Search in sources :

Example 1 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class UaaChangePasswordServiceTest method testChangePasswordWithInvalidNewPassword.

@Test(expected = InvalidPasswordException.class)
public void testChangePasswordWithInvalidNewPassword() {
    doThrow(new InvalidPasswordException("")).when(passwordValidator).validate("invPawd");
    subject.changePassword("username", "currentPassword", "invPawd");
}
Also used : InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) Test(org.junit.Test)

Example 2 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class UaaResetPasswordServiceTests method resetPassword_ForcedChange_NewPasswordSameAsOld.

@Test
void resetPassword_ForcedChange_NewPasswordSameAsOld() {
    String userId = "user-id";
    ScimUser user = new ScimUser(userId, "username", "firstname", "lastname");
    user.setMeta(new ScimMeta(new Date(), new Date(), 0));
    user.setPrimaryEmail("foo@example.com");
    when(scimUserProvisioning.retrieve(userId, currentZoneId)).thenReturn(user);
    when(scimUserProvisioning.checkPasswordMatches("user-id", "password", currentZoneId)).thenThrow(new InvalidPasswordException("Your new password cannot be the same as the old password.", UNPROCESSABLE_ENTITY));
    assertThrows(InvalidPasswordException.class, () -> uaaResetPasswordService.resetUserPassword(userId, "password"));
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimMeta(org.cloudfoundry.identity.uaa.scim.ScimMeta) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) Matchers.containsString(org.hamcrest.Matchers.containsString) Mockito.anyString(org.mockito.Mockito.anyString) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 3 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class UaaResetPasswordServiceTests method resetPassword_forcedChange_must_verify_password_policy.

@Test
void resetPassword_forcedChange_must_verify_password_policy() {
    String userId = "user-id";
    ScimUser user = new ScimUser(userId, "username", "firstname", "lastname");
    user.setMeta(new ScimMeta(new Date(), new Date(), 0));
    user.setPrimaryEmail("foo@example.com");
    when(scimUserProvisioning.retrieve(userId, currentZoneId)).thenReturn(user);
    doThrow(new InvalidPasswordException("Password cannot contain whitespace characters.")).when(passwordValidator).validate("new password");
    assertThrowsWithMessageThat(InvalidPasswordException.class, () -> uaaResetPasswordService.resetUserPassword(userId, "new password"), containsString("Password cannot contain whitespace characters."));
}
Also used : ScimUser(org.cloudfoundry.identity.uaa.scim.ScimUser) ScimMeta(org.cloudfoundry.identity.uaa.scim.ScimMeta) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) Matchers.containsString(org.hamcrest.Matchers.containsString) Mockito.anyString(org.mockito.Mockito.anyString) Date(java.util.Date) Test(org.junit.jupiter.api.Test)

Example 4 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class ScimUserEndpointsTests method setUpAfterSeeding.

void setUpAfterSeeding(final IdentityZone identityZone) {
    this.identityZone = identityZone;
    identityZoneManager.setCurrentIdentityZone(this.identityZone);
    this.identityZone.getConfig().getUserConfig().setDefaultGroups(Collections.singletonList("uaa.user"));
    this.mockApprovalStore = mock(ApprovalStore.class);
    jdbcScimUserProvisioning.setQueryConverter(filterConverter);
    mockJdbcIdentityProviderProvisioning = mock(JdbcIdentityProviderProvisioning.class);
    mockJdbcUserGoogleMfaCredentialsProvisioning = mock(JdbcUserGoogleMfaCredentialsProvisioning.class);
    mockPasswordValidator = mock(PasswordValidator.class);
    ApplicationEventPublisher mockApplicationEventPublisher = mock(ApplicationEventPublisher.class);
    doThrow(new InvalidPasswordException("Password must be at least 1 characters in length.")).when(mockPasswordValidator).validate(null);
    doThrow(new InvalidPasswordException("Password must be at least 1 characters in length.")).when(mockPasswordValidator).validate(eq(""));
    jdbcScimGroupProvisioning.createOrGet(new ScimGroup(null, "uaa.user", identityZone.getId()), identityZone.getId());
    joel = jdbcScimUserProvisioning.createUser(joel, "password", identityZone.getId());
    dale = jdbcScimUserProvisioning.createUser(dale, "password", identityZone.getId());
    spiedScimGroupMembershipManager = spy(scimGroupMembershipManager);
    scimUserEndpoints = new ScimUserEndpoints(new IdentityZoneManagerImpl(), new IsSelfCheck(null), jdbcScimUserProvisioning, mockJdbcIdentityProviderProvisioning, null, statuses, mockPasswordValidator, null, mockJdbcUserGoogleMfaCredentialsProvisioning, mockApprovalStore, spiedScimGroupMembershipManager, 5);
}
Also used : IdentityZoneManagerImpl(org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManagerImpl) JdbcUserGoogleMfaCredentialsProvisioning(org.cloudfoundry.identity.uaa.mfa.JdbcUserGoogleMfaCredentialsProvisioning) ApplicationEventPublisher(org.springframework.context.ApplicationEventPublisher) ApprovalStore(org.cloudfoundry.identity.uaa.approval.ApprovalStore) PasswordValidator(org.cloudfoundry.identity.uaa.scim.validate.PasswordValidator) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) IsSelfCheck(org.cloudfoundry.identity.uaa.security.IsSelfCheck) ScimGroup(org.cloudfoundry.identity.uaa.scim.ScimGroup) JdbcIdentityProviderProvisioning(org.cloudfoundry.identity.uaa.provider.JdbcIdentityProviderProvisioning)

Example 5 with InvalidPasswordException

use of org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException in project uaa by cloudfoundry.

the class ChangePasswordController method changePassword.

@RequestMapping(value = "/change_password.do", method = POST)
public String changePassword(Model model, @RequestParam("current_password") String currentPassword, @RequestParam("new_password") String newPassword, @RequestParam("confirm_password") String confirmPassword, HttpServletResponse response, HttpServletRequest request) {
    PasswordConfirmationValidation validation = new PasswordConfirmationValidation(newPassword, confirmPassword);
    if (!validation.valid()) {
        model.addAttribute("message_code", validation.getMessageCode());
        response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
        return "change_password";
    }
    SecurityContext securityContext = SecurityContextHolder.getContext();
    Authentication authentication = securityContext.getAuthentication();
    String username = authentication.getName();
    try {
        changePasswordService.changePassword(username, currentPassword, newPassword);
        request.getSession().invalidate();
        request.getSession(true);
        if (authentication instanceof UaaAuthentication) {
            UaaAuthentication uaaAuthentication = (UaaAuthentication) authentication;
            uaaAuthentication.setAuthenticatedTime(System.currentTimeMillis());
            uaaAuthentication.setAuthenticationDetails(new UaaAuthenticationDetails(request));
        }
        securityContext.setAuthentication(authentication);
        return "redirect:profile";
    } catch (BadCredentialsException e) {
        model.addAttribute("message_code", "unauthorized");
    } catch (InvalidPasswordException e) {
        model.addAttribute("message", e.getMessagesAsOneString());
    }
    response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
    return "change_password";
}
Also used : UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) UaaAuthenticationDetails(org.cloudfoundry.identity.uaa.authentication.UaaAuthenticationDetails) UaaAuthentication(org.cloudfoundry.identity.uaa.authentication.UaaAuthentication) Authentication(org.springframework.security.core.Authentication) SecurityContext(org.springframework.security.core.context.SecurityContext) InvalidPasswordException(org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException) BadCredentialsException(org.springframework.security.authentication.BadCredentialsException) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Aggregations

InvalidPasswordException (org.cloudfoundry.identity.uaa.scim.exception.InvalidPasswordException)27 Test (org.junit.jupiter.api.Test)10 ScimUser (org.cloudfoundry.identity.uaa.scim.ScimUser)9 ExpiringCode (org.cloudfoundry.identity.uaa.codestore.ExpiringCode)8 Timestamp (java.sql.Timestamp)5 BadCredentialsException (org.springframework.security.authentication.BadCredentialsException)5 MockHttpServletRequestBuilder (org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder)5 Date (java.util.Date)4 UaaAuthentication (org.cloudfoundry.identity.uaa.authentication.UaaAuthentication)4 Matchers.containsString (org.hamcrest.Matchers.containsString)4 Test (org.junit.Test)4 Authentication (org.springframework.security.core.Authentication)4 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)4 InvalidCodeException (org.cloudfoundry.identity.uaa.authentication.InvalidCodeException)3 UaaException (org.cloudfoundry.identity.uaa.error.UaaException)3 ScimMeta (org.cloudfoundry.identity.uaa.scim.ScimMeta)3 UaaUser (org.cloudfoundry.identity.uaa.user.UaaUser)3 SecurityContext (org.springframework.security.core.context.SecurityContext)3 PasswordConfirmationValidation (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation)2 PasswordConfirmationException (org.cloudfoundry.identity.uaa.account.PasswordConfirmationValidation.PasswordConfirmationException)2