use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.
the class ResetExpiredPasswordTest method testChangeWithNonStringAttribute.
@Test
public void testChangeWithNonStringAttribute() throws Exception {
try {
authenticate(userId, new Long(1));
fail("Authentication with non-string attribute should fail.");
} catch (CredentialExpiredException e) {
// success
} finally {
Tree userTree = root.getTree(getTestUser().getPath());
assertTrue(PasswordUtil.isSame(userTree.getProperty(UserConstants.REP_PASSWORD).getValue(Type.STRING), userId));
assertEquals(0, userTree.getChild(UserConstants.REP_PWD).getProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED).getValue(Type.LONG).longValue());
}
}
use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.
the class PasswordExpiryAndForceInitialChangeTest method testAuthenticateMustChangePassword.
@Test
public void testAuthenticateMustChangePassword() throws Exception {
Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
try {
// the user should need to change the password on first login
a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
fail("Credentials should be expired");
} catch (CredentialExpiredException e) {
// success
}
}
use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.
the class PasswordExpiryHistoryTest method testAuthenticatePasswordExpiredAndValidationFailure.
@Test
public void testAuthenticatePasswordExpiredAndValidationFailure() throws Exception {
User user = getTestUser();
Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
// set password last modified to beginning of epoch
root.getTree(user.getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
root.commit();
try {
a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
fail("Credentials should be expired");
} catch (CredentialExpiredException e) {
// success, credentials are expired
// try to change password to the same one, this should fail due pw history
SimpleCredentials pwChangeCreds = new SimpleCredentials(userId, userId.toCharArray());
try {
pwChangeCreds.setAttribute(UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD, "2");
a.authenticate(pwChangeCreds);
fail("User password changed in spite of expected validation failure");
} catch (CredentialExpiredException c) {
// success, pw found in history
assertNull(pwChangeCreds.getAttribute(PasswordHistoryException.class.getSimpleName()));
}
}
}
use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.
the class PasswordExpiryHistoryTest method testAuthenticatePasswordExpiredAndSame.
@Test
public void testAuthenticatePasswordExpiredAndSame() throws Exception {
User user = getTestUser();
Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
// set password last modified to beginning of epoch
root.getTree(user.getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
root.commit();
try {
a.authenticate(new SimpleCredentials(userId, userId.toCharArray()));
fail("Credentials should be expired");
} catch (CredentialExpiredException e) {
// success, credentials are expired
// try to change password to the same one, this should fail due pw history
SimpleCredentials pwChangeCreds = new SimpleCredentials(userId, userId.toCharArray());
try {
pwChangeCreds.setAttribute(UserConstants.CREDENTIALS_ATTRIBUTE_NEWPASSWORD, user.getID());
a.authenticate(pwChangeCreds);
fail("User password changed in spite of enabled pw history");
} catch (CredentialExpiredException c) {
// success, pw found in history
Object attr = pwChangeCreds.getAttribute(PasswordHistoryException.class.getSimpleName());
assertEquals("credentials should contain pw change failure reason", "New password is identical to the current password.", attr);
}
}
}
use of javax.security.auth.login.CredentialExpiredException in project jackrabbit-oak by apache.
the class PasswordExpiryTest method testAuthenticateBeforePasswordExpired.
@Test
public void testAuthenticateBeforePasswordExpired() throws Exception {
Authentication a = new UserAuthentication(getUserConfiguration(), root, userId);
// set password last modified to beginning of epoch
root.getTree(getTestUser().getPath()).getChild(UserConstants.REP_PWD).setProperty(UserConstants.REP_PASSWORD_LAST_MODIFIED, 0);
root.commit();
try {
a.authenticate(new SimpleCredentials(userId, "wrong".toCharArray()));
} catch (CredentialExpiredException e) {
fail("Login should fail before expiry");
} catch (LoginException e) {
// success - userId/pw mismatch takes precedence over expiry
}
}
Aggregations