|
|
|
|
|
|
|
|
*/ |
|
|
*/ |
|
|
package org.sonar.server.user.ws; |
|
|
package org.sonar.server.user.ws; |
|
|
|
|
|
|
|
|
|
|
|
import java.io.IOException; |
|
|
|
|
|
import java.util.Optional; |
|
|
|
|
|
import javax.annotation.Nullable; |
|
|
|
|
|
import javax.servlet.FilterChain; |
|
|
|
|
|
import javax.servlet.ServletException; |
|
|
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
|
|
|
|
import javax.servlet.http.HttpServletResponse; |
|
|
import org.junit.Before; |
|
|
import org.junit.Before; |
|
|
import org.junit.Rule; |
|
|
import org.junit.Rule; |
|
|
import org.junit.Test; |
|
|
import org.junit.Test; |
|
|
|
|
|
import org.mockito.ArgumentCaptor; |
|
|
import org.sonar.api.config.internal.MapSettings; |
|
|
import org.sonar.api.config.internal.MapSettings; |
|
|
import org.sonar.api.server.ws.WebService; |
|
|
import org.sonar.api.server.ws.WebService; |
|
|
|
|
|
import org.sonar.db.DbSession; |
|
|
import org.sonar.db.DbTester; |
|
|
import org.sonar.db.DbTester; |
|
|
|
|
|
import org.sonar.db.user.SessionTokenDto; |
|
|
import org.sonar.db.user.UserDto; |
|
|
import org.sonar.db.user.UserDto; |
|
|
import org.sonar.server.authentication.CredentialsLocalAuthentication; |
|
|
import org.sonar.server.authentication.CredentialsLocalAuthentication; |
|
|
|
|
|
import org.sonar.server.authentication.JwtHttpHandler; |
|
|
import org.sonar.server.es.EsTester; |
|
|
import org.sonar.server.es.EsTester; |
|
|
import org.sonar.server.exceptions.BadRequestException; |
|
|
|
|
|
import org.sonar.server.exceptions.ForbiddenException; |
|
|
import org.sonar.server.exceptions.ForbiddenException; |
|
|
import org.sonar.server.exceptions.NotFoundException; |
|
|
import org.sonar.server.exceptions.NotFoundException; |
|
|
import org.sonar.server.tester.UserSessionRule; |
|
|
import org.sonar.server.tester.UserSessionRule; |
|
|
|
|
|
|
|
|
import org.sonar.server.user.index.UserIndexDefinition; |
|
|
import org.sonar.server.user.index.UserIndexDefinition; |
|
|
import org.sonar.server.user.index.UserIndexer; |
|
|
import org.sonar.server.user.index.UserIndexer; |
|
|
import org.sonar.server.usergroups.DefaultGroupFinder; |
|
|
import org.sonar.server.usergroups.DefaultGroupFinder; |
|
|
import org.sonar.server.ws.TestRequest; |
|
|
|
|
|
import org.sonar.server.ws.TestResponse; |
|
|
|
|
|
import org.sonar.server.ws.WsActionTester; |
|
|
|
|
|
|
|
|
import org.sonar.server.ws.ServletFilterHandler; |
|
|
|
|
|
|
|
|
import static java.lang.String.format; |
|
|
import static java.lang.String.format; |
|
|
|
|
|
import static java.net.HttpURLConnection.HTTP_BAD_REQUEST; |
|
|
|
|
|
import static java.net.HttpURLConnection.HTTP_NO_CONTENT; |
|
|
import static org.assertj.core.api.Assertions.assertThat; |
|
|
import static org.assertj.core.api.Assertions.assertThat; |
|
|
import static org.assertj.core.api.Assertions.assertThatThrownBy; |
|
|
import static org.assertj.core.api.Assertions.assertThatThrownBy; |
|
|
|
|
|
import static org.mockito.ArgumentMatchers.eq; |
|
|
import static org.mockito.Mockito.mock; |
|
|
import static org.mockito.Mockito.mock; |
|
|
|
|
|
import static org.mockito.Mockito.verify; |
|
|
|
|
|
import static org.mockito.Mockito.verifyNoInteractions; |
|
|
|
|
|
import static org.mockito.Mockito.when; |
|
|
|
|
|
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_LOGIN; |
|
|
|
|
|
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_PASSWORD; |
|
|
|
|
|
import static org.sonarqube.ws.client.user.UsersWsParameters.PARAM_PREVIOUS_PASSWORD; |
|
|
|
|
|
|
|
|
public class ChangePasswordActionTest { |
|
|
public class ChangePasswordActionTest { |
|
|
|
|
|
|
|
|
|
|
|
private static final String OLD_PASSWORD = "1234"; |
|
|
|
|
|
private static final String NEW_PASSWORD = "12345"; |
|
|
|
|
|
|
|
|
@Rule |
|
|
@Rule |
|
|
public DbTester db = DbTester.create(); |
|
|
public DbTester db = DbTester.create(); |
|
|
@Rule |
|
|
@Rule |
|
|
public EsTester es = EsTester.createCustom(UserIndexDefinition.createForTest()); |
|
|
public EsTester es = EsTester.createCustom(UserIndexDefinition.createForTest()); |
|
|
@Rule |
|
|
@Rule |
|
|
public UserSessionRule userSessionRule = UserSessionRule.standalone().logIn(); |
|
|
public UserSessionRule userSessionRule = UserSessionRule.standalone().logIn(); |
|
|
|
|
|
|
|
|
|
|
|
private final ArgumentCaptor<UserDto> userDtoCaptor = ArgumentCaptor.forClass(UserDto.class); |
|
|
|
|
|
|
|
|
|
|
|
private final HttpServletRequest request = mock(HttpServletRequest.class); |
|
|
|
|
|
private final HttpServletResponse response = mock(HttpServletResponse.class); |
|
|
|
|
|
private final FilterChain chain = mock(FilterChain.class); |
|
|
|
|
|
|
|
|
private final MapSettings settings = new MapSettings().setProperty("sonar.internal.pbkdf2.iterations", "1"); |
|
|
private final MapSettings settings = new MapSettings().setProperty("sonar.internal.pbkdf2.iterations", "1"); |
|
|
private final CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient(), settings.asConfig()); |
|
|
private final CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient(), settings.asConfig()); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
new UserIndexer(db.getDbClient(), es.client()), new DefaultGroupFinder(db.getDbClient()), |
|
|
new UserIndexer(db.getDbClient(), es.client()), new DefaultGroupFinder(db.getDbClient()), |
|
|
new MapSettings().asConfig(), localAuthentication); |
|
|
new MapSettings().asConfig(), localAuthentication); |
|
|
|
|
|
|
|
|
private final WsActionTester tester = new WsActionTester(new ChangePasswordAction(db.getDbClient(), userUpdater, userSessionRule, localAuthentication)); |
|
|
|
|
|
|
|
|
private final JwtHttpHandler jwtHttpHandler = mock(JwtHttpHandler.class); |
|
|
|
|
|
|
|
|
|
|
|
private final ChangePasswordAction changePasswordAction = new ChangePasswordAction(db.getDbClient(), userUpdater, userSessionRule, localAuthentication, jwtHttpHandler); |
|
|
|
|
|
|
|
|
@Before |
|
|
@Before |
|
|
public void setUp() { |
|
|
public void setUp() { |
|
|
|
|
|
|
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void a_user_can_update_his_password() { |
|
|
|
|
|
String oldPassword = "Valar Dohaeris"; |
|
|
|
|
|
UserDto user = createLocalUser(oldPassword); |
|
|
|
|
|
String oldCryptedPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), user.getLogin()).getCryptedPassword(); |
|
|
|
|
|
userSessionRule.logIn(user); |
|
|
|
|
|
|
|
|
public void a_user_can_update_his_password() throws ServletException, IOException { |
|
|
|
|
|
UserTestData user = createLocalUser(OLD_PASSWORD); |
|
|
|
|
|
String oldCryptedPassword = findEncryptedPassword(user.getLogin()); |
|
|
|
|
|
userSessionRule.logIn(user.getUserDto()); |
|
|
|
|
|
|
|
|
TestResponse response = tester.newRequest() |
|
|
|
|
|
.setParam("login", user.getLogin()) |
|
|
|
|
|
.setParam("previousPassword", "Valar Dohaeris") |
|
|
|
|
|
.setParam("password", "Valar Morghulis") |
|
|
|
|
|
.execute(); |
|
|
|
|
|
|
|
|
executeTest(user.getLogin(), OLD_PASSWORD, NEW_PASSWORD); |
|
|
|
|
|
|
|
|
assertThat(response.getStatus()).isEqualTo(204); |
|
|
|
|
|
String newCryptedPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), user.getLogin()).getCryptedPassword(); |
|
|
|
|
|
|
|
|
String newCryptedPassword = findEncryptedPassword(user.getLogin()); |
|
|
assertThat(newCryptedPassword).isNotEqualTo(oldCryptedPassword); |
|
|
assertThat(newCryptedPassword).isNotEqualTo(oldCryptedPassword); |
|
|
|
|
|
verify(jwtHttpHandler).removeToken(request, response); |
|
|
|
|
|
verify(jwtHttpHandler).generateToken(userDtoCaptor.capture(), eq(request), eq(response)); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isEmpty(); |
|
|
|
|
|
assertThat(userDtoCaptor.getValue().getLogin()).isEqualTo(user.getLogin()); |
|
|
|
|
|
verify(response).setStatus(HTTP_NO_CONTENT); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void system_administrator_can_update_password_of_user() { |
|
|
|
|
|
UserDto admin = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(admin).setSystemAdministrator(); |
|
|
|
|
|
UserDto user = createLocalUser(); |
|
|
|
|
|
String originalPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), user.getLogin()).getCryptedPassword(); |
|
|
|
|
|
|
|
|
public void system_administrator_can_update_password_of_user() throws ServletException, IOException { |
|
|
|
|
|
UserTestData admin = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(admin.getUserDto()).setSystemAdministrator(); |
|
|
|
|
|
UserTestData user = createLocalUser(); |
|
|
|
|
|
String originalPassword = findEncryptedPassword(user.getLogin()); |
|
|
|
|
|
db.commit(); |
|
|
|
|
|
|
|
|
tester.newRequest() |
|
|
|
|
|
.setParam("login", user.getLogin()) |
|
|
|
|
|
.setParam("password", "Valar Morghulis") |
|
|
|
|
|
.execute(); |
|
|
|
|
|
|
|
|
executeTest(user.getLogin(), null, NEW_PASSWORD); |
|
|
|
|
|
|
|
|
String newPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), user.getLogin()).getCryptedPassword(); |
|
|
|
|
|
|
|
|
String newPassword = findEncryptedPassword(user.getLogin()); |
|
|
assertThat(newPassword).isNotEqualTo(originalPassword); |
|
|
assertThat(newPassword).isNotEqualTo(originalPassword); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isEmpty(); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), admin.getSessionTokenUuid())).isPresent(); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
|
|
|
verify(response).setStatus(HTTP_NO_CONTENT); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
|
|
|
public void fail_to_update_someone_else_password_if_not_admin() { |
|
|
|
|
|
UserDto user = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(user); |
|
|
|
|
|
UserDto anotherUser = createLocalUser(); |
|
|
|
|
|
|
|
|
private String findEncryptedPassword(String login) { |
|
|
|
|
|
return db.getDbClient().userDao().selectByLogin(db.getSession(), login).getCryptedPassword(); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
TestRequest request = tester.newRequest() |
|
|
|
|
|
.setParam("login", anotherUser.getLogin()) |
|
|
|
|
|
.setParam("previousPassword", "I dunno") |
|
|
|
|
|
.setParam("password", "Valar Morghulis"); |
|
|
|
|
|
|
|
|
private Optional<SessionTokenDto> findSessionTokenDto(DbSession dbSession, String tokenUuid) { |
|
|
|
|
|
return db.getDbClient().sessionTokensDao().selectByUuid(dbSession, tokenUuid); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
assertThatThrownBy(request::execute) |
|
|
|
|
|
|
|
|
@Test |
|
|
|
|
|
public void fail_to_update_someone_else_password_if_not_admin() throws ServletException, IOException { |
|
|
|
|
|
UserTestData user = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(user.getLogin()); |
|
|
|
|
|
UserTestData anotherLocalUser = createLocalUser(); |
|
|
|
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest(anotherLocalUser.getLogin(), "I dunno", NEW_PASSWORD)) |
|
|
.isInstanceOf(ForbiddenException.class); |
|
|
.isInstanceOf(ForbiddenException.class); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isPresent(); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void fail_to_update_unknown_user() { |
|
|
public void fail_to_update_unknown_user() { |
|
|
UserDto admin = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(admin).setSystemAdministrator(); |
|
|
|
|
|
|
|
|
UserTestData admin = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(admin.getUserDto()).setSystemAdministrator(); |
|
|
|
|
|
|
|
|
TestRequest request = tester.newRequest() |
|
|
|
|
|
.setParam("login", "polop") |
|
|
|
|
|
.setParam("password", "polop"); |
|
|
|
|
|
|
|
|
|
|
|
assertThatThrownBy(request::execute) |
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest("polop", null, "polop")) |
|
|
.isInstanceOf(NotFoundException.class) |
|
|
.isInstanceOf(NotFoundException.class) |
|
|
.hasMessage("User with login 'polop' has not been found"); |
|
|
.hasMessage("User with login 'polop' has not been found"); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), admin.getSessionTokenUuid())).isPresent(); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
|
|
|
|
|
|
UserDto user = db.users().insertUser(u -> u.setActive(false)); |
|
|
UserDto user = db.users().insertUser(u -> u.setActive(false)); |
|
|
userSessionRule.logIn(user); |
|
|
userSessionRule.logIn(user); |
|
|
|
|
|
|
|
|
TestRequest request = tester.newRequest() |
|
|
|
|
|
.setParam("login", user.getLogin()) |
|
|
|
|
|
.setParam("password", "polop"); |
|
|
|
|
|
|
|
|
|
|
|
assertThatThrownBy(request::execute) |
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest(user.getLogin(), null, "polop")) |
|
|
.isInstanceOf(NotFoundException.class) |
|
|
.isInstanceOf(NotFoundException.class) |
|
|
.hasMessage(format("User with login '%s' has not been found", user.getLogin())); |
|
|
.hasMessage(format("User with login '%s' has not been found", user.getLogin())); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void fail_to_update_password_on_self_without_old_password() { |
|
|
|
|
|
UserDto user = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(user); |
|
|
|
|
|
|
|
|
public void fail_to_update_password_on_self_without_login() { |
|
|
|
|
|
when(request.getParameter(PARAM_PASSWORD)).thenReturn("new password"); |
|
|
|
|
|
when(request.getParameter(PARAM_PREVIOUS_PASSWORD)).thenReturn(NEW_PASSWORD); |
|
|
|
|
|
|
|
|
TestRequest request = tester.newRequest() |
|
|
|
|
|
.setParam("login", user.getLogin()) |
|
|
|
|
|
.setParam("password", "Valar Morghulis"); |
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest(null, OLD_PASSWORD, NEW_PASSWORD)) |
|
|
|
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
|
|
|
.hasMessage("The 'login' parameter is missing"); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
assertThatThrownBy(request::execute) |
|
|
|
|
|
|
|
|
@Test |
|
|
|
|
|
public void fail_to_update_password_on_self_without_old_password() { |
|
|
|
|
|
UserTestData user = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(user.getUserDto()); |
|
|
|
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest(user.getLogin(), null, NEW_PASSWORD)) |
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
.hasMessage("The 'previousPassword' parameter is missing"); |
|
|
.hasMessage("The 'previousPassword' parameter is missing"); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isPresent(); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void fail_to_update_password_on_self_with_bad_old_password() { |
|
|
|
|
|
UserDto user = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(user); |
|
|
|
|
|
|
|
|
public void fail_to_update_password_on_self_without_new_password() { |
|
|
|
|
|
UserTestData user = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(user.getUserDto()); |
|
|
|
|
|
|
|
|
TestRequest request = tester.newRequest() |
|
|
|
|
|
.setParam("login", user.getLogin()) |
|
|
|
|
|
.setParam("previousPassword", "I dunno") |
|
|
|
|
|
.setParam("password", "Valar Morghulis"); |
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest(user.getLogin(), OLD_PASSWORD, null)) |
|
|
|
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
|
|
|
.hasMessage("The 'password' parameter is missing"); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isPresent(); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
assertThatThrownBy(request::execute) |
|
|
|
|
|
|
|
|
@Test |
|
|
|
|
|
public void fail_to_update_password_on_self_with_bad_old_password() { |
|
|
|
|
|
UserTestData user = createLocalUser(); |
|
|
|
|
|
userSessionRule.logIn(user.getUserDto()); |
|
|
|
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest(user.getLogin(), "I dunno", NEW_PASSWORD)) |
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
.hasMessage("Incorrect password"); |
|
|
.hasMessage("Incorrect password"); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isPresent(); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void fail_to_update_password_on_external_auth() { |
|
|
|
|
|
|
|
|
public void fail_to_update_password_on_external_auth() throws ServletException, IOException { |
|
|
UserDto admin = db.users().insertUser(); |
|
|
UserDto admin = db.users().insertUser(); |
|
|
userSessionRule.logIn(admin).setSystemAdministrator(); |
|
|
userSessionRule.logIn(admin).setSystemAdministrator(); |
|
|
UserDto user = db.users().insertUser(u -> u.setLocal(false)); |
|
|
UserDto user = db.users().insertUser(u -> u.setLocal(false)); |
|
|
|
|
|
|
|
|
TestRequest request = tester.newRequest() |
|
|
|
|
|
.setParam("login", user.getLogin()) |
|
|
|
|
|
.setParam("previousPassword", "I dunno") |
|
|
|
|
|
.setParam("password", "Valar Morghulis"); |
|
|
|
|
|
|
|
|
|
|
|
assertThatThrownBy(request::execute) |
|
|
|
|
|
.isInstanceOf(BadRequestException.class) |
|
|
|
|
|
.hasMessage("Password cannot be changed when external authentication is used"); |
|
|
|
|
|
|
|
|
executeTest(user.getLogin(), "I dunno", NEW_PASSWORD); |
|
|
|
|
|
verify(response).setStatus(HTTP_BAD_REQUEST); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void fail_to_update_to_same_password() { |
|
|
public void fail_to_update_to_same_password() { |
|
|
String oldPassword = "Valar Dohaeris"; |
|
|
|
|
|
UserDto user = createLocalUser(oldPassword); |
|
|
|
|
|
userSessionRule.logIn(user); |
|
|
|
|
|
|
|
|
|
|
|
TestRequest request = tester.newRequest() |
|
|
|
|
|
.setParam("login", user.getLogin()) |
|
|
|
|
|
.setParam("previousPassword", oldPassword) |
|
|
|
|
|
.setParam("password", oldPassword); |
|
|
|
|
|
|
|
|
UserTestData user = createLocalUser(OLD_PASSWORD); |
|
|
|
|
|
userSessionRule.logIn(user.getUserDto()); |
|
|
|
|
|
|
|
|
assertThatThrownBy(request::execute) |
|
|
|
|
|
|
|
|
assertThatThrownBy(() -> executeTest(user.getLogin(), OLD_PASSWORD, OLD_PASSWORD)) |
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
.isInstanceOf(IllegalArgumentException.class) |
|
|
.hasMessage("Password must be different from old password"); |
|
|
.hasMessage("Password must be different from old password"); |
|
|
|
|
|
assertThat(findSessionTokenDto(db.getSession(), user.getSessionTokenUuid())).isPresent(); |
|
|
|
|
|
verifyNoInteractions(jwtHttpHandler); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
@Test |
|
|
@Test |
|
|
public void test_definition() { |
|
|
|
|
|
WebService.Action action = tester.getDef(); |
|
|
|
|
|
assertThat(action).isNotNull(); |
|
|
|
|
|
assertThat(action.isPost()).isTrue(); |
|
|
|
|
|
assertThat(action.params()).hasSize(3); |
|
|
|
|
|
|
|
|
public void verify_definition() { |
|
|
|
|
|
String controllerKey = "foo"; |
|
|
|
|
|
WebService.Context context = new WebService.Context(); |
|
|
|
|
|
WebService.NewController newController = context.createController(controllerKey); |
|
|
|
|
|
|
|
|
|
|
|
changePasswordAction.define(newController); |
|
|
|
|
|
newController.done(); |
|
|
|
|
|
|
|
|
|
|
|
WebService.Action changePassword = context.controller(controllerKey).action("change_password"); |
|
|
|
|
|
assertThat(changePassword).isNotNull(); |
|
|
|
|
|
assertThat(changePassword.handler()).isInstanceOf(ServletFilterHandler.class); |
|
|
|
|
|
assertThat(changePassword.isPost()).isTrue(); |
|
|
|
|
|
assertThat(changePassword.params()) |
|
|
|
|
|
.extracting(WebService.Param::key) |
|
|
|
|
|
.containsExactlyInAnyOrder(PARAM_LOGIN, PARAM_PASSWORD, PARAM_PREVIOUS_PASSWORD); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
private UserDto createLocalUser() { |
|
|
|
|
|
return db.users().insertUser(u -> u.setLocal(true)); |
|
|
|
|
|
|
|
|
private void executeTest(@Nullable String login, @Nullable String oldPassword, @Nullable String newPassword) throws IOException, ServletException { |
|
|
|
|
|
when(request.getParameter(PARAM_LOGIN)).thenReturn(login); |
|
|
|
|
|
when(request.getParameter(PARAM_PREVIOUS_PASSWORD)).thenReturn(oldPassword); |
|
|
|
|
|
when(request.getParameter(PARAM_PASSWORD)).thenReturn(newPassword); |
|
|
|
|
|
changePasswordAction.doFilter(request, response, chain); |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
private UserDto createLocalUser(String password) { |
|
|
|
|
|
UserDto user = createLocalUser(); |
|
|
|
|
|
localAuthentication.storeHashPassword(user, password); |
|
|
|
|
|
db.getDbClient().userDao().update(db.getSession(), user); |
|
|
|
|
|
|
|
|
private UserTestData createLocalUser(String password) { |
|
|
|
|
|
UserTestData userTestData = createLocalUser(); |
|
|
|
|
|
localAuthentication.storeHashPassword(userTestData.getUserDto(), password); |
|
|
|
|
|
db.getDbClient().userDao().update(db.getSession(), userTestData.getUserDto()); |
|
|
db.commit(); |
|
|
db.commit(); |
|
|
return user; |
|
|
|
|
|
|
|
|
return userTestData; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private UserTestData createLocalUser() { |
|
|
|
|
|
UserDto userDto = db.users().insertUser(u -> u.setLocal(true)); |
|
|
|
|
|
SessionTokenDto sessionTokenForUser = createSessionTokenForUser(userDto); |
|
|
|
|
|
db.commit(); |
|
|
|
|
|
return new UserTestData(userDto, sessionTokenForUser); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private SessionTokenDto createSessionTokenForUser(UserDto user) { |
|
|
|
|
|
SessionTokenDto userTokenDto = new SessionTokenDto().setUserUuid(user.getUuid()).setExpirationDate(1000L); |
|
|
|
|
|
return db.getDbClient().sessionTokensDao().insert(db.getSession(), userTokenDto); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
private static class UserTestData { |
|
|
|
|
|
private final UserDto userDto; |
|
|
|
|
|
private final SessionTokenDto sessionTokenDto; |
|
|
|
|
|
|
|
|
|
|
|
private UserTestData(UserDto userDto, SessionTokenDto sessionTokenDto) { |
|
|
|
|
|
this.userDto = userDto; |
|
|
|
|
|
this.sessionTokenDto = sessionTokenDto; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
UserDto getUserDto() { |
|
|
|
|
|
return userDto; |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
String getLogin() { |
|
|
|
|
|
return userDto.getLogin(); |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
String getSessionTokenUuid() { |
|
|
|
|
|
return sessionTokenDto.getUuid(); |
|
|
|
|
|
} |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
} |
|
|
} |