@After public void resetGenerator() { webApplicationContext.getBean(JdbcExpiringCodeStore.class).setGenerator(new RandomValueStringGenerator(24)); }
@AfterEach void resetGenerator( @Autowired JdbcExpiringCodeStore jdbcExpiringCodeStore, @Autowired LoginInfoEndpoint loginInfoEndpoint, @Autowired HomeController homeController ) { jdbcExpiringCodeStore.setGenerator(new RandomValueStringGenerator(24)); loginInfoEndpoint.setGlobalLinks(globalLinks); homeController.setGlobalLinks(globalLinks); }
@After public void resetGenerator() throws Exception { getWebApplicationContext().getBean(JdbcExpiringCodeStore.class).setGenerator(new RandomValueStringGenerator(24)); }
@Test public void changePassword_isSuccessful() throws Exception { MockMvcUtils.PredictableGenerator generator = new MockMvcUtils.PredictableGenerator(); JdbcExpiringCodeStore store = getWebApplicationContext().getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); String code = getExpiringCode(null, null); MockHttpServletRequestBuilder post = post("/password_change") .header("Authorization", "Bearer " + loginToken) .contentType(APPLICATION_JSON) .content("{\"code\":\"" + code + "\",\"new_password\":\"new_secr3T\"}") .accept(APPLICATION_JSON); getMockMvc().perform(post) .andExpect(status().isOk()) .andExpect(jsonPath("$.user_id").exists()) .andExpect(jsonPath("$.username").value(user.getUserName())) .andExpect(jsonPath("$.code").value("test" + generator.counter.get())); ExpiringCode expiringCode = store.retrieveCode("test" + generator.counter.get(), IdentityZoneHolder.get().getId()); assertThat(expiringCode.getIntent(), is(ExpiringCodeType.AUTOLOGIN.name())); Map<String,String> data = JsonUtils.readValue(expiringCode.getData(), new TypeReference<Map<String,String>>() {}); assertThat(data.get("user_id"), is(user.getId())); assertThat(data.get("username"), is(user.getUserName())); assertThat(data.get(OAuth2Utils.CLIENT_ID), is("login")); assertThat(data.get(OriginKeys.ORIGIN), is(OriginKeys.UAA)); }
@Test void testCreatingAnAccountWithNoClientRedirect() throws Exception { PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); mockMvc.perform(post("/create_account.do") .with(cookieCsrf()) .param("email", userEmail) .param("password", "secr3T") .param("password_confirmation", "secr3T")) .andExpect(status().isFound()) .andExpect(redirectedUrl("accounts/email_sent")); FakeJavaMailSender.MimeMessageWrapper message = fakeJavaMailSender.getSentMessages().get(0); assertTrue(message.getContentString().contains("Cloud Foundry")); assertThat(message.getMessage().getHeader("From"), hasItemInArray("Cloud Foundry <admin@localhost>")); mockMvc.perform(get("/verify_user") .param("code", "test" + generator.counter.get())) .andExpect(status().isFound()) .andExpect(redirectedUrl(LOGIN_REDIRECT)) .andReturn(); MvcResult mvcResult = loginWithAccount("") .andExpect(authenticated()) .andReturn(); SecurityContext securityContext = (SecurityContext) mvcResult.getRequest().getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); Authentication authentication = securityContext.getAuthentication(); assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); }
@Test void testCreatingAnAccountWithAnEmptyClientId() throws Exception { PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); mockMvc.perform(post("/create_account.do") .with(cookieCsrf()) .param("email", userEmail) .param("password", "secr3T") .param("password_confirmation", "secr3T") .param("client_id", "")) .andExpect(status().isFound()) .andExpect(redirectedUrl("accounts/email_sent")); mockMvc.perform(get("/verify_user") .param("code", "test" + generator.counter.get())) .andExpect(status().isFound()) .andExpect(redirectedUrl(LOGIN_REDIRECT)) .andReturn(); MvcResult mvcResult = loginWithAccount("") .andExpect(authenticated()) .andReturn(); SecurityContext securityContext = (SecurityContext) mvcResult.getRequest().getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); Authentication authentication = securityContext.getAuthentication(); assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); }
@Test void testCreatingAnAccount() throws Exception { PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); mockMvc.perform(post("/create_account.do") .with(cookieCsrf()) .param("email", userEmail) .param("password", "secr3T") .param("password_confirmation", "secr3T")) .andExpect(status().isFound()) .andExpect(redirectedUrl("accounts/email_sent")); JdbcScimUserProvisioning scimUserProvisioning = webApplicationContext.getBean(JdbcScimUserProvisioning.class); ScimUser scimUser = scimUserProvisioning.query("userName eq '" + userEmail + "' and origin eq '" + OriginKeys.UAA + "'", IdentityZoneHolder.get().getId()).get(0); assertFalse(scimUser.isVerified()); mockMvc.perform(get("/verify_user") .param("code", "test" + generator.counter.get())) .andExpect(status().isFound()) .andExpect(redirectedUrl(LOGIN_REDIRECT)) .andReturn(); MvcResult mvcResult = loginWithAccount("") .andExpect(authenticated()) .andReturn(); SecurityContext securityContext = (SecurityContext) mvcResult.getRequest().getSession().getAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY); Authentication authentication = securityContext.getAuthentication(); assertThat(authentication.getPrincipal(), instanceOf(UaaPrincipal.class)); UaaPrincipal principal = (UaaPrincipal) authentication.getPrincipal(); assertThat(principal.getEmail(), equalTo(userEmail)); assertThat(principal.getOrigin(), equalTo(OriginKeys.UAA)); }
private void createAccount(String expectedRedirectUri, String redirectUri) throws Exception { PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator);
@Test void autologin_with_validCode_RedirectsToHome( @Autowired JdbcExpiringCodeStore jdbcExpiringCodeStore ) throws Exception { MockMvcUtils.PredictableGenerator generator = new MockMvcUtils.PredictableGenerator(); jdbcExpiringCodeStore.setGenerator(generator); AutologinRequest request = new AutologinRequest(); request.setUsername("marissa"); request.setPassword("koala"); mockMvc.perform(post("/autologin") .header("Authorization", "Basic " + new String(Base64.encode("admin:adminsecret".getBytes()))) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isOk()); mockMvc.perform(get("/autologin") .param("code", "test" + generator.counter.get()) .param("client_id", "admin")) .andExpect(redirectedUrl("home")); }
PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator);
@Test void autologin_with_validCode_RedirectsToSavedRequest_ifPresent( @Autowired JdbcExpiringCodeStore jdbcExpiringCodeStore ) throws Exception { MockHttpSession session = MockMvcUtils.getSavedRequestSession(); MockMvcUtils.PredictableGenerator generator = new MockMvcUtils.PredictableGenerator(); jdbcExpiringCodeStore.setGenerator(generator); AutologinRequest request = new AutologinRequest(); request.setUsername("marissa"); request.setPassword("koala"); mockMvc.perform(post("/autologin") .header("Authorization", "Basic " + new String(Base64.encode("admin:adminsecret".getBytes()))) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isOk()); mockMvc.perform(get("/autologin") .session(session) .param("code", "test" + generator.counter.get()) .param("client_id", "admin")) .andExpect(redirectedUrl("http://test/redirect/oauth/authorize")); }
@Test public void changePassword_isSuccessful_withOverridenClientId() throws Exception { MockMvcUtils.PredictableGenerator generator = new MockMvcUtils.PredictableGenerator(); JdbcExpiringCodeStore store = getWebApplicationContext().getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); String code = getExpiringCode("another-client", null); MockHttpServletRequestBuilder post = post("/password_change") .header("Authorization", "Bearer " + loginToken) .contentType(APPLICATION_JSON) .content("{\"code\":\"" + code + "\",\"new_password\":\"new_secr3T\"}") .accept(APPLICATION_JSON); getMockMvc().perform(post) .andExpect(status().isOk()) .andExpect(jsonPath("$.user_id").exists()) .andExpect(jsonPath("$.username").value(user.getUserName())) .andExpect(jsonPath("$.code").value("test" + generator.counter.get())); ExpiringCode expiringCode = store.retrieveCode("test" + generator.counter.get(), IdentityZoneHolder.get().getId()); Map<String,String> data = JsonUtils.readValue(expiringCode.getData(), new TypeReference<Map<String,String>>() {}); assertThat(data.get(OAuth2Utils.CLIENT_ID), is("another-client")); }
@Test public void new_code_overwrite_old_code_for_repeated_request() throws Exception { String username = new RandomValueStringGenerator().generate(); ScimUser user = new ScimUser(null, username, "givenname","familyname"); user.setPrimaryEmail(username + "@test.org"); user.setPassword("secret"); String token = MockMvcUtils.getClientCredentialsOAuthAccessToken(mockMvc, "admin", "adminsecret", null, null); user = MockMvcUtils.createUser(mockMvc, token, user); PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); JdbcTemplate template = webApplicationContext.getBean(JdbcTemplate.class); String intent = FORGOT_PASSWORD_INTENT_PREFIX+user.getId(); mockMvc.perform(post("/forgot_password.do") .param("username", user.getUserName())) .andExpect(redirectedUrl("email_sent?code=reset_password")); mockMvc.perform(post("/forgot_password.do") .param("username", user.getUserName())) .andExpect(redirectedUrl("email_sent?code=reset_password")); assertEquals(1, (int)template.queryForObject("select count(*) from expiring_code_store where intent=?", new Object[] {intent}, Integer.class)); }
PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator);
@Test void redirectToSavedRequest_ifPresent() throws Exception { MockHttpSession session = MockMvcUtils.getSavedRequestSession(); PredictableGenerator generator = new PredictableGenerator(); JdbcExpiringCodeStore store = webApplicationContext.getBean(JdbcExpiringCodeStore.class); store.setGenerator(generator); mockMvc.perform(post("/create_account.do") .with(cookieCsrf()) .session(session) .param("email", "testuser@test.org") .param("password", "test-password") .param("password_confirmation", "test-password")) .andExpect(redirectedUrl("accounts/email_sent")); mockMvc.perform(get("/verify_user") .session(session) .param("code", "test" + generator.counter.get())) .andExpect(status().isFound()) .andExpect(redirectedUrl(LOGIN_REDIRECT)) .andReturn(); assertNotNull(((SavedRequest) session.getAttribute(SAVED_REQUEST_SESSION_ATTRIBUTE)).getRedirectUrl()); }
store.setGenerator(generator);