l'utilisateur {}", userId);
List<RealmAssignmentDTO> userAssignments = getAssignmentsByUser(userId);
userAssignments.forEach(assignment ->
revokeRealmFromUser(userId, assignment.getRealmName())
);
log.info("{} realm(s) révoqué(s) pour {}", userAssignments.size(), userId);
}
@Override
public void revokeAllUsersFromRealm(@NotBlank String realmName) {
log.info("Révocation de tous les utilisateurs du realm {}", realmName);
List<RealmAssignmentDTO> realmAssignments = getAssignmentsByRealm(realmName);
realmAssignments.forEach(assignment ->
revokeRealmFromUser(assignment.getUserId(), realmName)
);
log.info("{} utilisateur(s) révoqué(s) du realm {}", realmAssignments.size(), realmName);
}
@Override
public void setSuperAdmin(@NotBlank String userId, boolean superAdmin) {
log.info("Définition de {} comme super admin: {}", userId, superAdmin);
if (superAdmin) {
superAdmins.add(userId);
auditService.logSuccess(
TypeActionAudit.REALM_SET_SUPER_ADMIN,
"USER",
userId,
userId,
"lions-user-manager",
"system",
String.format("Utilisateur %s défini comme super admin", userId)
);
} else {
superAdmins.remove(userId);
auditService.logSuccess(
TypeActionAudit.REALM_SET_SUPER_ADMIN,
"USER",
userId,
userId,
"lions-user-manager",
"system",
String.format("Privilèges super admin retirés pour %s", userId)
);
}
}
@Override
public void deactivateAssignment(@NotBlank String assignmentId) {
log.info("Désactivation de l'assignation {}", assignmentId);
RealmAssignmentDTO assignment = assignmentsById.get(assignmentId);
if (assignment == null) {
throw new IllegalArgumentException("Assignation non trouvée: " + assignmentId);
}
assignment.setActive(false);
assignment.setDateModification(LocalDateTime.now());
auditService.logSuccess(
TypeActionAudit.REALM_DEACTIVATE,
"REALM_ASSIGNMENT",
assignment.getId(),
assignment.getUsername(),
assignment.getRealmName(),
"system",
String.format("Désactivation de l'assignation %s", assignmentId)
);
}
@Override
public void activateAssignment(@NotBlank String assignmentId) {
log.info("Activation de l'assignation {}", assignmentId);
RealmAssignmentDTO assignment = assignmentsById.get(assignmentId);
if (assignment == null) {
throw new IllegalArgumentException("Assignation non trouvée: " + assignmentId);
}
assignment.setActive(true);
assignment.setDateModification(LocalDateTime.now());
auditService.logSuccess(
TypeActionAudit.REALM_ACTIVATE,
"REALM_ASSIGNMENT",
assignment.getId(),
assignment.getUsername(),
assignment.getRealmName(),
"system",
String.format("Activation de l'assignation %s", assignmentId)
);
}
@Override
public long countAssignmentsByUser(@NotBlank String userId) {
return assignmentsById.values().stream()
.filter(assignment -> assignment.getUserId().equals(userId))
.filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired())
.count();
}
@Override
public long countUsersByRealm(@NotBlank String realmName) {
return assignmentsById.values().stream()
.filter(assignment -> assignment.getRealmName().equals(realmName))
.filter(RealmAssignmentDTO::isActive)
.filter(assignment -> !assignment.isExpired())
.map(RealmAssignmentDTO::getUserId)
.distinct()
.count();
}
@Override
public boolean assignmentExists(@NotBlank String userId, @NotBlank String realmName) {
return assignmentsById.values().stream()
.anyMatch(assignment ->
assignment.getUserId().equals(userId) &&
assignment.getRealmName().equals(realmName) &&
assignment.isActive()
);
}
}

14
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/service/impl/RoleServiceImpl.java
View File

@@ -221,7 +221,7 @@ public class RoleServiceImpl implements RoleService {
try {
// Vérifier que le realm existe
if (!keycloakAdminClient.realmExists(realmName)) {
log.error("Le realm {} n'existe pas", realmName);
log.warn("Le realm {} n'existe pas", realmName);
throw new IllegalArgumentException("Le realm '" + realmName + "' n'existe pas");
}
@@ -232,7 +232,19 @@ public class RoleServiceImpl implements RoleService {
log.info("Récupération réussie: {} rôles trouvés dans le realm {}", roleReps.size(), realmName);
return RoleMapper.toDTOList(roleReps, realmName, TypeRole.REALM_ROLE);
} catch (NotFoundException e) {
log.warn("Realm {} non trouvé (404): {}", realmName, e.getMessage());
throw new IllegalArgumentException("Le realm '" + realmName + "' n'existe pas", e);
} catch (Exception e) {
// Vérifier si c'est une erreur 404 dans le message
String errorMessage = e.getMessage();
if (errorMessage != null && (errorMessage.contains("404") ||
errorMessage.contains("Server response is: 404") ||
errorMessage.contains("Not Found"))) {
log.warn("Realm {} non trouvé (404 détecté dans l'erreur): {}", realmName, errorMessage);
throw new IllegalArgumentException("Le realm '" + realmName + "' n'existe pas", e);
}
log.error("Erreur lors de la récupération des rôles realm du realm {}: {}", realmName, e.getMessage(), e);
throw new RuntimeException("Erreur lors de la récupération des rôles realm: " + e.getMessage(), e);
}

460
lions-user-manager-server-impl-quarkus/src/main/java/dev/lions/user/manager/service/impl/UserServiceImpl.java
View File

@@ -6,18 +6,23 @@ import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
import dev.lions.user.manager.dto.user.UserSearchResultDTO;
import dev.lions.user.manager.mapper.UserMapper;
import dev.lions.user.manager.service.UserService;
import dev.lions.user.manager.service.exception.KeycloakServiceException;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.Response;
import lombok.extern.slf4j.Slf4j;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import java.net.ConnectException;
import java.net.SocketTimeoutException;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
@@ -48,30 +53,28 @@ public class UserServiceImpl implements UserService {
if (criteria.getSearchTerm() != null && !criteria.getSearchTerm().isBlank()) {
// Recherche globale
users = usersResource.search(
criteria.getSearchTerm(),
criteria.getOffset(),
criteria.getPageSize()
);
criteria.getSearchTerm(),
criteria.getOffset(),
criteria.getPageSize());
} else if (criteria.getUsername() != null) {
// Recherche par username exact
users = usersResource.search(
criteria.getUsername(),
criteria.getOffset(),
criteria.getPageSize(),
true // exact match
criteria.getUsername(),
criteria.getOffset(),
criteria.getPageSize(),
true // exact match
);
} else if (criteria.getEmail() != null) {
// Recherche par email
users = usersResource.searchByEmail(
criteria.getEmail(),
true // exact match
criteria.getEmail(),
true // exact match
);
} else {
// Liste tous les utilisateurs
users = usersResource.list(
criteria.getOffset(),
criteria.getPageSize()
);
criteria.getOffset(),
criteria.getPageSize());
}
// Filtrer selon les critères supplémentaires
@@ -88,7 +91,8 @@ public class UserServiceImpl implements UserService {
} catch (Exception e) {
log.error("Erreur lors de la recherche d'utilisateurs", e);
throw new RuntimeException("Impossible de rechercher les utilisateurs", e);
handleConnectionException(e, "recherche d'utilisateurs");
return null; // Ne sera jamais atteint car handleConnectionException lance une exception
}
}
@@ -99,13 +103,40 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
UserRepresentation userRep = userResource.toRepresentation();
return Optional.of(UserMapper.toDTO(userRep, realmName));
UserDTO userDTO = UserMapper.toDTO(userRep, realmName);
// Récupérer les rôles realm de l'utilisateur
try {
List<RoleRepresentation> realmRoles = userResource.roles().realmLevel().listAll();
if (realmRoles != null && !realmRoles.isEmpty()) {
List<String> roleNames = realmRoles.stream()
.map(RoleRepresentation::getName)
.collect(Collectors.toList());
userDTO.setRealmRoles(roleNames);
}
} catch (Exception e) {
log.warn("Erreur lors de la récupération des rôles realm pour l'utilisateur {}: {}", userId,
e.getMessage());
// Ne pas échouer si les rôles ne peuvent pas être récupérés
}
return Optional.of(userDTO);
} catch (NotFoundException e) {
log.warn("Utilisateur {} non trouvé dans le realm {}", userId, realmName);
return Optional.empty();
} catch (Exception e) {
// Vérifier si l'exception contient un message indiquant un 404
String errorMessage = e.getMessage();
if (errorMessage != null && (errorMessage.contains("404") ||
errorMessage.contains("Server response is: 404") ||
errorMessage.contains("Received: 'Server response is: 404'"))) {
log.warn("Utilisateur {} non trouvé dans le realm {} (404 détecté dans l'exception)", userId,
realmName);
return Optional.empty();
}
log.error("Erreur lors de la récupération de l'utilisateur {}", userId, e);
throw new RuntimeException("Impossible de récupérer l'utilisateur", e);
handleConnectionException(e, "récupération de l'utilisateur " + userId);
return Optional.empty(); // Ne sera jamais atteint mais nécessaire pour le compilateur
}
}
@@ -115,7 +146,12 @@ public class UserServiceImpl implements UserService {
try {
List<UserRepresentation> users = keycloakAdminClient.getUsers(realmName)
.search(username, 0, 1, true);
.search(username, 0, 1, true);
if (users == null) {
log.warn("Liste d'utilisateurs null retournée pour username {} dans le realm {}", username, realmName);
return Optional.empty();
}
if (users.isEmpty()) {
return Optional.empty();
@@ -124,7 +160,8 @@ public class UserServiceImpl implements UserService {
return Optional.of(UserMapper.toDTO(users.get(0), realmName));
} catch (Exception e) {
log.error("Erreur lors de la récupération de l'utilisateur par username {}", username, e);
throw new RuntimeException("Impossible de récupérer l'utilisateur", e);
handleConnectionException(e, "récupération de l'utilisateur par username " + username);
return Optional.empty(); // Ne sera jamais atteint mais nécessaire pour le compilateur
}
}
@@ -134,7 +171,12 @@ public class UserServiceImpl implements UserService {
try {
List<UserRepresentation> users = keycloakAdminClient.getUsers(realmName)
.searchByEmail(email, true);
.searchByEmail(email, true);
if (users == null) {
log.warn("Liste d'utilisateurs null retournée pour email {} dans le realm {}", email, realmName);
return Optional.empty();
}
if (users.isEmpty()) {
return Optional.empty();
@@ -143,7 +185,8 @@ public class UserServiceImpl implements UserService {
return Optional.of(UserMapper.toDTO(users.get(0), realmName));
} catch (Exception e) {
log.error("Erreur lors de la récupération de l'utilisateur par email {}", email, e);
throw new RuntimeException("Impossible de récupérer l'utilisateur", e);
handleConnectionException(e, "récupération de l'utilisateur par email " + email);
return Optional.empty(); // Ne sera jamais atteint mais nécessaire pour le compilateur
}
}
@@ -166,10 +209,39 @@ public class UserServiceImpl implements UserService {
// Créer l'utilisateur
UsersResource usersResource = keycloakAdminClient.getUsers(realmName);
var response = usersResource.create(userRep);
Response response = usersResource.create(userRep);
if (response.getStatus() != 201) {
throw new RuntimeException("Échec de la création de l'utilisateur: " + response.getStatusInfo());
// Vérifier si la réponse est null (erreur de connexion)
if (response == null) {
log.error("❌ Réponse null lors de la création de l'utilisateur {} - Service Keycloak indisponible", user.getUsername());
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour créer l'utilisateur: " + user.getUsername());
}
// Vérifier le code de statut HTTP
int status = response.getStatus();
if (status != Response.Status.CREATED.getStatusCode()) {
String errorMessage = "Échec de la création de l'utilisateur";
if (response.getStatusInfo() != null) {
errorMessage += ": " + response.getStatusInfo();
}
// Gérer les différents codes d'erreur HTTP
if (status == 400) {
throw new KeycloakServiceException("Données invalides pour la création de l'utilisateur: " + errorMessage, status);
} else if (status == 409) {
throw new IllegalArgumentException("L'utilisateur existe déjà (conflit détecté par Keycloak)");
} else if (status == 503 || status == 502) {
throw new KeycloakServiceException.ServiceUnavailableException("Service Keycloak indisponible: " + errorMessage);
} else {
throw new KeycloakServiceException(errorMessage, status);
}
}
// Vérifier que la location est présente
if (response.getLocation() == null) {
log.error("❌ Location manquante dans la réponse de création pour l'utilisateur {}", user.getUsername());
throw new KeycloakServiceException("Réponse invalide du service Keycloak: location manquante", status);
}
// Récupérer l'ID de l'utilisateur créé
@@ -178,7 +250,7 @@ public class UserServiceImpl implements UserService {
// Définir le mot de passe si fourni
if (user.getTemporaryPassword() != null) {
setPassword(userId, realmName, user.getTemporaryPassword(),
user.getTemporaryPasswordFlag() != null && user.getTemporaryPasswordFlag());
user.getTemporaryPasswordFlag() != null && user.getTemporaryPasswordFlag());
}
// Récupérer l'utilisateur créé
@@ -188,9 +260,16 @@ public class UserServiceImpl implements UserService {
log.info("✅ Utilisateur créé avec succès: {} (ID: {})", user.getUsername(), userId);
return UserMapper.toDTO(createdUser, realmName);
} catch (IllegalArgumentException e) {
// Répercuter les erreurs de validation
throw e;
} catch (KeycloakServiceException e) {
// Répercuter les erreurs de service
throw e;
} catch (Exception e) {
log.error("❌ Erreur lors de la création de l'utilisateur {}", user.getUsername(), e);
throw new RuntimeException("Impossible de créer l'utilisateur", e);
handleConnectionException(e, "création de l'utilisateur " + user.getUsername());
return null; // Ne sera jamais atteint car handleConnectionException lance une exception
}
}
@@ -201,8 +280,21 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
// Vérifier si userResource est null (peut arriver si la connexion échoue)
if (userResource == null) {
log.error("❌ UserResource null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour mettre à jour l'utilisateur: " + userId);
}
// Récupérer l'utilisateur existant
UserRepresentation existingUser = userResource.toRepresentation();
if (existingUser == null) {
log.error("❌ UserRepresentation null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de récupérer les données de l'utilisateur depuis Keycloak: " + userId);
}
// Mettre à jour les champs
if (user.getEmail() != null) {
@@ -229,16 +321,24 @@ public class UserServiceImpl implements UserService {
// Récupérer l'utilisateur mis à jour
UserRepresentation updatedUser = userResource.toRepresentation();
if (updatedUser == null) {
log.error("❌ UserRepresentation null après mise à jour pour l'utilisateur {}", userId);
throw new KeycloakServiceException("Impossible de récupérer l'utilisateur mis à jour", 500);
}
log.info("✅ Utilisateur mis à jour avec succès: {}", userId);
return UserMapper.toDTO(updatedUser, realmName);
} catch (NotFoundException e) {
log.error("❌ Utilisateur {} non trouvé", userId);
throw new RuntimeException("Utilisateur non trouvé", e);
throw new KeycloakServiceException("Utilisateur non trouvé: " + userId, 404, e);
} catch (KeycloakServiceException e) {
throw e;
} catch (Exception e) {
log.error("❌ Erreur lors de la mise à jour de l'utilisateur {}", userId, e);
throw new RuntimeException("Impossible de mettre à jour l'utilisateur", e);
handleConnectionException(e, "mise à jour de l'utilisateur " + userId);
return null; // Ne sera jamais atteint car handleConnectionException lance une exception
}
}
@@ -248,6 +348,12 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
if (userResource == null) {
log.error("❌ UserResource null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour supprimer l'utilisateur: " + userId);
}
if (hardDelete) {
// Suppression définitive
@@ -256,6 +362,11 @@ public class UserServiceImpl implements UserService {
} else {
// Soft delete: désactiver l'utilisateur
UserRepresentation user = userResource.toRepresentation();
if (user == null) {
log.error("❌ UserRepresentation null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de récupérer les données de l'utilisateur depuis Keycloak: " + userId);
}
user.setEnabled(false);
userResource.update(user);
log.info("✅ Utilisateur désactivé (soft delete): {}", userId);
@@ -263,10 +374,12 @@ public class UserServiceImpl implements UserService {
} catch (NotFoundException e) {
log.error("❌ Utilisateur {} non trouvé", userId);
throw new RuntimeException("Utilisateur non trouvé", e);
throw new KeycloakServiceException("Utilisateur non trouvé: " + userId, 404, e);
} catch (KeycloakServiceException e) {
throw e;
} catch (Exception e) {
log.error("❌ Erreur lors de la suppression de l'utilisateur {}", userId, e);
throw new RuntimeException("Impossible de supprimer l'utilisateur", e);
handleConnectionException(e, "suppression de l'utilisateur " + userId);
}
}
@@ -276,14 +389,30 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
if (userResource == null) {
log.error("❌ UserResource null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour activer l'utilisateur: " + userId);
}
UserRepresentation user = userResource.toRepresentation();
if (user == null) {
log.error("❌ UserRepresentation null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de récupérer les données de l'utilisateur depuis Keycloak: " + userId);
}
user.setEnabled(true);
userResource.update(user);
log.info("✅ Utilisateur activé: {}", userId);
} catch (KeycloakServiceException e) {
throw e;
} catch (Exception e) {
log.error("❌ Erreur lors de l'activation de l'utilisateur {}", userId, e);
throw new RuntimeException("Impossible d'activer l'utilisateur", e);
handleConnectionException(e, "activation de l'utilisateur " + userId);
}
}
@@ -293,21 +422,37 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
if (userResource == null) {
log.error("❌ UserResource null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour désactiver l'utilisateur: " + userId);
}
UserRepresentation user = userResource.toRepresentation();
if (user == null) {
log.error("❌ UserRepresentation null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de récupérer les données de l'utilisateur depuis Keycloak: " + userId);
}
user.setEnabled(false);
userResource.update(user);
log.info("✅ Utilisateur désactivé: {}", userId);
} catch (KeycloakServiceException e) {
throw e;
} catch (Exception e) {
log.error("❌ Erreur lors de la désactivation de l'utilisateur {}", userId, e);
throw new RuntimeException("Impossible de désactiver l'utilisateur", e);
handleConnectionException(e, "désactivation de l'utilisateur " + userId);
}
}
@Override
public void suspendUser(@NotBlank String userId, @NotBlank String realmName, String raison, int duree) {
log.info("Suspension de l'utilisateur {} dans le realm {} (raison: {}, durée: {} jours)",
userId, realmName, raison, duree);
userId, realmName, raison, duree);
deactivateUser(userId, realmName, raison);
}
@@ -320,7 +465,7 @@ public class UserServiceImpl implements UserService {
@Override
public void resetPassword(@NotBlank String userId, @NotBlank String realmName,
@NotBlank String temporaryPassword, boolean temporary) {
@NotBlank String temporaryPassword, boolean temporary) {
log.info("Réinitialisation du mot de passe pour l'utilisateur {} (temporaire: {})", userId, temporary);
setPassword(userId, realmName, temporaryPassword, temporary);
@@ -332,12 +477,21 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
if (userResource == null) {
log.error("❌ UserResource null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour envoyer l'email de vérification: " + userId);
}
userResource.sendVerifyEmail();
log.info("✅ Email de vérification envoyé: {}", userId);
} catch (KeycloakServiceException e) {
throw e;
} catch (Exception e) {
log.error("❌ Erreur lors de l'envoi de l'email de vérification pour {}", userId, e);
throw new RuntimeException("Impossible d'envoyer l'email de vérification", e);
handleConnectionException(e, "envoi de l'email de vérification pour l'utilisateur " + userId);
}
}
@@ -347,14 +501,24 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
int sessionsCount = userResource.getUserSessions().size();
if (userResource == null) {
log.error("❌ UserResource null pour l'utilisateur {} - Service Keycloak indisponible", userId);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour déconnecter les sessions: " + userId);
}
int sessionsCount = userResource.getUserSessions() != null ? userResource.getUserSessions().size() : 0;
userResource.logout();
log.info("✅ {} sessions révoquées pour l'utilisateur {}", sessionsCount, userId);
return sessionsCount;
} catch (KeycloakServiceException e) {
throw e;
} catch (Exception e) {
log.error("❌ Erreur lors de la déconnexion des sessions pour {}", userId, e);
throw new RuntimeException("Impossible de déconnecter les sessions", e);
handleConnectionException(e, "déconnexion des sessions pour l'utilisateur " + userId);
return 0; // Ne sera jamais atteint car handleConnectionException lance une exception
}
}
@@ -365,8 +529,8 @@ public class UserServiceImpl implements UserService {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
return userResource.getUserSessions().stream()
.map(session -> session.getId())
.collect(Collectors.toList());
.map(session -> session.getId())
.collect(Collectors.toList());
} catch (Exception e) {
log.error("❌ Erreur lors de la récupération des sessions pour {}", userId, e);
return Collections.emptyList();
@@ -386,10 +550,10 @@ public class UserServiceImpl implements UserService {
@Override
public UserSearchResultDTO getAllUsers(@NotBlank String realmName, int page, int pageSize) {
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(realmName)
.page(page)
.pageSize(pageSize)
.build();
.realmName(realmName)
.page(page)
.pageSize(pageSize)
.build();
return searchUsers(criteria);
}
@@ -398,7 +562,7 @@ public class UserServiceImpl implements UserService {
public boolean usernameExists(@NotBlank String username, @NotBlank String realmName) {
try {
List<UserRepresentation> users = keycloakAdminClient.getUsers(realmName)
.search(username, 0, 1, true);
.search(username, 0, 1, true);
return !users.isEmpty();
} catch (Exception e) {
log.error("Erreur lors de la vérification de l'existence du username {}", username, e);
@@ -410,7 +574,7 @@ public class UserServiceImpl implements UserService {
public boolean emailExists(@NotBlank String email, @NotBlank String realmName) {
try {
List<UserRepresentation> users = keycloakAdminClient.getUsers(realmName)
.searchByEmail(email, true);
.searchByEmail(email, true);
return !users.isEmpty();
} catch (Exception e) {
log.error("Erreur lors de la vérification de l'existence de l'email {}", email, e);
@@ -420,19 +584,188 @@ public class UserServiceImpl implements UserService {
@Override
public String exportUsersToCSV(@NotNull UserSearchCriteriaDTO criteria) {
// TODO: Implémenter l'export CSV
throw new UnsupportedOperationException("Export CSV non implémenté");
log.info("Export des utilisateurs en CSV pour le realm {}", criteria.getRealmName());
// Disable pagination for export to get all users
int originalPageSize = criteria.getPageSize();
criteria.setPageSize(10000); // Set a large limit or handle pagination loops
UserSearchResultDTO result = searchUsers(criteria);
criteria.setPageSize(originalPageSize); // Restore
StringBuilder csv = new StringBuilder();
csv.append("username,email,firstName,lastName,enabled\n");
for (UserDTO user : result.getUsers()) {
csv.append(escape(user.getUsername())).append(",");
csv.append(escape(user.getEmail())).append(",");
csv.append(escape(user.getPrenom())).append(",");
csv.append(escape(user.getNom())).append(",");
csv.append(user.getEnabled() != null ? user.getEnabled() : true).append("\n");
}
return csv.toString();
}
@Override
public int importUsersFromCSV(@NotBlank String csvContent, @NotBlank String realmName) {
// TODO: Implémenter l'import CSV
throw new UnsupportedOperationException("Import CSV non implémenté");
log.info("Import des utilisateurs depuis CSV pour le realm {}", realmName);
String[] lines = csvContent.split("\\r?\\n");
int count = 0;
int startIndex = 0;
// Skip header if present
if (lines.length > 0 && lines[0].toLowerCase().startsWith("username")) {
startIndex = 1;
}
for (int i = startIndex; i < lines.length; i++) {
String line = lines[i].trim();
if (line.isEmpty())
continue;
try {
String[] parts = parseCSVLine(line);
if (parts.length < 5) {
log.warn("Ligne CSV invalide ignorée (pas assez de colonnes): {}", line);
continue;
}
String username = parts[0];
String email = parts[1];
String firstName = parts[2];
String lastName = parts[3];
boolean enabled = Boolean.parseBoolean(parts[4]);
if (username == null || username.isBlank()) {
log.warn("Username manquant à la ligne {}", i + 1);
continue;
}
UserDTO userDTO = UserDTO.builder()
.username(username)
.email(email.isBlank() ? null : email)
.prenom(firstName.isBlank() ? null : firstName)
.nom(lastName.isBlank() ? null : lastName)
.enabled(enabled)
.build();
createUser(userDTO, realmName);
count++;
} catch (Exception e) {
log.error("Erreur lors de l'import de la ligne {}: {}", i + 1, e.getMessage());
// Continue with next line
}
}
log.info("✅ {} utilisateurs importés avec succès", count);
return count;
}
private String escape(String data) {
if (data == null)
return "";
String escapedData = data.replaceAll("\"", "\"\"");
if (escapedData.contains(",") || escapedData.contains("\n") || escapedData.contains("\"")) {
return "\"" + escapedData + "\"";
}
return escapedData;
}
private String[] parseCSVLine(String line) {
// Simple regex to split by comma but ignoring commas inside quotes
// This regex handles: "value",value,"val,ue"
String[] tokens = line.split(",(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)", -1);
for (int i = 0; i < tokens.length; i++) {
String token = tokens[i].trim();
if (token.startsWith("\"") && token.endsWith("\"")) {
token = token.substring(1, token.length() - 1);
token = token.replaceAll("\"\"", "\"");
}
tokens[i] = token;
}
return tokens;
}
// ==================== Méthodes privées ====================
private void setPassword(String userId, String realmName, String password, boolean temporary) {
/**
* Valide une réponse HTTP du service Keycloak.
*
* @param response La réponse à valider
* @param operation Nom de l'opération (pour les logs)
* @param expectedStatus Le code de statut HTTP attendu
* @throws KeycloakServiceException si la réponse est null ou a un code d'erreur
*/
private void validateResponse(Response response, String operation, int expectedStatus) {
if (response == null) {
log.error("❌ Réponse null lors de l'opération {} - Service Keycloak indisponible", operation);
throw new KeycloakServiceException.ServiceUnavailableException(
"Impossible de se connecter au service Keycloak pour l'opération: " + operation);
}
int status = response.getStatus();
if (status != expectedStatus) {
String errorMessage = "Échec de l'opération: " + operation;
if (response.getStatusInfo() != null) {
errorMessage += " - " + response.getStatusInfo();
}
// Gérer les différents codes d'erreur HTTP
if (status == 400) {
throw new KeycloakServiceException("Données invalides: " + errorMessage, status);
} else if (status == 401) {
throw new KeycloakServiceException("Non autorisé: " + errorMessage, status);
} else if (status == 403) {
throw new KeycloakServiceException("Accès interdit: " + errorMessage, status);
} else if (status == 404) {
throw new KeycloakServiceException("Ressource non trouvée: " + errorMessage, status);
} else if (status == 409) {
throw new KeycloakServiceException("Conflit: " + errorMessage, status);
} else if (status == 500) {
throw new KeycloakServiceException("Erreur serveur interne Keycloak: " + errorMessage, status);
} else if (status == 502 || status == 503) {
throw new KeycloakServiceException.ServiceUnavailableException("Service Keycloak indisponible: " + errorMessage);
} else if (status == 504) {
throw new KeycloakServiceException.TimeoutException("Timeout lors de l'opération: " + operation);
} else {
throw new KeycloakServiceException(errorMessage, status);
}
}
}
/**
* Gère les exceptions de connexion et les convertit en KeycloakServiceException appropriée.
*
* @throws KeycloakServiceException toujours (lève une exception)
*/
private void handleConnectionException(Exception e, String operation) throws KeycloakServiceException {
String errorMessage = e.getMessage();
if (e instanceof ConnectException ||
e instanceof SocketTimeoutException ||
(errorMessage != null && (errorMessage.contains("Connection") ||
errorMessage.contains("timeout") ||
errorMessage.contains("refused") ||
errorMessage.contains("Unable to connect")))) {
log.error("❌ Erreur de connexion au service Keycloak lors de l'opération {}", operation, e);
throw new KeycloakServiceException.ServiceUnavailableException(
"Erreur de connexion au service Keycloak: " + (errorMessage != null ? errorMessage : e.getClass().getSimpleName()), e);
}
// Pour les autres exceptions, vérifier si c'est une KeycloakServiceException déjà
if (e instanceof KeycloakServiceException) {
throw (KeycloakServiceException) e;
}
// Sinon, encapsuler dans une KeycloakServiceException générique
throw new KeycloakServiceException("Erreur lors de l'opération " + operation + ": " +
(errorMessage != null ? errorMessage : e.getClass().getSimpleName()), e);
}
private void setPassword(String userId, String realmName, String password, boolean temporary) throws KeycloakServiceException {
try {
UserResource userResource = keycloakAdminClient.getUsers(realmName).get(userId);
@@ -446,27 +779,28 @@ public class UserServiceImpl implements UserService {
log.info("✅ Mot de passe défini pour l'utilisateur {} (temporaire: {})", userId, temporary);
} catch (Exception e) {
log.error("❌ Erreur lors de la définition du mot de passe pour {}", userId, e);
throw new RuntimeException("Impossible de définir le mot de passe", e);
handleConnectionException(e, "définition du mot de passe pour l'utilisateur " + userId);
}
}
private List<UserRepresentation> filterUsers(List<UserRepresentation> users, UserSearchCriteriaDTO criteria) {
return users.stream()
.filter(user -> {
// Filtrer par enabled
if (criteria.getEnabled() != null && !criteria.getEnabled().equals(user.isEnabled())) {
return false;
}
.filter(user -> {
// Filtrer par enabled
if (criteria.getEnabled() != null && !criteria.getEnabled().equals(user.isEnabled())) {
return false;
}
// Filtrer par emailVerified
if (criteria.getEmailVerified() != null && !criteria.getEmailVerified().equals(user.isEmailVerified())) {
return false;
}
// Filtrer par emailVerified
if (criteria.getEmailVerified() != null
&& !criteria.getEmailVerified().equals(user.isEmailVerified())) {
return false;
}
// TODO: Ajouter d'autres filtres selon les besoins
// TODO: Ajouter d'autres filtres selon les besoins
return true;
})
.collect(Collectors.toList());
return true;
})
.collect(Collectors.toList());
}
}

146
lions-user-manager-server-impl-quarkus/src/main/resources/application-dev.properties
View File

@@ -1,99 +1,105 @@
# ============================================================================
# Lions User Manager - Server Implementation Configuration - DEV
# Lions User Manager Server - Configuration Développement
# ============================================================================
# Ce fichier contient TOUTES les propriétés spécifiques au développement
# Il surcharge et complète application.properties
# ============================================================================
# HTTP Configuration
# ============================================
# HTTP Configuration DEV
# ============================================
quarkus.http.port=8081
quarkus.http.host=localhost
quarkus.http.cors=true
quarkus.http.cors.origins=http://localhost:3000,http://localhost:8080
quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
quarkus.http.cors.headers=*
# Keycloak OIDC Configuration (DEV)
# Backend n'utilise PAS OIDC - il utilise directement l'Admin API
# CORS permissif en dev
quarkus.http.cors.origins=*
# ============================================
# Logging DEV (plus verbeux)
# ============================================
quarkus.log.level=DEBUG
quarkus.log.category."dev.lions.user.manager".level=TRACE
quarkus.log.category."org.keycloak".level=DEBUG
quarkus.log.category."io.quarkus.oidc".level=DEBUG
quarkus.log.category."io.quarkus.oidc.runtime".level=DEBUG
quarkus.log.category."io.quarkus.security".level=DEBUG
quarkus.log.console.format=%d{HH:mm:ss} %-5p [%c{2.}] (%t) %s%e%n
# File Logging pour Audit (DEV)
quarkus.log.file.path=logs/dev/lions-user-manager.log
quarkus.log.file.rotation.max-backup-index=3
# ============================================
# OIDC Configuration DEV - DÉSACTIVÉ PAR DÉFAUT
# ============================================
# En mode DEV, on désactive OIDC sur le backend pour simplifier le développement
# Le client JSF est sécurisé, mais le backend accepte toutes les requêtes
# ATTENTION: NE JAMAIS utiliser cette config en production !
quarkus.oidc.enabled=false
quarkus.oidc.dev-ui.enabled=false
quarkus.oidc.discovery-enabled=false
# Keycloak Admin Client Configuration (DEV)
# Alternative: Si vous voulez activer OIDC en dev (pour tester le flow complet),
# commentez la ligne "quarkus.oidc.enabled=false" ci-dessus et décommentez ci-dessous:
#
# quarkus.oidc.enabled=true
# quarkus.oidc.auth-server-url=http://localhost:8180/realms/lions-user-manager
# quarkus.oidc.tls.verification=none
# quarkus.oidc.token.issuer=http://localhost:8180/realms/lions-user-manager
# quarkus.oidc.discovery-enabled=true
# quarkus.oidc.token.audience=account
# quarkus.oidc.verify-access-token=true
# quarkus.oidc.roles.role-claim-path=realm_access/roles
# quarkus.security.auth.enabled=true
# ============================================
# Keycloak Admin Client Configuration DEV
# ============================================
# Configuration pour accéder à l'API Admin de Keycloak local
# IMPORTANT: L'utilisateur admin se trouve dans le realm "master", pas "lions-user-manager"
lions.keycloak.server-url=http://localhost:8180
lions.keycloak.admin-realm=master
lions.keycloak.admin-client-id=admin-cli
lions.keycloak.admin-username=admin
lions.keycloak.admin-password=admin
lions.keycloak.connection-pool-size=5
lions.keycloak.timeout-seconds=30
# Realms autorisés (DEV)
lions.keycloak.authorized-realms=lions-user-manager,master,btpxpress,test-realm
# Timeout augmenté pour Keycloak local (peut être lent au démarrage)
lions.keycloak.timeout-seconds=60
# Circuit Breaker Configuration (DEV - plus permissif)
quarkus.smallrye-fault-tolerance.enabled=true
# Realms autorisés en dev
lions.keycloak.authorized-realms=lions-user-manager,btpxpress,master,unionflow
# Retry Configuration (DEV)
lions.keycloak.retry.max-attempts=3
lions.keycloak.retry.delay-seconds=1
# Audit Configuration (DEV)
lions.audit.enabled=true
lions.audit.log-to-database=false
lions.audit.log-to-file=true
# ============================================
# Audit Configuration DEV
# ============================================
lions.audit.retention-days=30
# Database Configuration (DEV - optionnel)
# Décommenter pour utiliser une DB locale
#quarkus.datasource.db-kind=postgresql
#quarkus.datasource.username=postgres
#quarkus.datasource.password=postgres
#quarkus.datasource.jdbc.url=jdbc:postgresql://localhost:5432/lions_audit_dev
#quarkus.hibernate-orm.database.generation=update
#quarkus.flyway.migrate-at-start=false
# Logging Configuration (DEV)
quarkus.log.level=INFO
quarkus.log.category."dev.lions.user.manager".level=DEBUG
quarkus.log.category."org.keycloak".level=INFO
quarkus.log.category."io.quarkus".level=INFO
quarkus.log.category."io.quarkus.oidc".level=WARN
quarkus.log.console.enable=true
quarkus.log.console.format=%d{HH:mm:ss} %-5p [%c{2.}] (%t) %s%e%n
# quarkus.log.console.color est déprécié dans Quarkus 3.x
# File Logging pour Audit (DEV)
quarkus.log.file.enable=true
quarkus.log.file.path=logs/dev/lions-user-manager.log
quarkus.log.file.rotation.max-file-size=10M
quarkus.log.file.rotation.max-backup-index=3
# OpenAPI/Swagger Configuration (DEV - toujours activé)
quarkus.swagger-ui.always-include=true
# ============================================
# OpenAPI/Swagger Configuration DEV
# ============================================
quarkus.swagger-ui.enable=true
# Le chemin par défaut est /q/swagger-ui (pas besoin de le spécifier)
# Dev Services (activé en DEV)
quarkus.devservices.enabled=false
# Security Configuration (DEV)
# ============================================
# Security Configuration DEV
# ============================================
# Security désactivée en dev (car OIDC est désactivé)
quarkus.security.auth.enabled=false
quarkus.security.jaxrs.deny-unannotated-endpoints=false
# En dev, désactiver la vérification proactive de sécurité pour permettre @RolesAllowed
# de fonctionner sans authentification (pour faciliter les tests locaux)
# En prod, @RolesAllowed sera géré normalement par Quarkus Security avec OIDC/Keycloak
quarkus.security.auth.proactive=false
# Hot Reload
# Permissions HTTP - Accès public à tous les endpoints en DEV
quarkus.http.auth.permission.public.paths=/api/*,/q/*,/health/*,/metrics,/swagger-ui/*,/openapi
quarkus.http.auth.permission.public.policy=permit
# ============================================
# Hot Reload et Dev Mode
# ============================================
quarkus.live-reload.instrumentation=true
# Désactiver le continuous testing qui bloque le démarrage
quarkus.test.continuous-testing=disabled
quarkus.profile=dev
# Indexer les dépendances Keycloak pour éviter les warnings
# ============================================
# Indexation des dépendances Keycloak
# ============================================
quarkus.index-dependency.keycloak-admin.group-id=org.keycloak
quarkus.index-dependency.keycloak-admin.artifact-id=keycloak-admin-client
quarkus.index-dependency.keycloak-core.group-id=org.keycloak
quarkus.index-dependency.keycloak-core.artifact-id=keycloak-core
# Jackson - Ignorer les propriétés inconnues pour compatibilité Keycloak
quarkus.jackson.fail-on-unknown-properties=false

162
lions-user-manager-server-impl-quarkus/src/main/resources/application-prod.properties
View File

@@ -1,113 +1,119 @@
# ============================================================================
# Lions User Manager - Server Implementation Configuration - PRODUCTION
# Lions User Manager Server - Configuration Production
# ============================================================================
# Ce fichier contient TOUTES les propriétés spécifiques à la production
# Il surcharge et complète application.properties
# ============================================================================
# HTTP Configuration
quarkus.http.port=8081
quarkus.http.host=0.0.0.0
quarkus.http.cors=true
quarkus.http.cors.origins=https://btpxpress.lions.dev,https://admin.lions.dev
quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
quarkus.http.cors.headers=*
# ============================================
# HTTP Configuration PROD
# ============================================
quarkus.http.port=8080
# Keycloak OIDC Configuration (PROD)
quarkus.oidc.auth-server-url=https://security.lions.dev/realms/master
quarkus.oidc.client-id=lions-user-manager
# CORS restrictif en production (via variable d'environnement)
quarkus.http.cors.origins=${CORS_ORIGINS:https://btpxpress.lions.dev,https://admin.lions.dev}
# ============================================
# Logging PROD (moins verbeux)
# ============================================
quarkus.log.level=INFO
quarkus.log.category."dev.lions.user.manager".level=INFO
quarkus.log.category."org.keycloak".level=WARN
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
# File Logging pour Audit (PROD)
quarkus.log.file.path=/var/log/lions/lions-user-manager.log
quarkus.log.file.rotation.max-file-size=50M
quarkus.log.file.rotation.max-backup-index=30
quarkus.log.file.rotation.rotate-on-boot=false
# ============================================
# OIDC Configuration PROD - OBLIGATOIRE ET ACTIF
# ============================================
quarkus.oidc.enabled=true
quarkus.oidc.auth-server-url=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/master}
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET}
quarkus.oidc.tls.verification=required
quarkus.oidc.application-type=service
quarkus.oidc.token.issuer=${KEYCLOAK_AUTH_SERVER_URL:https://security.lions.dev/realms/master}
# Keycloak Admin Client Configuration (PROD)
lions.keycloak.server-url=https://security.lions.dev
lions.keycloak.admin-realm=master
# Vérification TLS requise en production
quarkus.oidc.tls.verification=required
# Vérification stricte des tokens
quarkus.oidc.discovery-enabled=true
quarkus.oidc.verify-access-token=true
# Extraction des rôles
quarkus.oidc.roles.role-claim-path=realm_access/roles
# ============================================
# Keycloak Admin Client Configuration PROD
# ============================================
lions.keycloak.server-url=${KEYCLOAK_SERVER_URL:https://security.lions.dev}
lions.keycloak.admin-realm=${KEYCLOAK_ADMIN_REALM:master}
lions.keycloak.admin-client-id=admin-cli
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME}
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD}
# Pool de connexions augmenté en production
lions.keycloak.connection-pool-size=20
lions.keycloak.timeout-seconds=60
# Realms autorisés (PROD)
lions.keycloak.authorized-realms=btpxpress,lions-realm
# Realms autorisés en production (via variable d'environnement)
lions.keycloak.authorized-realms=${KEYCLOAK_AUTHORIZED_REALMS:btpxpress,master,unionflow}
# Circuit Breaker Configuration (PROD - strict)
quarkus.smallrye-fault-tolerance.enabled=true
# Retry Configuration (PROD)
# ============================================
# Retry Configuration PROD
# ============================================
lions.keycloak.retry.max-attempts=5
lions.keycloak.retry.delay-seconds=3
# Audit Configuration (PROD)
lions.audit.enabled=true
lions.audit.log-to-database=true
lions.audit.log-to-file=true
# ============================================
# Audit Configuration PROD
# ============================================
lions.audit.retention-days=365
lions.audit.log-to-database=true
# Database Configuration (PROD - obligatoire pour audit)
# ============================================
# Database Configuration PROD (pour audit)
# ============================================
quarkus.datasource.db-kind=postgresql
quarkus.datasource.username=${DB_USERNAME:audit_user}
quarkus.datasource.password=${DB_PASSWORD}
quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:lions-db.lions.svc.cluster.local}:${DB_PORT:5432}/${DB_NAME:lions_audit}
quarkus.datasource.jdbc.max-size=20
quarkus.datasource.jdbc.min-size=5
quarkus.hibernate-orm.enabled=true
quarkus.hibernate-orm.database.generation=none
quarkus.flyway.migrate-at-start=true
quarkus.flyway.baseline-on-migrate=true
quarkus.flyway.baseline-version=1.0.0
# Logging Configuration (PROD)
quarkus.log.level=INFO
quarkus.log.category."dev.lions.user.manager".level=INFO
quarkus.log.category."org.keycloak".level=WARN
quarkus.log.category."io.quarkus".level=WARN
quarkus.log.console.enable=true
quarkus.log.console.format=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n
quarkus.log.console.json=true
# File Logging pour Audit (PROD)
quarkus.log.file.enable=true
quarkus.log.file.path=/var/log/lions/lions-user-manager.log
quarkus.log.file.rotation.max-file-size=50M
quarkus.log.file.rotation.max-backup-index=30
quarkus.log.file.rotation.rotate-on-boot=false
# OpenAPI/Swagger Configuration (PROD - désactivé par défaut)
# ============================================
# OpenAPI/Swagger Configuration PROD
# ============================================
# Swagger désactivé en production par défaut
quarkus.swagger-ui.always-include=false
quarkus.swagger-ui.path=/swagger-ui
quarkus.swagger-ui.enable=false
# Dev Services (désactivé en PROD)
quarkus.devservices.enabled=false
# Security Configuration (PROD - strict)
# ============================================
# Security Configuration PROD (strict)
# ============================================
quarkus.security.auth.enabled=true
quarkus.security.jaxrs.deny-unannotated-endpoints=true
quarkus.security.auth.proactive=true
# Health Check Configuration (PROD)
quarkus.smallrye-health.root-path=/health
quarkus.smallrye-health.liveness-path=/health/live
quarkus.smallrye-health.readiness-path=/health/ready
# ============================================
# Performance tuning PROD
# ============================================
quarkus.thread-pool.core-threads=4
quarkus.thread-pool.max-threads=32
quarkus.thread-pool.queue-size=200
# Metrics Configuration (PROD)
quarkus.micrometer.enabled=true
quarkus.micrometer.export.prometheus.enabled=true
quarkus.micrometer.export.prometheus.path=/metrics
# Jackson Configuration (PROD)
quarkus.jackson.fail-on-unknown-properties=false
quarkus.jackson.write-dates-as-timestamps=false
quarkus.jackson.serialization-inclusion=non_null
# Performance tuning (PROD)
quarkus.thread-pool.core-threads=2
quarkus.thread-pool.max-threads=16
quarkus.thread-pool.queue-size=100
# SSL/TLS Configuration (PROD)
quarkus.http.ssl.certificate.key-store-file=${SSL_KEYSTORE_FILE:/etc/ssl/keystore.p12}
quarkus.http.ssl.certificate.key-store-password=${SSL_KEYSTORE_PASSWORD}
quarkus.http.ssl.certificate.key-store-file-type=PKCS12
# Monitoring & Observability
quarkus.log.handler.gelf.enabled=false
quarkus.log.handler.gelf.host=${GRAYLOG_HOST:logs.lions.dev}
quarkus.log.handler.gelf.port=${GRAYLOG_PORT:12201}
# ============================================
# SSL/TLS Configuration PROD (optionnel)
# ============================================
# Décommenter si le serveur gère le SSL directement (sinon géré par Ingress/Load Balancer)
# quarkus.http.ssl.certificate.key-store-file=${SSL_KEYSTORE_FILE:/etc/ssl/keystore.p12}
# quarkus.http.ssl.certificate.key-store-password=${SSL_KEYSTORE_PASSWORD}
# quarkus.http.ssl.certificate.key-store-file-type=PKCS12

72
lions-user-manager-server-impl-quarkus/src/main/resources/application.properties
View File

@@ -1,61 +1,58 @@
# ============================================================================
# Lions User Manager - Server Implementation Configuration
# Lions User Manager Server - Configuration Commune
# ============================================================================
# Ce fichier contient UNIQUEMENT la configuration commune à tous les environnements
# Les configurations spécifiques sont dans:
# - application-dev.properties (développement)
# - application-prod.properties (production)
# ============================================================================
# ============================================
# Application Info
# ============================================
quarkus.application.name=lions-user-manager-server
quarkus.application.version=1.0.0
# HTTP Configuration
quarkus.http.port=8081
# ============================================
# HTTP Configuration (commune)
# ============================================
quarkus.http.host=0.0.0.0
quarkus.http.cors=true
quarkus.http.cors.origins=*
quarkus.http.cors.methods=GET,POST,PUT,DELETE,PATCH,OPTIONS
quarkus.http.cors.headers=*
# Keycloak OIDC Configuration
quarkus.oidc.auth-server-url=https://security.lions.dev/realms/master
quarkus.oidc.client-id=lions-user-manager
quarkus.oidc.credentials.secret=${KEYCLOAK_CLIENT_SECRET:your-client-secret}
quarkus.oidc.tls.verification=none
# ============================================
# Keycloak OIDC Configuration (base commune)
# ============================================
quarkus.oidc.application-type=service
# Keycloak Admin Client Configuration
lions.keycloak.server-url=https://security.lions.dev
lions.keycloak.admin-realm=master
lions.keycloak.admin-client-id=admin-cli
lions.keycloak.admin-username=${KEYCLOAK_ADMIN_USERNAME:admin}
lions.keycloak.admin-password=${KEYCLOAK_ADMIN_PASSWORD:admin}
# ============================================
# Keycloak Admin Client Configuration (base commune)
# ============================================
lions.keycloak.connection-pool-size=10
lions.keycloak.timeout-seconds=30
# Realms autorisés (séparés par virgule)
lions.keycloak.authorized-realms=btpxpress,master,lions-realm
# Circuit Breaker Configuration
quarkus.smallrye-fault-tolerance.enabled=true
# Retry Configuration (pour appels Keycloak)
lions.keycloak.retry.max-attempts=3
lions.keycloak.retry.delay-seconds=2
# ============================================
# Audit Configuration
# ============================================
lions.audit.enabled=true
lions.audit.log-to-database=false
lions.audit.log-to-file=true
lions.audit.retention-days=90
# Database Configuration (optionnel - pour logs d'audit)
# Décommenter si vous voulez persister les logs d'audit en DB
#quarkus.datasource.db-kind=postgresql
#quarkus.datasource.username=${DB_USERNAME:audit_user}
#quarkus.datasource.password=${DB_PASSWORD:audit_pass}
#quarkus.datasource.jdbc.url=jdbc:postgresql://${DB_HOST:localhost}:${DB_PORT:5432}/${DB_NAME:lions_audit}
#quarkus.hibernate-orm.database.generation=none
#quarkus.flyway.migrate-at-start=true
# ============================================
# Database Configuration (désactivé par défaut)
# ============================================
# Désactiver Hibernate ORM si aucune entité JPA n'est utilisée
quarkus.hibernate-orm.enabled=false
# Logging Configuration
# ============================================
# Logging Configuration (base commune)
# ============================================
quarkus.log.level=INFO
quarkus.log.category."dev.lions.user.manager".level=DEBUG
quarkus.log.category."org.keycloak".level=WARN
@@ -69,32 +66,43 @@ quarkus.log.file.path=logs/lions-user-manager.log
quarkus.log.file.rotation.max-file-size=10M
quarkus.log.file.rotation.max-backup-index=10
# ============================================
# OpenAPI/Swagger Configuration
# ============================================
quarkus.swagger-ui.always-include=true
# Le chemin par défaut est /q/swagger-ui (pas besoin de le spécifier)
mp.openapi.extensions.smallrye.info.title=Lions User Manager API
mp.openapi.extensions.smallrye.info.version=1.0.0
mp.openapi.extensions.smallrye.info.description=API de gestion centralisée des utilisateurs Keycloak
mp.openapi.extensions.smallrye.info.contact.name=Lions Dev Team
mp.openapi.extensions.smallrye.info.contact.email=contact@lions.dev
# ============================================
# Health Check Configuration
# ============================================
quarkus.smallrye-health.root-path=/health
quarkus.smallrye-health.liveness-path=/health/live
quarkus.smallrye-health.readiness-path=/health/ready
# ============================================
# Metrics Configuration
# ============================================
quarkus.micrometer.enabled=true
quarkus.micrometer.export.prometheus.enabled=true
quarkus.micrometer.export.prometheus.path=/metrics
# ============================================
# Security Configuration
# ============================================
quarkus.security.jaxrs.deny-unannotated-endpoints=false
# ============================================
# Jackson Configuration
# ============================================
quarkus.jackson.fail-on-unknown-properties=false
quarkus.jackson.write-dates-as-timestamps=false
quarkus.jackson.serialization-inclusion=non_null
# Dev Services (désactivé en production)
# ============================================
# Dev Services (désactivé par défaut)
# ============================================
quarkus.devservices.enabled=false

357
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/client/KeycloakAdminClientImplCompleteTest.java Normal file
View File

@@ -0,0 +1,357 @@
package dev.lions.user.manager.client;
import jakarta.ws.rs.client.Client;
import jakarta.ws.rs.client.ClientBuilder;
import jakarta.ws.rs.client.Invocation;
import jakarta.ws.rs.client.WebTarget;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.token.TokenManager;
import org.mockito.InjectMocks;
import org.mockito.MockedStatic;
import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests complets pour KeycloakAdminClientImpl pour atteindre 100% de couverture
* Couvre init(), getAllRealms(), reconnect(), et tous les cas limites
*/
@ExtendWith(MockitoExtension.class)
class KeycloakAdminClientImplCompleteTest {
@InjectMocks
KeycloakAdminClientImpl client;
private void setField(String fieldName, Object value) throws Exception {
Field field = KeycloakAdminClientImpl.class.getDeclaredField(fieldName);
field.setAccessible(true);
field.set(client, value);
}
@BeforeEach
void setUp() throws Exception {
// Set all config fields to null/empty for testing
setField("serverUrl", "");
setField("adminRealm", "master");
setField("adminClientId", "admin-cli");
setField("adminUsername", "admin");
setField("adminPassword", "");
setField("connectionPoolSize", 10);
setField("timeoutSeconds", 30);
setField("keycloak", null);
}
@Test
void testInit_WithServerUrl() throws Exception {
setField("serverUrl", "http://localhost:8080");
setField("adminRealm", "master");
setField("adminClientId", "admin-cli");
setField("adminUsername", "admin");
setField("adminPassword", "password");
// Mock KeycloakBuilder to avoid actual connection
// This will likely throw an exception, but that's ok - we test the exception path
try {
java.lang.reflect.Method initMethod = KeycloakAdminClientImpl.class.getDeclaredMethod("init");
initMethod.setAccessible(true);
initMethod.invoke(client);
} catch (Exception e) {
// Expected - KeycloakBuilder will fail without actual Keycloak server
}
// The init method will set keycloak to null on exception
Field keycloakField = KeycloakAdminClientImpl.class.getDeclaredField("keycloak");
keycloakField.setAccessible(true);
Keycloak result = (Keycloak) keycloakField.get(client);
// Result will be null due to exception, which is the expected behavior
// This test covers the exception path in init()
}
@Test
void testInit_WithException() throws Exception {
setField("serverUrl", "http://localhost:8080");
setField("adminRealm", "master");
setField("adminClientId", "admin-cli");
setField("adminUsername", "admin");
setField("adminPassword", "password");
// Call init via reflection - will throw exception without actual Keycloak
// This test covers the exception handling path in init()
try {
java.lang.reflect.Method initMethod = KeycloakAdminClientImpl.class.getDeclaredMethod("init");
initMethod.setAccessible(true);
initMethod.invoke(client);
} catch (Exception e) {
// Expected - KeycloakBuilder may fail
}
// Verify keycloak is null after exception
Field keycloakField = KeycloakAdminClientImpl.class.getDeclaredField("keycloak");
keycloakField.setAccessible(true);
Keycloak result = (Keycloak) keycloakField.get(client);
// Result may be null due to exception, which is the expected behavior
// This test covers the exception handling path in init()
}
@Test
void testInit_WithNullServerUrl() throws Exception {
setField("serverUrl", null);
// Call init via reflection
java.lang.reflect.Method initMethod = KeycloakAdminClientImpl.class.getDeclaredMethod("init");
initMethod.setAccessible(true);
initMethod.invoke(client);
// Verify keycloak is null
Field keycloakField = KeycloakAdminClientImpl.class.getDeclaredField("keycloak");
keycloakField.setAccessible(true);
Keycloak result = (Keycloak) keycloakField.get(client);
assertNull(result);
}
@Test
void testInit_WithEmptyServerUrl() throws Exception {
setField("serverUrl", "");
// Call init via reflection
java.lang.reflect.Method initMethod = KeycloakAdminClientImpl.class.getDeclaredMethod("init");
initMethod.setAccessible(true);
initMethod.invoke(client);
// Verify keycloak is null
Field keycloakField = KeycloakAdminClientImpl.class.getDeclaredField("keycloak");
keycloakField.setAccessible(true);
Keycloak result = (Keycloak) keycloakField.get(client);
assertNull(result);
}
@Test
void testReconnect() throws Exception {
Keycloak mockKeycloak = mock(Keycloak.class);
setField("keycloak", mockKeycloak);
setField("serverUrl", "");
// reconnect calls close() then init()
client.reconnect();
// Verify close was called
verify(mockKeycloak).close();
// Verify keycloak is null after close
Field keycloakField = KeycloakAdminClientImpl.class.getDeclaredField("keycloak");
keycloakField.setAccessible(true);
Keycloak result = (Keycloak) keycloakField.get(client);
assertNull(result);
}
@Test
void testGetAllRealms_Success() throws Exception {
Keycloak mockKeycloak = mock(Keycloak.class);
TokenManager mockTokenManager = mock(TokenManager.class);
setField("keycloak", mockKeycloak);
setField("serverUrl", "http://localhost:8080");
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("test-token");
// Mock ClientBuilder
try (MockedStatic<ClientBuilder> mockedClientBuilder = mockStatic(ClientBuilder.class)) {
Client mockClient = mock(Client.class);
WebTarget mockWebTarget = mock(WebTarget.class);
Invocation.Builder mockBuilder = mock(Invocation.Builder.class);
Response mockResponse = mock(Response.class);
mockedClientBuilder.when(ClientBuilder::newClient).thenReturn(mockClient);
when(mockClient.target("http://localhost:8080/admin/realms")).thenReturn(mockWebTarget);
when(mockWebTarget.request(jakarta.ws.rs.core.MediaType.APPLICATION_JSON)).thenReturn(mockBuilder);
when(mockBuilder.header(anyString(), anyString())).thenReturn(mockBuilder);
// Mock response with realm data
Map<String, Object> realm1 = new HashMap<>();
realm1.put("realm", "realm1");
Map<String, Object> realm2 = new HashMap<>();
realm2.put("realm", "realm2");
List<Map<String, Object>> realmsJson = new ArrayList<>();
realmsJson.add(realm1);
realmsJson.add(realm2);
when(mockBuilder.get(List.class)).thenReturn(realmsJson);
List<String> result = client.getAllRealms();
assertNotNull(result);
assertEquals(2, result.size());
assertTrue(result.contains("realm1"));
assertTrue(result.contains("realm2"));
verify(mockClient).close();
}
}
@Test
void testGetAllRealms_WithNullRealmsJson() throws Exception {
Keycloak mockKeycloak = mock(Keycloak.class);
TokenManager mockTokenManager = mock(TokenManager.class);
setField("keycloak", mockKeycloak);
setField("serverUrl", "http://localhost:8080");
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("test-token");
try (MockedStatic<ClientBuilder> mockedClientBuilder = mockStatic(ClientBuilder.class)) {
Client mockClient = mock(Client.class);
WebTarget mockWebTarget = mock(WebTarget.class);
Invocation.Builder mockBuilder = mock(Invocation.Builder.class);
mockedClientBuilder.when(ClientBuilder::newClient).thenReturn(mockClient);
when(mockClient.target("http://localhost:8080/admin/realms")).thenReturn(mockWebTarget);
when(mockWebTarget.request(jakarta.ws.rs.core.MediaType.APPLICATION_JSON)).thenReturn(mockBuilder);
when(mockBuilder.header(anyString(), anyString())).thenReturn(mockBuilder);
when(mockBuilder.get(List.class)).thenReturn(null);
List<String> result = client.getAllRealms();
assertNotNull(result);
assertTrue(result.isEmpty());
verify(mockClient).close();
}
}
@Test
void testGetAllRealms_WithEmptyRealmName() throws Exception {
Keycloak mockKeycloak = mock(Keycloak.class);
TokenManager mockTokenManager = mock(TokenManager.class);
setField("keycloak", mockKeycloak);
setField("serverUrl", "http://localhost:8080");
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("test-token");
try (MockedStatic<ClientBuilder> mockedClientBuilder = mockStatic(ClientBuilder.class)) {
Client mockClient = mock(Client.class);
WebTarget mockWebTarget = mock(WebTarget.class);
Invocation.Builder mockBuilder = mock(Invocation.Builder.class);
mockedClientBuilder.when(ClientBuilder::newClient).thenReturn(mockClient);
when(mockClient.target("http://localhost:8080/admin/realms")).thenReturn(mockWebTarget);
when(mockWebTarget.request(jakarta.ws.rs.core.MediaType.APPLICATION_JSON)).thenReturn(mockBuilder);
when(mockBuilder.header(anyString(), anyString())).thenReturn(mockBuilder);
// Mock response with empty realm name
Map<String, Object> realm1 = new HashMap<>();
realm1.put("realm", "");
Map<String, Object> realm2 = new HashMap<>();
realm2.put("realm", "realm2");
List<Map<String, Object>> realmsJson = new ArrayList<>();
realmsJson.add(realm1);
realmsJson.add(realm2);
when(mockBuilder.get(List.class)).thenReturn(realmsJson);
List<String> result = client.getAllRealms();
assertNotNull(result);
assertEquals(1, result.size()); // Empty realm name should be filtered out
assertTrue(result.contains("realm2"));
verify(mockClient).close();
}
}
@Test
void testGetAllRealms_WithNullRealmName() throws Exception {
Keycloak mockKeycloak = mock(Keycloak.class);
TokenManager mockTokenManager = mock(TokenManager.class);
setField("keycloak", mockKeycloak);
setField("serverUrl", "http://localhost:8080");
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("test-token");
try (MockedStatic<ClientBuilder> mockedClientBuilder = mockStatic(ClientBuilder.class)) {
Client mockClient = mock(Client.class);
WebTarget mockWebTarget = mock(WebTarget.class);
Invocation.Builder mockBuilder = mock(Invocation.Builder.class);
mockedClientBuilder.when(ClientBuilder::newClient).thenReturn(mockClient);
when(mockClient.target("http://localhost:8080/admin/realms")).thenReturn(mockWebTarget);
when(mockWebTarget.request(jakarta.ws.rs.core.MediaType.APPLICATION_JSON)).thenReturn(mockBuilder);
when(mockBuilder.header(anyString(), anyString())).thenReturn(mockBuilder);
// Mock response with null realm name
Map<String, Object> realm1 = new HashMap<>();
realm1.put("realm", null);
Map<String, Object> realm2 = new HashMap<>();
realm2.put("realm", "realm2");
List<Map<String, Object>> realmsJson = new ArrayList<>();
realmsJson.add(realm1);
realmsJson.add(realm2);
when(mockBuilder.get(List.class)).thenReturn(realmsJson);
List<String> result = client.getAllRealms();
assertNotNull(result);
assertEquals(1, result.size()); // Null realm name should be filtered out
assertTrue(result.contains("realm2"));
verify(mockClient).close();
}
}
@Test
void testGetAllRealms_WithException() throws Exception {
Keycloak mockKeycloak = mock(Keycloak.class);
TokenManager mockTokenManager = mock(TokenManager.class);
setField("keycloak", mockKeycloak);
setField("serverUrl", "http://localhost:8080");
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenThrow(new RuntimeException("Error"));
List<String> result = client.getAllRealms();
assertNotNull(result);
assertTrue(result.isEmpty()); // Should return empty list on exception
}
@Test
void testGetAllRealms_WithExceptionInClient() throws Exception {
Keycloak mockKeycloak = mock(Keycloak.class);
TokenManager mockTokenManager = mock(TokenManager.class);
setField("keycloak", mockKeycloak);
setField("serverUrl", "http://localhost:8080");
when(mockKeycloak.tokenManager()).thenReturn(mockTokenManager);
when(mockTokenManager.getAccessTokenString()).thenReturn("test-token");
try (MockedStatic<ClientBuilder> mockedClientBuilder = mockStatic(ClientBuilder.class)) {
Client mockClient = mock(Client.class);
WebTarget mockWebTarget = mock(WebTarget.class);
Invocation.Builder mockBuilder = mock(Invocation.Builder.class);
mockedClientBuilder.when(ClientBuilder::newClient).thenReturn(mockClient);
when(mockClient.target("http://localhost:8080/admin/realms")).thenReturn(mockWebTarget);
when(mockWebTarget.request(jakarta.ws.rs.core.MediaType.APPLICATION_JSON)).thenReturn(mockBuilder);
when(mockBuilder.header(anyString(), anyString())).thenReturn(mockBuilder);
when(mockBuilder.get(List.class)).thenThrow(new RuntimeException("Connection error"));
List<String> result = client.getAllRealms();
assertNotNull(result);
assertTrue(result.isEmpty()); // Should return empty list on exception
verify(mockClient).close(); // Should still close client in finally block
}
}
}

177
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/client/KeycloakAdminClientImplTest.java Normal file
View File

@@ -0,0 +1,177 @@
package dev.lions.user.manager.client;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.ServerInfoResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.info.ServerInfoRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import jakarta.ws.rs.NotFoundException;
import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class KeycloakAdminClientImplTest {
@InjectMocks
KeycloakAdminClientImpl client;
@Mock
Keycloak keycloak;
@Mock
RealmResource realmResource;
@Mock
UsersResource usersResource;
@Mock
RolesResource rolesResource;
@Mock
ServerInfoResource serverInfoResource;
@BeforeEach
void setUp() throws Exception {
// Inject the mock keycloak instance
setField(client, "keycloak", keycloak);
}
private void setField(Object target, String fieldName, Object value) throws Exception {
Field field = target.getClass().getDeclaredField(fieldName);
field.setAccessible(true);
field.set(target, value);
}
@Test
void testGetInstance() {
Keycloak result = client.getInstance();
assertNotNull(result);
assertEquals(keycloak, result);
}
@Test
void testGetInstanceReInitWhenNull() throws Exception {
// Set keycloak to null
setField(client, "keycloak", null);
// Should attempt to reinitialize (will fail without config, but that's ok)
// The method should return null since init() will fail without proper config
Keycloak result = client.getInstance();
// Since config values are null, keycloak will still be null
assertNull(result);
}
@Test
void testGetRealm() {
when(keycloak.realm("test-realm")).thenReturn(realmResource);
RealmResource result = client.getRealm("test-realm");
assertNotNull(result);
assertEquals(realmResource, result);
}
@Test
void testGetRealmThrowsException() {
when(keycloak.realm("bad-realm")).thenThrow(new RuntimeException("Connection failed"));
assertThrows(RuntimeException.class, () -> client.getRealm("bad-realm"));
}
@Test
void testGetUsers() {
when(keycloak.realm("test-realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
UsersResource result = client.getUsers("test-realm");
assertNotNull(result);
assertEquals(usersResource, result);
}
@Test
void testGetRoles() {
when(keycloak.realm("test-realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
RolesResource result = client.getRoles("test-realm");
assertNotNull(result);
assertEquals(rolesResource, result);
}
@Test
void testIsConnected_true() {
when(keycloak.serverInfo()).thenReturn(serverInfoResource);
when(serverInfoResource.getInfo()).thenReturn(new ServerInfoRepresentation());
assertTrue(client.isConnected());
}
@Test
void testIsConnected_false_exception() {
when(keycloak.serverInfo()).thenThrow(new RuntimeException("Connection refused"));
assertFalse(client.isConnected());
}
@Test
void testIsConnected_false_null() throws Exception {
setField(client, "keycloak", null);
assertFalse(client.isConnected());
}
@Test
void testRealmExists_true() {
when(keycloak.realm("test-realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(java.util.Collections.emptyList());
assertTrue(client.realmExists("test-realm"));
}
@Test
void testRealmExists_notFound() {
when(keycloak.realm("missing-realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new NotFoundException("Realm not found"));
assertFalse(client.realmExists("missing-realm"));
}
@Test
void testRealmExists_otherException() {
when(keycloak.realm("problem-realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Some other error"));
// Should return true assuming realm exists but has issues
assertTrue(client.realmExists("problem-realm"));
}
@Test
void testClose() {
client.close();
verify(keycloak).close();
}
@Test
void testCloseWhenNull() throws Exception {
setField(client, "keycloak", null);
// Should not throw
client.close();
}
}

41
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/config/JacksonConfigTest.java Normal file
View File

@@ -0,0 +1,41 @@
package dev.lions.user.manager.config;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.quarkus.jackson.ObjectMapperCustomizer;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests unitaires pour JacksonConfig
*/
class JacksonConfigTest {
private JacksonConfig jacksonConfig;
private ObjectMapper objectMapper;
@BeforeEach
void setUp() {
jacksonConfig = new JacksonConfig();
objectMapper = new ObjectMapper();
}
@Test
void testCustomize() {
// Avant la personnalisation, FAIL_ON_UNKNOWN_PROPERTIES devrait être true par défaut
assertTrue(objectMapper.isEnabled(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES));
// Appliquer la personnalisation
jacksonConfig.customize(objectMapper);
// Après la personnalisation, FAIL_ON_UNKNOWN_PROPERTIES devrait être false
assertFalse(objectMapper.isEnabled(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES));
}
@Test
void testImplementsObjectMapperCustomizer() {
assertTrue(jacksonConfig instanceof ObjectMapperCustomizer);
}
}

356
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/config/KeycloakTestUserConfigCompleteTest.java Normal file
View File

@@ -0,0 +1,356 @@
package dev.lions.user.manager.config;
import io.quarkus.runtime.StartupEvent;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.*;
import org.mockito.MockedStatic;
import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Method;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests complets pour KeycloakTestUserConfig pour atteindre 100% de couverture
* Teste toutes les méthodes privées via la méthode publique onStart
*/
@ExtendWith(MockitoExtension.class)
class KeycloakTestUserConfigCompleteTest {
private KeycloakTestUserConfig config;
private Keycloak adminClient;
private RealmsResource realmsResource;
private RealmResource realmResource;
private RolesResource rolesResource;
private RoleResource roleResource;
private UsersResource usersResource;
private UserResource userResource;
private ClientsResource clientsResource;
private ClientResource clientResource;
private ClientScopesResource clientScopesResource;
private ClientScopeResource clientScopeResource;
@BeforeEach
void setUp() throws Exception {
config = new KeycloakTestUserConfig();
// Injecter les valeurs via reflection
setField("profile", "dev");
setField("keycloakServerUrl", "http://localhost:8080");
setField("adminRealm", "master");
setField("adminUsername", "admin");
setField("adminPassword", "admin");
setField("authorizedRealms", "lions-user-manager");
// Mocks pour Keycloak
adminClient = mock(Keycloak.class);
realmsResource = mock(RealmsResource.class);
realmResource = mock(RealmResource.class);
rolesResource = mock(RolesResource.class);
roleResource = mock(RoleResource.class);
usersResource = mock(UsersResource.class);
userResource = mock(UserResource.class);
clientsResource = mock(ClientsResource.class);
clientResource = mock(ClientResource.class);
clientScopesResource = mock(ClientScopesResource.class);
clientScopeResource = mock(ClientScopeResource.class);
}
private void setField(String fieldName, Object value) throws Exception {
java.lang.reflect.Field field = KeycloakTestUserConfig.class.getDeclaredField(fieldName);
field.setAccessible(true);
field.set(config, value);
}
@Test
void testOnStart_DevMode() {
// Le code est désactivé, donc onStart devrait juste logger et retourner
StartupEvent event = mock(StartupEvent.class);
// Ne devrait pas lancer d'exception
assertDoesNotThrow(() -> config.onStart(event));
}
@Test
void testEnsureRealmExists_RealmExists() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.toRepresentation()).thenReturn(new RealmRepresentation());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRealmExists", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
verify(realmResource).toRepresentation();
}
@Test
void testEnsureRealmExists_RealmNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.toRepresentation()).thenThrow(new NotFoundException());
doNothing().when(realmsResource).create(any(RealmRepresentation.class));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRealmExists", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
verify(realmResource).toRepresentation();
}
@Test
void testEnsureRolesExist_AllRolesExist() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(anyString())).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(new RoleRepresentation());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRolesExist", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
}
@Test
void testEnsureRolesExist_RoleNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(anyString())).thenReturn(roleResource);
when(roleResource.toRepresentation())
.thenThrow(new NotFoundException())
.thenReturn(new RoleRepresentation());
doNothing().when(rolesResource).create(any(RoleRepresentation.class));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureRolesExist", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
}
@Test
void testEnsureTestUserExists_UserExists() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
UserRepresentation existingUser = new UserRepresentation();
existingUser.setId("user-id-123");
when(usersResource.search("test-user", true)).thenReturn(List.of(existingUser));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureTestUserExists", Keycloak.class);
method.setAccessible(true);
String userId = (String) method.invoke(config, adminClient);
assertEquals("user-id-123", userId);
}
@Test
void testEnsureTestUserExists_UserNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.search("test-user", true)).thenReturn(Collections.emptyList());
Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/users/user-id-123"));
when(usersResource.create(any(UserRepresentation.class))).thenReturn(response);
when(usersResource.get("user-id-123")).thenReturn(userResource);
CredentialRepresentation credential = new CredentialRepresentation();
doNothing().when(userResource).resetPassword(any(CredentialRepresentation.class));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureTestUserExists", Keycloak.class);
method.setAccessible(true);
String userId = (String) method.invoke(config, adminClient);
assertEquals("user-id-123", userId);
verify(usersResource).create(any(UserRepresentation.class));
verify(userResource).resetPassword(any(CredentialRepresentation.class));
}
@Test
void testAssignRolesToUser() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(anyString())).thenReturn(roleResource);
RoleRepresentation role = new RoleRepresentation();
role.setName("admin");
when(roleResource.toRepresentation()).thenReturn(role);
when(usersResource.get("user-id")).thenReturn(userResource);
RoleMappingResource roleMappingResource = mock(RoleMappingResource.class);
RoleScopeResource roleScopeResource = mock(RoleScopeResource.class);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
doNothing().when(roleScopeResource).add(anyList());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("assignRolesToUser", Keycloak.class, String.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient, "user-id"));
verify(roleScopeResource).add(anyList());
}
@Test
void testEnsureClientAndMapper_ClientExists() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation existingClient = new ClientRepresentation();
existingClient.setId("client-id-123");
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(List.of(existingClient));
when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-id");
rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
when(clientsResource.get("client-id-123")).thenReturn(clientResource);
when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
}
@Test
void testEnsureClientAndMapper_ClientNotFound() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList());
Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123"));
when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response);
when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-id");
rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
when(clientsResource.get("client-id-123")).thenReturn(clientResource);
when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
verify(clientsResource).create(any(ClientRepresentation.class));
}
@Test
void testEnsureClientAndMapper_ClientNotFound_NoRolesScope() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList());
Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123"));
when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response);
when(realmResource.clientScopes()).thenReturn(clientScopesResource);
when(clientScopesResource.findAll()).thenReturn(Collections.emptyList());
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
}
@Test
void testEnsureClientAndMapper_ClientNotFound_RolesScopeAlreadyPresent() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenReturn(Collections.emptyList());
Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/clients/client-id-123"));
when(clientsResource.create(any(ClientRepresentation.class))).thenReturn(response);
when(realmResource.clientScopes()).thenReturn(clientScopesResource);
ClientScopeRepresentation rolesScope = new ClientScopeRepresentation();
rolesScope.setId("scope-id");
rolesScope.setName("roles");
when(clientScopesResource.findAll()).thenReturn(List.of(rolesScope));
when(clientsResource.get("client-id-123")).thenReturn(clientResource);
// Simuler que le scope "roles" est déjà présent
when(clientResource.getDefaultClientScopes()).thenReturn(List.of(rolesScope));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
}
@Test
void testEnsureClientAndMapper_Exception() throws Exception {
when(adminClient.realms()).thenReturn(realmsResource);
when(realmsResource.realm("lions-user-manager")).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId("lions-user-manager-client")).thenThrow(new RuntimeException("Connection error"));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("ensureClientAndMapper", Keycloak.class);
method.setAccessible(true);
assertDoesNotThrow(() -> method.invoke(config, adminClient));
}
@Test
void testGetCreatedId_Success() throws Exception {
Response response = mock(Response.class);
when(response.getStatusInfo()).thenReturn(Response.Status.CREATED);
when(response.getLocation()).thenReturn(URI.create("http://localhost/users/user-id-123"));
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("getCreatedId", Response.class);
method.setAccessible(true);
String id = (String) method.invoke(config, response);
assertEquals("user-id-123", id);
}
@Test
void testGetCreatedId_Error() throws Exception {
Response response = mock(Response.class);
// Utiliser Response.Status.BAD_REQUEST directement
when(response.getStatusInfo()).thenReturn(Response.Status.BAD_REQUEST);
Method method = KeycloakTestUserConfig.class.getDeclaredMethod("getCreatedId", Response.class);
method.setAccessible(true);
Exception exception = assertThrows(Exception.class, () -> method.invoke(config, response));
assertTrue(exception.getCause() instanceof RuntimeException);
assertTrue(exception.getCause().getMessage().contains("Erreur lors de la création"));
}
}

65
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/config/KeycloakTestUserConfigTest.java Normal file
View File

@@ -0,0 +1,65 @@
package dev.lions.user.manager.config;
import io.quarkus.runtime.StartupEvent;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests unitaires pour KeycloakTestUserConfig
*/
@ExtendWith(MockitoExtension.class)
class KeycloakTestUserConfigTest {
@InjectMocks
private KeycloakTestUserConfig config;
@BeforeEach
void setUp() throws Exception {
// Injecter les propriétés via reflection
setField("profile", "dev");
setField("keycloakServerUrl", "http://localhost:8180");
setField("adminRealm", "master");
setField("adminUsername", "admin");
setField("adminPassword", "admin");
setField("authorizedRealms", "lions-user-manager");
}
private void setField(String fieldName, Object value) throws Exception {
Field field = KeycloakTestUserConfig.class.getDeclaredField(fieldName);
field.setAccessible(true);
field.set(config, value);
}
@Test
void testOnStart_DevMode() {
// La méthode onStart est désactivée, elle devrait juste logger et retourner
assertDoesNotThrow(() -> {
config.onStart(new StartupEvent());
});
}
@Test
void testOnStart_ProdMode() throws Exception {
setField("profile", "prod");
// En prod, la méthode devrait retourner immédiatement
assertDoesNotThrow(() -> {
config.onStart(new StartupEvent());
});
}
@Test
void testConstants() {
// Vérifier que les constantes sont définies
assertNotNull(KeycloakTestUserConfig.class);
// Les constantes sont privées, on ne peut pas les tester directement
// mais on peut vérifier que la classe se charge correctement
}
}

79
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/mapper/RoleMapperAdditionalTest.java Normal file
View File

@@ -0,0 +1,79 @@
package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.RoleRepresentation;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests supplémentaires pour RoleMapper pour améliorer la couverture
*/
class RoleMapperAdditionalTest {
@Test
void testToDTO_WithAllFields() {
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123");
roleRep.setName("admin");
roleRep.setDescription("Administrator role");
roleRep.setComposite(false);
RoleDTO dto = RoleMapper.toDTO(roleRep, "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dto);
assertEquals("role-123", dto.getId());
assertEquals("admin", dto.getName());
assertEquals("Administrator role", dto.getDescription());
assertEquals(TypeRole.REALM_ROLE, dto.getTypeRole());
assertFalse(dto.getComposite());
}
@Test
void testToDTO_WithNullFields() {
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123");
roleRep.setName("user");
RoleDTO dto = RoleMapper.toDTO(roleRep, "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dto);
assertEquals("role-123", dto.getId());
assertEquals("user", dto.getName());
assertNull(dto.getDescription());
}
@Test
void testToDTOList_Empty() {
List<RoleDTO> dtos = RoleMapper.toDTOList(Collections.emptyList(), "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dtos);
assertTrue(dtos.isEmpty());
}
@Test
void testToDTOList_WithRoles() {
RoleRepresentation role1 = new RoleRepresentation();
role1.setId("role-1");
role1.setName("admin");
RoleRepresentation role2 = new RoleRepresentation();
role2.setId("role-2");
role2.setName("user");
List<RoleDTO> dtos = RoleMapper.toDTOList(Arrays.asList(role1, role2), "test-realm", TypeRole.REALM_ROLE);
assertNotNull(dtos);
assertEquals(2, dtos.size());
assertEquals("admin", dtos.get(0).getName());
assertEquals("user", dtos.get(1).getName());
}
// La méthode toKeycloak() n'existe pas dans RoleMapper
// Ces tests sont supprimés car la méthode n'est pas disponible
}

91
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/mapper/RoleMapperTest.java Normal file
View File

@@ -0,0 +1,91 @@
package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.RoleRepresentation;
import java.util.Collections;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
class RoleMapperTest {
@Test
void testToDTO() {
RoleRepresentation rep = new RoleRepresentation();
rep.setId("1");
rep.setName("role");
rep.setDescription("desc");
rep.setComposite(true);
RoleDTO dto = RoleMapper.toDTO(rep, "realm", TypeRole.REALM_ROLE);
assertNotNull(dto);
assertEquals("1", dto.getId());
assertEquals("role", dto.getName());
assertEquals("desc", dto.getDescription());
assertEquals(TypeRole.REALM_ROLE, dto.getTypeRole());
assertEquals("realm", dto.getRealmName());
assertTrue(dto.getComposite());
assertNull(RoleMapper.toDTO(null, "realm", TypeRole.REALM_ROLE));
}
@Test
void testToRepresentation() {
RoleDTO dto = RoleDTO.builder()
.id("1")
.name("role")
.description("desc")
.composite(true)
.compositeRoles(Collections.singletonList("subrole"))
.typeRole(TypeRole.CLIENT_ROLE) // Should setClientRole(true)
.build();
RoleRepresentation rep = RoleMapper.toRepresentation(dto);
assertNotNull(rep);
assertEquals("1", rep.getId());
assertEquals("role", rep.getName());
assertEquals("desc", rep.getDescription());
assertTrue(rep.isComposite());
assertTrue(rep.getClientRole());
assertNull(RoleMapper.toRepresentation(null));
}
// New test case to cover full branch logic
@Test
void testToRepresentationRealmRole() {
RoleDTO dto = RoleDTO.builder()
.typeRole(TypeRole.REALM_ROLE)
.build();
RoleRepresentation rep = RoleMapper.toRepresentation(dto);
assertFalse(rep.getClientRole());
}
@Test
void testToDTOList() {
RoleRepresentation rep = new RoleRepresentation();
rep.setName("role");
List<RoleRepresentation> reps = Collections.singletonList(rep);
List<RoleDTO> dtos = RoleMapper.toDTOList(reps, "realm", TypeRole.REALM_ROLE);
assertEquals(1, dtos.size());
assertEquals("role", dtos.get(0).getName());
assertTrue(RoleMapper.toDTOList(null, "realm", TypeRole.REALM_ROLE).isEmpty());
}
@Test
void testToRepresentationList() {
RoleDTO dto = RoleDTO.builder().name("role").typeRole(TypeRole.REALM_ROLE).build();
List<RoleDTO> dtos = Collections.singletonList(dto);
List<RoleRepresentation> reps = RoleMapper.toRepresentationList(dtos);
assertEquals(1, reps.size());
assertEquals("role", reps.get(0).getName());
assertTrue(RoleMapper.toRepresentationList(null).isEmpty());
}
}

150
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/mapper/UserMapperTest.java Normal file
View File

@@ -0,0 +1,150 @@
package dev.lions.user.manager.mapper;
import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.enums.user.StatutUser;
import org.junit.jupiter.api.Test;
import org.keycloak.representations.idm.UserRepresentation;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
class UserMapperTest {
@Test
void testToDTO() {
UserRepresentation rep = new UserRepresentation();
rep.setId("1");
rep.setUsername("jdoe");
rep.setEmail("jdoe@example.com");
rep.setEmailVerified(true);
rep.setFirstName("John");
rep.setLastName("Doe");
rep.setEnabled(true);
rep.setCreatedTimestamp(System.currentTimeMillis());
Map<String, List<String>> attrs = Map.of(
"phone_number", List.of("123"),
"organization", List.of("Lions"),
"department", List.of("IT"),
"job_title", List.of("Dev"),
"country", List.of("CI"),
"city", List.of("Abidjan"),
"locale", List.of("fr"),
"timezone", List.of("UTC"));
rep.setAttributes(attrs);
UserDTO dto = UserMapper.toDTO(rep, "realm");
assertNotNull(dto);
assertEquals("1", dto.getId());
assertEquals("jdoe", dto.getUsername());
assertEquals("jdoe@example.com", dto.getEmail());
assertTrue(dto.getEmailVerified());
assertEquals("John", dto.getPrenom());
assertEquals("Doe", dto.getNom());
assertEquals(StatutUser.ACTIF, dto.getStatut());
assertEquals("realm", dto.getRealmName());
assertEquals("123", dto.getTelephone());
assertEquals("Lions", dto.getOrganisation());
assertEquals("IT", dto.getDepartement());
assertEquals("Dev", dto.getFonction());
assertEquals("CI", dto.getPays());
assertEquals("Abidjan", dto.getVille());
assertEquals("fr", dto.getLangue());
assertEquals("UTC", dto.getTimezone());
assertNotNull(dto.getDateCreation());
assertNull(UserMapper.toDTO(null, "realm"));
}
@Test
void testToDTOWithNullAttributes() {
UserRepresentation rep = new UserRepresentation();
rep.setId("1");
rep.setEnabled(true);
UserDTO dto = UserMapper.toDTO(rep, "realm");
assertNotNull(dto);
assertNull(dto.getTelephone()); // Attribute missing
}
@Test
void testToDTOWithEmptyAttributes() {
UserRepresentation rep = new UserRepresentation();
rep.setEnabled(true);
rep.setAttributes(Collections.emptyMap());
UserDTO dto = UserMapper.toDTO(rep, "realm");
assertNotNull(dto);
assertNull(dto.getTelephone());
}
@Test
void testToRepresentation() {
UserDTO dto = UserDTO.builder()
.id("1")
.username("jdoe")
.email("jdoe@example.com")
.emailVerified(true)
.prenom("John")
.nom("Doe")
.enabled(true)
.telephone("123")
.organisation("Lions")
.departement("IT")
.fonction("Dev")
.pays("CI")
.ville("Abidjan")
.langue("fr")
.timezone("UTC")
.requiredActions(Collections.singletonList("UPDATE_PASSWORD"))
.attributes(Map.of("custom", List.of("value")))
.build();
UserRepresentation rep = UserMapper.toRepresentation(dto);
assertNotNull(rep);
assertEquals("1", rep.getId());
assertEquals("jdoe", rep.getUsername());
assertEquals("jdoe@example.com", rep.getEmail());
assertTrue(rep.isEmailVerified());
assertEquals("John", rep.getFirstName());
assertEquals("Doe", rep.getLastName());
assertTrue(rep.isEnabled());
assertNotNull(rep.getAttributes());
assertEquals(List.of("123"), rep.getAttributes().get("phone_number"));
assertEquals(List.of("Lions"), rep.getAttributes().get("organization"));
assertEquals(List.of("value"), rep.getAttributes().get("custom"));
assertNotNull(rep.getRequiredActions());
assertTrue(rep.getRequiredActions().contains("UPDATE_PASSWORD"));
assertNull(UserMapper.toRepresentation(null));
}
@Test
void testToRepresentationValuesNull() {
UserDTO dto = UserDTO.builder().username("jdoe").enabled(null).build();
UserRepresentation rep = UserMapper.toRepresentation(dto);
assertTrue(rep.isEnabled()); // Defaults to true in mapper
}
@Test
void testToDTOList() {
UserRepresentation rep = new UserRepresentation();
rep.setEnabled(true);
List<UserRepresentation> reps = Collections.singletonList(rep);
List<UserDTO> dtos = UserMapper.toDTOList(reps, "realm");
assertEquals(1, dtos.size());
assertTrue(UserMapper.toDTOList(null, "realm").isEmpty());
}
@Test
void testPrivateConstructor() throws Exception {
java.lang.reflect.Constructor<UserMapper> constructor = UserMapper.class.getDeclaredConstructor();
assertTrue(java.lang.reflect.Modifier.isPrivate(constructor.getModifiers()));
constructor.setAccessible(true);
assertNotNull(constructor.newInstance());
}
}

270
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/AuditResourceTest.java Normal file
View File

@@ -0,0 +1,270 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.time.LocalDateTime;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class AuditResourceTest {
@Mock
AuditService auditService;
@InjectMocks
AuditResource auditResource;
@Test
void testSearchLogs() {
List<AuditLogDTO> logs = Collections.singletonList(
AuditLogDTO.builder().acteurUsername("admin").typeAction(TypeActionAudit.USER_CREATE).build());
when(auditService.findByActeur(eq("admin"), isNull(), isNull(), eq(0), eq(50))).thenReturn(logs);
Response response = auditResource.searchLogs("admin", null, null, null, null, null, 0, 50);
assertEquals(200, response.getStatus());
assertEquals(logs, response.getEntity());
}
@Test
void testSearchLogsWithDates() {
List<AuditLogDTO> logs = Collections.emptyList();
when(auditService.findByRealm(eq("master"), any(), any(), eq(0), eq(50))).thenReturn(logs);
Response response = auditResource.searchLogs(null, "2024-01-01T00:00:00", "2024-12-31T23:59:59",
TypeActionAudit.USER_CREATE, null, true, 0, 50);
assertEquals(200, response.getStatus());
}
@Test
void testSearchLogsError() {
when(auditService.findByRealm(eq("master"), isNull(), isNull(), eq(0), eq(50)))
.thenThrow(new RuntimeException("Error"));
Response response = auditResource.searchLogs(null, null, null, null, null, null, 0, 50);
assertEquals(500, response.getStatus());
}
@Test
void testGetLogsByActor() {
List<AuditLogDTO> logs = Collections.singletonList(
AuditLogDTO.builder().acteurUsername("admin").build());
when(auditService.findByActeur(eq("admin"), isNull(), isNull(), eq(0), eq(100))).thenReturn(logs);
Response response = auditResource.getLogsByActor("admin", 100);
assertEquals(200, response.getStatus());
assertEquals(logs, response.getEntity());
}
@Test
void testGetLogsByActorError() {
when(auditService.findByActeur(eq("admin"), isNull(), isNull(), eq(0), eq(100)))
.thenThrow(new RuntimeException("Error"));
Response response = auditResource.getLogsByActor("admin", 100);
assertEquals(500, response.getStatus());
}
@Test
void testGetLogsByResource() {
List<AuditLogDTO> logs = Collections.emptyList();
when(auditService.findByRessource(eq("USER"), eq("1"), isNull(), isNull(), eq(0), eq(100)))
.thenReturn(logs);
Response response = auditResource.getLogsByResource("USER", "1", 100);
assertEquals(200, response.getStatus());
assertEquals(logs, response.getEntity());
}
@Test
void testGetLogsByResourceError() {
when(auditService.findByRessource(eq("USER"), eq("1"), isNull(), isNull(), eq(0), eq(100)))
.thenThrow(new RuntimeException("Error"));
Response response = auditResource.getLogsByResource("USER", "1", 100);
assertEquals(500, response.getStatus());
}
@Test
void testGetLogsByAction() {
List<AuditLogDTO> logs = Collections.emptyList();
when(auditService.findByTypeAction(eq(TypeActionAudit.USER_CREATE), eq("master"), isNull(), isNull(), eq(0), eq(100)))
.thenReturn(logs);
Response response = auditResource.getLogsByAction(TypeActionAudit.USER_CREATE, null, null, 100);
assertEquals(200, response.getStatus());
}
@Test
void testGetLogsByActionWithDates() {
List<AuditLogDTO> logs = Collections.emptyList();
when(auditService.findByTypeAction(eq(TypeActionAudit.USER_UPDATE), eq("master"), any(), any(), eq(0), eq(50)))
.thenReturn(logs);
Response response = auditResource.getLogsByAction(TypeActionAudit.USER_UPDATE,
"2024-01-01T00:00:00", "2024-12-31T23:59:59", 50);
assertEquals(200, response.getStatus());
}
@Test
void testGetLogsByActionError() {
when(auditService.findByTypeAction(any(), eq("master"), any(), any(), anyInt(), anyInt()))
.thenThrow(new RuntimeException("Error"));
Response response = auditResource.getLogsByAction(TypeActionAudit.USER_CREATE, null, null, 100);
assertEquals(500, response.getStatus());
}
@Test
void testGetActionStatistics() {
Map<TypeActionAudit, Long> stats = Map.of(TypeActionAudit.USER_CREATE, 10L);
when(auditService.countByActionType(eq("master"), isNull(), isNull())).thenReturn(stats);
Response response = auditResource.getActionStatistics(null, null);
assertEquals(200, response.getStatus());
assertEquals(stats, response.getEntity());
}
@Test
void testGetActionStatisticsError() {
when(auditService.countByActionType(eq("master"), any(), any())).thenThrow(new RuntimeException("Error"));
Response response = auditResource.getActionStatistics(null, null);
assertEquals(500, response.getStatus());
}
@Test
void testGetUserActivityStatistics() {
Map<String, Long> stats = Map.of("admin", 100L);
when(auditService.countByActeur(eq("master"), isNull(), isNull())).thenReturn(stats);
Response response = auditResource.getUserActivityStatistics(null, null);
assertEquals(200, response.getStatus());
assertEquals(stats, response.getEntity());
}
@Test
void testGetUserActivityStatisticsError() {
when(auditService.countByActeur(eq("master"), any(), any())).thenThrow(new RuntimeException("Error"));
Response response = auditResource.getUserActivityStatistics(null, null);
assertEquals(500, response.getStatus());
}
@Test
void testGetFailureCount() {
Map<String, Long> successVsFailure = Map.of("failure", 5L, "success", 100L);
when(auditService.countSuccessVsFailure(eq("master"), isNull(), isNull())).thenReturn(successVsFailure);
Response response = auditResource.getFailureCount(null, null);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testGetFailureCountError() {
when(auditService.countSuccessVsFailure(eq("master"), any(), any())).thenThrow(new RuntimeException("Error"));
Response response = auditResource.getFailureCount(null, null);
assertEquals(500, response.getStatus());
}
@Test
void testGetSuccessCount() {
Map<String, Long> successVsFailure = Map.of("failure", 5L, "success", 100L);
when(auditService.countSuccessVsFailure(eq("master"), isNull(), isNull())).thenReturn(successVsFailure);
Response response = auditResource.getSuccessCount(null, null);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testGetSuccessCountError() {
when(auditService.countSuccessVsFailure(eq("master"), any(), any())).thenThrow(new RuntimeException("Error"));
Response response = auditResource.getSuccessCount(null, null);
assertEquals(500, response.getStatus());
}
@Test
void testExportLogsToCSV() {
when(auditService.exportToCSV(eq("master"), isNull(), isNull())).thenReturn("csv,data");
Response response = auditResource.exportLogsToCSV(null, null);
assertEquals(200, response.getStatus());
}
@Test
void testExportLogsToCSVError() {
when(auditService.exportToCSV(eq("master"), any(), any())).thenThrow(new RuntimeException("Error"));
Response response = auditResource.exportLogsToCSV(null, null);
assertEquals(500, response.getStatus());
}
@Test
void testPurgeOldLogs() {
when(auditService.purgeOldLogs(any())).thenReturn(50L);
Response response = auditResource.purgeOldLogs(90);
assertEquals(204, response.getStatus());
}
@Test
void testPurgeOldLogsError() {
when(auditService.purgeOldLogs(any())).thenThrow(new RuntimeException("Error"));
Response response = auditResource.purgeOldLogs(90);
assertEquals(500, response.getStatus());
}
// ============== Inner Class Tests ==============
@Test
void testCountResponseClass() {
AuditResource.CountResponse response = new AuditResource.CountResponse(42);
assertEquals(42, response.count);
}
@Test
void testErrorResponseClass() {
AuditResource.ErrorResponse response = new AuditResource.ErrorResponse("Error message");
assertEquals("Error message", response.message);
}
}

99
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/HealthResourceEndpointTest.java Normal file
View File

@@ -0,0 +1,99 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class HealthResourceEndpointTest {
@Mock
KeycloakAdminClient keycloakAdminClient;
@Mock
Keycloak keycloak;
@InjectMocks
HealthResourceEndpoint healthResourceEndpoint;
@Test
void testGetKeycloakHealthConnected() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloak);
Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth();
assertNotNull(result);
assertEquals("UP", result.get("status"));
assertEquals(true, result.get("connected"));
assertNotNull(result.get("timestamp"));
}
@Test
void testGetKeycloakHealthDisconnected() {
when(keycloakAdminClient.getInstance()).thenReturn(null);
Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth();
assertNotNull(result);
assertEquals("DOWN", result.get("status"));
assertEquals(false, result.get("connected"));
}
@Test
void testGetKeycloakHealthError() {
when(keycloakAdminClient.getInstance()).thenThrow(new RuntimeException("Connection error"));
Map<String, Object> result = healthResourceEndpoint.getKeycloakHealth();
assertNotNull(result);
assertEquals("ERROR", result.get("status"));
assertEquals(false, result.get("connected"));
assertEquals("Connection error", result.get("error"));
}
@Test
void testGetServiceStatusConnected() {
when(keycloakAdminClient.isConnected()).thenReturn(true);
Map<String, Object> result = healthResourceEndpoint.getServiceStatus();
assertNotNull(result);
assertEquals("lions-user-manager-server", result.get("service"));
assertEquals("1.0.0", result.get("version"));
assertEquals("UP", result.get("status"));
assertEquals("CONNECTED", result.get("keycloak"));
assertNotNull(result.get("timestamp"));
}
@Test
void testGetServiceStatusDisconnected() {
when(keycloakAdminClient.isConnected()).thenReturn(false);
Map<String, Object> result = healthResourceEndpoint.getServiceStatus();
assertNotNull(result);
assertEquals("UP", result.get("status"));
assertEquals("DISCONNECTED", result.get("keycloak"));
}
@Test
void testGetServiceStatusKeycloakError() {
when(keycloakAdminClient.isConnected()).thenThrow(new RuntimeException("Error"));
Map<String, Object> result = healthResourceEndpoint.getServiceStatus();
assertNotNull(result);
assertEquals("UP", result.get("status"));
assertEquals("ERROR", result.get("keycloak"));
assertEquals("Error", result.get("keycloakError"));
}
}

224
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/RealmAssignmentResourceTest.java Normal file
View File

@@ -0,0 +1,224 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.service.RealmAuthorizationService;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.security.Principal;
import java.time.LocalDateTime;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests unitaires pour RealmAssignmentResource
*/
@ExtendWith(MockitoExtension.class)
class RealmAssignmentResourceTest {
@Mock
private RealmAuthorizationService realmAuthorizationService;
@Mock
private SecurityContext securityContext;
@Mock
private Principal principal;
@InjectMocks
private RealmAssignmentResource realmAssignmentResource;
private RealmAssignmentDTO assignment;
@BeforeEach
void setUp() {
assignment = RealmAssignmentDTO.builder()
.id("assignment-1")
.userId("user-1")
.username("testuser")
.email("test@example.com")
.realmName("realm1")
.isSuperAdmin(false)
.active(true)
.assignedAt(LocalDateTime.now())
.assignedBy("admin")
.build();
}
@Test
void testGetAllAssignments_Success() {
List<RealmAssignmentDTO> assignments = Arrays.asList(assignment);
when(realmAuthorizationService.getAllAssignments()).thenReturn(assignments);
Response response = realmAssignmentResource.getAllAssignments();
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@SuppressWarnings("unchecked")
List<RealmAssignmentDTO> responseAssignments = (List<RealmAssignmentDTO>) response.getEntity();
assertEquals(1, responseAssignments.size());
}
@Test
void testGetAllAssignments_Error() {
when(realmAuthorizationService.getAllAssignments()).thenThrow(new RuntimeException("Error"));
Response response = realmAssignmentResource.getAllAssignments();
assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
}
@Test
void testGetAssignmentsByUser_Success() {
List<RealmAssignmentDTO> assignments = Arrays.asList(assignment);
when(realmAuthorizationService.getAssignmentsByUser("user-1")).thenReturn(assignments);
Response response = realmAssignmentResource.getAssignmentsByUser("user-1");
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
}
@Test
void testGetAssignmentsByRealm_Success() {
List<RealmAssignmentDTO> assignments = Arrays.asList(assignment);
when(realmAuthorizationService.getAssignmentsByRealm("realm1")).thenReturn(assignments);
Response response = realmAssignmentResource.getAssignmentsByRealm("realm1");
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
}
@Test
void testGetAssignmentById_Success() {
when(realmAuthorizationService.getAssignmentById("assignment-1")).thenReturn(Optional.of(assignment));
Response response = realmAssignmentResource.getAssignmentById("assignment-1");
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
}
@Test
void testGetAssignmentById_NotFound() {
when(realmAuthorizationService.getAssignmentById("non-existent")).thenReturn(Optional.empty());
Response response = realmAssignmentResource.getAssignmentById("non-existent");
assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
}
@Test
void testCanManageRealm_Success() {
when(realmAuthorizationService.canManageRealm("user-1", "realm1")).thenReturn(true);
Response response = realmAssignmentResource.canManageRealm("user-1", "realm1");
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
RealmAssignmentResource.CheckResponse checkResponse = (RealmAssignmentResource.CheckResponse) response.getEntity();
assertTrue(checkResponse.canManage);
}
@Test
void testGetAuthorizedRealms_Success() {
List<String> realms = Arrays.asList("realm1", "realm2");
when(realmAuthorizationService.getAuthorizedRealms("user-1")).thenReturn(realms);
when(realmAuthorizationService.isSuperAdmin("user-1")).thenReturn(false);
Response response = realmAssignmentResource.getAuthorizedRealms("user-1");
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
RealmAssignmentResource.AuthorizedRealmsResponse authResponse =
(RealmAssignmentResource.AuthorizedRealmsResponse) response.getEntity();
assertEquals(2, authResponse.realms.size());
assertFalse(authResponse.isSuperAdmin);
}
@Test
void testAssignRealmToUser_Success() {
when(securityContext.getUserPrincipal()).thenReturn(principal);
when(principal.getName()).thenReturn("admin");
when(realmAuthorizationService.assignRealmToUser(any(RealmAssignmentDTO.class))).thenReturn(assignment);
Response response = realmAssignmentResource.assignRealmToUser(assignment);
assertEquals(Response.Status.CREATED.getStatusCode(), response.getStatus());
}
@Test
void testAssignRealmToUser_Conflict() {
when(securityContext.getUserPrincipal()).thenReturn(principal);
when(principal.getName()).thenReturn("admin");
when(realmAuthorizationService.assignRealmToUser(any(RealmAssignmentDTO.class)))
.thenThrow(new IllegalArgumentException("Already exists"));
Response response = realmAssignmentResource.assignRealmToUser(assignment);
assertEquals(Response.Status.CONFLICT.getStatusCode(), response.getStatus());
}
@Test
void testRevokeRealmFromUser_Success() {
doNothing().when(realmAuthorizationService).revokeRealmFromUser("user-1", "realm1");
Response response = realmAssignmentResource.revokeRealmFromUser("user-1", "realm1");
assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
}
@Test
void testRevokeAllRealmsFromUser_Success() {
doNothing().when(realmAuthorizationService).revokeAllRealmsFromUser("user-1");
Response response = realmAssignmentResource.revokeAllRealmsFromUser("user-1");
assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
}
@Test
void testDeactivateAssignment_Success() {
doNothing().when(realmAuthorizationService).deactivateAssignment("assignment-1");
Response response = realmAssignmentResource.deactivateAssignment("assignment-1");
assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
}
@Test
void testDeactivateAssignment_NotFound() {
doThrow(new IllegalArgumentException("Not found"))
.when(realmAuthorizationService).deactivateAssignment("non-existent");
Response response = realmAssignmentResource.deactivateAssignment("non-existent");
assertEquals(Response.Status.NOT_FOUND.getStatusCode(), response.getStatus());
}
@Test
void testActivateAssignment_Success() {
doNothing().when(realmAuthorizationService).activateAssignment("assignment-1");
Response response = realmAssignmentResource.activateAssignment("assignment-1");
assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
}
@Test
void testSetSuperAdmin_Success() {
doNothing().when(realmAuthorizationService).setSuperAdmin("user-1", true);
Response response = realmAssignmentResource.setSuperAdmin("user-1", true);
assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus());
}
}

73
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/RealmResourceAdditionalTest.java Normal file
View File

@@ -0,0 +1,73 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient;
import io.quarkus.security.identity.SecurityIdentity;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Arrays;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
/**
* Tests supplémentaires pour RealmResource pour améliorer la couverture
*/
@ExtendWith(MockitoExtension.class)
class RealmResourceAdditionalTest {
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private SecurityIdentity securityIdentity;
@InjectMocks
private RealmResource realmResource;
@BeforeEach
void setUp() {
// Setup
}
@Test
void testGetAllRealms_Success() {
List<String> realms = Arrays.asList("master", "lions-user-manager", "test-realm");
when(keycloakAdminClient.getAllRealms()).thenReturn(realms);
Response response = realmResource.getAllRealms();
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@SuppressWarnings("unchecked")
List<String> responseRealms = (List<String>) response.getEntity();
assertEquals(3, responseRealms.size());
}
@Test
void testGetAllRealms_Empty() {
when(keycloakAdminClient.getAllRealms()).thenReturn(List.of());
Response response = realmResource.getAllRealms();
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@SuppressWarnings("unchecked")
List<String> responseRealms = (List<String>) response.getEntity();
assertTrue(responseRealms.isEmpty());
}
@Test
void testGetAllRealms_Exception() {
when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Connection error"));
Response response = realmResource.getAllRealms();
assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
}
}

90
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/RealmResourceTest.java Normal file
View File

@@ -0,0 +1,90 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.client.KeycloakAdminClient;
import io.quarkus.security.identity.SecurityIdentity;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import jakarta.ws.rs.core.Response;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
/**
* Tests unitaires pour RealmResource
*/
@ExtendWith(MockitoExtension.class)
class RealmResourceTest {
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private SecurityIdentity securityIdentity;
@InjectMocks
private RealmResource realmResource;
@BeforeEach
void setUp() {
// Setup initial
}
@Test
void testGetAllRealms_Success() {
List<String> realms = Arrays.asList("master", "lions-user-manager", "btpxpress");
when(keycloakAdminClient.getAllRealms()).thenReturn(realms);
Response response = realmResource.getAllRealms();
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@SuppressWarnings("unchecked")
List<String> responseRealms = (List<String>) response.getEntity();
assertNotNull(responseRealms);
assertEquals(3, responseRealms.size());
assertEquals("master", responseRealms.get(0));
verify(keycloakAdminClient).getAllRealms();
}
@Test
void testGetAllRealms_EmptyList() {
when(keycloakAdminClient.getAllRealms()).thenReturn(Collections.emptyList());
Response response = realmResource.getAllRealms();
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
@SuppressWarnings("unchecked")
List<String> responseRealms = (List<String>) response.getEntity();
assertNotNull(responseRealms);
assertTrue(responseRealms.isEmpty());
}
@Test
void testGetAllRealms_Exception() {
when(keycloakAdminClient.getAllRealms()).thenThrow(new RuntimeException("Keycloak connection error"));
Response response = realmResource.getAllRealms();
assertEquals(Response.Status.INTERNAL_SERVER_ERROR.getStatusCode(), response.getStatus());
RealmResource.ErrorResponse errorResponse = (RealmResource.ErrorResponse) response.getEntity();
assertNotNull(errorResponse);
assertTrue(errorResponse.getMessage().contains("Erreur lors de la récupération des realms"));
}
@Test
void testErrorResponse() {
RealmResource.ErrorResponse errorResponse = new RealmResource.ErrorResponse("Test error");
assertEquals("Test error", errorResponse.getMessage());
errorResponse.setMessage("New error");
assertEquals("New error", errorResponse.getMessage());
}
}

541
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/RoleResourceTest.java Normal file
View File

@@ -0,0 +1,541 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.role.RoleAssignmentDTO;
import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole;
import dev.lions.user.manager.service.RoleService;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class RoleResourceTest {
@Mock
RoleService roleService;
@InjectMocks
RoleResource roleResource;
private static final String REALM = "test-realm";
private static final String CLIENT_ID = "test-client";
// ============== Realm Role Tests ==============
@Test
void testCreateRealmRole() {
RoleDTO input = RoleDTO.builder().name("role").description("desc").build();
RoleDTO created = RoleDTO.builder().id("1").name("role").description("desc").build();
when(roleService.createRealmRole(any(), eq(REALM))).thenReturn(created);
Response response = roleResource.createRealmRole(input, REALM);
assertEquals(201, response.getStatus());
assertEquals(created, response.getEntity());
}
@Test
void testCreateRealmRoleConflict() {
RoleDTO input = RoleDTO.builder().name("role").build();
when(roleService.createRealmRole(any(), eq(REALM)))
.thenThrow(new IllegalArgumentException("Role already exists"));
Response response = roleResource.createRealmRole(input, REALM);
assertEquals(409, response.getStatus());
}
@Test
void testCreateRealmRoleError() {
RoleDTO input = RoleDTO.builder().name("role").build();
when(roleService.createRealmRole(any(), eq(REALM)))
.thenThrow(new RuntimeException("Error"));
Response response = roleResource.createRealmRole(input, REALM);
assertEquals(500, response.getStatus());
}
@Test
void testGetRealmRole() {
RoleDTO role = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(role));
Response response = roleResource.getRealmRole("role", REALM);
assertEquals(200, response.getStatus());
assertEquals(role, response.getEntity());
}
@Test
void testGetRealmRoleNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
Response response = roleResource.getRealmRole("role", REALM);
assertEquals(404, response.getStatus());
}
@Test
void testGetRealmRoleError() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenThrow(new RuntimeException("Error"));
Response response = roleResource.getRealmRole("role", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testGetAllRealmRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getAllRealmRoles(REALM)).thenReturn(roles);
Response response = roleResource.getAllRealmRoles(REALM);
assertEquals(200, response.getStatus());
assertEquals(roles, response.getEntity());
}
@Test
void testGetAllRealmRolesError() {
when(roleService.getAllRealmRoles(REALM)).thenThrow(new RuntimeException("Error"));
Response response = roleResource.getAllRealmRoles(REALM);
assertEquals(500, response.getStatus());
}
@Test
void testUpdateRealmRole() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
RoleDTO input = RoleDTO.builder().description("updated").build();
RoleDTO updated = RoleDTO.builder().id("1").name("role").description("updated").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(existingRole));
when(roleService.updateRole(eq("1"), any(), eq(REALM), eq(TypeRole.REALM_ROLE), isNull()))
.thenReturn(updated);
Response response = roleResource.updateRealmRole("role", input, REALM);
assertEquals(200, response.getStatus());
assertEquals(updated, response.getEntity());
}
@Test
void testUpdateRealmRoleNotFound() {
RoleDTO input = RoleDTO.builder().description("updated").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
Response response = roleResource.updateRealmRole("role", input, REALM);
assertEquals(404, response.getStatus());
}
@Test
void testUpdateRealmRoleError() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
RoleDTO input = RoleDTO.builder().description("updated").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(existingRole));
when(roleService.updateRole(eq("1"), any(), eq(REALM), eq(TypeRole.REALM_ROLE), isNull()))
.thenThrow(new RuntimeException("Error"));
Response response = roleResource.updateRealmRole("role", input, REALM);
assertEquals(500, response.getStatus());
}
@Test
void testDeleteRealmRole() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(existingRole));
doNothing().when(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.REALM_ROLE), isNull());
Response response = roleResource.deleteRealmRole("role", REALM);
assertEquals(204, response.getStatus());
}
@Test
void testDeleteRealmRoleNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
Response response = roleResource.deleteRealmRole("role", REALM);
assertEquals(404, response.getStatus());
}
@Test
void testDeleteRealmRoleError() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(existingRole));
doThrow(new RuntimeException("Error")).when(roleService)
.deleteRole(eq("1"), eq(REALM), eq(TypeRole.REALM_ROLE), isNull());
Response response = roleResource.deleteRealmRole("role", REALM);
assertEquals(500, response.getStatus());
}
// ============== Client Role Tests ==============
@Test
void testCreateClientRole() {
RoleDTO input = RoleDTO.builder().name("role").build();
RoleDTO created = RoleDTO.builder().id("1").name("role").build();
when(roleService.createClientRole(any(RoleDTO.class), eq(REALM), eq(CLIENT_ID))).thenReturn(created);
Response response = roleResource.createClientRole(CLIENT_ID, input, REALM);
assertEquals(201, response.getStatus());
assertEquals(created, response.getEntity());
}
@Test
void testCreateClientRoleError() {
RoleDTO input = RoleDTO.builder().name("role").build();
when(roleService.createClientRole(any(RoleDTO.class), eq(REALM), eq(CLIENT_ID)))
.thenThrow(new RuntimeException("Error"));
Response response = roleResource.createClientRole(CLIENT_ID, input, REALM);
assertEquals(500, response.getStatus());
}
@Test
void testGetClientRole() {
RoleDTO role = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.of(role));
Response response = roleResource.getClientRole(CLIENT_ID, "role", REALM);
assertEquals(200, response.getStatus());
assertEquals(role, response.getEntity());
}
@Test
void testGetClientRoleNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.empty());
Response response = roleResource.getClientRole(CLIENT_ID, "role", REALM);
assertEquals(404, response.getStatus());
}
@Test
void testGetClientRoleError() {
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenThrow(new RuntimeException("Error"));
Response response = roleResource.getClientRole(CLIENT_ID, "role", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testGetAllClientRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getAllClientRoles(REALM, CLIENT_ID)).thenReturn(roles);
Response response = roleResource.getAllClientRoles(CLIENT_ID, REALM);
assertEquals(200, response.getStatus());
assertEquals(roles, response.getEntity());
}
@Test
void testGetAllClientRolesError() {
when(roleService.getAllClientRoles(REALM, CLIENT_ID)).thenThrow(new RuntimeException("Error"));
Response response = roleResource.getAllClientRoles(CLIENT_ID, REALM);
assertEquals(500, response.getStatus());
}
@Test
void testDeleteClientRole() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.of(existingRole));
doNothing().when(roleService).deleteRole(eq("1"), eq(REALM), eq(TypeRole.CLIENT_ROLE), eq(CLIENT_ID));
Response response = roleResource.deleteClientRole(CLIENT_ID, "role", REALM);
assertEquals(204, response.getStatus());
}
@Test
void testDeleteClientRoleNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.empty());
Response response = roleResource.deleteClientRole(CLIENT_ID, "role", REALM);
assertEquals(404, response.getStatus());
}
@Test
void testDeleteClientRoleError() {
RoleDTO existingRole = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.CLIENT_ROLE, CLIENT_ID))
.thenReturn(Optional.of(existingRole));
doThrow(new RuntimeException("Error")).when(roleService)
.deleteRole(eq("1"), eq(REALM), eq(TypeRole.CLIENT_ROLE), eq(CLIENT_ID));
Response response = roleResource.deleteClientRole(CLIENT_ID, "role", REALM);
assertEquals(500, response.getStatus());
}
// ============== Role Assignment Tests ==============
@Test
void testAssignRealmRoles() {
doNothing().when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("role");
Response response = roleResource.assignRealmRoles("user1", REALM, request);
assertEquals(204, response.getStatus());
verify(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
}
@Test
void testAssignRealmRolesError() {
doThrow(new RuntimeException("Error")).when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("role");
Response response = roleResource.assignRealmRoles("user1", REALM, request);
assertEquals(500, response.getStatus());
}
@Test
void testRevokeRealmRoles() {
doNothing().when(roleService).revokeRolesFromUser(any(RoleAssignmentDTO.class));
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("role");
Response response = roleResource.revokeRealmRoles("user1", REALM, request);
assertEquals(204, response.getStatus());
verify(roleService).revokeRolesFromUser(any(RoleAssignmentDTO.class));
}
@Test
void testRevokeRealmRolesError() {
doThrow(new RuntimeException("Error")).when(roleService).revokeRolesFromUser(any(RoleAssignmentDTO.class));
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("role");
Response response = roleResource.revokeRealmRoles("user1", REALM, request);
assertEquals(500, response.getStatus());
}
@Test
void testAssignClientRoles() {
doNothing().when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("role");
Response response = roleResource.assignClientRoles(CLIENT_ID, "user1", REALM, request);
assertEquals(204, response.getStatus());
verify(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
}
@Test
void testAssignClientRolesError() {
doThrow(new RuntimeException("Error")).when(roleService).assignRolesToUser(any(RoleAssignmentDTO.class));
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("role");
Response response = roleResource.assignClientRoles(CLIENT_ID, "user1", REALM, request);
assertEquals(500, response.getStatus());
}
@Test
void testGetUserRealmRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getUserRealmRoles("user1", REALM)).thenReturn(roles);
Response response = roleResource.getUserRealmRoles("user1", REALM);
assertEquals(200, response.getStatus());
assertEquals(roles, response.getEntity());
}
@Test
void testGetUserRealmRolesError() {
when(roleService.getUserRealmRoles("user1", REALM)).thenThrow(new RuntimeException("Error"));
Response response = roleResource.getUserRealmRoles("user1", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testGetUserClientRoles() {
List<RoleDTO> roles = Collections.singletonList(RoleDTO.builder().name("role").build());
when(roleService.getUserClientRoles("user1", CLIENT_ID, REALM)).thenReturn(roles);
Response response = roleResource.getUserClientRoles(CLIENT_ID, "user1", REALM);
assertEquals(200, response.getStatus());
assertEquals(roles, response.getEntity());
}
@Test
void testGetUserClientRolesError() {
when(roleService.getUserClientRoles("user1", CLIENT_ID, REALM)).thenThrow(new RuntimeException("Error"));
Response response = roleResource.getUserClientRoles(CLIENT_ID, "user1", REALM);
assertEquals(500, response.getStatus());
}
// ============== Composite Role Tests ==============
@Test
void testAddComposites() {
RoleDTO parentRole = RoleDTO.builder().id("parent-1").name("role").build();
RoleDTO childRole = RoleDTO.builder().id("child-1").name("composite").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(parentRole));
when(roleService.getRoleByName("composite", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(childRole));
doNothing().when(roleService).addCompositeRoles(eq("parent-1"), anyList(), eq(REALM),
eq(TypeRole.REALM_ROLE), isNull());
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("composite");
Response response = roleResource.addComposites("role", REALM, request);
assertEquals(204, response.getStatus());
verify(roleService).addCompositeRoles(eq("parent-1"), anyList(), eq(REALM),
eq(TypeRole.REALM_ROLE), isNull());
}
@Test
void testAddCompositesParentNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("composite");
Response response = roleResource.addComposites("role", REALM, request);
assertEquals(404, response.getStatus());
}
@Test
void testAddCompositesError() {
RoleDTO parentRole = RoleDTO.builder().id("parent-1").name("role").build();
RoleDTO childRole = RoleDTO.builder().id("child-1").name("composite").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(parentRole));
when(roleService.getRoleByName("composite", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(childRole));
doThrow(new RuntimeException("Error")).when(roleService).addCompositeRoles(eq("parent-1"), anyList(),
eq(REALM), eq(TypeRole.REALM_ROLE), isNull());
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = Collections.singletonList("composite");
Response response = roleResource.addComposites("role", REALM, request);
assertEquals(500, response.getStatus());
}
@Test
void testGetComposites() {
RoleDTO role = RoleDTO.builder().id("1").name("role").build();
List<RoleDTO> composites = Collections.singletonList(RoleDTO.builder().name("composite").build());
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(role));
when(roleService.getCompositeRoles("1", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(composites);
Response response = roleResource.getComposites("role", REALM);
assertEquals(200, response.getStatus());
assertEquals(composites, response.getEntity());
}
@Test
void testGetCompositesNotFound() {
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.empty());
Response response = roleResource.getComposites("role", REALM);
assertEquals(404, response.getStatus());
}
@Test
void testGetCompositesError() {
RoleDTO role = RoleDTO.builder().id("1").name("role").build();
when(roleService.getRoleByName("role", REALM, TypeRole.REALM_ROLE, null))
.thenReturn(Optional.of(role));
when(roleService.getCompositeRoles("1", REALM, TypeRole.REALM_ROLE, null))
.thenThrow(new RuntimeException("Error"));
Response response = roleResource.getComposites("role", REALM);
assertEquals(500, response.getStatus());
}
// ============== Inner Class Tests ==============
@Test
void testRoleAssignmentRequestClass() {
RoleResource.RoleAssignmentRequest request = new RoleResource.RoleAssignmentRequest();
request.roleNames = List.of("role1", "role2");
assertEquals(2, request.roleNames.size());
assertTrue(request.roleNames.contains("role1"));
}
}

253
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/SyncResourceTest.java Normal file
View File

@@ -0,0 +1,253 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.service.SyncService;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class SyncResourceTest {
@Mock
SyncService syncService;
@InjectMocks
SyncResource syncResource;
private static final String REALM = "test-realm";
private static final String CLIENT_ID = "test-client";
@Test
void testSyncUsers() {
when(syncService.syncUsersFromRealm(REALM)).thenReturn(10);
Response response = syncResource.syncUsers(REALM);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testSyncUsersError() {
when(syncService.syncUsersFromRealm(REALM)).thenThrow(new RuntimeException("Error"));
Response response = syncResource.syncUsers(REALM);
assertEquals(500, response.getStatus());
}
@Test
void testSyncRealmRoles() {
when(syncService.syncRolesFromRealm(REALM)).thenReturn(5);
Response response = syncResource.syncRealmRoles(REALM);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testSyncRealmRolesError() {
when(syncService.syncRolesFromRealm(REALM)).thenThrow(new RuntimeException("Error"));
Response response = syncResource.syncRealmRoles(REALM);
assertEquals(500, response.getStatus());
}
@Test
void testSyncClientRoles() {
when(syncService.syncRolesFromRealm(REALM)).thenReturn(3);
Response response = syncResource.syncClientRoles(CLIENT_ID, REALM);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testSyncClientRolesError() {
when(syncService.syncRolesFromRealm(REALM)).thenThrow(new RuntimeException("Error"));
Response response = syncResource.syncClientRoles(CLIENT_ID, REALM);
assertEquals(500, response.getStatus());
}
@Test
void testSyncAll() {
Map<String, Object> result = Map.of(
"realmName", REALM,
"usersSynced", 10,
"rolesSynced", 5,
"success", true
);
when(syncService.forceSyncRealm(REALM)).thenReturn(result);
Response response = syncResource.syncAll(REALM);
assertEquals(200, response.getStatus());
assertEquals(result, response.getEntity());
}
@Test
void testSyncAllError() {
when(syncService.forceSyncRealm(REALM)).thenThrow(new RuntimeException("Error"));
Response response = syncResource.syncAll(REALM);
assertEquals(500, response.getStatus());
}
@Test
void testCheckHealthHealthy() {
when(syncService.isKeycloakAvailable()).thenReturn(true);
Response response = syncResource.checkHealth();
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testCheckHealthUnhealthy() {
when(syncService.isKeycloakAvailable()).thenReturn(false);
Response response = syncResource.checkHealth();
assertEquals(503, response.getStatus());
}
@Test
void testCheckHealthError() {
when(syncService.isKeycloakAvailable()).thenThrow(new RuntimeException("Error"));
Response response = syncResource.checkHealth();
assertEquals(503, response.getStatus());
}
@Test
void testGetDetailedHealthStatus() {
Map<String, Object> status = Map.of(
"keycloakAvailable", true,
"keycloakVersion", "21.0.0"
);
when(syncService.getKeycloakHealthInfo()).thenReturn(status);
Response response = syncResource.getDetailedHealthStatus();
assertEquals(200, response.getStatus());
assertEquals(status, response.getEntity());
}
@Test
void testGetDetailedHealthStatusError() {
when(syncService.getKeycloakHealthInfo()).thenThrow(new RuntimeException("Error"));
Response response = syncResource.getDetailedHealthStatus();
assertEquals(500, response.getStatus());
}
@Test
void testCheckRealmExistsTrue() {
when(syncService.syncUsersFromRealm(REALM)).thenReturn(5);
Response response = syncResource.checkRealmExists(REALM);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testCheckRealmExistsFalse() {
when(syncService.syncUsersFromRealm(REALM)).thenThrow(new RuntimeException("Realm not found"));
Response response = syncResource.checkRealmExists(REALM);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testCheckRealmExistsError() {
when(syncService.syncUsersFromRealm(REALM)).thenThrow(new RuntimeException("Unexpected error"));
Response response = syncResource.checkRealmExists(REALM);
// checkRealmExists catches all exceptions and returns 200 with exists=false
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testCheckUserExists() {
// La méthode checkUserExists retourne toujours false dans l'implémentation actuelle
Response response = syncResource.checkUserExists("user1", REALM);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testCheckUserExistsError() {
// Test d'erreur si une exception est levée
// Note: L'implémentation actuelle ne lève pas d'exception, mais testons quand même
Response response = syncResource.checkUserExists("user1", REALM);
assertEquals(200, response.getStatus());
}
// ============== Inner Class Tests ==============
@Test
void testSyncUsersResponseClass() {
SyncResource.SyncUsersResponse response = new SyncResource.SyncUsersResponse(1, null);
assertEquals(1, response.count);
assertNull(response.users);
}
@Test
void testSyncRolesResponseClass() {
SyncResource.SyncRolesResponse response = new SyncResource.SyncRolesResponse(1, null);
assertEquals(1, response.count);
assertNull(response.roles);
}
@Test
void testHealthCheckResponseClass() {
SyncResource.HealthCheckResponse response = new SyncResource.HealthCheckResponse(true, "OK");
assertTrue(response.healthy);
assertEquals("OK", response.message);
}
@Test
void testExistsCheckResponseClass() {
SyncResource.ExistsCheckResponse response = new SyncResource.ExistsCheckResponse(true, "realm", "test");
assertTrue(response.exists);
assertEquals("realm", response.resourceType);
assertEquals("test", response.resourceId);
}
@Test
void testErrorResponseClass() {
SyncResource.ErrorResponse response = new SyncResource.ErrorResponse("Error");
assertEquals("Error", response.message);
}
}

353
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/resource/UserResourceTest.java Normal file
View File

@@ -0,0 +1,353 @@
package dev.lions.user.manager.resource;
import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
import dev.lions.user.manager.dto.user.UserSearchResultDTO;
import dev.lions.user.manager.service.UserService;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class UserResourceTest {
@Mock
UserService userService;
@InjectMocks
UserResource userResource;
private static final String REALM = "test-realm";
@Test
void testSearchUsers() {
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.searchTerm("test")
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO mockResult = UserSearchResultDTO.builder()
.users(Collections.singletonList(UserDTO.builder().username("test").build()))
.totalCount(1L)
.build();
when(userService.searchUsers(any())).thenReturn(mockResult);
Response response = userResource.searchUsers(criteria);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testSearchUsersError() {
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.build();
when(userService.searchUsers(any())).thenThrow(new RuntimeException("Search failed"));
Response response = userResource.searchUsers(criteria);
assertEquals(500, response.getStatus());
}
@Test
void testGetUserById() {
UserDTO user = UserDTO.builder().id("1").username("testuser").build();
when(userService.getUserById("1", REALM)).thenReturn(Optional.of(user));
Response response = userResource.getUserById("1", REALM);
assertEquals(200, response.getStatus());
assertEquals(user, response.getEntity());
}
@Test
void testGetUserByIdNotFound() {
when(userService.getUserById("1", REALM)).thenReturn(Optional.empty());
Response response = userResource.getUserById("1", REALM);
assertEquals(404, response.getStatus());
}
@Test
void testGetUserByIdError() {
when(userService.getUserById("1", REALM)).thenThrow(new RuntimeException("Error"));
Response response = userResource.getUserById("1", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testGetAllUsers() {
UserSearchResultDTO mockResult = UserSearchResultDTO.builder()
.users(Collections.emptyList())
.totalCount(0L)
.build();
when(userService.getAllUsers(REALM, 0, 20)).thenReturn(mockResult);
Response response = userResource.getAllUsers(REALM, 0, 20);
assertEquals(200, response.getStatus());
}
@Test
void testGetAllUsersError() {
when(userService.getAllUsers(REALM, 0, 20)).thenThrow(new RuntimeException("Error"));
Response response = userResource.getAllUsers(REALM, 0, 20);
assertEquals(500, response.getStatus());
}
@Test
void testCreateUser() {
UserDTO newUser = UserDTO.builder().username("newuser").email("new@test.com").build();
UserDTO createdUser = UserDTO.builder().id("123").username("newuser").email("new@test.com").build();
when(userService.createUser(any(), eq(REALM))).thenReturn(createdUser);
Response response = userResource.createUser(newUser, REALM);
assertEquals(201, response.getStatus());
assertEquals(createdUser, response.getEntity());
}
@Test
void testCreateUserError() {
UserDTO newUser = UserDTO.builder().username("newuser").email("new@test.com").build();
when(userService.createUser(any(), eq(REALM))).thenThrow(new RuntimeException("Create failed"));
Response response = userResource.createUser(newUser, REALM);
assertEquals(500, response.getStatus());
}
@Test
void testUpdateUser() {
UserDTO updateUser = UserDTO.builder()
.username("updated")
.prenom("John")
.nom("Doe")
.email("john.doe@test.com")
.build();
UserDTO updatedUser = UserDTO.builder()
.id("1")
.username("updated")
.prenom("John")
.nom("Doe")
.email("john.doe@test.com")
.build();
when(userService.updateUser(eq("1"), any(), eq(REALM))).thenReturn(updatedUser);
Response response = userResource.updateUser("1", updateUser, REALM);
assertEquals(200, response.getStatus());
assertEquals(updatedUser, response.getEntity());
}
@Test
void testUpdateUserError() {
UserDTO updateUser = UserDTO.builder()
.username("updated")
.prenom("John")
.nom("Doe")
.email("john.doe@test.com")
.build();
when(userService.updateUser(eq("1"), any(), eq(REALM))).thenThrow(new RuntimeException("Update failed"));
Response response = userResource.updateUser("1", updateUser, REALM);
assertEquals(500, response.getStatus());
}
@Test
void testDeleteUser() {
doNothing().when(userService).deleteUser("1", REALM, false);
Response response = userResource.deleteUser("1", REALM, false);
assertEquals(204, response.getStatus());
verify(userService).deleteUser("1", REALM, false);
}
@Test
void testDeleteUserHard() {
doNothing().when(userService).deleteUser("1", REALM, true);
Response response = userResource.deleteUser("1", REALM, true);
assertEquals(204, response.getStatus());
verify(userService).deleteUser("1", REALM, true);
}
@Test
void testDeleteUserError() {
doThrow(new RuntimeException("Delete failed")).when(userService).deleteUser("1", REALM, false);
Response response = userResource.deleteUser("1", REALM, false);
assertEquals(500, response.getStatus());
}
@Test
void testActivateUser() {
doNothing().when(userService).activateUser("1", REALM);
Response response = userResource.activateUser("1", REALM);
assertEquals(204, response.getStatus());
verify(userService).activateUser("1", REALM);
}
@Test
void testActivateUserError() {
doThrow(new RuntimeException("Activate failed")).when(userService).activateUser("1", REALM);
Response response = userResource.activateUser("1", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testDeactivateUser() {
doNothing().when(userService).deactivateUser("1", REALM, "reason");
Response response = userResource.deactivateUser("1", REALM, "reason");
assertEquals(204, response.getStatus());
verify(userService).deactivateUser("1", REALM, "reason");
}
@Test
void testDeactivateUserError() {
doThrow(new RuntimeException("Deactivate failed")).when(userService).deactivateUser("1", REALM, null);
Response response = userResource.deactivateUser("1", REALM, null);
assertEquals(500, response.getStatus());
}
@Test
void testResetPassword() {
doNothing().when(userService).resetPassword("1", REALM, "newpassword", true);
UserResource.PasswordResetRequest request = new UserResource.PasswordResetRequest();
request.password = "newpassword";
request.temporary = true;
Response response = userResource.resetPassword("1", REALM, request);
assertEquals(204, response.getStatus());
verify(userService).resetPassword("1", REALM, "newpassword", true);
}
@Test
void testResetPasswordError() {
doThrow(new RuntimeException("Reset failed")).when(userService).resetPassword(any(), any(), any(),
anyBoolean());
UserResource.PasswordResetRequest request = new UserResource.PasswordResetRequest();
request.password = "newpassword";
Response response = userResource.resetPassword("1", REALM, request);
assertEquals(500, response.getStatus());
}
@Test
void testSendVerificationEmail() {
doNothing().when(userService).sendVerificationEmail("1", REALM);
Response response = userResource.sendVerificationEmail("1", REALM);
assertEquals(204, response.getStatus());
verify(userService).sendVerificationEmail("1", REALM);
}
@Test
void testSendVerificationEmailError() {
doThrow(new RuntimeException("Email failed")).when(userService).sendVerificationEmail("1", REALM);
Response response = userResource.sendVerificationEmail("1", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testLogoutAllSessions() {
when(userService.logoutAllSessions("1", REALM)).thenReturn(5);
Response response = userResource.logoutAllSessions("1", REALM);
assertEquals(200, response.getStatus());
assertNotNull(response.getEntity());
}
@Test
void testLogoutAllSessionsError() {
when(userService.logoutAllSessions("1", REALM)).thenThrow(new RuntimeException("Logout failed"));
Response response = userResource.logoutAllSessions("1", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testGetActiveSessions() {
when(userService.getActiveSessions("1", REALM)).thenReturn(Collections.emptyList());
Response response = userResource.getActiveSessions("1", REALM);
assertEquals(200, response.getStatus());
}
@Test
void testGetActiveSessionsError() {
when(userService.getActiveSessions("1", REALM)).thenThrow(new RuntimeException("Sessions failed"));
Response response = userResource.getActiveSessions("1", REALM);
assertEquals(500, response.getStatus());
}
@Test
void testPasswordResetRequestClass() {
UserResource.PasswordResetRequest request = new UserResource.PasswordResetRequest();
request.password = "password123";
request.temporary = false;
assertEquals("password123", request.password);
assertFalse(request.temporary);
}
@Test
void testSessionsRevokedResponseClass() {
UserResource.SessionsRevokedResponse response = new UserResource.SessionsRevokedResponse(5);
assertEquals(5, response.count);
}
@Test
void testErrorResponseClass() {
UserResource.ErrorResponse response = new UserResource.ErrorResponse("Error message");
assertEquals("Error message", response.message);
}
}

88
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/security/DevSecurityContextProducerTest.java Normal file
View File

@@ -0,0 +1,88 @@
package dev.lions.user.manager.security;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.core.SecurityContext;
import jakarta.ws.rs.core.UriInfo;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.lang.reflect.Field;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
/**
* Tests unitaires pour DevSecurityContextProducer
*/
@ExtendWith(MockitoExtension.class)
class DevSecurityContextProducerTest {
@Mock
private ContainerRequestContext requestContext;
@Mock
private UriInfo uriInfo;
@Mock
private SecurityContext originalSecurityContext;
private DevSecurityContextProducer producer;
@BeforeEach
void setUp() throws Exception {
producer = new DevSecurityContextProducer();
// Injecter les propriétés via reflection
setField("profile", "dev");
setField("oidcEnabled", false);
}
private void setField(String fieldName, Object value) throws Exception {
Field field = DevSecurityContextProducer.class.getDeclaredField(fieldName);
field.setAccessible(true);
field.set(producer, value);
}
@Test
void testFilter_DevMode() throws Exception {
setField("profile", "dev");
setField("oidcEnabled", true);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/users");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
producer.filter(requestContext);
verify(requestContext, times(1)).setSecurityContext(any(SecurityContext.class));
}
@Test
void testFilter_ProdMode() throws Exception {
setField("profile", "prod");
setField("oidcEnabled", true);
// En mode prod, on n'a pas besoin de mocker getUriInfo car le code ne l'utilise pas
producer.filter(requestContext);
verify(requestContext, never()).setSecurityContext(any(SecurityContext.class));
}
@Test
void testFilter_OidcDisabled() throws Exception {
setField("profile", "prod");
setField("oidcEnabled", false);
when(requestContext.getUriInfo()).thenReturn(uriInfo);
when(uriInfo.getPath()).thenReturn("/api/users");
when(requestContext.getSecurityContext()).thenReturn(originalSecurityContext);
producer.filter(requestContext);
verify(requestContext, times(1)).setSecurityContext(any(SecurityContext.class));
}
}

151
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/AuditServiceImplAdditionalTest.java Normal file
View File

@@ -0,0 +1,151 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import java.time.LocalDateTime;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests supplémentaires pour AuditServiceImpl pour améliorer la couverture
*/
class AuditServiceImplAdditionalTest {
private AuditServiceImpl auditService;
@BeforeEach
void setUp() {
auditService = new AuditServiceImpl();
auditService.auditEnabled = true;
auditService.logToDatabase = false;
}
@Test
void testFindByActeur_WithDates() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> logs = auditService.findByActeur("admin", past, future, 0, 10);
assertNotNull(logs);
assertTrue(logs.size() > 0);
}
@Test
void testFindByRealm_WithDates() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs);
}
@Test
void testFindByRessource() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> logs = auditService.findByRessource("USER", "1", past, future, 0, 10);
assertNotNull(logs);
}
@Test
void testCountByActionType() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
java.util.Map<TypeActionAudit, Long> counts = auditService.countByActionType("realm1", past, future);
assertNotNull(counts);
assertTrue(counts.containsKey(TypeActionAudit.USER_CREATE));
}
@Test
void testCountByActeur() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
java.util.Map<String, Long> counts = auditService.countByActeur("realm1", past, future);
assertNotNull(counts);
}
@Test
void testCountSuccessVsFailure() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
java.util.Map<String, Long> result = auditService.countSuccessVsFailure("realm1", past, future);
assertNotNull(result);
assertTrue(result.containsKey("success"));
assertTrue(result.containsKey("failure"));
}
@Test
void testExportToCSV() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
String csv = auditService.exportToCSV("realm1", past, future);
assertNotNull(csv);
assertTrue(csv.length() > 0);
}
@Test
void testPurgeOldLogs() {
// Créer des logs anciens
for (int i = 0; i < 10; i++) {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", String.valueOf(i),
"user" + i, "realm1", "admin", "Created");
}
LocalDateTime cutoffDate = LocalDateTime.now().minusDays(30);
long purged = auditService.purgeOldLogs(cutoffDate);
assertTrue(purged >= 0);
}
@Test
void testGetTotalCount() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
long total = auditService.getTotalCount();
assertEquals(2, total);
}
}

322
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/AuditServiceImplCompleteTest.java Normal file
View File

@@ -0,0 +1,322 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import java.time.LocalDateTime;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
/**
* Tests complets pour AuditServiceImpl pour atteindre 100% de couverture
* Couvre les branches manquantes : auditEnabled=false, acteurUsername="*", dates null, etc.
*/
class AuditServiceImplCompleteTest {
private AuditServiceImpl auditService;
@BeforeEach
void setUp() {
auditService = new AuditServiceImpl();
auditService.auditEnabled = true;
auditService.logToDatabase = false;
}
@Test
void testLogAction_AuditDisabled() {
auditService.auditEnabled = false;
AuditLogDTO auditLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin")
.build();
AuditLogDTO result = auditService.logAction(auditLog);
assertEquals(auditLog, result);
}
@Test
void testLogAction_WithId() {
AuditLogDTO auditLog = AuditLogDTO.builder()
.id("custom-id")
.typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin")
.build();
AuditLogDTO result = auditService.logAction(auditLog);
assertEquals("custom-id", result.getId());
}
@Test
void testLogAction_WithDateAction() {
LocalDateTime customDate = LocalDateTime.now().minusDays(1);
AuditLogDTO auditLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin")
.dateAction(customDate)
.build();
AuditLogDTO result = auditService.logAction(auditLog);
assertEquals(customDate, result.getDateAction());
}
@Test
void testSearchLogs_WithWildcardActeur() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "user2", "Updated");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
// Test avec acteurUsername = "*" (wildcard)
List<AuditLogDTO> logs = auditService.findByActeur("*", past, future, 0, 10);
assertNotNull(logs);
assertTrue(logs.size() >= 2);
}
@Test
void testSearchLogs_WithNullDates() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
// Test avec dates null
List<AuditLogDTO> logs = auditService.findByActeur("admin", null, null, 0, 10);
assertNotNull(logs);
assertTrue(logs.size() > 0);
}
@Test
void testSearchLogs_WithNullTypeAction() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
// Test avec typeAction null (via findByRealm qui ne filtre pas par typeAction)
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs);
}
@Test
void testSearchLogs_WithNullRessourceType() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
// Test avec ressourceType null (via findByRealm)
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs);
}
@Test
void testFindFailures() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> failures = auditService.findFailures("realm1", past, future, 0, 10);
assertNotNull(failures);
assertTrue(failures.size() > 0);
assertFalse(failures.get(0).isSuccessful());
}
@Test
void testFindCriticalActions_UserDelete() {
auditService.logSuccess(TypeActionAudit.USER_DELETE, "USER", "1", "user1", "realm1", "admin", "Deleted");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical);
assertTrue(critical.size() > 0);
assertEquals(TypeActionAudit.USER_DELETE, critical.get(0).getTypeAction());
}
@Test
void testFindCriticalActions_RoleDelete() {
auditService.logSuccess(TypeActionAudit.ROLE_DELETE, "ROLE", "1", "role1", "realm1", "admin", "Deleted");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical);
assertTrue(critical.size() > 0);
assertEquals(TypeActionAudit.ROLE_DELETE, critical.get(0).getTypeAction());
}
@Test
void testFindCriticalActions_SessionRevokeAll() {
auditService.logSuccess(TypeActionAudit.SESSION_REVOKE_ALL, "SESSION", "1", "session1", "realm1", "admin", "Revoked");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical);
assertTrue(critical.size() > 0);
assertEquals(TypeActionAudit.SESSION_REVOKE_ALL, critical.get(0).getTypeAction());
}
@Test
void testFindCriticalActions_WithDateFilters() {
LocalDateTime oldDate = LocalDateTime.now().minusDays(10);
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
// Créer un log ancien (hors de la plage)
AuditLogDTO oldLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_DELETE)
.acteurUsername("admin")
.dateAction(oldDate)
.build();
auditService.logAction(oldLog);
// Créer un log récent (dans la plage)
auditService.logSuccess(TypeActionAudit.USER_DELETE, "USER", "2", "user2", "realm1", "admin", "Deleted");
List<AuditLogDTO> critical = auditService.findCriticalActions("realm1", past, future, 0, 10);
assertNotNull(critical);
// Seul le log récent devrait être retourné
assertTrue(critical.size() >= 1);
}
@Test
void testGetAuditStatistics() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
Map<String, Object> stats = auditService.getAuditStatistics("realm1", past, future);
assertNotNull(stats);
assertTrue(stats.containsKey("total"));
assertTrue(stats.containsKey("success"));
assertTrue(stats.containsKey("failure"));
assertTrue(stats.containsKey("byActionType"));
assertTrue(stats.containsKey("byActeur"));
}
@Test
void testExportToCSV_WithNullValues() {
AuditLogDTO auditLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin")
.ressourceType("USER")
.ressourceId("1")
.success(true)
.ipAddress(null)
.description(null)
.errorMessage(null)
.build();
auditService.logAction(auditLog);
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
String csv = auditService.exportToCSV("realm1", past, future);
assertNotNull(csv);
assertTrue(csv.contains("admin"));
}
@Test
void testExportToCSV_WithQuotesInDescription() {
AuditLogDTO auditLog = AuditLogDTO.builder()
.typeAction(TypeActionAudit.USER_CREATE)
.acteurUsername("admin")
.ressourceType("USER")
.ressourceId("1")
.success(true)
.description("Test \"quoted\" description")
.errorMessage("Error \"message\"")
.build();
auditService.logAction(auditLog);
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
String csv = auditService.exportToCSV("realm1", past, future);
assertNotNull(csv);
// Les guillemets devraient être échappés
assertTrue(csv.contains("\"\""));
}
@Test
void testClearAll() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
assertEquals(1, auditService.getTotalCount());
auditService.clearAll();
assertEquals(0, auditService.getTotalCount());
}
@Test
void testFindByTypeAction() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "2", "user2", "realm1", "admin", "Updated");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
List<AuditLogDTO> logs = auditService.findByTypeAction(TypeActionAudit.USER_CREATE, "realm1", past, future, 0, 10);
assertNotNull(logs);
assertTrue(logs.size() > 0);
assertEquals(TypeActionAudit.USER_CREATE, logs.get(0).getTypeAction());
}
@Test
void testSearchLogs_WithNullSuccess() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm1", "admin", "Created");
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "2", "user2", "realm1", "admin", "Failed", "Error");
LocalDateTime now = LocalDateTime.now();
LocalDateTime past = now.minusDays(1);
LocalDateTime future = now.plusDays(1);
// findByRealm ne filtre pas par success, donc success = null
List<AuditLogDTO> logs = auditService.findByRealm("realm1", past, future, 0, 10);
assertNotNull(logs);
assertTrue(logs.size() >= 2);
}
}

78
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/AuditServiceImplTest.java Normal file
View File

@@ -0,0 +1,78 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.audit.AuditLogDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import java.time.LocalDateTime;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
class AuditServiceImplTest {
AuditServiceImpl auditService;
@BeforeEach
void setUp() {
auditService = new AuditServiceImpl();
auditService.auditEnabled = true; // manually injecting config property
auditService.logToDatabase = false;
}
@Test
void testLogAction() {
AuditLogDTO log = new AuditLogDTO();
log.setTypeAction(TypeActionAudit.USER_CREATE);
log.setActeurUsername("admin");
auditService.logAction(log);
assertEquals(1, auditService.getTotalCount());
assertNotNull(log.getId());
assertNotNull(log.getDateAction());
}
@Test
void testLogDisabled() {
auditService.auditEnabled = false;
AuditLogDTO log = new AuditLogDTO();
auditService.logAction(log);
assertEquals(0, auditService.getTotalCount());
}
@Test
void testLogSuccess() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user", "realm", "admin", "desc");
assertEquals(1, auditService.getTotalCount());
}
@Test
void testLogFailure() {
auditService.logFailure(TypeActionAudit.USER_CREATE, "USER", "1", "user", "realm", "admin", "ERR", "Error");
assertEquals(1, auditService.getTotalCount());
List<AuditLogDTO> failures = auditService.findFailures("realm", null, null, 0, 10);
assertEquals(1, failures.size());
}
@Test
void testSearchLogs() {
auditService.logSuccess(TypeActionAudit.USER_CREATE, "USER", "1", "user1", "realm", "admin1", "");
auditService.logSuccess(TypeActionAudit.USER_UPDATE, "USER", "1", "user1", "realm", "admin1", "");
auditService.logSuccess(TypeActionAudit.ROLE_CREATE, "ROLE", "r", "role", "realm", "admin2", "");
List<AuditLogDTO> byActeur = auditService.findByActeur("admin1", null, null, 0, 10);
assertEquals(2, byActeur.size());
List<AuditLogDTO> byType = auditService.findByTypeAction(TypeActionAudit.ROLE_CREATE, "realm", null, null, 0,
10);
assertEquals(1, byType.size());
}
@Test
void testClearAll() {
auditService.logAction(new AuditLogDTO());
auditService.clearAll();
assertEquals(0, auditService.getTotalCount());
}
}

280
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/RealmAuthorizationServiceImplTest.java Normal file
View File

@@ -0,0 +1,280 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.dto.realm.RealmAssignmentDTO;
import dev.lions.user.manager.enums.audit.TypeActionAudit;
import dev.lions.user.manager.service.AuditService;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.time.LocalDateTime;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests unitaires pour RealmAuthorizationServiceImpl
*/
@ExtendWith(MockitoExtension.class)
class RealmAuthorizationServiceImplTest {
@Mock
private AuditService auditService;
@InjectMocks
private RealmAuthorizationServiceImpl realmAuthorizationService;
private RealmAssignmentDTO assignment;
@BeforeEach
void setUp() {
assignment = RealmAssignmentDTO.builder()
.id("assignment-1")
.userId("user-1")
.username("testuser")
.email("test@example.com")
.realmName("realm1")
.isSuperAdmin(false)
.active(true)
.assignedAt(LocalDateTime.now())
.assignedBy("admin")
.build();
}
@Test
void testGetAllAssignments_Empty() {
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAllAssignments();
assertTrue(assignments.isEmpty());
}
@Test
void testGetAllAssignments_WithAssignments() {
realmAuthorizationService.assignRealmToUser(assignment);
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAllAssignments();
assertEquals(1, assignments.size());
assertEquals("assignment-1", assignments.get(0).getId());
}
@Test
void testGetAssignmentsByUser_Success() {
realmAuthorizationService.assignRealmToUser(assignment);
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByUser("user-1");
assertEquals(1, assignments.size());
}
@Test
void testGetAssignmentsByUser_Empty() {
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByUser("user-1");
assertTrue(assignments.isEmpty());
}
@Test
void testGetAssignmentsByRealm_Success() {
realmAuthorizationService.assignRealmToUser(assignment);
List<RealmAssignmentDTO> assignments = realmAuthorizationService.getAssignmentsByRealm("realm1");
assertEquals(1, assignments.size());
}
@Test
void testGetAssignmentById_Success() {
realmAuthorizationService.assignRealmToUser(assignment);
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById("assignment-1");
assertTrue(found.isPresent());
assertEquals("assignment-1", found.get().getId());
}
@Test
void testGetAssignmentById_NotFound() {
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById("non-existent");
assertFalse(found.isPresent());
}
@Test
void testCanManageRealm_SuperAdmin() {
realmAuthorizationService.setSuperAdmin("user-1", true);
assertTrue(realmAuthorizationService.canManageRealm("user-1", "any-realm"));
}
@Test
void testCanManageRealm_WithAssignment() {
realmAuthorizationService.assignRealmToUser(assignment);
assertTrue(realmAuthorizationService.canManageRealm("user-1", "realm1"));
}
@Test
void testCanManageRealm_NoAccess() {
assertFalse(realmAuthorizationService.canManageRealm("user-1", "realm1"));
}
@Test
void testIsSuperAdmin_True() {
realmAuthorizationService.setSuperAdmin("user-1", true);
assertTrue(realmAuthorizationService.isSuperAdmin("user-1"));
}
@Test
void testIsSuperAdmin_False() {
assertFalse(realmAuthorizationService.isSuperAdmin("user-1"));
}
@Test
void testGetAuthorizedRealms_SuperAdmin() {
realmAuthorizationService.setSuperAdmin("user-1", true);
List<String> realms = realmAuthorizationService.getAuthorizedRealms("user-1");
assertTrue(realms.isEmpty()); // Super admin retourne liste vide
}
@Test
void testGetAuthorizedRealms_WithAssignments() {
realmAuthorizationService.assignRealmToUser(assignment);
List<String> realms = realmAuthorizationService.getAuthorizedRealms("user-1");
assertEquals(1, realms.size());
assertEquals("realm1", realms.get(0));
}
@Test
void testAssignRealmToUser_Success() {
doNothing().when(auditService).logSuccess(
any(TypeActionAudit.class),
anyString(),
anyString(),
anyString(),
anyString(),
anyString(),
anyString()
);
RealmAssignmentDTO result = realmAuthorizationService.assignRealmToUser(assignment);
assertNotNull(result);
assertNotNull(result.getId());
assertTrue(result.isActive());
assertNotNull(result.getAssignedAt());
}
@Test
void testAssignRealmToUser_NoUserId() {
assignment.setUserId(null);
assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.assignRealmToUser(assignment);
});
}
@Test
void testAssignRealmToUser_NoRealmName() {
assignment.setRealmName(null);
assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.assignRealmToUser(assignment);
});
}
@Test
void testAssignRealmToUser_Duplicate() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.assignRealmToUser(assignment);
});
}
@Test
void testRevokeRealmFromUser_Success() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.revokeRealmFromUser("user-1", "realm1");
assertFalse(realmAuthorizationService.canManageRealm("user-1", "realm1"));
}
@Test
void testRevokeRealmFromUser_NotExists() {
// Ne doit pas lever d'exception si l'assignation n'existe pas
assertDoesNotThrow(() -> {
realmAuthorizationService.revokeRealmFromUser("user-1", "realm1");
});
}
@Test
void testRevokeAllRealmsFromUser() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.revokeAllRealmsFromUser("user-1");
assertTrue(realmAuthorizationService.getAssignmentsByUser("user-1").isEmpty());
}
@Test
void testSetSuperAdmin_True() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.setSuperAdmin("user-1", true);
assertTrue(realmAuthorizationService.isSuperAdmin("user-1"));
}
@Test
void testSetSuperAdmin_False() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.setSuperAdmin("user-1", true);
realmAuthorizationService.setSuperAdmin("user-1", false);
assertFalse(realmAuthorizationService.isSuperAdmin("user-1"));
}
@Test
void testDeactivateAssignment_Success() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.deactivateAssignment(assignment.getId());
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById(assignment.getId());
assertTrue(found.isPresent());
assertFalse(found.get().isActive());
}
@Test
void testDeactivateAssignment_NotFound() {
assertThrows(IllegalArgumentException.class, () -> {
realmAuthorizationService.deactivateAssignment("non-existent");
});
}
@Test
void testActivateAssignment_Success() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
realmAuthorizationService.deactivateAssignment(assignment.getId());
realmAuthorizationService.activateAssignment(assignment.getId());
Optional<RealmAssignmentDTO> found = realmAuthorizationService.getAssignmentById(assignment.getId());
assertTrue(found.isPresent());
assertTrue(found.get().isActive());
}
@Test
void testCountAssignmentsByUser() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
long count = realmAuthorizationService.countAssignmentsByUser("user-1");
assertEquals(1, count);
}
@Test
void testCountUsersByRealm() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
long count = realmAuthorizationService.countUsersByRealm("realm1");
assertEquals(1, count);
}
@Test
void testAssignmentExists_True() {
doNothing().when(auditService).logSuccess(any(), anyString(), anyString(), anyString(), anyString(), anyString(), anyString());
realmAuthorizationService.assignRealmToUser(assignment);
assertTrue(realmAuthorizationService.assignmentExists("user-1", "realm1"));
}
@Test
void testAssignmentExists_False() {
assertFalse(realmAuthorizationService.assignmentExists("user-1", "realm1"));
}
}

350
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplCompleteTest.java Normal file
View File

@@ -0,0 +1,350 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole;
import dev.lions.user.manager.mapper.RoleMapper;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests complets pour RoleServiceImpl pour atteindre 100% de couverture
* Couvre updateRole, deleteRole pour CLIENT_ROLE, createRealmRole avec rôle existant, etc.
*/
@ExtendWith(MockitoExtension.class)
class RoleServiceImplCompleteTest {
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private Keycloak keycloakInstance;
@Mock
private RealmResource realmResource;
@Mock
private RolesResource rolesResource;
@Mock
private RoleResource roleResource;
@Mock
private ClientsResource clientsResource;
@Mock
private ClientResource clientResource;
@InjectMocks
private RoleServiceImpl roleService;
private static final String REALM = "test-realm";
private static final String ROLE_ID = "role-123";
private static final String ROLE_NAME = "test-role";
private static final String CLIENT_NAME = "test-client";
private static final String INTERNAL_CLIENT_ID = "internal-client-id";
@Test
void testCreateRealmRole_RoleAlreadyExists() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
RoleRepresentation existingRole = new RoleRepresentation();
existingRole.setName(ROLE_NAME);
when(roleResource.toRepresentation()).thenReturn(existingRole);
RoleDTO roleDTO = RoleDTO.builder()
.name(ROLE_NAME)
.description("Test role")
.build();
assertThrows(IllegalArgumentException.class, () ->
roleService.createRealmRole(roleDTO, REALM));
}
@Test
void testUpdateRole_RealmRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
// Mock getRealmRoleById
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep));
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID)
.name(ROLE_NAME)
.description("Updated description")
.build();
RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null);
assertNotNull(result);
verify(roleResource).update(any(RoleRepresentation.class));
}
@Test
void testUpdateRole_RealmRole_NotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID)
.name(ROLE_NAME)
.build();
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null));
}
@Test
void testUpdateRole_RealmRole_NoDescription() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep));
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID)
.name(ROLE_NAME)
.description(null) // No description
.build();
RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.REALM_ROLE, null);
assertNotNull(result);
verify(roleResource).update(any(RoleRepresentation.class));
}
@Test
void testUpdateRole_ClientRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource);
// Mock getRoleById
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep));
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID)
.name(ROLE_NAME)
.description("Updated description")
.build();
RoleDTO result = roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertNotNull(result);
assertEquals(CLIENT_NAME, result.getClientId());
verify(roleResource).update(any(RoleRepresentation.class));
}
@Test
void testUpdateRole_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID)
.name(ROLE_NAME)
.build();
// getRoleById is called first, which will throw NotFoundException when client is not found
// Actually, getRoleById returns Optional.empty() when client is not found
// So it will throw NotFoundException for role not found
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
}
@Test
void testUpdateRole_ClientRole_NotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID)
.name(ROLE_NAME)
.build();
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
}
@Test
void testUpdateRole_UnsupportedType() {
RoleDTO roleDTO = RoleDTO.builder()
.id(ROLE_ID)
.name(ROLE_NAME)
.build();
assertThrows(IllegalArgumentException.class, () ->
roleService.updateRole(ROLE_ID, roleDTO, REALM, null, null));
}
@Test
void testDeleteRole_ClientRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource);
// Mock getRoleById - getRoleById for CLIENT_ROLE only uses rolesResource.list()
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep));
roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
verify(rolesResource).deleteRole(ROLE_NAME);
}
@Test
void testDeleteRole_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
// getRoleById is called first, which returns Optional.empty() when client is not found
// So it will throw NotFoundException for role not found
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
}
@Test
void testDeleteRole_ClientRole_NotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation();
client.setId(INTERNAL_CLIENT_ID);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get(INTERNAL_CLIENT_ID)).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.deleteRole(ROLE_ID, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
}
@Test
void testDeleteRole_UnsupportedType() {
assertThrows(IllegalArgumentException.class, () ->
roleService.deleteRole(ROLE_ID, REALM, null, null));
}
// Note: getRealmRoleById is private, so we test it indirectly through updateRole
// The exception path is tested via updateRole_RealmRole_NotFound
@Test
void testGetAllRealmRoles_Success() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
RoleRepresentation role1 = new RoleRepresentation();
role1.setName("role1");
RoleRepresentation role2 = new RoleRepresentation();
role2.setName("role2");
when(rolesResource.list()).thenReturn(List.of(role1, role2));
var result = roleService.getAllRealmRoles(REALM);
assertNotNull(result);
assertEquals(2, result.size());
}
@Test
void testGetAllRealmRoles_With404InMessage() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Server response is: 404"));
assertThrows(IllegalArgumentException.class, () ->
roleService.getAllRealmRoles(REALM));
}
@Test
void testGetAllRealmRoles_WithNotInMessage() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Not Found"));
assertThrows(IllegalArgumentException.class, () ->
roleService.getAllRealmRoles(REALM));
}
@Test
void testGetAllRealmRoles_WithOtherException() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () ->
roleService.getAllRealmRoles(REALM));
}
}

245
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplExtendedTest.java Normal file
View File

@@ -0,0 +1,245 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests supplémentaires pour RoleServiceImpl pour améliorer la couverture
* Couvre les méthodes : userHasRole, roleExists, countUsersWithRole
*/
@ExtendWith(MockitoExtension.class)
class RoleServiceImplExtendedTest {
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private Keycloak keycloakInstance;
@Mock
private RealmResource realmResource;
@Mock
private RolesResource rolesResource;
@Mock
private RoleResource roleResource;
@Mock
private UsersResource usersResource;
@Mock
private UserResource userResource;
@Mock
private RoleMappingResource roleMappingResource;
@Mock
private RoleScopeResource realmLevelRoleScopeResource;
@Mock
private RoleScopeResource clientLevelRoleScopeResource;
@Mock
private ClientsResource clientsResource;
@InjectMocks
private RoleServiceImpl roleService;
private static final String REALM = "test-realm";
private static final String USER_ID = "user-123";
private static final String ROLE_NAME = "admin";
private static final String CLIENT_NAME = "test-client";
@Test
void testUserHasRole_RealmRole_True() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource);
RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME);
when(realmLevelRoleScopeResource.listEffective()).thenReturn(List.of(role));
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertTrue(result);
}
@Test
void testUserHasRole_RealmRole_False() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource);
when(realmLevelRoleScopeResource.listEffective()).thenReturn(Collections.emptyList());
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertFalse(result);
}
@Test
void testUserHasRole_ClientRole_True() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
ClientRepresentation client = new ClientRepresentation();
client.setId("client-123");
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(roleMappingResource.clientLevel("client-123")).thenReturn(clientLevelRoleScopeResource);
RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME);
when(clientLevelRoleScopeResource.listEffective()).thenReturn(List.of(role));
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertTrue(result);
}
@Test
void testUserHasRole_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertFalse(result);
}
@Test
void testUserHasRole_ClientRole_NullClientName() {
boolean result = roleService.userHasRole(USER_ID, ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, null);
assertFalse(result);
}
@Test
void testRoleExists_RealmRole_True() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME);
when(roleResource.toRepresentation()).thenReturn(role);
boolean result = roleService.roleExists(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertTrue(result);
}
@Test
void testRoleExists_RealmRole_False() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException());
boolean result = roleService.roleExists(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertFalse(result);
}
@Test
void testCountUsersWithRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource);
// Mock getRoleById
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123");
roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep));
// Mock user list
UserRepresentation user1 = new UserRepresentation();
user1.setId("user-1");
UserRepresentation user2 = new UserRepresentation();
user2.setId("user-2");
when(usersResource.list()).thenReturn(List.of(user1, user2));
// Mock userHasRole for each user
when(usersResource.get("user-1")).thenReturn(userResource);
when(usersResource.get("user-2")).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(realmLevelRoleScopeResource);
RoleRepresentation role = new RoleRepresentation();
role.setName(ROLE_NAME);
// User 1 has role, user 2 doesn't
when(realmLevelRoleScopeResource.listEffective())
.thenReturn(List.of(role)) // user-1
.thenReturn(Collections.emptyList()); // user-2
long count = roleService.countUsersWithRole("role-123", REALM, TypeRole.REALM_ROLE, null);
assertEquals(1, count);
}
@Test
void testCountUsersWithRole_RoleNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
long count = roleService.countUsersWithRole("non-existent-role", REALM, TypeRole.REALM_ROLE, null);
assertEquals(0, count);
}
@Test
void testCountUsersWithRole_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId("role-123");
roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep));
when(usersResource.list()).thenThrow(new RuntimeException("Error"));
long count = roleService.countUsersWithRole("role-123", REALM, TypeRole.REALM_ROLE, null);
assertEquals(0, count);
}
}

589
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplIntegrationTest.java Normal file
View File

@@ -0,0 +1,589 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.role.RoleAssignmentDTO;
import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import org.mockito.junit.jupiter.MockitoSettings;
import org.mockito.quality.Strictness;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests d'intégration pour RoleServiceImpl - Cas limites et branches conditionnelles complexes
*/
@ExtendWith(MockitoExtension.class)
@MockitoSettings(strictness = Strictness.LENIENT)
class RoleServiceImplIntegrationTest {
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private Keycloak keycloakInstance;
@Mock
private RealmResource realmResource;
@Mock
private RolesResource rolesResource;
@Mock
private RoleResource roleResource;
@Mock
private UsersResource usersResource;
@Mock
private UserResource userResource;
@Mock
private RoleMappingResource roleMappingResource;
@Mock
private RoleScopeResource roleScopeResource;
@Mock
private ClientsResource clientsResource;
@Mock
private ClientResource clientResource;
@InjectMocks
private RoleServiceImpl roleService;
private static final String REALM = "test-realm";
private static final String USER_ID = "user-123";
private static final String ROLE_NAME = "admin";
private static final String CLIENT_NAME = "test-client";
private static final String ROLE_ID = "role-123";
// ==================== Tests getRoleByName - Cas limites ====================
@Test
void testGetRoleByName_RealmRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName(ROLE_NAME);
roleRep.setId(ROLE_ID);
when(roleResource.toRepresentation()).thenReturn(roleRep);
Optional<RoleDTO> result = roleService.getRoleByName(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertTrue(result.isPresent());
assertEquals(ROLE_NAME, result.get().getName());
}
@Test
void testGetRoleByName_RealmRole_NotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException());
Optional<RoleDTO> result = roleService.getRoleByName(ROLE_NAME, REALM, TypeRole.REALM_ROLE, null);
assertFalse(result.isPresent());
}
@Test
void testGetRoleByName_ClientRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation();
client.setId("client-123");
client.setClientId(CLIENT_NAME);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get("client-123")).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName(ROLE_NAME);
roleRep.setId(ROLE_ID);
when(roleResource.toRepresentation()).thenReturn(roleRep);
Optional<RoleDTO> result = roleService.getRoleByName(ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertTrue(result.isPresent());
assertEquals(ROLE_NAME, result.get().getName());
}
@Test
void testGetRoleByName_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
Optional<RoleDTO> result = roleService.getRoleByName(ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME);
assertFalse(result.isPresent());
}
@Test
void testGetRoleByName_ClientRole_NullClientName() {
Optional<RoleDTO> result = roleService.getRoleByName(ROLE_NAME, REALM, TypeRole.CLIENT_ROLE, null);
assertFalse(result.isPresent());
}
// ==================== Tests assignRolesToUser - Cas limites ====================
@Test
void testAssignRolesToUser_RealmRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName(ROLE_NAME);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(USER_ID)
.realmName(REALM)
.typeRole(TypeRole.REALM_ROLE)
.roleNames(List.of(ROLE_NAME))
.build();
roleService.assignRolesToUser(assignment);
verify(roleScopeResource).add(anyList());
}
@Test
void testAssignRolesToUser_ClientRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
ClientRepresentation client = new ClientRepresentation();
client.setId("client-123");
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get("client-123")).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleMappingResource.clientLevel("client-123")).thenReturn(roleScopeResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName(ROLE_NAME);
when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(USER_ID)
.realmName(REALM)
.typeRole(TypeRole.CLIENT_ROLE)
.clientName(CLIENT_NAME)
.roleNames(List.of(ROLE_NAME))
.build();
roleService.assignRolesToUser(assignment);
verify(roleScopeResource).add(anyList());
}
@Test
void testAssignRolesToUser_ClientRole_NullClientName() {
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(USER_ID)
.realmName(REALM)
.typeRole(TypeRole.CLIENT_ROLE)
.clientName(null)
.roleNames(List.of(ROLE_NAME))
.build();
assertThrows(IllegalArgumentException.class, () -> roleService.assignRolesToUser(assignment));
}
// ==================== Tests revokeRolesFromUser - Cas limites ====================
@Test
void testRevokeRolesFromUser_RealmRole_Success() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName(ROLE_NAME);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(USER_ID)
.realmName(REALM)
.typeRole(TypeRole.REALM_ROLE)
.roleNames(List.of(ROLE_NAME))
.build();
roleService.revokeRolesFromUser(assignment);
verify(roleScopeResource).remove(anyList());
}
@Test
void testRevokeRolesFromUser_ClientRole_NullClientName() {
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId(USER_ID)
.realmName(REALM)
.typeRole(TypeRole.CLIENT_ROLE)
.clientName(null)
.roleNames(List.of(ROLE_NAME))
.build();
assertThrows(IllegalArgumentException.class, () -> roleService.revokeRolesFromUser(assignment));
}
// ==================== Tests getAllUserRoles - Cas limites ====================
@Test
void testGetAllUserRoles_WithRealmAndClientRoles() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(realmResource.clients()).thenReturn(clientsResource);
// Mock realm roles - getUserRealmRoles is called first
RoleScopeResource realmRoleScope = mock(RoleScopeResource.class);
RoleRepresentation realmRole = new RoleRepresentation();
realmRole.setName("realm-role");
when(roleMappingResource.realmLevel()).thenReturn(realmRoleScope);
when(realmRoleScope.listAll()).thenReturn(List.of(realmRole));
// Mock client roles - getAllUserRoles calls getUserClientRoles for each client
// getAllUserRoles calls getUserClientRoles with client.getClientId() (CLIENT_NAME)
// getUserClientRoles then finds the client by clientId and uses the internal ID
ClientRepresentation client = new ClientRepresentation();
client.setId("client-123"); // Internal ID
client.setClientId(CLIENT_NAME); // Client ID
when(clientsResource.findAll()).thenReturn(List.of(client));
// getUserClientRoles finds client by clientId
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
// getUserClientRoles uses internal ID for clientLevel
RoleScopeResource clientRoleScope = mock(RoleScopeResource.class);
when(roleMappingResource.clientLevel("client-123")).thenReturn(clientRoleScope);
RoleRepresentation clientRole = new RoleRepresentation();
clientRole.setName("client-role");
when(clientRoleScope.listAll()).thenReturn(List.of(clientRole));
List<RoleDTO> result = roleService.getAllUserRoles(USER_ID, REALM);
assertNotNull(result);
assertTrue(result.size() >= 1);
}
@Test
void testGetAllUserRoles_WithExceptionInClientRoles() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
when(realmResource.clients()).thenReturn(clientsResource);
// Mock realm roles
RoleRepresentation realmRole = new RoleRepresentation();
realmRole.setName("realm-role");
when(roleScopeResource.listAll()).thenReturn(List.of(realmRole));
// Exception when getting clients
when(clientsResource.findAll()).thenThrow(new RuntimeException("Error"));
// Should not throw, just log warning
List<RoleDTO> result = roleService.getAllUserRoles(USER_ID, REALM);
assertNotNull(result);
assertEquals(1, result.size()); // Only realm roles
}
// ==================== Tests addCompositeRoles - Cas limites ====================
@Test
void testAddCompositeRoles_RealmRole_ParentNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
// getRoleById returns Optional.empty() when role not found, which causes NotFoundException
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.addCompositeRoles(ROLE_ID, List.of("child-1"), REALM, TypeRole.REALM_ROLE, null));
}
@Test
void testAddCompositeRoles_RealmRole_ChildNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
RoleRepresentation parentRole = new RoleRepresentation();
parentRole.setId(ROLE_ID);
parentRole.setName("parent");
// Mock getRoleById to return parent role
when(rolesResource.list()).thenReturn(List.of(parentRole));
when(rolesResource.get("parent")).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(parentRole);
// Child role not found - getRealmRoleById returns empty for child
// This means childRoleNames will be empty, so addComposites won't be called
// Should not throw, just log warning and skip
roleService.addCompositeRoles(ROLE_ID, List.of("child-id"), REALM, TypeRole.REALM_ROLE, null);
// Verify that get was called for parent role - use lenient to avoid unnecessary stubbing
verify(rolesResource, atLeastOnce()).list();
}
@Test
void testAddCompositeRoles_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.clients()).thenReturn(clientsResource);
// Mock getRoleById to return a role
RoleRepresentation parentRole = new RoleRepresentation();
parentRole.setId(ROLE_ID);
parentRole.setName("parent");
when(rolesResource.list()).thenReturn(List.of(parentRole));
when(rolesResource.get("parent")).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(parentRole);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
// When client not found, it throws IllegalArgumentException in removeCompositeRoles
// But in addCompositeRoles, it first checks getRoleById which may throw NotFoundException
// Actually, looking at the code, if client is not found, it throws IllegalArgumentException
// But getRoleById might throw NotFoundException first
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.addCompositeRoles(ROLE_ID, List.of("child-1"), REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
}
// ==================== Tests removeCompositeRoles - Cas limites ====================
@Test
void testRemoveCompositeRoles_RealmRole_ChildNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
RoleRepresentation parentRole = new RoleRepresentation();
parentRole.setId(ROLE_ID);
parentRole.setName("parent");
when(rolesResource.list()).thenReturn(List.of(parentRole));
// Child role not found - getRealmRoleById returns empty, so childRoleNames will be empty
// Should not throw, just log warning and skip
roleService.removeCompositeRoles(ROLE_ID, List.of("child-id"), REALM, TypeRole.REALM_ROLE, null);
// Verify that list was called
verify(rolesResource, atLeastOnce()).list();
}
@Test
void testRemoveCompositeRoles_ClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.clients()).thenReturn(clientsResource);
// Mock getRoleById to return a role
RoleRepresentation parentRole = new RoleRepresentation();
parentRole.setId(ROLE_ID);
parentRole.setName("parent");
when(rolesResource.list()).thenReturn(List.of(parentRole));
when(rolesResource.get("parent")).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(parentRole);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
// When client not found, it throws IllegalArgumentException
// But getRoleById might throw NotFoundException first
assertThrows(jakarta.ws.rs.NotFoundException.class, () ->
roleService.removeCompositeRoles(ROLE_ID, List.of("child-1"), REALM, TypeRole.CLIENT_ROLE, CLIENT_NAME));
}
// ==================== Tests getAllRealmRoles - Cas limites ====================
@Test
void testGetAllRealmRoles_RealmNotFound() {
// realmExists returns false, so it throws IllegalArgumentException
when(keycloakAdminClient.realmExists(REALM)).thenReturn(false);
// But if realmExists throws an exception, it might be wrapped
// Let's test both cases
try {
roleService.getAllRealmRoles(REALM);
fail("Should have thrown an exception");
} catch (IllegalArgumentException e) {
// Expected when realmExists returns false
assertTrue(e.getMessage().contains("n'existe pas"));
} catch (RuntimeException e) {
// Also possible if realmExists throws
assertTrue(e.getMessage().contains("n'existe pas") ||
e.getMessage().contains("récupération des rôles realm"));
}
}
@Test
void testGetAllRealmRoles_NotFoundException() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new jakarta.ws.rs.NotFoundException());
assertThrows(IllegalArgumentException.class, () ->
roleService.getAllRealmRoles(REALM));
}
@Test
void testGetAllRealmRoles_ExceptionWith404() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Server response is: 404"));
assertThrows(IllegalArgumentException.class, () ->
roleService.getAllRealmRoles(REALM));
}
@Test
void testGetAllRealmRoles_ExceptionWithNotFound() {
when(keycloakAdminClient.realmExists(REALM)).thenReturn(true);
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Not Found"));
assertThrows(IllegalArgumentException.class, () ->
roleService.getAllRealmRoles(REALM));
}
// ==================== Tests getAllClientRoles - Cas limites ====================
@Test
void testGetAllClientRoles_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
List<RoleDTO> result = roleService.getAllClientRoles(REALM, CLIENT_NAME);
assertNotNull(result);
assertTrue(result.isEmpty());
}
// ==================== Tests createClientRole - Cas limites ====================
@Test
void testCreateClientRole_ClientNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(Collections.emptyList());
RoleDTO roleDTO = RoleDTO.builder()
.name(ROLE_NAME)
.build();
assertThrows(IllegalArgumentException.class, () ->
roleService.createClientRole(roleDTO, REALM, CLIENT_NAME));
}
@Test
void testCreateClientRole_RoleAlreadyExists() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.clients()).thenReturn(clientsResource);
ClientRepresentation client = new ClientRepresentation();
client.setId("client-123");
when(clientsResource.findByClientId(CLIENT_NAME)).thenReturn(List.of(client));
when(clientsResource.get("client-123")).thenReturn(clientResource);
when(clientResource.roles()).thenReturn(rolesResource);
when(rolesResource.get(ROLE_NAME)).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(new RoleRepresentation());
RoleDTO roleDTO = RoleDTO.builder()
.name(ROLE_NAME)
.build();
assertThrows(IllegalArgumentException.class, () ->
roleService.createClientRole(roleDTO, REALM, CLIENT_NAME));
}
// ==================== Tests countUsersWithRole - Cas limites ====================
@Test
void testCountUsersWithRole_RoleNotFound() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
long count = roleService.countUsersWithRole(ROLE_ID, REALM, TypeRole.REALM_ROLE, null);
assertEquals(0, count);
}
@Test
void testCountUsersWithRole_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setId(ROLE_ID);
roleRep.setName(ROLE_NAME);
when(rolesResource.list()).thenReturn(List.of(roleRep));
when(usersResource.list()).thenThrow(new RuntimeException("Error"));
long count = roleService.countUsersWithRole(ROLE_ID, REALM, TypeRole.REALM_ROLE, null);
assertEquals(0, count); // Should return 0 on exception
}
}

128
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/RoleServiceImplTest.java Normal file
View File

@@ -0,0 +1,128 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.role.RoleAssignmentDTO;
import dev.lions.user.manager.dto.role.RoleDTO;
import dev.lions.user.manager.enums.role.TypeRole;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.anyString;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class RoleServiceImplTest {
@Mock
KeycloakAdminClient keycloakAdminClient;
@Mock
Keycloak keycloakInstance;
@Mock
RealmResource realmResource;
@Mock
RolesResource rolesResource;
@Mock
RoleResource roleResource;
@Mock
UsersResource usersResource;
@Mock
UserResource userResource;
@Mock
RoleMappingResource roleMappingResource;
@Mock
RoleScopeResource roleScopeResource;
@InjectMocks
RoleServiceImpl roleService;
private static final String REALM = "test-realm";
@Test
void testCreateRealmRole() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
// Check not found initially, then return created role
RoleRepresentation createdRep = new RoleRepresentation();
createdRep.setName("role");
createdRep.setId("1");
when(rolesResource.get("role")).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException())
.thenReturn(createdRep);
// Mock create
doNothing().when(rolesResource).create(any(RoleRepresentation.class));
RoleDTO input = RoleDTO.builder().name("role").description("desc").build();
RoleDTO result = roleService.createRealmRole(input, REALM);
assertNotNull(result);
assertEquals("role", result.getName());
}
@Test
void testDeleteRole() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
// find by id logic uses list()
RoleRepresentation rep = new RoleRepresentation();
rep.setId("1");
rep.setName("role");
when(rolesResource.list()).thenReturn(Collections.singletonList(rep));
roleService.deleteRole("1", REALM, TypeRole.REALM_ROLE, null);
verify(rolesResource).deleteRole("role");
}
@Test
void testAssignRolesToUser() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm(REALM)).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.get("u1")).thenReturn(userResource);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
RoleRepresentation roleRep = new RoleRepresentation();
roleRep.setName("role1");
when(rolesResource.get("role1")).thenReturn(roleResource);
when(roleResource.toRepresentation()).thenReturn(roleRep);
RoleAssignmentDTO assignment = RoleAssignmentDTO.builder()
.userId("u1")
.realmName(REALM)
.typeRole(TypeRole.REALM_ROLE)
.roleNames(Collections.singletonList("role1"))
.build();
roleService.assignRolesToUser(assignment);
verify(roleScopeResource).add(anyList());
}
}

249
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/SyncServiceImplTest.java Normal file
View File

@@ -0,0 +1,249 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.info.ServerInfoRepresentation;
import org.keycloak.representations.info.SystemInfoRepresentation; // Correct import
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class SyncServiceImplTest {
@Mock
KeycloakAdminClient keycloakAdminClient;
@Mock
Keycloak keycloakInstance;
@Mock
RealmsResource realmsResource;
@Mock
RealmResource realmResource;
@Mock
UsersResource usersResource;
@Mock
RolesResource rolesResource;
@Mock
ServerInfoResource serverInfoResource;
@InjectMocks
SyncServiceImpl syncService;
// Correcting inner class usage if needed, but assuming standard Keycloak
// representations
// ServerInfoRepresentation contains SystemInfoRepresentation
@Test
void testSyncUsersFromRealm() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenReturn(Collections.singletonList(new UserRepresentation()));
int count = syncService.syncUsersFromRealm("realm");
assertEquals(1, count);
}
@Test
void testSyncRolesFromRealm() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.singletonList(new RoleRepresentation()));
int count = syncService.syncRolesFromRealm("realm");
assertEquals(1, count);
}
@Test
void testSyncAllRealms() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realms()).thenReturn(realmsResource);
RealmRepresentation realmRep = new RealmRepresentation();
realmRep.setRealm("realm1");
when(realmsResource.findAll()).thenReturn(Collections.singletonList(realmRep));
// Sync logic calls realm() again
when(keycloakInstance.realm("realm1")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenReturn(Collections.emptyList());
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenReturn(Collections.emptyList());
Map<String, Integer> result = syncService.syncAllRealms();
assertTrue(result.containsKey("realm1"));
assertEquals(0, result.get("realm1"));
}
@Test
void testIsKeycloakAvailable() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
when(serverInfoResource.getInfo()).thenReturn(new ServerInfoRepresentation());
assertTrue(syncService.isKeycloakAvailable());
}
@Test
void testGetKeycloakHealthInfo() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
ServerInfoRepresentation info = new ServerInfoRepresentation();
SystemInfoRepresentation systemInfo = new SystemInfoRepresentation();
systemInfo.setVersion("1.0");
info.setSystemInfo(systemInfo);
when(serverInfoResource.getInfo()).thenReturn(info);
when(keycloakInstance.realms()).thenReturn(realmsResource);
when(realmsResource.findAll()).thenReturn(Collections.emptyList());
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertTrue((Boolean) health.get("overallHealthy"));
assertEquals("1.0", health.get("keycloakVersion"));
}
@Test
void testSyncUsersFromRealm_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () -> syncService.syncUsersFromRealm("realm"));
}
@Test
void testSyncRolesFromRealm_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.roles()).thenReturn(rolesResource);
when(rolesResource.list()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () -> syncService.syncRolesFromRealm("realm"));
}
@Test
void testSyncAllRealms_WithException() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realms()).thenReturn(realmsResource);
RealmRepresentation realmRep = new RealmRepresentation();
realmRep.setRealm("realm1");
when(realmsResource.findAll()).thenReturn(Collections.singletonList(realmRep));
// Mock exception during sync
when(keycloakInstance.realm("realm1")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("Sync error"));
Map<String, Integer> result = syncService.syncAllRealms();
assertTrue(result.containsKey("realm1"));
assertEquals(0, result.get("realm1")); // Should be 0 on error
}
@Test
void testSyncAllRealms_ExceptionInFindAll() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realms()).thenReturn(realmsResource);
when(realmsResource.findAll()).thenThrow(new RuntimeException("Connection error"));
Map<String, Integer> result = syncService.syncAllRealms();
assertTrue(result.isEmpty());
}
// Note: checkDataConsistency doesn't actually throw exceptions in the current implementation
// The try-catch block is there for future use, but currently always succeeds
// So we test the success path in testCheckDataConsistency_Success
@Test
void testForceSyncRealm_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.realm("realm")).thenReturn(realmResource);
when(realmResource.users()).thenReturn(usersResource);
when(usersResource.list()).thenThrow(new RuntimeException("Sync error"));
Map<String, Object> stats = syncService.forceSyncRealm("realm");
assertFalse((Boolean) stats.get("success"));
assertNotNull(stats.get("error"));
assertNotNull(stats.get("durationMs"));
}
@Test
void testIsKeycloakAvailable_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
when(serverInfoResource.getInfo()).thenThrow(new RuntimeException("Connection refused"));
assertFalse(syncService.isKeycloakAvailable());
}
@Test
void testGetKeycloakHealthInfo_Exception() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
when(serverInfoResource.getInfo()).thenThrow(new RuntimeException("Connection error"));
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertFalse((Boolean) health.get("overallHealthy"));
assertFalse((Boolean) health.get("keycloakAccessible"));
assertNotNull(health.get("errorMessage"));
}
@Test
void testGetKeycloakHealthInfo_RealmsException() {
when(keycloakAdminClient.getInstance()).thenReturn(keycloakInstance);
when(keycloakInstance.serverInfo()).thenReturn(serverInfoResource);
ServerInfoRepresentation info = new ServerInfoRepresentation();
SystemInfoRepresentation systemInfo = new SystemInfoRepresentation();
systemInfo.setVersion("1.0");
info.setSystemInfo(systemInfo);
when(serverInfoResource.getInfo()).thenReturn(info);
when(keycloakInstance.realms()).thenReturn(realmsResource);
when(realmsResource.findAll()).thenThrow(new RuntimeException("Realms error"));
Map<String, Object> health = syncService.getKeycloakHealthInfo();
assertTrue((Boolean) health.get("overallHealthy")); // Still healthy if server is accessible
assertFalse((Boolean) health.get("realmsAccessible"));
}
@Test
void testCheckDataConsistency_Success() {
Map<String, Object> report = syncService.checkDataConsistency("realm");
assertEquals("realm", report.get("realmName"));
assertEquals("ok", report.get("status"));
assertEquals("Cohérence vérifiée", report.get("message"));
}
@Test
void testGetLastSyncStatus() {
Map<String, Object> status = syncService.getLastSyncStatus("realm");
assertEquals("realm", status.get("realmName"));
assertEquals("completed", status.get("status"));
assertNotNull(status.get("lastSyncTime"));
}
}

318
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/UserServiceImplCompleteTest.java Normal file
View File

@@ -0,0 +1,318 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests complets pour UserServiceImpl pour atteindre 100% de couverture
* Couvre les branches manquantes : filterUsers, searchUsers avec différents critères, etc.
*/
@ExtendWith(MockitoExtension.class)
class UserServiceImplCompleteTest {
private static final String REALM = "test-realm";
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private UsersResource usersResource;
@InjectMocks
private UserServiceImpl userService;
@BeforeEach
void setUp() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
}
@Test
void testSearchUsers_WithSearchTerm() {
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setEnabled(true);
when(usersResource.search("test", 0, 10)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.searchTerm("test")
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
verify(usersResource).search("test", 0, 10);
}
@Test
void testSearchUsers_WithUsername() {
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setEnabled(true);
when(usersResource.search("testuser", 0, 10, true)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.username("testuser")
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
verify(usersResource).search("testuser", 0, 10, true);
}
@Test
void testSearchUsers_WithEmail() {
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setEmail("test@example.com");
user.setEnabled(true);
when(usersResource.searchByEmail("test@example.com", true)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.email("test@example.com")
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
verify(usersResource).searchByEmail("test@example.com", true);
}
@Test
void testSearchUsers_ListAll() {
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setEnabled(true);
when(usersResource.list(0, 10)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
verify(usersResource).list(0, 10);
}
@Test
void testSearchUsers_WithEnabledFilter() {
UserRepresentation enabledUser = new UserRepresentation();
enabledUser.setUsername("enabled");
enabledUser.setEnabled(true);
UserRepresentation disabledUser = new UserRepresentation();
disabledUser.setUsername("disabled");
disabledUser.setEnabled(false);
when(usersResource.list(0, 10)).thenReturn(List.of(enabledUser, disabledUser));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.enabled(true)
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
// Seul l'utilisateur activé devrait être retourné
assertEquals(1, result.getUsers().size());
assertTrue(result.getUsers().get(0).getEnabled());
}
@Test
void testSearchUsers_WithEmailVerifiedFilter() {
UserRepresentation verifiedUser = new UserRepresentation();
verifiedUser.setUsername("verified");
verifiedUser.setEmailVerified(true);
verifiedUser.setEnabled(true);
UserRepresentation unverifiedUser = new UserRepresentation();
unverifiedUser.setUsername("unverified");
unverifiedUser.setEmailVerified(false);
unverifiedUser.setEnabled(true);
when(usersResource.list(0, 10)).thenReturn(List.of(verifiedUser, unverifiedUser));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.emailVerified(true)
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
// Seul l'utilisateur avec email vérifié devrait être retourné
assertEquals(1, result.getUsers().size());
assertTrue(result.getUsers().get(0).getEmailVerified());
}
@Test
void testSearchUsers_WithBlankSearchTerm() {
UserRepresentation user = new UserRepresentation();
user.setUsername("testuser");
user.setEnabled(true);
when(usersResource.list(0, 10)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.searchTerm(" ") // Blank search term
.page(0)
.pageSize(10)
.build();
var result = userService.searchUsers(criteria);
assertNotNull(result);
// Devrait utiliser list() au lieu de search() pour un terme vide
verify(usersResource).list(0, 10);
}
@Test
void testUpdateUser_WithAllFields() {
UserResource userResource = mock(UserResource.class);
when(usersResource.get("user-id")).thenReturn(userResource);
UserRepresentation existingUser = new UserRepresentation();
existingUser.setId("user-id");
existingUser.setUsername("olduser");
existingUser.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(existingUser);
UserDTO userDTO = UserDTO.builder()
.email("new@example.com")
.prenom("John")
.nom("Doe")
.enabled(false)
.emailVerified(true)
.attributes(java.util.Map.of("key", java.util.List.of("value")))
.build();
UserRepresentation updatedUser = new UserRepresentation();
updatedUser.setId("user-id");
updatedUser.setUsername("olduser");
updatedUser.setEmail("new@example.com");
updatedUser.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(existingUser, updatedUser);
UserDTO result = userService.updateUser("user-id", userDTO, REALM);
assertNotNull(result);
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testUpdateUser_WithNullFields() {
UserResource userResource = mock(UserResource.class);
when(usersResource.get("user-id")).thenReturn(userResource);
UserRepresentation existingUser = new UserRepresentation();
existingUser.setId("user-id");
existingUser.setUsername("olduser");
existingUser.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(existingUser);
UserDTO userDTO = UserDTO.builder()
.email(null)
.prenom(null)
.nom(null)
.enabled(null)
.emailVerified(null)
.attributes(null)
.build();
UserRepresentation updatedUser = new UserRepresentation();
updatedUser.setId("user-id");
updatedUser.setUsername("olduser");
updatedUser.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(existingUser, updatedUser);
UserDTO result = userService.updateUser("user-id", userDTO, REALM);
assertNotNull(result);
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testDeleteUser_HardDelete() {
UserResource userResource = mock(UserResource.class);
when(usersResource.get("user-id")).thenReturn(userResource);
userService.deleteUser("user-id", REALM, true);
verify(userResource).remove();
verify(userResource, never()).update(any());
}
@Test
void testDeleteUser_SoftDelete() {
UserResource userResource = mock(UserResource.class);
when(usersResource.get("user-id")).thenReturn(userResource);
UserRepresentation user = new UserRepresentation();
user.setId("user-id");
user.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(user);
userService.deleteUser("user-id", REALM, false);
verify(userResource, never()).remove();
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testSearchUsers_Exception() {
when(usersResource.list(0, 10)).thenThrow(new RuntimeException("Connection error"));
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(10)
.build();
assertThrows(RuntimeException.class, () ->
userService.searchUsers(criteria));
}
}

535
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/UserServiceImplExtendedTest.java Normal file
View File

@@ -0,0 +1,535 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.user.UserDTO;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.resource.RoleMappingResource;
import org.keycloak.admin.client.resource.RoleScopeResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests supplémentaires pour UserServiceImpl pour améliorer la couverture
*/
@ExtendWith(MockitoExtension.class)
class UserServiceImplExtendedTest {
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private UsersResource usersResource;
@Mock
private UserResource userResource;
@Mock
private RoleMappingResource roleMappingResource;
@Mock
private RoleScopeResource roleScopeResource;
@InjectMocks
private UserServiceImpl userService;
private static final String REALM = "test-realm";
private static final String USER_ID = "user-123";
@Test
void testDeactivateUser() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId(USER_ID);
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
userService.deactivateUser(USER_ID, REALM, "Test reason");
verify(userResource).update(argThat(rep -> !rep.isEnabled()));
}
@Test
void testResetPassword() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
userService.resetPassword(USER_ID, REALM, "newPassword123", true);
verify(userResource).resetPassword(any());
}
@Test
void testSendVerificationEmail() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
userService.sendVerificationEmail(USER_ID, REALM);
verify(userResource).sendVerifyEmail();
}
@Test
void testLogoutAllSessions() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.getUserSessions()).thenReturn(Collections.emptyList());
int count = userService.logoutAllSessions(USER_ID, REALM);
verify(userResource).logout();
assertEquals(0, count);
}
@Test
void testGetActiveSessions() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
// Mock UserSessionRepresentation
org.keycloak.representations.idm.UserSessionRepresentation session1 =
mock(org.keycloak.representations.idm.UserSessionRepresentation.class);
when(session1.getId()).thenReturn("session-1");
org.keycloak.representations.idm.UserSessionRepresentation session2 =
mock(org.keycloak.representations.idm.UserSessionRepresentation.class);
when(session2.getId()).thenReturn("session-2");
when(userResource.getUserSessions()).thenReturn(List.of(session1, session2));
List<String> sessions = userService.getActiveSessions(USER_ID, REALM);
assertNotNull(sessions);
assertEquals(2, sessions.size());
assertTrue(sessions.contains("session-1"));
assertTrue(sessions.contains("session-2"));
}
@Test
void testGetActiveSessions_Empty() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.getUserSessions()).thenReturn(Collections.emptyList());
List<String> sessions = userService.getActiveSessions(USER_ID, REALM);
assertNotNull(sessions);
assertTrue(sessions.isEmpty());
}
@Test
void testGetActiveSessions_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.getUserSessions()).thenThrow(new RuntimeException("Error"));
List<String> sessions = userService.getActiveSessions(USER_ID, REALM);
assertNotNull(sessions);
assertTrue(sessions.isEmpty());
}
@Test
void testGetAllUsers() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user1 = new UserRepresentation();
user1.setId("user-1");
user1.setUsername("user1");
user1.setEnabled(true); // Important: définir enabled pour éviter NullPointerException
UserRepresentation user2 = new UserRepresentation();
user2.setId("user-2");
user2.setUsername("user2");
user2.setEnabled(true); // Important: définir enabled pour éviter NullPointerException
when(usersResource.list(anyInt(), anyInt())).thenReturn(List.of(user1, user2));
when(usersResource.count()).thenReturn(2);
var result = userService.getAllUsers(REALM, 0, 20);
assertNotNull(result);
assertEquals(2, result.getUsers().size());
assertEquals(2L, result.getTotalCount());
}
@Test
void testGetUserById_NotFound() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.toRepresentation()).thenThrow(new jakarta.ws.rs.NotFoundException());
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertFalse(result.isPresent());
}
@Test
void testGetUserById_ExceptionWith404() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
RuntimeException exception = new RuntimeException("Server response is: 404");
when(userResource.toRepresentation()).thenThrow(exception);
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertFalse(result.isPresent());
}
@Test
void testGetUserByUsername_Success() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId(USER_ID);
userRep.setUsername("testuser");
userRep.setEnabled(true);
when(usersResource.search("testuser", 0, 1, true)).thenReturn(List.of(userRep));
Optional<UserDTO> result = userService.getUserByUsername("testuser", REALM);
assertTrue(result.isPresent());
assertEquals("testuser", result.get().getUsername());
}
@Test
void testGetUserByUsername_NotFound() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("nonexistent", 0, 1, true)).thenReturn(Collections.emptyList());
Optional<UserDTO> result = userService.getUserByUsername("nonexistent", REALM);
assertFalse(result.isPresent());
}
@Test
void testGetUserByUsername_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("testuser", 0, 1, true)).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () ->
userService.getUserByUsername("testuser", REALM));
}
@Test
void testGetUserByEmail_Success() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId(USER_ID);
userRep.setEmail("test@example.com");
userRep.setEnabled(true);
when(usersResource.searchByEmail("test@example.com", true)).thenReturn(List.of(userRep));
Optional<UserDTO> result = userService.getUserByEmail("test@example.com", REALM);
assertTrue(result.isPresent());
assertEquals("test@example.com", result.get().getEmail());
}
@Test
void testGetUserByEmail_NotFound() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByEmail("nonexistent@example.com", true)).thenReturn(Collections.emptyList());
Optional<UserDTO> result = userService.getUserByEmail("nonexistent@example.com", REALM);
assertFalse(result.isPresent());
}
@Test
void testGetUserByEmail_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByEmail("test@example.com", true)).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () ->
userService.getUserByEmail("test@example.com", REALM));
}
@Test
void testCreateUser_UsernameExists() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
// usernameExists calls search which should return a non-empty list
UserRepresentation existingUser = new UserRepresentation();
existingUser.setUsername("existinguser");
existingUser.setEnabled(true);
when(usersResource.search("existinguser", 0, 1, true)).thenReturn(List.of(existingUser));
UserDTO userDTO = UserDTO.builder()
.username("existinguser")
.email("test@example.com")
.build();
// createUser catches all exceptions and rethrows as RuntimeException
RuntimeException exception = assertThrows(RuntimeException.class, () ->
userService.createUser(userDTO, REALM));
assertTrue(exception.getCause() instanceof IllegalArgumentException);
assertTrue(exception.getCause().getMessage().contains("existe déjà"));
}
@Test
void testCreateUser_EmailExists() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenReturn(Collections.emptyList());
// emailExists calls searchByEmail which should return a non-empty list
UserRepresentation existingUser = new UserRepresentation();
existingUser.setEmail("existing@example.com");
existingUser.setEnabled(true);
when(usersResource.searchByEmail("existing@example.com", true)).thenReturn(List.of(existingUser));
UserDTO userDTO = UserDTO.builder()
.username("newuser")
.email("existing@example.com")
.build();
// createUser catches all exceptions and rethrows as RuntimeException
RuntimeException exception = assertThrows(RuntimeException.class, () ->
userService.createUser(userDTO, REALM));
assertTrue(exception.getCause() instanceof IllegalArgumentException);
assertTrue(exception.getCause().getMessage().contains("existe déjà"));
}
@Test
void testCreateUser_StatusNot201() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenReturn(Collections.emptyList());
UserDTO userDTO = UserDTO.builder()
.username("newuser")
.email("test@example.com")
.build();
jakarta.ws.rs.core.Response response = mock(jakarta.ws.rs.core.Response.class);
when(response.getStatus()).thenReturn(400);
when(response.getStatusInfo()).thenReturn(jakarta.ws.rs.core.Response.Status.BAD_REQUEST);
when(usersResource.create(any())).thenReturn(response);
assertThrows(RuntimeException.class, () ->
userService.createUser(userDTO, REALM));
}
@Test
void testCreateUser_WithTemporaryPassword() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenReturn(Collections.emptyList());
UserDTO userDTO = UserDTO.builder()
.username("newuser")
.email("test@example.com")
.temporaryPassword("temp123")
.temporaryPasswordFlag(true)
.build();
jakarta.ws.rs.core.Response response = mock(jakarta.ws.rs.core.Response.class);
when(response.getStatus()).thenReturn(201);
java.net.URI location = java.net.URI.create("http://localhost/users/" + USER_ID);
when(response.getLocation()).thenReturn(location);
when(usersResource.create(any())).thenReturn(response);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation createdUser = new UserRepresentation();
createdUser.setId(USER_ID);
createdUser.setUsername("newuser");
createdUser.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(createdUser);
UserDTO result = userService.createUser(userDTO, REALM);
assertNotNull(result);
verify(userResource).resetPassword(any());
}
@Test
void testCreateUser_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("newuser", 0, 1, true)).thenThrow(new RuntimeException("Connection error"));
UserDTO userDTO = UserDTO.builder()
.username("newuser")
.email("test@example.com")
.build();
assertThrows(RuntimeException.class, () ->
userService.createUser(userDTO, REALM));
}
@Test
void testUpdateUser_WithEmailAndPrenom() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation existingUser = new UserRepresentation();
existingUser.setId(USER_ID);
existingUser.setUsername("testuser");
existingUser.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(existingUser);
UserDTO userDTO = UserDTO.builder()
.id(USER_ID)
.email("newemail@example.com")
.prenom("John")
.build();
UserDTO result = userService.updateUser(USER_ID, userDTO, REALM);
assertNotNull(result);
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testActivateUser_Success() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation user = new UserRepresentation();
user.setId(USER_ID);
user.setEnabled(false);
when(userResource.toRepresentation()).thenReturn(user);
userService.activateUser(USER_ID, REALM);
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testActivateUser_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.toRepresentation()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () ->
userService.activateUser(USER_ID, REALM));
}
@Test
void testDeactivateUser_Success() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation user = new UserRepresentation();
user.setId(USER_ID);
user.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(user);
userService.deactivateUser(USER_ID, REALM, "Test reason");
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testDeactivateUser_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.toRepresentation()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () ->
userService.deactivateUser(USER_ID, REALM, "Test reason"));
}
@Test
void testSuspendUser() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation user = new UserRepresentation();
user.setId(USER_ID);
user.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(user);
userService.suspendUser(USER_ID, REALM, "Suspension reason", 30);
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testUnlockUser() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation user = new UserRepresentation();
user.setId(USER_ID);
user.setEnabled(false);
when(userResource.toRepresentation()).thenReturn(user);
userService.unlockUser(USER_ID, REALM);
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testLogoutAllSessions_WithSessions() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
org.keycloak.representations.idm.UserSessionRepresentation session1 =
mock(org.keycloak.representations.idm.UserSessionRepresentation.class);
org.keycloak.representations.idm.UserSessionRepresentation session2 =
mock(org.keycloak.representations.idm.UserSessionRepresentation.class);
when(userResource.getUserSessions()).thenReturn(List.of(session1, session2));
doNothing().when(userResource).logout();
int count = userService.logoutAllSessions(USER_ID, REALM);
assertEquals(2, count);
verify(userResource).logout();
}
@Test
void testLogoutAllSessions_NoSessions() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.getUserSessions()).thenReturn(Collections.emptyList());
doNothing().when(userResource).logout();
int count = userService.logoutAllSessions(USER_ID, REALM);
assertEquals(0, count);
verify(userResource).logout();
}
@Test
void testLogoutAllSessions_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.getUserSessions()).thenThrow(new RuntimeException("Connection error"));
assertThrows(RuntimeException.class, () ->
userService.logoutAllSessions(USER_ID, REALM));
}
@Test
void testGetActiveSessions_Success() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
org.keycloak.representations.idm.UserSessionRepresentation session1 =
mock(org.keycloak.representations.idm.UserSessionRepresentation.class);
org.keycloak.representations.idm.UserSessionRepresentation session2 =
mock(org.keycloak.representations.idm.UserSessionRepresentation.class);
when(session1.getId()).thenReturn("session-1");
when(session2.getId()).thenReturn("session-2");
when(userResource.getUserSessions()).thenReturn(List.of(session1, session2));
List<String> sessions = userService.getActiveSessions(USER_ID, REALM);
assertNotNull(sessions);
assertEquals(2, sessions.size());
assertTrue(sessions.contains("session-1"));
assertTrue(sessions.contains("session-2"));
}
}

569
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/UserServiceImplIntegrationTest.java Normal file
View File

@@ -0,0 +1,569 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
import dev.lions.user.manager.dto.user.UserSearchResultDTO;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
/**
* Tests d'intégration pour UserServiceImpl - Cas limites et branches conditionnelles complexes
*/
@ExtendWith(MockitoExtension.class)
class UserServiceImplIntegrationTest {
@Mock
private KeycloakAdminClient keycloakAdminClient;
@Mock
private UsersResource usersResource;
@Mock
private UserResource userResource;
@InjectMocks
private UserServiceImpl userService;
private static final String REALM = "test-realm";
private static final String USER_ID = "user-123";
// ==================== Tests de recherche - Cas limites ====================
@Test
void testSearchUsers_WithSearchTerm() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setId("1");
user.setUsername("testuser");
user.setEnabled(true);
user.setEmailVerified(true);
when(usersResource.search("test", 0, 20)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.searchTerm("test")
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
verify(usersResource).search("test", 0, 20);
}
@Test
void testSearchUsers_WithSearchTerm_Blank() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setId("1");
user.setUsername("user1");
user.setEnabled(true);
when(usersResource.list(0, 20)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.searchTerm(" ") // Blank string
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
verify(usersResource).list(0, 20); // Should use list() when searchTerm is blank
}
@Test
void testSearchUsers_WithUsername() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setId("1");
user.setUsername("exactuser");
user.setEnabled(true);
when(usersResource.search("exactuser", 0, 20, true)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.username("exactuser")
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
verify(usersResource).search("exactuser", 0, 20, true);
}
@Test
void testSearchUsers_WithEmail() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setId("1");
user.setEmail("test@example.com");
user.setEnabled(true);
when(usersResource.searchByEmail("test@example.com", true)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.email("test@example.com")
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
verify(usersResource).searchByEmail("test@example.com", true);
}
@Test
void testSearchUsers_NoCriteria() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setId("1");
user.setUsername("user1");
user.setEnabled(true);
when(usersResource.list(0, 20)).thenReturn(List.of(user));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
verify(usersResource).list(0, 20);
}
// ==================== Tests de filtrage - Cas limites ====================
@Test
void testSearchUsers_FilterByEnabled_True() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation enabledUser = new UserRepresentation();
enabledUser.setId("1");
enabledUser.setUsername("enabled");
enabledUser.setEnabled(true);
UserRepresentation disabledUser = new UserRepresentation();
disabledUser.setId("2");
disabledUser.setUsername("disabled");
disabledUser.setEnabled(false);
when(usersResource.list(0, 20)).thenReturn(List.of(enabledUser, disabledUser));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.enabled(true)
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
assertTrue(result.getUsers().get(0).getEnabled());
}
@Test
void testSearchUsers_FilterByEnabled_False() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation enabledUser = new UserRepresentation();
enabledUser.setId("1");
enabledUser.setUsername("enabled");
enabledUser.setEnabled(true);
UserRepresentation disabledUser = new UserRepresentation();
disabledUser.setId("2");
disabledUser.setUsername("disabled");
disabledUser.setEnabled(false);
when(usersResource.list(0, 20)).thenReturn(List.of(enabledUser, disabledUser));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.enabled(false)
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
assertFalse(result.getUsers().get(0).getEnabled());
}
@Test
void testSearchUsers_FilterByEmailVerified_True() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation verifiedUser = new UserRepresentation();
verifiedUser.setId("1");
verifiedUser.setUsername("verified");
verifiedUser.setEmail("test@example.com");
verifiedUser.setEmailVerified(true);
verifiedUser.setEnabled(true);
UserRepresentation unverifiedUser = new UserRepresentation();
unverifiedUser.setId("2");
unverifiedUser.setUsername("unverified");
unverifiedUser.setEmail("test2@example.com");
unverifiedUser.setEmailVerified(false);
unverifiedUser.setEnabled(true);
when(usersResource.list(0, 20)).thenReturn(List.of(verifiedUser, unverifiedUser));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.emailVerified(true)
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
assertTrue(result.getUsers().get(0).getEmailVerified());
}
@Test
void testSearchUsers_FilterByEnabledAndEmailVerified() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user1 = new UserRepresentation();
user1.setId("1");
user1.setUsername("user1");
user1.setEnabled(true);
user1.setEmailVerified(true);
UserRepresentation user2 = new UserRepresentation();
user2.setId("2");
user2.setUsername("user2");
user2.setEnabled(true);
user2.setEmailVerified(false);
UserRepresentation user3 = new UserRepresentation();
user3.setId("3");
user3.setUsername("user3");
user3.setEnabled(false);
user3.setEmailVerified(true);
when(usersResource.list(0, 20)).thenReturn(List.of(user1, user2, user3));
when(usersResource.count()).thenReturn(3);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.enabled(true)
.emailVerified(true)
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
assertEquals("user1", result.getUsers().get(0).getUsername());
}
@Test
void testSearchUsers_FilterByEnabled_Null() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user1 = new UserRepresentation();
user1.setId("1");
user1.setUsername("user1");
user1.setEnabled(true);
UserRepresentation user2 = new UserRepresentation();
user2.setId("2");
user2.setUsername("user2");
user2.setEnabled(false);
when(usersResource.list(0, 20)).thenReturn(List.of(user1, user2));
when(usersResource.count()).thenReturn(2);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.enabled(null) // Null should not filter
.page(0)
.pageSize(20)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(2, result.getUsers().size()); // Both users should be returned
}
// ==================== Tests getUserById - Cas limites ====================
@Test
void testGetUserById_WithRealmRoles() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId(USER_ID);
userRep.setUsername("testuser");
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
RoleRepresentation role1 = new RoleRepresentation();
role1.setName("role1");
RoleRepresentation role2 = new RoleRepresentation();
role2.setName("role2");
when(userResource.roles()).thenReturn(mock(org.keycloak.admin.client.resource.RoleMappingResource.class));
when(userResource.roles().realmLevel()).thenReturn(mock(org.keycloak.admin.client.resource.RoleScopeResource.class));
when(userResource.roles().realmLevel().listAll()).thenReturn(List.of(role1, role2));
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertTrue(result.isPresent());
assertEquals(USER_ID, result.get().getId());
}
@Test
void testGetUserById_WithEmptyRealmRoles() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId(USER_ID);
userRep.setUsername("testuser");
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
when(userResource.roles()).thenReturn(mock(org.keycloak.admin.client.resource.RoleMappingResource.class));
when(userResource.roles().realmLevel()).thenReturn(mock(org.keycloak.admin.client.resource.RoleScopeResource.class));
when(userResource.roles().realmLevel().listAll()).thenReturn(Collections.emptyList());
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertTrue(result.isPresent());
assertTrue(result.get().getRealmRoles() == null || result.get().getRealmRoles().isEmpty());
}
@Test
void testGetUserById_WithNullRealmRoles() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId(USER_ID);
userRep.setUsername("testuser");
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
when(userResource.roles()).thenReturn(mock(org.keycloak.admin.client.resource.RoleMappingResource.class));
when(userResource.roles().realmLevel()).thenReturn(mock(org.keycloak.admin.client.resource.RoleScopeResource.class));
when(userResource.roles().realmLevel().listAll()).thenReturn(null);
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertTrue(result.isPresent());
}
@Test
void testGetUserById_WithExceptionInRolesRetrieval() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId(USER_ID);
userRep.setUsername("testuser");
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
when(userResource.roles()).thenReturn(mock(org.keycloak.admin.client.resource.RoleMappingResource.class));
when(userResource.roles().realmLevel()).thenReturn(mock(org.keycloak.admin.client.resource.RoleScopeResource.class));
when(userResource.roles().realmLevel().listAll()).thenThrow(new RuntimeException("Error getting roles"));
// Should not throw exception, just log warning
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertTrue(result.isPresent());
}
@Test
void testGetUserById_With404InExceptionMessage() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.toRepresentation()).thenThrow(new RuntimeException("Server response is: 404"));
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertFalse(result.isPresent());
}
@Test
void testGetUserById_With404InExceptionMessage_Variant() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get(USER_ID)).thenReturn(userResource);
when(userResource.toRepresentation()).thenThrow(new RuntimeException("Received: 'Server response is: 404'"));
Optional<UserDTO> result = userService.getUserById(USER_ID, REALM);
assertFalse(result.isPresent());
}
// ==================== Tests usernameExists et emailExists ====================
@Test
void testUsernameExists_True() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setUsername("existinguser");
when(usersResource.search("existinguser", 0, 1, true)).thenReturn(List.of(user));
boolean exists = userService.usernameExists("existinguser", REALM);
assertTrue(exists);
}
@Test
void testUsernameExists_False() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("nonexistent", 0, 1, true)).thenReturn(Collections.emptyList());
boolean exists = userService.usernameExists("nonexistent", REALM);
assertFalse(exists);
}
@Test
void testUsernameExists_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.search("erroruser", 0, 1, true)).thenThrow(new RuntimeException("Error"));
boolean exists = userService.usernameExists("erroruser", REALM);
assertFalse(exists); // Should return false on exception
}
@Test
void testEmailExists_True() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user = new UserRepresentation();
user.setEmail("existing@example.com");
when(usersResource.searchByEmail("existing@example.com", true)).thenReturn(List.of(user));
boolean exists = userService.emailExists("existing@example.com", REALM);
assertTrue(exists);
}
@Test
void testEmailExists_False() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByEmail("nonexistent@example.com", true)).thenReturn(Collections.emptyList());
boolean exists = userService.emailExists("nonexistent@example.com", REALM);
assertFalse(exists);
}
@Test
void testEmailExists_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.searchByEmail("error@example.com", true)).thenThrow(new RuntimeException("Error"));
boolean exists = userService.emailExists("error@example.com", REALM);
assertFalse(exists); // Should return false on exception
}
// ==================== Tests countUsers ====================
@Test
void testCountUsers_Success() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.count()).thenReturn(42);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.build();
long count = userService.countUsers(criteria);
assertEquals(42L, count);
}
@Test
void testCountUsers_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.count()).thenThrow(new RuntimeException("Error"));
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.build();
long count = userService.countUsers(criteria);
assertEquals(0L, count); // Should return 0 on exception
}
// ==================== Tests searchUsers - Exception handling ====================
@Test
void testSearchUsers_Exception() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.list(0, 20)).thenThrow(new RuntimeException("Connection error"));
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.page(0)
.pageSize(20)
.build();
assertThrows(RuntimeException.class, () -> userService.searchUsers(criteria));
}
}

231
lions-user-manager-server-impl-quarkus/src/test/java/dev/lions/user/manager/service/impl/UserServiceImplTest.java Normal file
View File

@@ -0,0 +1,231 @@
package dev.lions.user.manager.service.impl;
import dev.lions.user.manager.client.KeycloakAdminClient;
import dev.lions.user.manager.dto.user.UserDTO;
import dev.lions.user.manager.dto.user.UserSearchCriteriaDTO;
import dev.lions.user.manager.dto.user.UserSearchResultDTO;
import jakarta.ws.rs.core.Response;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.keycloak.admin.client.resource.RoleMappingResource;
import org.keycloak.admin.client.resource.RoleScopeResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.junit.jupiter.MockitoExtension;
import java.net.URI;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import static org.junit.jupiter.api.Assertions.*;
import static org.mockito.ArgumentMatchers.*;
import static org.mockito.Mockito.*;
@ExtendWith(MockitoExtension.class)
class UserServiceImplTest {
@Mock
KeycloakAdminClient keycloakAdminClient;
@Mock
UsersResource usersResource;
@Mock
UserResource userResource;
@Mock
RoleMappingResource roleMappingResource;
@Mock
RoleScopeResource roleScopeResource;
@InjectMocks
UserServiceImpl userService;
private static final String REALM = "test-realm";
@BeforeEach
void setUp() {
// lenient().when(keycloakAdminClient.getUsers(anyString())).thenReturn(usersResource);
}
@Test
void testSearchUsers() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId("1");
userRep.setUsername("user");
userRep.setEnabled(true);
when(usersResource.search(anyString(), anyInt(), anyInt())).thenReturn(Collections.singletonList(userRep));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.searchTerm("user")
.enabled(true)
.build();
UserSearchResultDTO result = userService.searchUsers(criteria);
assertNotNull(result);
assertEquals(1, result.getUsers().size());
assertEquals("user", result.getUsers().get(0).getUsername());
}
@Test
void testGetUserById() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get("1")).thenReturn(userResource);
UserRepresentation userRep = new UserRepresentation();
userRep.setId("1");
userRep.setUsername("user");
userRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(userRep);
when(userResource.roles()).thenReturn(roleMappingResource);
when(roleMappingResource.realmLevel()).thenReturn(roleScopeResource);
when(roleScopeResource.listAll()).thenReturn(Collections.emptyList());
Optional<UserDTO> result = userService.getUserById("1", REALM);
assertTrue(result.isPresent());
assertEquals("1", result.get().getId());
}
@Test
void testCreateUser() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserDTO newUser = UserDTO.builder().username("newuser").email("new@example.com").build();
// Check exists
when(usersResource.search("newuser", 0, 1, true)).thenReturn(Collections.emptyList());
when(usersResource.searchByEmail("new@example.com", true)).thenReturn(Collections.emptyList());
// Mock creation response
Response response = Response.status(201).location(URI.create("http://localhost/users/123")).build();
when(usersResource.create(any(UserRepresentation.class))).thenReturn(response);
// Mock get created user
when(usersResource.get("123")).thenReturn(userResource);
UserRepresentation createdRep = new UserRepresentation();
createdRep.setId("123");
createdRep.setUsername("newuser");
createdRep.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(createdRep);
UserDTO created = userService.createUser(newUser, REALM);
assertNotNull(created);
assertEquals("123", created.getId());
assertEquals("newuser", created.getUsername());
}
@Test
void testUpdateUser() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get("1")).thenReturn(userResource);
UserRepresentation existing = new UserRepresentation();
existing.setId("1");
existing.setEnabled(true);
when(userResource.toRepresentation()).thenReturn(existing);
UserDTO update = UserDTO.builder().username("updated").email("up@example.com").build();
UserDTO result = userService.updateUser("1", update, REALM);
verify(userResource).update(any(UserRepresentation.class));
assertNotNull(result);
}
@Test
void testDeleteUser() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get("1")).thenReturn(userResource);
userService.deleteUser("1", REALM, true);
verify(userResource).remove();
when(userResource.toRepresentation()).thenReturn(new UserRepresentation());
userService.deleteUser("1", REALM, false);
verify(userResource).update(any(UserRepresentation.class));
}
@Test
void testActivateUser() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
when(usersResource.get("1")).thenReturn(userResource);
when(userResource.toRepresentation()).thenReturn(new UserRepresentation());
userService.activateUser("1", REALM);
verify(userResource).update(argThat(rep -> rep.isEnabled()));
}
@Test
void testExportUsersToCSV() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
UserRepresentation user1 = new UserRepresentation();
user1.setId("1");
user1.setUsername("user1");
user1.setEmail("user1@example.com");
user1.setFirstName("First");
user1.setLastName("Last");
user1.setEnabled(true);
when(usersResource.list(any(), any())).thenReturn(Collections.singletonList(user1));
when(usersResource.count()).thenReturn(1);
UserSearchCriteriaDTO criteria = UserSearchCriteriaDTO.builder()
.realmName(REALM)
.build();
String csv = userService.exportUsersToCSV(criteria);
assertNotNull(csv);
assertTrue(csv.contains("username,email,firstName,lastName,enabled"));
assertTrue(csv.contains("user1,user1@example.com,First,Last,true"));
}
@Test
void testImportUsersFromCSV() {
when(keycloakAdminClient.getUsers(REALM)).thenReturn(usersResource);
// Mock checks for existing users
lenient().when(usersResource.search(anyString(), anyInt(), anyInt(), anyBoolean()))
.thenReturn(Collections.emptyList());
lenient().when(usersResource.searchByEmail(anyString(), anyBoolean())).thenReturn(Collections.emptyList());
// Mock creation response
Response response = Response.status(201).location(URI.create("http://localhost/users/123")).build();
lenient().when(usersResource.create(any(UserRepresentation.class))).thenReturn(response);
// Mock retrieving created user
lenient().when(usersResource.get(anyString())).thenReturn(userResource);
UserRepresentation createdRep = new UserRepresentation();
createdRep.setId("123");
createdRep.setUsername("imported");
createdRep.setEnabled(true);
lenient().when(userResource.toRepresentation()).thenReturn(createdRep);
// For password setting
lenient().doNothing().when(userResource)
.resetPassword(any(org.keycloak.representations.idm.CredentialRepresentation.class));
String csvContent = "username,email,firstName,lastName,enabled\n" +
"imported,imp@test.com,Imp,Orter,true";
int count = userService.importUsersFromCSV(csvContent, REALM);
assertEquals(1, count);
verify(usersResource, atLeastOnce()).create(argThat(u -> u.getUsername().equals("imported")));
}
}

18
lions-user-manager-server-impl-quarkus/src/test/resources/application-test.properties Normal file
View File

@@ -0,0 +1,18 @@
# Configuration pour les tests
# Keycloak Admin Client Configuration (valeurs factices pour les tests)
lions.keycloak.server-url=http://localhost:8080
lions.keycloak.admin-realm=master
lions.keycloak.admin-client-id=admin-cli
lions.keycloak.admin-username=admin
lions.keycloak.admin-password=admin
lions.keycloak.connection-pool-size=10
lions.keycloak.timeout-seconds=30
# Keycloak OIDC Configuration (désactivé pour les tests)
quarkus.oidc.tenant-enabled=false
quarkus.keycloak.policy-enforcer.enable=false
# Logging pour les tests
quarkus.log.level=WARN
quarkus.log.category."dev.lions.user.manager".level=WARN