@Test public void select_by_user_and_name() { UserDto user = db.users().insertUser(); UserTokenDto userToken = db.users().insertToken(user, t -> t.setName("name").setTokenHash("token")); UserTokenDto resultByLoginAndName = underTest.selectByUserAndName(db.getSession(), user, userToken.getName()); assertThat(resultByLoginAndName.getUserUuid()).isEqualTo(user.getUuid()); assertThat(resultByLoginAndName.getName()).isEqualTo(userToken.getName()); assertThat(resultByLoginAndName.getCreatedAt()).isEqualTo(userToken.getCreatedAt()); assertThat(resultByLoginAndName.getTokenHash()).isEqualTo(userToken.getTokenHash()); assertThat(underTest.selectByUserAndName(db.getSession(), user, "unknown-name")).isNull(); }
private UserTokenDto insertTokenInDb(DbSession dbSession, UserDto user, String name, String tokenHash) { UserTokenDto userTokenDto = new UserTokenDto() .setUserUuid(user.getUuid()) .setName(name) .setTokenHash(tokenHash) .setCreatedAt(system.now()); dbClient.userTokenDao().insert(dbSession, userTokenDto); dbSession.commit(); return userTokenDto; }
@Test public void insert_token() { UserTokenDto userToken = newUserToken(); underTest.insert(db.getSession(), userToken); UserTokenDto userTokenFromDb = underTest.selectByTokenHash(db.getSession(), userToken.getTokenHash()); assertThat(userTokenFromDb).isNotNull(); assertThat(userTokenFromDb.getName()).isEqualTo(userToken.getName()); assertThat(userTokenFromDb.getCreatedAt()).isEqualTo(userToken.getCreatedAt()); assertThat(userTokenFromDb.getTokenHash()).isEqualTo(userToken.getTokenHash()); assertThat(userTokenFromDb.getUserUuid()).isEqualTo(userToken.getUserUuid()); }
private static GenerateWsResponse buildResponse(UserTokenDto userTokenDto, String token, UserDto user) { return UserTokens.GenerateWsResponse.newBuilder() .setLogin(user.getLogin()) .setName(userTokenDto.getName()) .setCreatedAt(formatDateTime(userTokenDto.getCreatedAt())) .setToken(token) .build(); }
@Test public void search_json_example() { UserDto user1 = db.users().insertUser(u -> u.setLogin("grace.hopper")); UserDto user2 = db.users().insertUser(u -> u.setLogin("ada.lovelace")); db.users().insertToken(user1, t -> t.setName("Project scan on Travis").setCreatedAt(1448523067221L)); db.users().insertToken(user1, t -> t.setName("Project scan on AppVeyor").setCreatedAt(1438523067221L)); db.users().insertToken(user1, t -> t.setName("Project scan on Jenkins").setCreatedAt(1428523067221L)); db.users().insertToken(user2, t -> t.setName("Project scan on Travis").setCreatedAt(141456787123L)); logInAsSystemAdministrator(); String response = ws.newRequest() .setParam(PARAM_LOGIN, user1.getLogin()) .execute().getInput(); assertJson(response).isSimilarTo(getClass().getResource("search-example.json")); }
@Test public void fail_if_token_hash_is_longer_than_255_characters() { expectedException.expect(IllegalStateException.class); expectedException.expectMessage("Token hash length (256) is longer than the maximum authorized (255)"); new UserTokenDto().setTokenHash(randomAlphabetic(256)); } }
@Test public void user_can_delete_its_own_tokens() { UserDto user = db.users().insertUser(); UserTokenDto token = db.users().insertToken(user); userSession.logIn(user); String response = newRequest(null, token.getName()); assertThat(response).isEmpty(); assertThat(dbClient.userTokenDao().selectByUser(dbSession, user)).isEmpty(); }
@Test public void return_login_when_token_hash_found_in_db() { String token = "known-token"; String tokenHash = "123456789"; when(tokenGenerator.hash(token)).thenReturn(tokenHash); UserDto user1 = db.users().insertUser(); db.users().insertToken(user1, t -> t.setTokenHash(tokenHash)); UserDto user2 = db.users().insertUser(); db.users().insertToken(user2, t -> t.setTokenHash("another-token-hash")); Optional<String> login = underTest.authenticate(token); assertThat(login.isPresent()).isTrue(); assertThat(login.get()).isEqualTo(user1.getUuid()); }
@Test public void count_tokens_by_user() { UserDto user = db.users().insertUser(); db.users().insertToken(user, t -> t.setName("name")); db.users().insertToken(user, t -> t.setName("another-name")); Map<String, Integer> result = underTest.countTokensByUsers(dbSession, singletonList(user)); assertThat(result.get(user.getUuid())).isEqualTo(2); assertThat(result.get("unknown-user_uuid")).isNull(); } }
/** * Returns the user uuid if the token hash is found, else {@code Optional.absent()}. * The returned uuid is not validated. If database is corrupted (table USER_TOKENS badly purged * for instance), then the uuid may not relate to a valid user. */ public Optional<String> authenticate(String token) { String tokenHash = tokenGenerator.hash(token); try (DbSession dbSession = dbClient.openSession(false)) { UserTokenDto userToken = dbClient.userTokenDao().selectByTokenHash(dbSession, tokenHash); if (userToken == null) { return empty(); } return of(userToken.getUserUuid()); } } }
@SafeVarargs public final UserTokenDto insertToken(UserDto user, Consumer<UserTokenDto>... populators) { UserTokenDto dto = newUserToken().setUserUuid(user.getUuid()); stream(populators).forEach(p -> p.accept(dto)); db.getDbClient().userTokenDao().insert(db.getSession(), dto); db.commit(); return dto; }
private static SearchWsResponse buildResponse(UserDto user, List<UserTokenDto> userTokensDto) { SearchWsResponse.Builder searchWsResponse = SearchWsResponse.newBuilder(); SearchWsResponse.UserToken.Builder userTokenBuilder = SearchWsResponse.UserToken.newBuilder(); searchWsResponse.setLogin(user.getLogin()); for (UserTokenDto userTokenDto : userTokensDto) { userTokenBuilder .clear() .setName(userTokenDto.getName()) .setCreatedAt(formatDateTime(userTokenDto.getCreatedAt())); searchWsResponse.addUserTokens(userTokenBuilder); } return searchWsResponse.build(); }
@Test public void a_user_can_search_its_own_token() { UserDto user = db.users().insertUser(); db.users().insertToken(user, t -> t.setName("Project scan on Travis").setCreatedAt(1448523067221L)); userSession.logIn(user); SearchWsResponse response = newRequest(null); assertThat(response.getUserTokensCount()).isEqualTo(1); }
@Test public void delete_token_in_db() { logInAsSystemAdministrator(); UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); UserTokenDto tokenToDelete = db.users().insertToken(user1); UserTokenDto tokenToKeep1 = db.users().insertToken(user1); UserTokenDto tokenToKeep2 = db.users().insertToken(user1); UserTokenDto tokenFromAnotherUser = db.users().insertToken(user2); String response = newRequest(user1.getLogin(), tokenToDelete.getName()); assertThat(response).isEmpty(); assertThat(dbClient.userTokenDao().selectByUser(dbSession, user1)) .extracting(UserTokenDto::getName) .containsExactlyInAnyOrder(tokenToKeep1.getName(), tokenToKeep2.getName()); assertThat(dbClient.userTokenDao().selectByUser(dbSession, user2)) .extracting(UserTokenDto::getName) .containsExactlyInAnyOrder(tokenFromAnotherUser.getName()); }
@Test public void select_by_token_hash() { UserDto user = db.users().insertUser(); String tokenHash = "123456789"; db.users().insertToken(user, t -> t.setTokenHash(tokenHash)); UserTokenDto result = underTest.selectByTokenHash(db.getSession(), tokenHash); assertThat(result).isNotNull(); }
@Test public void delete_token_by_user_and_name() { UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); db.users().insertToken(user1, t -> t.setName("name")); db.users().insertToken(user1, t -> t.setName("another-name")); db.users().insertToken(user2, t -> t.setName("name")); underTest.deleteByUserAndName(dbSession, user1, "name"); assertThat(underTest.selectByUserAndName(dbSession, user1, "name")).isNull(); assertThat(underTest.selectByUserAndName(dbSession, user1, "another-name")).isNotNull(); assertThat(underTest.selectByUserAndName(dbSession, user2, "name")).isNotNull(); }
/** * Returns the user uuid if the token hash is found, else {@code Optional.absent()}. * The returned uuid is not validated. If database is corrupted (table USER_TOKENS badly purged * for instance), then the uuid may not relate to a valid user. */ public java.util.Optional<String> authenticate(String token) { String tokenHash = tokenGenerator.hash(token); try (DbSession dbSession = dbClient.openSession(false)) { UserTokenDto userToken = dbClient.userTokenDao().selectByTokenHash(dbSession, tokenHash); if (userToken == null) { return empty(); } return of(userToken.getUserUuid()); } } }
public static UserTokenDto newUserToken() { return new UserTokenDto() .setUserUuid("userUuid_" + randomAlphanumeric(40)) .setName("name_" + randomAlphanumeric(20)) .setTokenHash("hash_" + randomAlphanumeric(30)) .setCreatedAt(nextLong()); } }
private static GenerateWsResponse buildResponse(UserTokenDto userTokenDto, String token, UserDto user) { return UserTokens.GenerateWsResponse.newBuilder() .setLogin(user.getLogin()) .setName(userTokenDto.getName()) .setCreatedAt(formatDateTime(userTokenDto.getCreatedAt())) .setToken(token) .build(); }
@Test public void throw_ForbiddenException_if_non_administrator_revokes_token_of_someone_else() { UserDto user = db.users().insertUser(); UserTokenDto token = db.users().insertToken(user); userSession.logIn(); expectedException.expect(ForbiddenException.class); newRequest(user.getLogin(), token.getName()); }