Search in sources :

Example 6 with PasswordReset

use of ca.corefacility.bioinformatics.irida.model.user.PasswordReset in project irida by phac-nml.

the class PasswordResetControllerTest method testSubmitPasswordReset.

@Test
public void testSubmitPasswordReset() {
    String username = "tom";
    String email = "tom@somewhere.com";
    User user = new User(1L, username, email, null, null, null, null);
    PasswordReset passwordReset = new PasswordReset(user);
    String resetId = passwordReset.getId();
    String password = "Password1!";
    ExtendedModelMap model = new ExtendedModelMap();
    when(passwordResetService.read(resetId)).thenReturn(passwordReset);
    String sendNewPassword = controller.sendNewPassword(resetId, password, password, model, LocaleContextHolder.getLocale());
    assertEquals(PasswordResetController.SUCCESS_REDIRECT + Base64.getEncoder().encodeToString(email.getBytes()), sendNewPassword);
    assertEquals("User should not be logged in after resetting password", username, SecurityContextHolder.getContext().getAuthentication().getName());
    verify(passwordResetService).read(resetId);
    verify(userService).changePassword(user.getId(), password);
    verify(passwordResetService).delete(resetId);
}
Also used : User(ca.corefacility.bioinformatics.irida.model.user.User) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) PasswordReset(ca.corefacility.bioinformatics.irida.model.user.PasswordReset) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 7 with PasswordReset

use of ca.corefacility.bioinformatics.irida.model.user.PasswordReset in project irida by phac-nml.

the class PasswordResetControllerTest method testSubmitPasswordNoMatch.

@Test
public void testSubmitPasswordNoMatch() {
    User user = new User(1L, "tom", null, null, null, null, null);
    PasswordReset passwordReset = new PasswordReset(user);
    String resetId = passwordReset.getId();
    String password = "Password1!";
    ExtendedModelMap model = new ExtendedModelMap();
    when(passwordResetService.read(resetId)).thenReturn(passwordReset);
    String sendNewPassword = controller.sendNewPassword(resetId, password, "not the same", model, LocaleContextHolder.getLocale());
    assertEquals(PasswordResetController.PASSWORD_RESET_PAGE, sendNewPassword);
    assertTrue(model.containsKey("errors"));
    verify(passwordResetService, times(2)).read(resetId);
}
Also used : User(ca.corefacility.bioinformatics.irida.model.user.User) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) PasswordReset(ca.corefacility.bioinformatics.irida.model.user.PasswordReset) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Example 8 with PasswordReset

use of ca.corefacility.bioinformatics.irida.model.user.PasswordReset in project irida by phac-nml.

the class CredentialsExpiredAuthenticationFailureHandlerTest method testOnAuthenticationFailure.

@Test
public void testOnAuthenticationFailure() throws IOException, ServletException {
    String username = "tom";
    User user = new User();
    PasswordReset reset = new PasswordReset(user);
    String expectedRedirect = "/password_reset/" + reset.getId() + "?expired=true";
    AuthenticationException exception = new CredentialsExpiredException("Credentials expired");
    HttpServletRequest request = mock(HttpServletRequest.class);
    HttpServletResponse response = mock(HttpServletResponse.class);
    when(request.getParameter("username")).thenReturn(username);
    when(request.getContextPath()).thenReturn("");
    when(userService.getUserByUsername(username)).thenReturn(user);
    when(resetService.create(any(PasswordReset.class))).thenReturn(reset);
    handler.onAuthenticationFailure(request, response, exception);
    verify(request).getParameter("username");
    verify(userService).getUserByUsername(username);
    verify(resetService).create(any(PasswordReset.class));
    ArgumentCaptor<String> redirectCaptor = ArgumentCaptor.forClass(String.class);
    verify(response).sendRedirect(redirectCaptor.capture());
    String redirect = redirectCaptor.getValue();
    assertEquals(expectedRedirect, redirect);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) User(ca.corefacility.bioinformatics.irida.model.user.User) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) AuthenticationException(org.springframework.security.core.AuthenticationException) PasswordReset(ca.corefacility.bioinformatics.irida.model.user.PasswordReset) HttpServletResponse(javax.servlet.http.HttpServletResponse) Test(org.junit.Test)

Example 9 with PasswordReset

use of ca.corefacility.bioinformatics.irida.model.user.PasswordReset in project irida by phac-nml.

the class CredentialsExpriredAuthenticationFailureHandler method onAuthenticationFailure.

/**
 * Handle CredentialsExpiredException and create a {@link PasswordReset}. If
 * not CredentialsExpiredException pass to super.
 */
@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {
    if (exception instanceof CredentialsExpiredException) {
        // get the username of the user who tried to login
        String username = request.getParameter("username");
        logger.trace("Password is expired for [ " + username + " ].  Generating a password reset.");
        // set an anonymous auth token
        setAuthentication();
        // get the user and create a password reset
        User userByUsername = userService.getUserByUsername(username);
        PasswordReset create = resetService.create(new PasswordReset(userByUsername));
        // Clear the anonymous auth token
        SecurityContextHolder.clearContext();
        // redirect the user to the password reset page
        String contextPath = request.getContextPath();
        String resetId = create.getId();
        response.sendRedirect(contextPath + "/password_reset/" + resetId + "?expired=true");
    } else {
        super.onAuthenticationFailure(request, response, exception);
    }
}
Also used : User(ca.corefacility.bioinformatics.irida.model.user.User) CredentialsExpiredException(org.springframework.security.authentication.CredentialsExpiredException) PasswordReset(ca.corefacility.bioinformatics.irida.model.user.PasswordReset)

Example 10 with PasswordReset

use of ca.corefacility.bioinformatics.irida.model.user.PasswordReset in project irida by phac-nml.

the class PasswordResetControllerTest method testGetResetPage.

@Test
public void testGetResetPage() {
    User user = new User(1L, "tom", null, null, null, null, null);
    PasswordReset passwordReset = new PasswordReset(user);
    String resetId = passwordReset.getId();
    ExtendedModelMap model = new ExtendedModelMap();
    when(passwordResetService.read(resetId)).thenReturn(passwordReset);
    String resetPage = controller.getResetPage(resetId, false, model);
    assertEquals(PasswordResetController.PASSWORD_RESET_PAGE, resetPage);
    assertTrue(model.containsKey("errors"));
    assertTrue(model.containsKey("passwordReset"));
    assertTrue(model.containsKey("user"));
    verify(passwordResetService).read(resetId);
}
Also used : User(ca.corefacility.bioinformatics.irida.model.user.User) ExtendedModelMap(org.springframework.ui.ExtendedModelMap) PasswordReset(ca.corefacility.bioinformatics.irida.model.user.PasswordReset) Matchers.anyString(org.mockito.Matchers.anyString) Test(org.junit.Test)

Aggregations

PasswordReset (ca.corefacility.bioinformatics.irida.model.user.PasswordReset)15 User (ca.corefacility.bioinformatics.irida.model.user.User)11 Test (org.junit.Test)10 WithMockUser (org.springframework.security.test.context.support.WithMockUser)4 ExtendedModelMap (org.springframework.ui.ExtendedModelMap)4 HashMap (java.util.HashMap)3 Matchers.anyString (org.mockito.Matchers.anyString)3 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)3 DTUser (ca.corefacility.bioinformatics.irida.ria.web.models.datatables.DTUser)2 ConstraintViolationException (javax.validation.ConstraintViolationException)2 CredentialsExpiredException (org.springframework.security.authentication.CredentialsExpiredException)2 EntityExistsException (ca.corefacility.bioinformatics.irida.exceptions.EntityExistsException)1 PasswordReusedException (ca.corefacility.bioinformatics.irida.exceptions.PasswordReusedException)1 Principal (java.security.Principal)1 Locale (java.util.Locale)1 Set (java.util.Set)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 ConstraintViolation (javax.validation.ConstraintViolation)1 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)1