mirrors
/
sonarqube
mirror of https://github.com/SonarSource/sonarqube.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 237 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
28067 Commits
59 Branches
Tree: eb399b126d
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'eb399b126d'
${ noResults }
sonarqube/server/sonar-server/src/test/java/org/sonar/server/user/ws/ChangePasswordActionTest.java

ChangePasswordActionTest.java 7.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211 
  1. /*

  2.  * SonarQube

  3.  * Copyright (C) 2009-2019 SonarSource SA

  4.  * mailto:info AT sonarsource DOT com

  5.  *

  6.  * This program is free software; you can redistribute it and/or

  7.  * modify it under the terms of the GNU Lesser General Public

  8.  * License as published by the Free Software Foundation; either

  9.  * version 3 of the License, or (at your option) any later version.

  10.  *

  11.  * This program is distributed in the hope that it will be useful,

  12.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  13.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

  14.  * Lesser General Public License for more details.

  15.  *

  16.  * You should have received a copy of the GNU Lesser General Public License

  17.  * along with this program; if not, write to the Free Software Foundation,

  18.  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

  19.  */

  20. package org.sonar.server.user.ws;

  21. 

  22. import org.junit.Before;

  23. import org.junit.Rule;

  24. import org.junit.Test;

  25. import org.junit.rules.ExpectedException;

  26. import org.sonar.api.config.internal.MapSettings;

  27. import org.sonar.api.server.ws.WebService;

  28. import org.sonar.api.utils.System2;

  29. import org.sonar.api.utils.internal.AlwaysIncreasingSystem2;

  30. import org.sonar.db.DbTester;

  31. import org.sonar.server.authentication.CredentialsLocalAuthentication;

  32. import org.sonar.server.es.EsTester;

  33. import org.sonar.server.exceptions.BadRequestException;

  34. import org.sonar.server.exceptions.ForbiddenException;

  35. import org.sonar.server.exceptions.NotFoundException;

  36. import org.sonar.server.organization.OrganizationUpdater;

  37. import org.sonar.server.organization.TestDefaultOrganizationProvider;

  38. import org.sonar.server.organization.TestOrganizationFlags;

  39. import org.sonar.server.tester.UserSessionRule;

  40. import org.sonar.server.user.NewUser;

  41. import org.sonar.server.user.NewUserNotifier;

  42. import org.sonar.server.user.UserUpdater;

  43. import org.sonar.server.user.index.UserIndexer;

  44. import org.sonar.server.usergroups.DefaultGroupFinder;

  45. import org.sonar.server.ws.TestResponse;

  46. import org.sonar.server.ws.WsActionTester;

  47. 

  48. import static org.assertj.core.api.Assertions.assertThat;

  49. import static org.mockito.Mockito.mock;

  50. import static org.sonar.db.user.UserTesting.newExternalUser;

  51. import static org.sonar.db.user.UserTesting.newLocalUser;

  52. 

  53. public class ChangePasswordActionTest {

  54. 

  55.   private System2 system2 = new AlwaysIncreasingSystem2();

  56. 

  57.   @Rule

  58.   public ExpectedException expectedException = ExpectedException.none();

  59.   @Rule

  60.   public DbTester db = DbTester.create();

  61.   @Rule

  62.   public EsTester es = EsTester.create();

  63.   @Rule

  64.   public UserSessionRule userSessionRule = UserSessionRule.standalone().logIn();

  65. 

  66.   private TestOrganizationFlags organizationFlags = TestOrganizationFlags.standalone();

  67.   private CredentialsLocalAuthentication localAuthentication = new CredentialsLocalAuthentication(db.getDbClient());

  68. 

  69.   private UserUpdater userUpdater = new UserUpdater(system2, mock(NewUserNotifier.class), db.getDbClient(), new UserIndexer(db.getDbClient(), es.client()),

  70.     organizationFlags,

  71.     TestDefaultOrganizationProvider.from(db),

  72.     mock(OrganizationUpdater.class),

  73.     new DefaultGroupFinder(db.getDbClient()),

  74.     new MapSettings().asConfig(),

  75.     localAuthentication);

  76. 

  77.   private WsActionTester tester = new WsActionTester(new ChangePasswordAction(db.getDbClient(), userUpdater, userSessionRule, localAuthentication));

  78. 

  79.   @Before

  80.   public void setUp() {

  81.     db.users().insertDefaultGroup(db.getDefaultOrganization(), "sonar-users");

  82.   }

  83. 

  84.   @Test

  85.   public void a_user_can_update_his_password() {

  86.     userUpdater.createAndCommit(db.getSession(), NewUser.builder()

  87.       .setEmail("john@email.com")

  88.       .setLogin("john")

  89.       .setName("John")

  90.       .setPassword("Valar Dohaeris")

  91.       .build(), u -> {

  92.       });

  93.     String oldCryptedPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), "john").getCryptedPassword();

  94.     userSessionRule.logIn("john");

  95. 

  96.     TestResponse response = tester.newRequest()

  97.       .setParam("login", "john")

  98.       .setParam("previousPassword", "Valar Dohaeris")

  99.       .setParam("password", "Valar Morghulis")

  100.       .execute();

  101. 

  102.     assertThat(response.getStatus()).isEqualTo(204);

  103.     String newCryptedPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), "john").getCryptedPassword();

  104.     assertThat(newCryptedPassword).isNotEqualTo(oldCryptedPassword);

  105.   }

  106. 

  107.   @Test

  108.   public void system_administrator_can_update_password_of_user() {

  109.     userSessionRule.logIn().setSystemAdministrator();

  110.     createLocalUser();

  111.     String originalPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), "john").getCryptedPassword();

  112. 

  113.     tester.newRequest()

  114.       .setParam("login", "john")

  115.       .setParam("password", "Valar Morghulis")

  116.       .execute();

  117. 

  118.     String newPassword = db.getDbClient().userDao().selectByLogin(db.getSession(), "john").getCryptedPassword();

  119.     assertThat(newPassword).isNotEqualTo(originalPassword);

  120.   }

  121. 

  122.   @Test

  123.   public void fail_on_missing_permission() {

  124.     createLocalUser();

  125.     userSessionRule.logIn("polop");

  126. 

  127.     expectedException.expect(ForbiddenException.class);

  128.     tester.newRequest()

  129.       .setParam("login", "john")

  130.       .execute();

  131.   }

  132. 

  133.   @Test

  134.   public void fail_on_unknown_user() {

  135.     userSessionRule.logIn().setSystemAdministrator();

  136. 

  137.     expectedException.expect(NotFoundException.class);

  138.     expectedException.expectMessage("User with login 'polop' has not been found");

  139. 

  140.     tester.newRequest()

  141.       .setParam("login", "polop")

  142.       .setParam("password", "polop")

  143.       .execute();

  144.   }

  145. 

  146.   @Test

  147.   public void fail_on_disabled_user() {

  148.     db.users().insertUser(u -> u.setLogin("polop").setActive(false));

  149.     userSessionRule.logIn().setSystemAdministrator();

  150. 

  151.     expectedException.expect(NotFoundException.class);

  152.     expectedException.expectMessage("User with login 'polop' has not been found");

  153. 

  154.     tester.newRequest()

  155.       .setParam("login", "polop")

  156.       .setParam("password", "polop")

  157.       .execute();

  158.   }

  159. 

  160.   @Test

  161.   public void fail_to_update_password_on_self_without_old_password() {

  162.     createLocalUser();

  163.     userSessionRule.logIn("john");

  164. 

  165.     expectedException.expect(IllegalArgumentException.class);

  166. 

  167.     tester.newRequest()

  168.       .setParam("login", "john")

  169.       .setParam("password", "Valar Morghulis")

  170.       .execute();

  171.   }

  172. 

  173.   @Test

  174.   public void fail_to_update_password_on_self_with_bad_old_password() {

  175.     createLocalUser();

  176.     userSessionRule.logIn("john");

  177. 

  178.     expectedException.expect(IllegalArgumentException.class);

  179. 

  180.     tester.newRequest()

  181.       .setParam("login", "john")

  182.       .setParam("previousPassword", "I dunno")

  183.       .setParam("password", "Valar Morghulis")

  184.       .execute();

  185.   }

  186. 

  187.   @Test

  188.   public void fail_to_update_password_on_external_auth() {

  189.     userSessionRule.logIn().setSystemAdministrator();

  190.     db.users().insertUser(newExternalUser("john", "John", "john@email.com"));

  191. 

  192.     expectedException.expect(BadRequestException.class);

  193. 

  194.     tester.newRequest()

  195.       .setParam("login", "john")

  196.       .setParam("password", "Valar Morghulis")

  197.       .execute();

  198.   }

  199. 

  200.   @Test

  201.   public void test_definition() {

  202.     WebService.Action action = tester.getDef();

  203.     assertThat(action).isNotNull();

  204.     assertThat(action.isPost()).isTrue();

  205.     assertThat(action.params()).hasSize(3);

  206.   }

  207. 

  208.   private void createLocalUser() {

  209.     db.users().insertUser(newLocalUser("john", "John", "john@email.com"));

  210.   }

  211. }