/** * @see UserService#changePassword(User,String) */ @Test public void changePassword_shouldChangePasswordForTheGivenUserAndPassword() { userService.changePassword("test", "Another new password1"); userService.changePassword("Another new password1", "Yet another new password1"); // try to change the password with the new one }
/** * Test changing a user's password multiple times in the same transaction * * @see UserService#changePassword(String,String) */ @Test public void changePassword_shouldBeAbleToUpdatePasswordMultipleTimes() { User u = userService.getUserByUsername(ADMIN_USERNAME); assertNotNull("There needs to be a user with username 'admin' in the database", u); userService.changePassword("test", "Tester12"); userService.changePassword("Tester12", "Tester13"); }
@Test public void changePassword_shouldThrowShortPasswordExceptionWithShortPassword() { expectedException.expect(ShortPasswordException.class); expectedException.expectMessage( messages.getMessage("error.password.length", new Object[] {"8"}, null)); userService.changePassword("test", ""); }
try { Context.authenticate("admin", "test"); Context.getUserService().changePassword("test", wizardModel.adminUserPassword); Context.logout();
/** * @see UserService#changePassword(String,String) */ @Test public void changePassword_shouldMatchOnCorrectlyHashedSha1StoredPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("correctlyhashedSha1", "test"); userService.changePassword("test", "Tester12"); Context.logout(); // so that the next test reauthenticates }
/** * @see UserService#changePassword(String,String) */ @Test public void changePassword_shouldMatchOnIncorrectlyHashedSha1StoredPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("incorrectlyhashedSha1", "test"); userService.changePassword("test", "Tester12"); Context.logout(); // so that the next test reauthenticates }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldThrowAPIExceptionIfGivenUserDoesNotExist() { //user.getUserId is null - so it is not existing user User notExistingUser = new User(); String anyString = "anyString"; expectedException.expect(APIException.class); expectedException.expectMessage(messages.getMessage("user.must.exist")); userService.changePassword(notExistingUser, anyString, anyString); }
/** * @see UserService#changePassword(String,String) */ @Test public void changePassword_shouldMatchOnSha512HashedPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("userWithSha512Hash", "test"); userService.changePassword("test", "Tester12"); Context.logout(); // so that the next test reauthenticates }
@Test public void changePassword_shouldUpdatePasswordOfGivenUserWhenLoggedInUserHasEditUsersPasswordPrivilege() { User user = userService.getUserByUsername(ADMIN_USERNAME); assertNotNull("There needs to be a user with username 'admin' in the database", user); userService.changePassword(user, "testTest123"); Context.authenticate(user.getUsername(), "testTest123"); }
/** * @see UserService#changeHashedPassword(User,String,String) */ @Test public void changeHashedPassword_shouldChangeTheHashedPasswordForTheGivenUser() { User user = userService.getUser(1); String salt = Security.getRandomToken(); String hash = Security.encodeString("new password" + salt); userService.changeHashedPassword(user, hash, salt); // TODO Review this a little further // This is the assert - checks to see if current user can use the new password userService.changePassword("new password", "Another new password1"); // try to change the password with the new one }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldChangePasswordForGivenUserIfOldPasswordIsNullAndChangingUserHavePrivileges() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String oldPassword = null; String newPassword = "newPasswordString123"; userService.changePassword(user6001, oldPassword, newPassword); Context.authenticate(user6001.getUsername(), newPassword); }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldThrowExceptionIfNewPasswortIsTooShort() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String oldPassword = "userServiceTest"; String weakPassword = "weak"; expectedException.expectMessage( messages.getMessage("error.password.length", new Object[] {"8"}, null)); userService.changePassword(user6001, oldPassword, weakPassword); }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldChangePasswordForGivenUserIfOldPasswordIsCorrectlyPassed() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String oldPassword = "userServiceTest"; String newPassword = "newPasswordString123"; userService.changePassword(user6001, oldPassword, newPassword); //try to authenticate with new password Context.authenticate(user6001.getUsername(), newPassword); }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldThrowAPIExceptionIfOldPasswordIsNotCorrect() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String wrongPassword = "wrong password!"; String newPassword = "newPasswordString"; //log in user without change user passwords privileges //user6001 has not got required priviliges Context.authenticate(user6001.getUsername(), "userServiceTest"); expectedException.expect(APIAuthenticationException.class); expectedException.expectMessage(messages .getMessage("error.privilegesRequired", new Object[] {PrivilegeConstants.EDIT_USER_PASSWORDS}, null)); userService.changePassword(user6001, wrongPassword, newPassword); }
@Test public void changePassword_shouldNotUpdatePasswordOfGivenUserWhenLoggedInUserDoesNotHaveEditUsersPasswordPrivilege() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); expectedException.expect(APIAuthenticationException.class); expectedException.expectMessage( messages.getMessage("error.privilegesRequired", new Object[] {PrivilegeConstants.EDIT_USER_PASSWORDS}, null)); userService.changePassword(user, "testTest123"); }
/** * Changes the password of the user. * * @param currentPassword Old password * @param newPassword New password * @throws MRSException Thrown when change password fails */ @Override public void changeCurrentUserPassword(String currentPassword, String newPassword) { try { userService.changePassword(currentPassword, newPassword); } catch (APIException e) { throw new MRSException(e); } }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldThrowExceptionIfOldPasswordIsNullAndChangingUserHaveNotPrivileges() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); assertFalse(user6001.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); String oldPassword = null; String newPassword = "newPasswordString"; //log in user without change user passwords privileges //user6001 has not got required priviliges Context.authenticate(user6001.getUsername(), "userServiceTest"); expectedException.expect(APIException.class); expectedException.expectMessage(messages .getMessage("error.privilegesRequired", new Object[] {PrivilegeConstants.EDIT_USER_PASSWORDS}, null)); userService.changePassword(user6001, oldPassword, newPassword); }
@RequestMapping(method = RequestMethod.POST) @ResponseStatus(HttpStatus.OK) public void changeOwnPassword(@RequestBody Map<String, String> body) { String oldPassword = body.get("oldPassword"); String newPassword = body.get("newPassword"); if (!Context.isAuthenticated()) { throw new APIAuthenticationException("Must be authenticated to change your own password"); } try { userService.changePassword(oldPassword, newPassword); } catch (APIException ex) { // this happens if they give the wrong oldPassword throw new ValidationException(ex.getMessage()); } }
/** * @see org.openmrs.module.webservices.rest.web.resource.impl.DelegatingCrudResource#save(java.lang.Object) */ @Override public UserAndPassword1_8 save(UserAndPassword1_8 user) { User openmrsUser = new User(); String password = user.getPassword(); openmrsUser = Context.getUserService().saveUser(user.getUser(), password); Context.refreshAuthenticatedUser(); if (openmrsUser.getId() != null && StringUtils.isNotBlank(password)) { Context.getUserService().changePassword(openmrsUser, password); } return new UserAndPassword1_8(openmrsUser); }
private User setUpUser(String userName) throws Exception { User user = service.getUserByUsername(userName); final String newPassword = "SomeOtherPassword123"; service.changePassword(user, newPassword); Context.logout(); Context.authenticate(userName, newPassword); return Context.getAuthenticatedUser(); }