@Test public void count_tokens_by_user() { UserDto user = db.users().insertUser(); db.users().insertToken(user, t -> t.setName("name")); db.users().insertToken(user, t -> t.setName("another-name")); Map<String, Integer> result = underTest.countTokensByUsers(dbSession, singletonList(user)); assertThat(result.get(user.getUuid())).isEqualTo(2); assertThat(result.get("unknown-user_uuid")).isNull(); } }
@Test public void delete_tokens_by_user() { UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); db.users().insertToken(user1); db.users().insertToken(user1); db.users().insertToken(user2); underTest.deleteByUser(dbSession, user1); db.commit(); assertThat(underTest.selectByUser(dbSession, user1)).isEmpty(); assertThat(underTest.selectByUser(dbSession, user2)).hasSize(1); }
@Test public void return_login_when_token_hash_found_in_db() { String token = "known-token"; String tokenHash = "123456789"; when(tokenGenerator.hash(token)).thenReturn(tokenHash); UserDto user1 = db.users().insertUser(); db.users().insertToken(user1, t -> t.setTokenHash(tokenHash)); UserDto user2 = db.users().insertUser(); db.users().insertToken(user2, t -> t.setTokenHash("another-token-hash")); Optional<String> login = underTest.authenticate(token); assertThat(login.isPresent()).isTrue(); assertThat(login.get()).isEqualTo(user1.getUuid()); }
@Test public void delete_token_by_user_and_name() { UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); db.users().insertToken(user1, t -> t.setName("name")); db.users().insertToken(user1, t -> t.setName("another-name")); db.users().insertToken(user2, t -> t.setName("name")); underTest.deleteByUserAndName(dbSession, user1, "name"); assertThat(underTest.selectByUserAndName(dbSession, user1, "name")).isNull(); assertThat(underTest.selectByUserAndName(dbSession, user1, "another-name")).isNotNull(); assertThat(underTest.selectByUserAndName(dbSession, user2, "name")).isNotNull(); }
@Test public void select_by_token_hash() { UserDto user = db.users().insertUser(); String tokenHash = "123456789"; db.users().insertToken(user, t -> t.setTokenHash(tokenHash)); UserTokenDto result = underTest.selectByTokenHash(db.getSession(), tokenHash); assertThat(result).isNotNull(); }
@Test public void deactivate_user_deletes_his_tokens() { logInAsSystemAdministrator(); UserDto user = db.users().insertUser(); db.users().insertToken(user); db.users().insertToken(user); db.commit(); deactivate(user.getLogin()); assertThat(db.getDbClient().userTokenDao().selectByUser(dbSession, user)).isEmpty(); }
@Test public void select_by_user_and_name() { UserDto user = db.users().insertUser(); UserTokenDto userToken = db.users().insertToken(user, t -> t.setName("name").setTokenHash("token")); UserTokenDto resultByLoginAndName = underTest.selectByUserAndName(db.getSession(), user, userToken.getName()); assertThat(resultByLoginAndName.getUserUuid()).isEqualTo(user.getUuid()); assertThat(resultByLoginAndName.getName()).isEqualTo(userToken.getName()); assertThat(resultByLoginAndName.getCreatedAt()).isEqualTo(userToken.getCreatedAt()); assertThat(resultByLoginAndName.getTokenHash()).isEqualTo(userToken.getTokenHash()); assertThat(underTest.selectByUserAndName(db.getSession(), user, "unknown-name")).isNull(); }
@Test public void user_can_delete_its_own_tokens() { UserDto user = db.users().insertUser(); UserTokenDto token = db.users().insertToken(user); userSession.logIn(user); String response = newRequest(null, token.getName()); assertThat(response).isEmpty(); assertThat(dbClient.userTokenDao().selectByUser(dbSession, user)).isEmpty(); }
@Test public void a_user_can_search_its_own_token() { UserDto user = db.users().insertUser(); db.users().insertToken(user, t -> t.setName("Project scan on Travis").setCreatedAt(1448523067221L)); userSession.logIn(user); SearchWsResponse response = newRequest(null); assertThat(response.getUserTokensCount()).isEqualTo(1); }
@Test public void fail_if_token_hash_already_exists_in_db() { UserDto user = db.users().insertUser(); logInAsSystemAdministrator(); when(tokenGenerator.hash(anyString())).thenReturn("987654321"); db.users().insertToken(user, t -> t.setTokenHash("987654321")); expectedException.expect(ServerException.class); expectedException.expectMessage("Error while generating token. Please try again."); newRequest(user.getLogin(), TOKEN_NAME); }
@Test public void delete_token_in_db() { logInAsSystemAdministrator(); UserDto user1 = db.users().insertUser(); UserDto user2 = db.users().insertUser(); UserTokenDto tokenToDelete = db.users().insertToken(user1); UserTokenDto tokenToKeep1 = db.users().insertToken(user1); UserTokenDto tokenToKeep2 = db.users().insertToken(user1); UserTokenDto tokenFromAnotherUser = db.users().insertToken(user2); String response = newRequest(user1.getLogin(), tokenToDelete.getName()); assertThat(response).isEmpty(); assertThat(dbClient.userTokenDao().selectByUser(dbSession, user1)) .extracting(UserTokenDto::getName) .containsExactlyInAnyOrder(tokenToKeep1.getName(), tokenToKeep2.getName()); assertThat(dbClient.userTokenDao().selectByUser(dbSession, user2)) .extracting(UserTokenDto::getName) .containsExactlyInAnyOrder(tokenFromAnotherUser.getName()); }
@Test public void search_json_example() { UserDto user1 = db.users().insertUser(u -> u.setLogin("grace.hopper")); UserDto user2 = db.users().insertUser(u -> u.setLogin("ada.lovelace")); db.users().insertToken(user1, t -> t.setName("Project scan on Travis").setCreatedAt(1448523067221L)); db.users().insertToken(user1, t -> t.setName("Project scan on AppVeyor").setCreatedAt(1438523067221L)); db.users().insertToken(user1, t -> t.setName("Project scan on Jenkins").setCreatedAt(1428523067221L)); db.users().insertToken(user2, t -> t.setName("Project scan on Travis").setCreatedAt(141456787123L)); logInAsSystemAdministrator(); String response = ws.newRequest() .setParam(PARAM_LOGIN, user1.getLogin()) .execute().getInput(); assertJson(response).isSimilarTo(getClass().getResource("search-example.json")); }
@Test public void does_not_fail_when_incorrect_login_or_name() { UserDto user = db.users().insertUser(); db.users().insertToken(user); logInAsSystemAdministrator(); newRequest(user.getLogin(), "another-token-name"); }
@Test public void fail_if_token_with_same_login_and_name_exists() { UserDto user = db.users().insertUser(); logInAsSystemAdministrator(); db.users().insertToken(user, t -> t.setName(TOKEN_NAME)); expectedException.expect(BadRequestException.class); expectedException.expectMessage(String.format("A user token for login '%s' and name 'Third Party Application' already exists", user.getLogin())); newRequest(user.getLogin(), TOKEN_NAME); }
@Test public void throw_ForbiddenException_if_non_administrator_revokes_token_of_someone_else() { UserDto user = db.users().insertUser(); UserTokenDto token = db.users().insertToken(user); userSession.logIn(); expectedException.expect(ForbiddenException.class); newRequest(user.getLogin(), token.getName()); }
@Test public void throw_UnauthorizedException_if_not_logged_in() { UserDto user = db.users().insertUser(); UserTokenDto token = db.users().insertToken(user); userSession.anonymous(); expectedException.expect(UnauthorizedException.class); newRequest(user.getLogin(), token.getName()); }
@Test public void return_tokens_count_for_logged_user() { UserDto user = db.users().insertUser(); db.users().insertToken(user); db.users().insertToken(user); userIndexer.indexOnStartup(null); userSession.logIn(); assertThat(ws.newRequest() .executeProtobuf(SearchWsResponse.class).getUsersList()) .extracting(User::getLogin, User::hasTokensCount) .containsExactlyInAnyOrder(tuple(user.getLogin(), false)); userSession.logIn(user); assertThat(ws.newRequest() .executeProtobuf(SearchWsResponse.class).getUsersList()) .extracting(User::getLogin, User::getTokensCount) .containsExactlyInAnyOrder(tuple(user.getLogin(), 2)); }
@Test public void return_tokens_count_when_system_administer() { UserDto user = db.users().insertUser(); db.users().insertToken(user); db.users().insertToken(user); userIndexer.indexOnStartup(null); userSession.logIn().setSystemAdministrator(); assertThat(ws.newRequest() .executeProtobuf(SearchWsResponse.class).getUsersList()) .extracting(User::getLogin, User::getTokensCount) .containsExactlyInAnyOrder(tuple(user.getLogin(), 2)); userSession.logIn(); assertThat(ws.newRequest() .executeProtobuf(SearchWsResponse.class).getUsersList()) .extracting(User::getLogin, User::hasTokensCount) .containsExactlyInAnyOrder(tuple(user.getLogin(), false)); }
@Test public void test_json_example() { UserDto fmallet = db.users().insertUser(u -> u.setLogin("fmallet").setName("Freddy Mallet").setEmail("f@m.com") .setLocal(true) .setScmAccounts(emptyList()) .setExternalLogin("fmallet") .setExternalIdentityProvider("sonarqube")); UserDto simon = db.users().insertUser(u -> u.setLogin("sbrandhof").setName("Simon").setEmail("s.brandhof@company.tld") .setLocal(false) .setExternalLogin("sbrandhof@ldap.com") .setExternalIdentityProvider("LDAP") .setScmAccounts(asList("simon.brandhof", "s.brandhof@company.tld"))); GroupDto sonarUsers = db.users().insertGroup(db.getDefaultOrganization(), "sonar-users"); GroupDto sonarAdministrators = db.users().insertGroup(db.getDefaultOrganization(), "sonar-administrators"); db.users().insertMember(sonarUsers, simon); db.users().insertMember(sonarUsers, fmallet); db.users().insertMember(sonarAdministrators, fmallet); db.users().insertToken(simon); db.users().insertToken(simon); db.users().insertToken(simon); db.users().insertToken(fmallet); userIndexer.indexOnStartup(null); userSession.logIn().setSystemAdministrator(); String response = ws.newRequest().execute().getInput(); assertJson(response).isSimilarTo(getClass().getResource("search-example.json")); }
@Test public void only_return_login_and_name_when_not_logged() { UserDto user = db.users().insertUser(); db.users().insertToken(user); GroupDto group = db.users().insertGroup(db.getDefaultOrganization()); db.users().insertMember(group, user); userIndexer.indexOnStartup(null); userSession.anonymous(); SearchWsResponse response = ws.newRequest() .executeProtobuf(SearchWsResponse.class); assertThat(response.getUsersList()) .extracting(User::getLogin, User::getName, User::hasTokensCount, User::hasScmAccounts, User::hasAvatar, User::hasGroups) .containsExactlyInAnyOrder(tuple(user.getLogin(), user.getName(), false, false, false, false)); }