167 lines
6.5 KiB
Python
167 lines
6.5 KiB
Python
#!/usr/bin/env python3
|
|
"""
|
|
Test d'authentification sur le REALM UNIONFLOW (pas master)
|
|
"""
|
|
|
|
import requests
|
|
import json
|
|
|
|
class UnionflowRealmTester:
|
|
def __init__(self, base_url: str = "http://localhost:8180"):
|
|
self.base_url = base_url
|
|
self.session = requests.Session()
|
|
|
|
def test_user_on_unionflow_realm(self, username: str, password: str) -> bool:
|
|
"""Teste l'authentification d'un utilisateur sur le realm UNIONFLOW"""
|
|
print(f"🧪 Test de {username} sur le realm UNIONFLOW...")
|
|
|
|
# URL correcte pour le realm unionflow
|
|
token_url = f"{self.base_url}/realms/unionflow/protocol/openid-connect/token"
|
|
|
|
data = {
|
|
"username": username,
|
|
"password": password,
|
|
"grant_type": "password",
|
|
"client_id": "unionflow-mobile"
|
|
}
|
|
|
|
print(f" 📍 URL: {token_url}")
|
|
print(f" 📋 Données: username={username}, client_id=unionflow-mobile")
|
|
|
|
try:
|
|
response = self.session.post(
|
|
token_url,
|
|
data=data,
|
|
headers={"Content-Type": "application/x-www-form-urlencoded"}
|
|
)
|
|
|
|
print(f" 📊 Status: {response.status_code}")
|
|
|
|
if response.status_code == 200:
|
|
token_data = response.json()
|
|
if "access_token" in token_data:
|
|
print(f" ✅ {username} FONCTIONNE sur le realm unionflow !")
|
|
print(f" 🎫 Token reçu (longueur: {len(token_data['access_token'])})")
|
|
|
|
# Décoder le token pour voir les infos
|
|
try:
|
|
import base64
|
|
# Décoder le payload du JWT (partie du milieu)
|
|
token_parts = token_data['access_token'].split('.')
|
|
if len(token_parts) >= 2:
|
|
# Ajouter du padding si nécessaire
|
|
payload = token_parts[1]
|
|
payload += '=' * (4 - len(payload) % 4)
|
|
decoded = base64.b64decode(payload)
|
|
token_info = json.loads(decoded)
|
|
print(f" 👤 Utilisateur: {token_info.get('preferred_username', 'N/A')}")
|
|
print(f" 🏛️ Realm: {token_info.get('iss', 'N/A').split('/')[-1]}")
|
|
print(f" 📧 Email: {token_info.get('email', 'N/A')}")
|
|
if 'realm_access' in token_info and 'roles' in token_info['realm_access']:
|
|
roles = token_info['realm_access']['roles']
|
|
print(f" 🎭 Rôles: {', '.join(roles)}")
|
|
except:
|
|
pass
|
|
|
|
return True
|
|
else:
|
|
print(f" ❌ Token manquant dans la réponse")
|
|
else:
|
|
print(f" ❌ Authentification échouée")
|
|
print(f" 📄 Réponse: {response.text}")
|
|
|
|
except Exception as e:
|
|
print(f" ❌ Exception: {e}")
|
|
|
|
return False
|
|
|
|
def test_all_unionflow_accounts(self):
|
|
"""Teste tous les comptes sur le realm unionflow"""
|
|
print("=" * 80)
|
|
print("🧪 TEST D'AUTHENTIFICATION SUR LE REALM UNIONFLOW")
|
|
print("=" * 80)
|
|
print()
|
|
|
|
# Vérifier que le realm unionflow est accessible
|
|
try:
|
|
realm_response = self.session.get(f"{self.base_url}/realms/unionflow")
|
|
if realm_response.status_code == 200:
|
|
print("✅ Realm unionflow accessible")
|
|
else:
|
|
print(f"❌ Realm unionflow non accessible: {realm_response.status_code}")
|
|
return False
|
|
except:
|
|
print("❌ Erreur accès realm unionflow")
|
|
return False
|
|
|
|
print()
|
|
|
|
# Tester tous les comptes créés
|
|
users = [
|
|
("marie.active", "Marie123!"),
|
|
("superadmin", "SuperAdmin123!"),
|
|
("jean.simple", "Jean123!"),
|
|
("tech.lead", "TechLead123!"),
|
|
("rh.manager", "RhManager123!")
|
|
]
|
|
|
|
success_count = 0
|
|
working_users = []
|
|
|
|
for username, password in users:
|
|
if self.test_user_on_unionflow_realm(username, password):
|
|
success_count += 1
|
|
working_users.append((username, password))
|
|
print()
|
|
|
|
print("=" * 80)
|
|
print(f"📊 RÉSULTAT FINAL SUR LE REALM UNIONFLOW")
|
|
print("=" * 80)
|
|
print(f"✅ {success_count}/{len(users)} comptes fonctionnent sur le realm unionflow")
|
|
print()
|
|
|
|
if success_count > 0:
|
|
print("🎉 COMPTES QUI FONCTIONNENT SUR LE REALM UNIONFLOW :")
|
|
print()
|
|
for username, password in working_users:
|
|
print(f" ✅ {username} / {password}")
|
|
|
|
print()
|
|
print("🚀 VOTRE APPLICATION MOBILE PEUT MAINTENANT S'AUTHENTIFIER !")
|
|
print()
|
|
print("📱 PARAMÈTRES POUR L'APPLICATION :")
|
|
print(f" • Keycloak URL: {self.base_url}")
|
|
print(" • Realm: unionflow")
|
|
print(" • Client ID: unionflow-mobile")
|
|
print(f" • Utilisateur de test: {working_users[0][0]}")
|
|
print(f" • Mot de passe: {working_users[0][1]}")
|
|
print()
|
|
print("✅ TOUS LES COMPTES UNIONFLOW SONT OPÉRATIONNELS !")
|
|
|
|
else:
|
|
print("❌ Aucun compte ne fonctionne sur le realm unionflow")
|
|
print()
|
|
print("🔧 DIAGNOSTIC :")
|
|
print(" Les comptes existent mais les mots de passe ne correspondent pas.")
|
|
print(" Solution : configuration manuelle dans l'interface Keycloak")
|
|
print()
|
|
print("📋 ÉTAPES MANUELLES :")
|
|
print("1. Ouvrez http://localhost:8180/admin/")
|
|
print("2. Connectez-vous avec admin/admin")
|
|
print("3. Sélectionnez le realm 'unionflow' (pas master !)")
|
|
print("4. Allez dans Users > marie.active")
|
|
print("5. Onglet Credentials > Set password")
|
|
print("6. Entrez 'Marie123!' et décochez 'Temporary'")
|
|
print("7. Testez avec: python test_unionflow_realm.py")
|
|
|
|
return success_count > 0
|
|
|
|
|
|
def main():
|
|
tester = UnionflowRealmTester()
|
|
tester.test_all_unionflow_accounts()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|