@Override public Object getCredentials() { return user.getPassword(); }
@Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { String username = (String) authentication.getPrincipal(); String password = (String) authentication.getCredentials(); UserDetails userDetails = userDetailsService.loadUserByUsername(username); if (!password.equals(userDetails.getPassword())) { return new UsernamePasswordAuthenticationToken(username, null, null); } return null; }
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { UserDetails user = users.get(username.toLowerCase()); if (user == null) { throw new UsernameNotFoundException(username); } return new User(user.getUsername(), user.getPassword(), user.isEnabled(), user.isAccountNonExpired(), user.isCredentialsNonExpired(), user.isAccountNonLocked(), user.getAuthorities()); }
@Test public void embeddedUsersWithNoPasswordIsGivenGeneratedValue() { setContext("<user-service id='service'>" + " <user name='joe' authorities='ROLE_A'/>" + "</user-service>"); UserDetailsService userService = (UserDetailsService) appContext .getBean("service"); UserDetails joe = userService.loadUserByUsername("joe"); assertThat(joe.getPassword().length() > 0).isTrue(); Long.parseLong(joe.getPassword()); }
@Test public void testLookupSuccessWithMixedCase() throws Exception { JdbcDaoImpl dao = makePopulatedJdbcDao(); assertThat(dao.loadUserByUsername("rod").getPassword()).isEqualTo("koala"); assertThat(dao.loadUserByUsername("ScOTt").getPassword()).isEqualTo("wombat"); }
@Test public void authenticateWhenPostAuthenticationChecksNotSet() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(true); this.manager.setPasswordEncoder(this.encoder); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); this.manager.authenticate(token).block(); verifyZeroInteractions(this.postAuthenticationChecks); } }
@Test public void authenticateWhenPasswordServiceAndBadCredentialsThenNotUpdated() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(false); this.manager.setPasswordEncoder(this.encoder); this.manager.setUserDetailsPasswordService(this.userDetailsPasswordService); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); assertThatThrownBy(() -> this.manager.authenticate(token).block()) .isInstanceOf(BadCredentialsException.class); verifyZeroInteractions(this.userDetailsPasswordService); }
@Test public void authentiateWhenCustomSchedulerThenUsed() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); when(this.encoder.matches(any(), any())).thenReturn(true); this.manager.setScheduler(this.scheduler); this.manager.setPasswordEncoder(this.encoder); UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken( this.user, this.user.getPassword()); Authentication result = this.manager.authenticate(token).block(); verify(this.scheduler).schedule(any()); }
@Test public void deserializeCasAuthenticationTestAfterEraseCredentialInvoked() throws Exception { CasAuthenticationToken token = mapper.readValue(CAS_TOKEN_CLEARED_JSON, CasAuthenticationToken.class); assertThat(((UserDetails) token.getPrincipal()).getPassword()).isNull(); }
@Test public void authenticateWhenPostAuthenticationChecksFail() { when(this.userDetailsService.findByUsername(any())).thenReturn(Mono.just(this.user)); doThrow(new LockedException("account is locked")).when(this.postAuthenticationChecks).check(any()); when(this.encoder.matches(any(), any())).thenReturn(true); this.manager.setPasswordEncoder(this.encoder); this.manager.setPostAuthenticationChecks(this.postAuthenticationChecks); assertThatExceptionOfType(LockedException.class) .isThrownBy(() -> this.manager.authenticate(new UsernamePasswordAuthenticationToken(this.user, this.user.getPassword())).block()) .withMessage("account is locked"); verify(this.postAuthenticationChecks).check(eq(this.user)); }
@Test public void changePassword() { String newPassword = "newPassword"; this.manager.updatePassword(this.user, newPassword); assertThat(this.manager.loadUserByUsername(this.user.getUsername()).getPassword()).isEqualTo(newPassword); }
@Test public void withUserDetailsWhenAllDisabled() throws Exception { User expected = new User("rob", "pass", false, false, false, false, ROLE_12); UserDetails actual = User.withUserDetails(expected).build(); assertThat(actual.getUsername()).isEqualTo(expected.getUsername()); assertThat(actual.getPassword()).isEqualTo(expected.getPassword()); assertThat(actual.getAuthorities()).isEqualTo(expected.getAuthorities()); assertThat(actual.isAccountNonExpired()).isEqualTo(expected.isAccountNonExpired()); assertThat(actual.isAccountNonLocked()).isEqualTo(expected.isAccountNonLocked()); assertThat(actual.isCredentialsNonExpired()).isEqualTo(expected.isCredentialsNonExpired()); assertThat(actual.isEnabled()).isEqualTo(expected.isEnabled()); }
@Test public void withUsernameWhenPasswordAndPasswordEncoderThenEncodes() { UserDetails withEncodedPassword = User.withUsername("user") .passwordEncoder(p -> p + "encoded") .password("password") .roles("USER") .build(); assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); }
@Test public void withUsernameWhenPasswordEncoderAndPasswordThenEncodes() { UserDetails withEncodedPassword = User.withUsername("user") .password("password") .passwordEncoder(p -> p + "encoded") .roles("USER") .build(); assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); }
@Test public void withUsernameWhenPasswordAndPasswordEncoderTwiceThenEncodesOnce() { Function<String, String> encoder = p -> p + "encoded"; UserDetails withEncodedPassword = User.withUsername("user") .passwordEncoder(encoder) .password("password") .passwordEncoder(encoder) .roles("USER") .build(); assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); } }
@Test public void withUserWhenDetailsPasswordEncoderThenEncodes() { UserDetails userDetails = User.withUsername("user").password("password").roles("USER").build(); UserDetails withEncodedPassword = User.withUserDetails(userDetails) .passwordEncoder(p -> p + "encoded") .build(); assertThat(withEncodedPassword.getPassword()).isEqualTo("passwordencoded"); }
@Test public void changePasswordWhenUsernameIsNotInLowercase() { UserDetails userNotLowerCase = User.withUserDetails(PasswordEncodedUser.user()) .username("User") .build(); String newPassword = "newPassword"; this.manager.updatePassword(userNotLowerCase, newPassword); assertThat(this.manager.loadUserByUsername(userNotLowerCase.getUsername()).getPassword()).isEqualTo(newPassword); } }
public static UserBuilder withUserDetails(UserDetails userDetails) { return withUsername(userDetails.getUsername()) .password(userDetails.getPassword()) .accountExpired(!userDetails.isAccountNonExpired()) .accountLocked(!userDetails.isAccountNonLocked()) .authorities(userDetails.getAuthorities()) .credentialsExpired(!userDetails.isCredentialsNonExpired()) .disabled(!userDetails.isEnabled()); }
@Test public void loadConfigWhenInMemoryConfigureProtectedThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureProtectedConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(status().is3xxRedirection()); UserDetailsService uds = this.spring.getContext() .getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); }
@Test public void loadConfigWhenInMemoryConfigureGlobalThenPasswordUpgraded() throws Exception { this.spring.register(InMemoryConfigureGlobalConfig.class).autowire(); this.mockMvc.perform(formLogin()) .andExpect(status().is3xxRedirection()); UserDetailsService uds = this.spring.getContext() .getBean(UserDetailsService.class); assertThat(uds.loadUserByUsername("user").getPassword()).startsWith("{bcrypt}"); }