]> source.dussan.org Git - archiva.git/blob
6994b32d647863f2a365154713e6cd4e768ff18e
[archiva.git] /
1 package org.apache.archiva.redback.struts2.action.admin;
2
3 /*
4  * Licensed to the Apache Software Foundation (ASF) under one
5  * or more contributor license agreements.  See the NOTICE file
6  * distributed with this work for additional information
7  * regarding copyright ownership.  The ASF licenses this file
8  * to you under the Apache License, Version 2.0 (the
9  * "License"); you may not use this file except in compliance
10  * with the License.  You may obtain a copy of the License at
11  *
12  * http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * Unless required by applicable law or agreed to in writing,
15  * software distributed under the License is distributed on an
16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17  * KIND, either express or implied.  See the License for the
18  * specific language governing permissions and limitations
19  * under the License.
20  */
21
22 import com.opensymphony.xwork2.Action;
23 import org.apache.archiva.redback.authentication.AuthenticationException;
24 import org.apache.archiva.redback.policy.AccountLockedException;
25 import org.apache.archiva.redback.rbac.RbacManagerException;
26 import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
27 import org.apache.archiva.redback.rbac.Role;
28 import org.apache.archiva.redback.users.User;
29 import org.apache.archiva.redback.users.UserNotFoundException;
30 import org.apache.archiva.redback.authentication.AuthenticationResult;
31 import org.apache.archiva.redback.policy.MustChangePasswordException;
32 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
33 import org.apache.archiva.redback.system.DefaultSecuritySession;
34 import org.apache.archiva.redback.system.SecuritySession;
35 import org.apache.archiva.redback.system.SecuritySystemConstants;
36 import org.apache.archiva.redback.users.memory.SimpleUser;
37 import org.apache.archiva.redback.integration.model.AdminEditUserCredentials;
38 import org.junit.After;
39 import org.junit.Before;
40 import org.junit.Test;
41
42 import java.util.Collection;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Locale;
46 import java.util.Map;
47
48 /**
49  * @todo missing tests for success/fail on standard show/edit functions (non security testing related)
50  */
51 public class UserEditActionTest
52     extends AbstractUserCredentialsActionTest
53 {
54
55     private Locale originalLocale;
56
57     @Before
58     public void setUp()
59         throws Exception
60     {
61         super.setUp();
62
63         originalLocale = Locale.getDefault();
64         Locale.setDefault( Locale.ENGLISH );
65     }
66
67     @After
68     public void tearDown()
69         throws Exception
70     {
71         try
72         {
73             super.tearDown();
74         }
75         finally
76         {
77             Locale.setDefault( originalLocale == null ? Locale.ENGLISH : originalLocale );
78         }
79     }
80
81     @Test
82     public void testEditPageShowsAdministratableRoles()
83         throws RbacObjectInvalidException, RbacManagerException, AccountLockedException, AuthenticationException,
84         UserNotFoundException, MustChangePasswordException
85     {
86
87         rbacManager.removeUserAssignment( "user2" );
88
89         addAssignment( "user", "User Administrator" );
90
91         addAssignment( "user2", "Project Administrator - default" );
92         addAssignment( "user2", "Project Administrator - other" );
93
94         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
95         login( action, "user2", PASSWORD );
96         action.setUsername( "user2" );
97         assertEquals( Action.INPUT, action.edit() );
98
99         List<Role> effectivelyAssignedRoles = action.getEffectivelyAssignedRoles();
100         assertEquals( 2, effectivelyAssignedRoles.size() );
101         Role r = effectivelyAssignedRoles.get( 0 );
102         assertEquals( "Project Administrator - default", r.getName() );
103         r = effectivelyAssignedRoles.get( 1 );
104         assertEquals( "Project Administrator - other", r.getName() );
105         assertFalse( action.isHasHiddenRoles() );
106
107         rbacManager.removeUserAssignment( "user2" );
108     }
109
110     @Test
111     public void testEditPageHidesUnadministratableRoles()
112         throws Exception
113     {
114         // REDBACK-29
115         // user should not be able to see the other project admin role of user2, but should be able to see the one
116         // from their own group
117
118         rbacManager.removeUserAssignment( "user" );
119         rbacManager.removeUserAssignment( "user2" );
120
121         addAssignment( "user", "Project Administrator - default" );
122         addAssignment( "user", "User Administrator" );
123         addAssignment( "user", "Grant Administrator" );
124
125         addAssignment( "user2", "Project Administrator - default" );
126         addAssignment( "user2", "Project Administrator - other" );
127
128         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
129         login( action, "user", PASSWORD );
130
131         action.setUsername( "user2" );
132         assertEquals( Action.INPUT, action.edit() );
133
134         List<Role> effectivelyAssignedRoles = action.getEffectivelyAssignedRoles();
135         assertEquals( 2, effectivelyAssignedRoles.size() );
136         Role r = effectivelyAssignedRoles.get( 0 );
137         assertEquals( "Project Administrator - default", r.getName() );
138         //assertTrue( action.isHasHiddenRoles() );
139
140         rbacManager.removeUserAssignment( "user" );
141         rbacManager.removeUserAssignment( "user2" );
142     }
143
144     @Test
145     public void testEditPageHidesUnassignableRoles()
146         throws RbacObjectInvalidException, RbacManagerException, AccountLockedException, AuthenticationException,
147         UserNotFoundException, MustChangePasswordException
148     {
149         // REDBACK-201
150         // user should not be able to see the unassignable roles 
151
152         try
153         {
154             if ( rbacManager.getUserAssignment( "user" ) != null )
155             {
156                 rbacManager.removeUserAssignment( "user" );
157             }
158         }
159         catch ( RbacObjectNotFoundException e )
160         {
161             // ignore
162         }
163
164         addAssignment( "user", "User Administrator" );
165
166         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
167         login( action, "user", PASSWORD );
168
169         action.setUsername( "user" );
170         assertEquals( Action.INPUT, action.edit() );
171
172         List<Role> effectivelyAssignedRoles = action.getEffectivelyAssignedRoles();
173         assertEquals( 1, effectivelyAssignedRoles.size() );
174         Role r = effectivelyAssignedRoles.get( 0 );
175         assertEquals( "User Administrator", r.getName() );
176         assertFalse( action.isHasHiddenRoles() );
177
178         rbacManager.removeUserAssignment( "user" );
179     }
180
181     @Test
182     public void testRequireOldPWWhenEditingOwnAccountSuccess()
183         throws Exception
184     {
185         addAssignment( "user", "User Administrator" );
186
187         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
188         login( action, "user", PASSWORD );
189
190         action.setUsername( "user" );
191         assertEquals( Action.INPUT, action.edit() );
192
193         assertTrue( action.isSelf() );
194
195         AdminEditUserCredentials user = action.getUser();
196         user.setEmail( "user@example.com" );
197         user.setFullName( "User" );
198         action.setOldPassword( PASSWORD );
199
200         Map<String, Object> mockSession = new HashMap<String, Object>();
201
202         User currentUser = new SimpleUser();
203         currentUser.setUsername( "user" );
204
205         AuthenticationResult authResult = new AuthenticationResult( true, "user", null );
206         SecuritySession securitySession = new DefaultSecuritySession( authResult, currentUser );
207
208         mockSession.put( SecuritySystemConstants.SECURITY_SESSION_KEY, securitySession );
209         action.setSession( mockSession );
210
211         assertEquals( Action.SUCCESS, action.submit() );
212
213         assertEquals( 0, action.getFieldErrors().size() );
214     }
215
216     @Test
217     public void testRequireOldPWWhenEditingOwnAccountFailed()
218         throws Exception
219     {
220         addAssignment( "user", "User Administrator" );
221
222         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
223         login( action, "user", PASSWORD );
224
225         action.setUsername( "user" );
226         assertEquals( Action.INPUT, action.edit() );
227
228         assertTrue( action.isSelf() );
229
230         AdminEditUserCredentials user = action.getUser();
231         user.setEmail( "user@example.com" );
232         user.setFullName( "User" );
233         user.setPassword( PASSWORD );
234         user.setConfirmPassword( PASSWORD );
235
236         action.setOldPassword( "notmatchingoldpassword" );
237
238         assertEquals( Action.ERROR, action.submit() );
239
240         Map<String, List<String>> fieldErrors = action.getFieldErrors();
241         List<String> oldPasswordErrors = fieldErrors.get( "oldPassword" );
242
243         assertNotNull( oldPasswordErrors );
244         assertEquals( 1, oldPasswordErrors.size() );
245
246         assertEquals( action.getText( "password.provided.does.not.match.existing" ), oldPasswordErrors.get( 0 ) );
247
248         rbacManager.removeUserAssignment( "user" );
249     }
250
251     @Test
252     public void testRequireOldPWWhenEditingOwnAccountOldPasswordIsNull()
253         throws Exception
254     {
255         addAssignment( "user", "User Administrator" );
256
257         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
258         login( action, "user", PASSWORD );
259
260         action.setUsername( "user" );
261         assertEquals( Action.INPUT, action.edit() );
262
263         assertTrue( action.isSelf() );
264
265         AdminEditUserCredentials user = action.getUser();
266         user.setEmail( "user@example.com" );
267         user.setFullName( "User" );
268         user.setPassword( PASSWORD );
269         user.setConfirmPassword( PASSWORD );
270
271         action.setOldPassword( null );
272
273         assertEquals( Action.ERROR, action.submit() );
274
275         Map<String, List<String>> fieldErrors = action.getFieldErrors();
276         List<String> oldPasswordErrors = fieldErrors.get( "oldPassword" );
277
278         assertNotNull( oldPasswordErrors );
279         assertEquals( 1, oldPasswordErrors.size() );
280
281         assertEquals( action.getText( "old.password.required" ), oldPasswordErrors.get( 0 ) );
282
283         rbacManager.removeUserAssignment( "user" );
284
285     }
286
287     @Test
288     public void testRequireAdminPWWhenEditingOtherAccountPWIncorrect()
289         throws Exception
290     {
291         addAssignment( "user", "User Administrator" );
292
293         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
294         login( action, "user", PASSWORD );
295
296         action.setUsername( "user2" );
297
298         assertEquals( Action.INPUT, action.edit() );
299
300         assertFalse( action.isSelf() );
301
302         AdminEditUserCredentials user = action.getUser();
303         user.setEmail( "user2@example.com" );
304         user.setFullName( "User2" );
305         user.setPassword( PASSWORD );
306         user.setConfirmPassword( PASSWORD );
307
308         assertEquals( UserEditAction.CONFIRM, action.submit() );
309
310         assertFalse( action.isSelf() );
311
312         action.setUserAdminPassword( "boguspassword" );
313
314         assertEquals( UserEditAction.CONFIRM_ERROR, action.confirmAdminPassword() );
315
316         Collection<String> errors = action.getActionErrors();
317
318         assertNotNull( errors );
319         assertEquals( 1, errors.size() );
320
321         assertEquals( action.getText( "user.admin.password.does.not.match.existing" ), errors.iterator().next() );
322
323         rbacManager.removeUserAssignment( "user" );
324     }
325
326     @Test
327     public void testRequireAdminPWWhenEditingOtherAccountPWEmpty()
328         throws Exception
329     {
330         addAssignment( "user", "User Administrator" );
331
332         UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
333         login( action, "user", PASSWORD );
334
335         action.setUsername( "user2" );
336         assertEquals( Action.INPUT, action.edit() );
337
338         assertFalse( action.isSelf() );
339
340         AdminEditUserCredentials user = action.getUser();
341         user.setEmail( "user2@example.com" );
342         user.setFullName( "User2" );
343         user.setPassword( PASSWORD );
344         user.setConfirmPassword( PASSWORD );
345
346         action.setUserAdminPassword( "" );
347
348         assertEquals( UserEditAction.CONFIRM, action.submit() );
349
350         assertFalse( action.isSelf() );
351
352         assertEquals( UserEditAction.CONFIRM_ERROR, action.confirmAdminPassword() );
353
354         Collection<String> errors = action.getActionErrors();
355
356         assertNotNull( errors );
357         assertEquals( 1, errors.size() );
358
359         assertEquals( action.getText( "user.admin.password.required" ), errors.iterator().next() );
360
361         rbacManager.removeUserAssignment( "user" );
362     }
363
364 }