source.dussan.org Git - archiva.git/blob

   1 package org.apache.archiva.redback.authentication.users;
   2
   3 /*
   4  * Licensed to the Apache Software Foundation (ASF) under one
   5  * or more contributor license agreements.  See the NOTICE file
   6  * distributed with this work for additional information
   7  * regarding copyright ownership.  The ASF licenses this file
   8  * to you under the Apache License, Version 2.0 (the
   9  * "License"); you may not use this file except in compliance
  10  * with the License.  You may obtain a copy of the License at
  11  *
  12  * http://www.apache.org/licenses/LICENSE-2.0
  13  *
  14  * Unless required by applicable law or agreed to in writing,
  15  * software distributed under the License is distributed on an
  16  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  17  * KIND, either express or implied.  See the License for the
  18  * specific language governing permissions and limitations
  19  * under the License.
  20  */
  21
  22 import junit.framework.TestCase;
  23 import org.apache.archiva.redback.authentication.Authenticator;
  24 import org.apache.archiva.redback.users.User;
  25 import org.apache.archiva.redback.users.UserManager;
  26 import org.apache.archiva.redback.users.UserNotFoundException;
  27 import org.apache.archiva.redback.authentication.AuthenticationException;
  28 import org.apache.archiva.redback.authentication.AuthenticationResult;
  29 import org.apache.archiva.redback.authentication.PasswordBasedAuthenticationDataSource;
  30 import org.codehaus.plexus.redback.policy.AccountLockedException;
  31 import org.codehaus.plexus.redback.policy.MustChangePasswordException;
  32 import org.codehaus.plexus.redback.policy.UserSecurityPolicy;
  33 import org.junit.Before;
  34 import org.junit.Test;
  35 import org.junit.runner.RunWith;
  36 import org.springframework.test.context.ContextConfiguration;
  37 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
  38
  39 import javax.inject.Inject;
  40 import javax.inject.Named;
  41 import java.util.Calendar;
  42 import java.util.Date;
  43
  44 /**
  45  * Tests for {@link org.apache.archiva.redback.authentication.users.UserManagerAuthenticator} implementation.
  46  *
  47  * @author <a href='mailto:rahul.thakur.xdev@gmail.com'>Rahul Thakur</a>
  48  */
  49 @RunWith( SpringJUnit4ClassRunner.class )
  50 @ContextConfiguration( locations = { "classpath*:/META-INF/spring-context.xml", "classpath*:/spring-context.xml" } )
  51 public class UserManagerAuthenticatorTest
  52     extends TestCase
  53 {
  54     @Inject
  55     private UserSecurityPolicy userSecurityPolicy;
  56
  57     @Inject
  58     @Named(value = "authenticator#user-manager")
  59     Authenticator component;
  60
  61     @Inject
  62     @Named(value = "userManager#memory")
  63     UserManager um;
  64
  65     @Before
  66     public void setUp()
  67         throws Exception
  68     {
  69         super.setUp();
  70         userSecurityPolicy.setEnabled( false );
  71     }
  72
  73     @Test
  74     public void testLookup()
  75         throws Exception
  76     {
  77         assertNotNull( component );
  78         assertEquals( UserManagerAuthenticator.class.getName(), component.getClass().getName() );
  79     }
  80
  81     @Test
  82     public void testAuthenticate()
  83         throws Exception
  84     {
  85         // Set up a few users for the Authenticator
  86
  87         User user = um.createUser( "test", "Test User", "testuser@somedomain.com" );
  88         user.setPassword( "testpass" );
  89         um.addUser( user );
  90
  91         user = um.createUser( "guest", "Guest User", "testuser@somedomain.com" );
  92         user.setPassword( "guestpass" );
  93         um.addUser( user );
  94
  95         user = um.createUser( "anonymous", "Anonymous User", "testuser@somedomain.com" );
  96         user.setPassword( "nopass" );
  97         um.addUser( user );
  98
  99         // test with valid credentials
 100         Authenticator auth = component;
 101         assertNotNull( auth );
 102
 103         AuthenticationResult result = auth.authenticate( createAuthDataSource( "anonymous", "nopass" ) );
 104         assertTrue( result.isAuthenticated() );
 105
 106         // test with invalid password
 107         result = auth.authenticate( createAuthDataSource( "anonymous", "wrongpass" ) );
 108         assertFalse( result.isAuthenticated() );
 109         assertNull( result.getException() );
 110
 111         // test with unknown user
 112         result = auth.authenticate( createAuthDataSource( "unknownuser", "wrongpass" ) );
 113         assertFalse( result.isAuthenticated() );
 114         assertNotNull( result.getException() );
 115         assertEquals( result.getException().getClass().getName(), UserNotFoundException.class.getName() );
 116     }
 117
 118     @Test
 119     public void testAuthenticateLockedPassword()
 120         throws AuthenticationException, MustChangePasswordException, UserNotFoundException
 121     {
 122         userSecurityPolicy.setEnabled( true );
 123
 124         // Set up a user for the Authenticator
 125         User user = um.createUser( "testuser", "Test User Locked Password", "testuser@somedomain.com" );
 126         user.setPassword( "correctpass1" );
 127         user.setValidated( true );
 128         user.setPasswordChangeRequired( false );
 129         um.addUser( user );
 130
 131         Authenticator auth = component;
 132         assertNotNull( auth );
 133
 134         boolean hasException = false;
 135         AuthenticationResult result = null;
 136
 137         try
 138         {
 139             // test password lock
 140             for ( int i = 0; i < 11; i++ )
 141             {
 142                 result = auth.authenticate( createAuthDataSource( "testuser", "wrongpass" ) );
 143             }
 144         }
 145         catch ( AccountLockedException e )
 146         {
 147             hasException = true;
 148         }
 149         finally
 150         {
 151             assertNotNull( result );
 152             assertFalse( result.isAuthenticated() );
 153             assertTrue( hasException );
 154         }
 155     }
 156
 157     @Test
 158     public void testAuthenticateExpiredPassword()
 159         throws AuthenticationException, AccountLockedException, UserNotFoundException
 160     {
 161         userSecurityPolicy.setEnabled( true );
 162         userSecurityPolicy.setPasswordExpirationDays( 15 );
 163
 164         // Set up a user for the Authenticator
 165         User user = um.createUser( "testuser", "Test User Expired Password", "testuser@somedomain.com" );
 166         user.setPassword( "expiredpass1" );
 167         user.setValidated( true );
 168         user.setPasswordChangeRequired( false );
 169         um.addUser( user );
 170
 171         Authenticator auth = component;
 172         assertNotNull( auth );
 173
 174         boolean hasException = false;
 175
 176         try
 177         {
 178             // test successful authentication
 179             AuthenticationResult result = auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
 180             assertTrue( result.isAuthenticated() );
 181
 182             // test expired password
 183             user = um.findUser( "testuser" );
 184
 185             Calendar currentDate = Calendar.getInstance();
 186             currentDate.set( Calendar.YEAR, currentDate.get( Calendar.YEAR ) - 1 );
 187             Date lastPasswordChange = currentDate.getTime();
 188             user.setLastPasswordChange( lastPasswordChange );
 189
 190             um.updateUser( user );
 191
 192             auth.authenticate( createAuthDataSource( "testuser", "expiredpass1" ) );
 193         }
 194         catch ( MustChangePasswordException e )
 195         {
 196             hasException = true;
 197         }
 198         finally
 199         {
 200             assertTrue( hasException );
 201         }
 202     }
 203
 204     private PasswordBasedAuthenticationDataSource createAuthDataSource( String username, String password )
 205     {
 206         PasswordBasedAuthenticationDataSource source = new PasswordBasedAuthenticationDataSource();
 207
 208         source.setPrincipal( username );
 209         source.setPassword( password );
 210
 211         return source;
 212
 213     }
 214 }