private ExpiringCode getExpiringCode(String code) { ExpiringCode expiringCode = codeStore.retrieveCode(code, IdentityZoneHolder.get().getId()); if (expiringCode == null) { throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422); } return expiringCode; }
@Test(expected = InvalidCodeException.class) public void authentication_fails_withCodeIntendedForDifferentPurpose() { Map<String,String> codeData = new HashMap<>(); codeData.put("user_id", "test-user-id"); codeData.put("client_id", clientId); codeData.put("username", "test-username"); codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); when(codeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData), null)); manager.authenticate(authenticationToken); }
@Test(expected = BadCredentialsException.class) public void authentication_fails_withInvalidClient() { Map<String,String> codeData = new HashMap<>(); codeData.put("user_id", "test-user-id"); codeData.put("client_id", "actual-client-id"); codeData.put("username", "test-username"); codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); codeData.put("action", ExpiringCodeType.AUTOLOGIN.name()); when(codeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData), null)); manager.authenticate(authenticationToken); }
@Test public void completeActivationWithValidClientRedirect() throws Exception { String zoneId = IdentityZoneHolder.get().getId(); setUpForSuccess("http://example.com/redirect"); when(scimUserProvisioning.createUser(any(ScimUser.class), anyString(), eq(zoneId))).thenReturn(user); when(codeStore.retrieveCode("the_secret_code", zoneId)).thenReturn(code); when(scimUserProvisioning.verifyUser(anyString(), anyInt(), eq(zoneId))).thenReturn(user); when(scimUserProvisioning.retrieve(anyString(), eq(zoneId))).thenReturn(user); when(clientDetailsService.loadClientByClientId(anyString(), anyString())).thenReturn(details); AccountCreationService.AccountCreationResponse accountCreation = emailAccountCreationService.completeActivation("the_secret_code"); assertEquals("http://example.com/redirect", accountCreation.getRedirectLocation()); }
@Test(expected = BadCredentialsException.class) public void authentication_fails_withNoClientId() { Map<String,String> codeData = new HashMap<>(); codeData.put("user_id", "test-user-id"); codeData.put("username", "test-username"); codeData.put(OriginKeys.ORIGIN, OriginKeys.UAA); codeData.put("action", ExpiringCodeType.AUTOLOGIN.name()); when(codeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData), null)); manager.authenticate(authenticationToken); }
@Test(expected = InvalidCodeException.class) public void authentication_fails_withInvalidCode() { Map<String,String> codeData = new HashMap<>(); codeData.put("action", "someotheraction"); when(codeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("the_secret_code", new Timestamp(123), JsonUtils.writeValueAsString(codeData), null)); manager.authenticate(authenticationToken); }
@Test public void completeActivitionWithClientNotFound() throws Exception { setUpForSuccess(""); String zoneId = IdentityZoneHolder.get().getId(); when(codeStore.retrieveCode("the_secret_code", zoneId)).thenReturn(code); when(scimUserProvisioning.verifyUser(anyString(), anyInt(), eq(zoneId))).thenReturn(user); when(scimUserProvisioning.retrieve(anyString(), eq(zoneId))).thenReturn(user); doThrow(new NoSuchClientException("Client not found")).when(clientDetailsService).loadClientByClientId(anyString(), anyString()); AccountCreationService.AccountCreationResponse accountCreation = emailAccountCreationService.completeActivation("the_secret_code"); assertEquals("home", accountCreation.getRedirectLocation()); }
@Test public void nonMatchingCodeIntent() { Map<String,String> userData = new HashMap<>(); userData.put(USER_ID, "user-id-001"); userData.put(EMAIL, "user@example.com"); when(expiringCodeStore.retrieveCode(anyString(), eq(IdentityZoneHolder.get().getId()))).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(userData), "wrong-intent")); HttpClientErrorException httpClientErrorException = Assertions.assertThrows(HttpClientErrorException.class, () -> emailInvitationsService.acceptInvitation("code", "password").getRedirectUri()); assertThat(httpClientErrorException.getMessage(), CoreMatchers.containsString("400 BAD_REQUEST")); }
@Test public void testCompleteVerificationWithInvalidIntent() throws Exception { when(codeStore.retrieveCode("invalid_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("invalid_code", new Timestamp(System.currentTimeMillis()), null, "invalid-intent")); Assertions.assertThrows(UaaException.class, () -> emailChangeEmailService.completeVerification("invalid_code")); }
@Test(expected = InvalidCodeException.class) public void authentication_fails_withExpiredCode() { when(codeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(null); manager.authenticate(authenticationToken); }
@Test public void incorrectCodeIntent() throws Exception { Map<String,String> codeData = new HashMap<>(); codeData.put("user_id", "user-id-001"); codeData.put("email", "user@example.com"); codeData.put("client_id", "client-id"); codeData.put("redirect_uri", "blah.test.com"); when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), "incorrect-code-intent"));; MockHttpServletRequestBuilder get = get("/invitations/accept") .param("code", "the_secret_code"); mockMvc.perform(get).andExpect(status().isUnprocessableEntity()); }
@Test public void testCompleteVerificationWithInvalidCode() throws Exception { when(codeStore.retrieveCode("invalid_code", IdentityZoneHolder.get().getId())).thenReturn(null); Assertions.assertThrows(UaaException.class, () -> emailChangeEmailService.completeVerification("invalid_code")); }
@Test public void testStoreLargeData() throws Exception { char[] oneMb = new char[1024 * 1024]; Arrays.fill(oneMb, 'a'); String aaaString = new String(oneMb); ExpiringCode expiringCode = expiringCodeStore.generateCode(aaaString, new Timestamp( System.currentTimeMillis() + 60000), null, IdentityZoneHolder.get().getId()); String code = expiringCode.getCode(); ExpiringCode actualCode = expiringCodeStore.retrieveCode(code, IdentityZoneHolder.get().getId()); Assert.assertEquals(expiringCode, actualCode); }
@Test public void testCompleteActivationWithExpiredCode() throws Exception { when(codeStore.retrieveCode("expiring_code", IdentityZoneHolder.get().getId())).thenReturn(null); try { emailAccountCreationService.completeActivation("expiring_code"); fail(); } catch (HttpClientErrorException e) { assertThat(e.getStatusCode(), equalTo(BAD_REQUEST)); } }
@Test public void testExpiredCodeReturnsNull() throws Exception { long generationTime = 100000L; when(timeService.getCurrentTimeMillis()).thenReturn(generationTime); String data = "{}"; Timestamp expiresAt = new Timestamp(generationTime); ExpiringCode generatedCode = expiringCodeStore.generateCode(data, expiresAt, null, IdentityZoneHolder.get().getId()); long expirationTime = 200000L; when(timeService.getCurrentTimeMillis()).thenReturn(expirationTime); ExpiringCode retrievedCode = expiringCodeStore.retrieveCode(generatedCode.getCode(), IdentityZoneHolder.get().getId()); Assert.assertNull(retrievedCode); }
@Test public void testRetrieveCodeWithCodeNotFound() throws Exception { ExpiringCode retrievedCode = expiringCodeStore.retrieveCode("unknown", IdentityZoneHolder.get().getId()); Assert.assertNull(retrievedCode); }
@Test public void changeEmail_withIncorrectCode() throws Exception { when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())) .thenReturn(new ExpiringCode("the_secret_code", new Timestamp(System.currentTimeMillis()), "{\"userId\":\"user-id-001\",\"email\":\"new@example.com\",\"client_id\":null}", "incorrect-code")); mockMvc.perform(post("/email_changes") .contentType(APPLICATION_JSON) .content("the_secret_code") .accept(APPLICATION_JSON)) .andExpect(MockMvcResultMatchers.status().isUnprocessableEntity()); } }
@Test public void testRetrieveCode() throws Exception { String data = "{}"; Timestamp expiresAt = new Timestamp(System.currentTimeMillis() + 60000); ExpiringCode generatedCode = expiringCodeStore.generateCode(data, expiresAt, null, IdentityZoneHolder.get().getId()); ExpiringCode retrievedCode = expiringCodeStore.retrieveCode(generatedCode.getCode(), IdentityZoneHolder.get().getId()); Assert.assertEquals(generatedCode, retrievedCode); Assert.assertNull(expiringCodeStore.retrieveCode(generatedCode.getCode(), IdentityZoneHolder.get().getId())); }
@Test public void testRetrieveCode_In_Another_Zone() throws Exception { String data = "{}"; Timestamp expiresAt = new Timestamp(System.currentTimeMillis() + 60000); ExpiringCode generatedCode = expiringCodeStore.generateCode(data, expiresAt, null, IdentityZoneHolder.get().getId()); IdentityZoneHolder.set(MultitenancyFixture.identityZone("other","other")); Assert.assertNull(expiringCodeStore.retrieveCode(generatedCode.getCode(), IdentityZoneHolder.get().getId())); IdentityZoneHolder.clear(); ExpiringCode retrievedCode = expiringCodeStore.retrieveCode(generatedCode.getCode(), IdentityZoneHolder.get().getId()); Assert.assertEquals(generatedCode, retrievedCode); }
@Test public void testAcceptInvitePageWithExpiredCode() throws Exception { when(expiringCodeStore.retrieveCode(anyString(), eq(IdentityZoneHolder.get().getId()))).thenReturn(null); MockHttpServletRequestBuilder get = get("/invitations/accept").param("code", "the_secret_code"); mockMvc.perform(get) .andExpect(status().isUnprocessableEntity()) .andExpect(model().attribute("error_message_code", "code_expired")) .andExpect(view().name("invitations/accept_invite")) .andExpect(xpath("//*[@class='email-display']").doesNotExist()) .andExpect(xpath("//form").doesNotExist()); assertNull(SecurityContextHolder.getContext().getAuthentication()); }