/** * @see Context#authenticate(String,String) */ @Test(expected = ContextAuthenticationException.class) public void authenticate_shouldNotAuthenticateWithNullPasswordAndProperSystemId() { Context.authenticate("1-8", null); }
/** * @see Context#authenticate(String,String) */ @Test(expected = ContextAuthenticationException.class) public void authenticate_shouldNotAuthenticateWithNullUsername() { Context.authenticate(null, "some password"); }
/** * @see Context#authenticate(String,String) */ @Test(expected = ContextAuthenticationException.class) public void authenticate_shouldNotAuthenticateWithNullPassword() { Context.authenticate("some username", null); }
/** * @see Context#authenticate(String,String) */ @Test(expected = ContextAuthenticationException.class) public void authenticate_shouldNotAuthenticateWithNullUsernameAndPassword() { Context.authenticate(null, null); }
/** * @see Context#authenticate(String,String) */ @Test(expected = ContextAuthenticationException.class) public void authenticate_shouldNotAuthenticateWithNullPasswordAndProperUsername() { Context.authenticate("admin", null); }
@Test public void authenticate_shouldRightlyTriggerUserSessionListener_withSuccessfulLogin() { testUserSessionListener.clear(); Context.authenticate("admin", "test"); assertThat(testUserSessionListener.logins, contains("admin:LOGIN:SUCCESS")); assertThat(testUserSessionListener.logouts, empty()); }
@Test public void changePasswordUsingSecretAnswer_shouldUpdatePasswordIfSecretIsCorrect() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); userService.changePasswordUsingSecretAnswer("answer", "userServiceTest2"); Context.authenticate(user.getUsername(), "userServiceTest2"); }
/** * @see UserService#changePassword(String,String) */ @Test public void changePassword_shouldMatchOnSha512HashedPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("userWithSha512Hash", "test"); userService.changePassword("test", "Tester12"); Context.logout(); // so that the next test reauthenticates }
/** * @see UserService#changeQuestionAnswer(String,String,String) */ @Test public void changeQuestionAnswer_shouldMatchOnCorrectlyHashedStoredPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("correctlyhashedSha1", "test"); userService.changeQuestionAnswer("test", "some question", "some answer"); Context.logout(); // so that the next test reauthenticates }
/** * @see UserService#changePassword(String,String) */ @Test public void changePassword_shouldMatchOnCorrectlyHashedSha1StoredPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("correctlyhashedSha1", "test"); userService.changePassword("test", "Tester12"); Context.logout(); // so that the next test reauthenticates }
/** * @see UserService#changeQuestionAnswer(String,String,String) */ @Test public void changeQuestionAnswer_shouldMatchOnIncorrectlyHashedStoredPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("incorrectlyhashedSha1", "test"); userService.changeQuestionAnswer("test", "some question", "some answer"); Context.logout(); // so that the next test reauthenticates }
@Test public void changePassword_shouldUpdatePasswordOfGivenUserWhenLoggedInUserHasEditUsersPasswordPrivilege() { User user = userService.getUserByUsername(ADMIN_USERNAME); assertNotNull("There needs to be a user with username 'admin' in the database", user); userService.changePassword(user, "testTest123"); Context.authenticate(user.getUsername(), "testTest123"); }
/** * @see UserService#changePassword(String,String) */ @Test public void changePassword_shouldMatchOnIncorrectlyHashedSha1StoredPassword() { executeDataSet(XML_FILENAME); Context.logout(); Context.authenticate("incorrectlyhashedSha1", "test"); userService.changePassword("test", "Tester12"); Context.logout(); // so that the next test reauthenticates }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldChangePasswordForGivenUserIfOldPasswordIsNullAndChangingUserHavePrivileges() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String oldPassword = null; String newPassword = "newPasswordString123"; userService.changePassword(user6001, oldPassword, newPassword); Context.authenticate(user6001.getUsername(), newPassword); }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldChangePasswordForGivenUserIfOldPasswordIsCorrectlyPassed() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String oldPassword = "userServiceTest"; String newPassword = "newPasswordString123"; userService.changePassword(user6001, oldPassword, newPassword); //try to authenticate with new password Context.authenticate(user6001.getUsername(), newPassword); }
/** * @throws ServletException * @see UpdateFilter#authenticateAsSuperUser(String,String) */ @Test public void authenticateAsSuperUser_shouldReturnFalseIfGivenUserIsNotSuperuser() throws ServletException { // can switch to using "butch" in standardDataSet once we know bruno's password executeDataSet("org/openmrs/api/include/UserServiceTest.xml"); Context.authenticate("userWithSha512Hash", "test"); // sanity check Context.logout(); Assert.assertFalse(new UpdateFilter().authenticateAsSuperUser("userWithSha512Hash", "test")); }
@Test public void changePasswordUsingSecretAnswer_shouldNotUpdatePasswordIfSecretIsNotCorrect() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); expectedException.expect(APIException.class); expectedException.expectMessage(messages.getMessage("secret.answer.not.correct")); userService.changePasswordUsingSecretAnswer("wrong answer", "userServiceTest2"); }
@Test public void changePassword_shouldNotUpdatePasswordOfGivenUserWhenLoggedInUserDoesNotHaveEditUsersPasswordPrivilege() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); expectedException.expect(APIAuthenticationException.class); expectedException.expectMessage( messages.getMessage("error.privilegesRequired", new Object[] {PrivilegeConstants.EDIT_USER_PASSWORDS}, null)); userService.changePassword(user, "testTest123"); }
@Test public void changePasswordUsingActivationKey_shouldNotUpdatePasswordIfActivationKeyIsIncorrect() { User u = new User(); u.setPerson(new Person()); u.addName(new PersonName("Benjamin", "A", "Wolfe")); u.setUsername("bwolfe"); u.getPerson().setGender("M"); User createdUser = userService.createUser(u, "Openmr5xy"); String key = "wrongactivationkeyin"; Context.authenticate(createdUser.getUsername(), "Openmr5xy"); expectedException.expect(InvalidActivationKeyException.class); expectedException.expectMessage(messages.getMessage("activation.key.not.correct")); userService.changePasswordUsingActivationKey(key, "Pa55w0rd"); }
@Test public void changePassword_shouldNotOverwriteUserSecretQuestionOrAnswer() { dao.changePassword(userJoe, PASSWORD); dao.changeQuestionAnswer(userJoe, SECRET_QUESTION, SECRET_ANSWER); LoginCredential lc = dao.getLoginCredential(userJoe); String hashedSecretAnswer = Security.encodeString(SECRET_ANSWER + lc.getSalt()); assertEquals("question should be set", SECRET_QUESTION, lc.getSecretQuestion()); assertEquals("answer should be set", hashedSecretAnswer, lc.getSecretAnswer()); Context.authenticate(userJoe.getUsername(), PASSWORD); dao.changePassword(PASSWORD, PASSWORD + "foo"); lc = dao.getLoginCredential(userJoe); assertEquals("question should not have changed", SECRET_QUESTION, lc.getSecretQuestion()); assertEquals("answer should not have changed", hashedSecretAnswer, lc.getSecretAnswer()); }