1 package org.apache.archiva.redback.struts2.action.admin;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import com.opensymphony.xwork2.Action;
23 import org.apache.archiva.redback.authentication.AuthenticationException;
24 import org.apache.archiva.redback.policy.AccountLockedException;
25 import org.apache.archiva.redback.rbac.RbacManagerException;
26 import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
27 import org.apache.archiva.redback.rbac.Role;
28 import org.apache.archiva.redback.users.User;
29 import org.apache.archiva.redback.users.UserNotFoundException;
30 import org.apache.archiva.redback.authentication.AuthenticationResult;
31 import org.apache.archiva.redback.policy.MustChangePasswordException;
32 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
33 import org.apache.archiva.redback.system.DefaultSecuritySession;
34 import org.apache.archiva.redback.system.SecuritySession;
35 import org.apache.archiva.redback.system.SecuritySystemConstants;
36 import org.apache.archiva.redback.users.memory.SimpleUser;
37 import org.apache.archiva.redback.integration.model.AdminEditUserCredentials;
38 import org.junit.After;
39 import org.junit.Before;
40 import org.junit.Test;
42 import java.util.Collection;
43 import java.util.HashMap;
44 import java.util.List;
45 import java.util.Locale;
49 * @todo missing tests for success/fail on standard show/edit functions (non security testing related)
51 public class UserEditActionTest
52 extends AbstractUserCredentialsActionTest
55 private Locale originalLocale;
63 originalLocale = Locale.getDefault();
64 Locale.setDefault( Locale.ENGLISH );
68 public void tearDown()
77 Locale.setDefault( originalLocale == null ? Locale.ENGLISH : originalLocale );
82 public void testEditPageShowsAdministratableRoles()
83 throws RbacObjectInvalidException, RbacManagerException, AccountLockedException, AuthenticationException,
84 UserNotFoundException, MustChangePasswordException
87 rbacManager.removeUserAssignment( "user2" );
89 addAssignment( "user", "User Administrator" );
91 addAssignment( "user2", "Project Administrator - default" );
92 addAssignment( "user2", "Project Administrator - other" );
94 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
95 login( action, "user2", PASSWORD );
96 action.setUsername( "user2" );
97 assertEquals( Action.INPUT, action.edit() );
99 List<Role> effectivelyAssignedRoles = action.getEffectivelyAssignedRoles();
100 assertEquals( 2, effectivelyAssignedRoles.size() );
101 Role r = effectivelyAssignedRoles.get( 0 );
102 assertEquals( "Project Administrator - default", r.getName() );
103 r = effectivelyAssignedRoles.get( 1 );
104 assertEquals( "Project Administrator - other", r.getName() );
105 assertFalse( action.isHasHiddenRoles() );
107 rbacManager.removeUserAssignment( "user2" );
111 public void testEditPageHidesUnadministratableRoles()
115 // user should not be able to see the other project admin role of user2, but should be able to see the one
116 // from their own group
118 rbacManager.removeUserAssignment( "user" );
119 rbacManager.removeUserAssignment( "user2" );
121 addAssignment( "user", "Project Administrator - default" );
122 addAssignment( "user", "User Administrator" );
123 addAssignment( "user", "Grant Administrator" );
125 addAssignment( "user2", "Project Administrator - default" );
126 addAssignment( "user2", "Project Administrator - other" );
128 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
129 login( action, "user", PASSWORD );
131 action.setUsername( "user2" );
132 assertEquals( Action.INPUT, action.edit() );
134 List<Role> effectivelyAssignedRoles = action.getEffectivelyAssignedRoles();
135 assertEquals( 2, effectivelyAssignedRoles.size() );
136 Role r = effectivelyAssignedRoles.get( 0 );
137 assertEquals( "Project Administrator - default", r.getName() );
138 //assertTrue( action.isHasHiddenRoles() );
140 rbacManager.removeUserAssignment( "user" );
141 rbacManager.removeUserAssignment( "user2" );
145 public void testEditPageHidesUnassignableRoles()
146 throws RbacObjectInvalidException, RbacManagerException, AccountLockedException, AuthenticationException,
147 UserNotFoundException, MustChangePasswordException
150 // user should not be able to see the unassignable roles
154 if ( rbacManager.getUserAssignment( "user" ) != null )
156 rbacManager.removeUserAssignment( "user" );
159 catch ( RbacObjectNotFoundException e )
164 addAssignment( "user", "User Administrator" );
166 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
167 login( action, "user", PASSWORD );
169 action.setUsername( "user" );
170 assertEquals( Action.INPUT, action.edit() );
172 List<Role> effectivelyAssignedRoles = action.getEffectivelyAssignedRoles();
173 assertEquals( 1, effectivelyAssignedRoles.size() );
174 Role r = effectivelyAssignedRoles.get( 0 );
175 assertEquals( "User Administrator", r.getName() );
176 assertFalse( action.isHasHiddenRoles() );
178 rbacManager.removeUserAssignment( "user" );
182 public void testRequireOldPWWhenEditingOwnAccountSuccess()
185 addAssignment( "user", "User Administrator" );
187 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
188 login( action, "user", PASSWORD );
190 action.setUsername( "user" );
191 assertEquals( Action.INPUT, action.edit() );
193 assertTrue( action.isSelf() );
195 AdminEditUserCredentials user = action.getUser();
196 user.setEmail( "user@example.com" );
197 user.setFullName( "User" );
198 action.setOldPassword( PASSWORD );
200 Map<String, Object> mockSession = new HashMap<String, Object>();
202 User currentUser = new SimpleUser();
203 currentUser.setUsername( "user" );
205 AuthenticationResult authResult = new AuthenticationResult( true, "user", null );
206 SecuritySession securitySession = new DefaultSecuritySession( authResult, currentUser );
208 mockSession.put( SecuritySystemConstants.SECURITY_SESSION_KEY, securitySession );
209 action.setSession( mockSession );
211 assertEquals( Action.SUCCESS, action.submit() );
213 assertEquals( 0, action.getFieldErrors().size() );
217 public void testRequireOldPWWhenEditingOwnAccountFailed()
220 addAssignment( "user", "User Administrator" );
222 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
223 login( action, "user", PASSWORD );
225 action.setUsername( "user" );
226 assertEquals( Action.INPUT, action.edit() );
228 assertTrue( action.isSelf() );
230 AdminEditUserCredentials user = action.getUser();
231 user.setEmail( "user@example.com" );
232 user.setFullName( "User" );
233 user.setPassword( PASSWORD );
234 user.setConfirmPassword( PASSWORD );
236 action.setOldPassword( "notmatchingoldpassword" );
238 assertEquals( Action.ERROR, action.submit() );
240 Map<String, List<String>> fieldErrors = action.getFieldErrors();
241 List<String> oldPasswordErrors = fieldErrors.get( "oldPassword" );
243 assertNotNull( oldPasswordErrors );
244 assertEquals( 1, oldPasswordErrors.size() );
246 assertEquals( action.getText( "password.provided.does.not.match.existing" ), oldPasswordErrors.get( 0 ) );
248 rbacManager.removeUserAssignment( "user" );
252 public void testRequireOldPWWhenEditingOwnAccountOldPasswordIsNull()
255 addAssignment( "user", "User Administrator" );
257 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
258 login( action, "user", PASSWORD );
260 action.setUsername( "user" );
261 assertEquals( Action.INPUT, action.edit() );
263 assertTrue( action.isSelf() );
265 AdminEditUserCredentials user = action.getUser();
266 user.setEmail( "user@example.com" );
267 user.setFullName( "User" );
268 user.setPassword( PASSWORD );
269 user.setConfirmPassword( PASSWORD );
271 action.setOldPassword( null );
273 assertEquals( Action.ERROR, action.submit() );
275 Map<String, List<String>> fieldErrors = action.getFieldErrors();
276 List<String> oldPasswordErrors = fieldErrors.get( "oldPassword" );
278 assertNotNull( oldPasswordErrors );
279 assertEquals( 1, oldPasswordErrors.size() );
281 assertEquals( action.getText( "old.password.required" ), oldPasswordErrors.get( 0 ) );
283 rbacManager.removeUserAssignment( "user" );
288 public void testRequireAdminPWWhenEditingOtherAccountPWIncorrect()
291 addAssignment( "user", "User Administrator" );
293 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
294 login( action, "user", PASSWORD );
296 action.setUsername( "user2" );
298 assertEquals( Action.INPUT, action.edit() );
300 assertFalse( action.isSelf() );
302 AdminEditUserCredentials user = action.getUser();
303 user.setEmail( "user2@example.com" );
304 user.setFullName( "User2" );
305 user.setPassword( PASSWORD );
306 user.setConfirmPassword( PASSWORD );
308 assertEquals( UserEditAction.CONFIRM, action.submit() );
310 assertFalse( action.isSelf() );
312 action.setUserAdminPassword( "boguspassword" );
314 assertEquals( UserEditAction.CONFIRM_ERROR, action.confirmAdminPassword() );
316 Collection<String> errors = action.getActionErrors();
318 assertNotNull( errors );
319 assertEquals( 1, errors.size() );
321 assertEquals( action.getText( "user.admin.password.does.not.match.existing" ), errors.iterator().next() );
323 rbacManager.removeUserAssignment( "user" );
327 public void testRequireAdminPWWhenEditingOtherAccountPWEmpty()
330 addAssignment( "user", "User Administrator" );
332 UserEditAction action = (UserEditAction) getActionProxy( "/security/useredit" ).getAction();
333 login( action, "user", PASSWORD );
335 action.setUsername( "user2" );
336 assertEquals( Action.INPUT, action.edit() );
338 assertFalse( action.isSelf() );
340 AdminEditUserCredentials user = action.getUser();
341 user.setEmail( "user2@example.com" );
342 user.setFullName( "User2" );
343 user.setPassword( PASSWORD );
344 user.setConfirmPassword( PASSWORD );
346 action.setUserAdminPassword( "" );
348 assertEquals( UserEditAction.CONFIRM, action.submit() );
350 assertFalse( action.isSelf() );
352 assertEquals( UserEditAction.CONFIRM_ERROR, action.confirmAdminPassword() );
354 Collection<String> errors = action.getActionErrors();
356 assertNotNull( errors );
357 assertEquals( 1, errors.size() );
359 assertEquals( action.getText( "user.admin.password.required" ), errors.iterator().next() );
361 rbacManager.removeUserAssignment( "user" );