use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.
the class ResetPasswordTest method testResetPasswordTooShort.
@Test
void testResetPasswordTooShort() throws IOException {
final User user = new User();
user.setName("Example 3");
user.setEmail("reset-3@example.com");
user.setRoles("user");
String code = null;
try (MinijaxRequestContext ctx = createRequestContext()) {
ctx.getResource(Dao.class).create(user);
code = ctx.getResource(Security.class).forgotPassword(user);
}
final Form form = new Form();
form.param("newPassword", "foo");
form.param("confirmNewPassword", "foo");
final Response r = target("/resetpassword/" + code).request().post(Entity.form(form));
assertNotNull(r);
assertEquals(400, r.getStatus());
assertTrue(r.getCookies().isEmpty());
}
use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.
the class ResetPasswordTest method testResetPasswordMismatch.
@Test
void testResetPasswordMismatch() throws IOException {
final User user = new User();
user.setName("Example 2");
user.setEmail("reset-2@example.com");
user.setRoles("user");
String code = null;
try (MinijaxRequestContext ctx = createRequestContext()) {
ctx.getResource(Dao.class).create(user);
code = ctx.getResource(Security.class).forgotPassword(user);
}
final Form form = new Form();
form.param("newPassword", "my-new-password");
form.param("confirmNewPassword", "different-password");
final Response r = target("/resetpassword/" + code).request().post(Entity.form(form));
assertNotNull(r);
assertEquals(400, r.getStatus());
assertTrue(r.getCookies().isEmpty());
}
use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.
the class SecurityDaoTest method testApiKeys.
@Test
void testApiKeys() throws IOException {
try (final MinijaxRequestContext ctx = createRequestContext()) {
final Dao dao = ctx.getResource(Dao.class);
final User user = new User();
user.setName("Alice");
user.setEmail("apikeytest@example.com");
user.setRoles("user");
dao.create(user);
final ApiKey k1 = new ApiKey();
k1.setName("test1");
k1.setValue("test1test1");
k1.setUser(user);
dao.create(k1);
final ApiKey k2 = new ApiKey();
k2.setName("test2");
k2.setValue("test2test2");
k2.setUser(user);
dao.create(k2);
final List<ApiKey> keys = dao.findApiKeysByUser(user);
assertNotNull(keys);
assertEquals(2, keys.size());
final ApiKey k3 = dao.findApiKeyByValue(k1.getValue());
assertNotNull(k3);
assertEquals(k1, k3);
}
}
use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.
the class SecurityDaoTest method testDeleteSessionsByUser.
@Test
@SuppressWarnings("unchecked")
void testDeleteSessionsByUser() throws IOException {
UserSession s1 = null;
UserSession s2 = null;
try (final MinijaxRequestContext ctx = createRequestContext()) {
final Dao dao = ctx.getResource(Dao.class);
final User user = new User();
user.setName("Alice");
user.setEmail("deletesessions@example.com");
user.setRoles("user");
dao.create(user);
final Security<User> security = ctx.getResource(Security.class);
final Cookie c1 = security.loginAs(user);
s1 = dao.read(UserSession.class, IdUtils.tryParse(c1.getValue()));
assertNotNull(s1);
assertEquals(user.getId(), s1.getUserId());
final Cookie c2 = security.loginAs(user);
s2 = dao.read(UserSession.class, IdUtils.tryParse(c2.getValue()));
assertNotNull(s2);
assertEquals(user.getId(), s2.getUserId());
assertEquals(2, dao.readUserSessionsByUser(user.getId()).size());
dao.deleteUserSessionsByUser(user.getId());
}
try (final MinijaxRequestContext ctx = createRequestContext()) {
final Dao dao = ctx.getResource(Dao.class);
assertNull(dao.read(UserSession.class, s1.getId()));
assertNull(dao.read(UserSession.class, s2.getId()));
}
}
use of org.minijax.rs.MinijaxRequestContext in project minijax by minijax.
the class CsrfFilter method filter.
@Override
public void filter(final ContainerRequestContext requestContext) throws IOException {
if (!requestContext.getMethod().equals(POST)) {
return;
}
final MinijaxRequestContext ctx = (MinijaxRequestContext) requestContext;
final Security<?> security = ctx.getResource(Security.class);
if (!security.isLoggedIn()) {
return;
}
final String scheme = security.getAuthenticationScheme();
if (scheme == null || !scheme.equals(SecurityContext.FORM_AUTH)) {
return;
}
final MediaType contentType = ctx.getMediaType();
if (contentType == null) {
return;
}
if (!contentType.isCompatible(APPLICATION_FORM_URLENCODED_TYPE) && !contentType.isCompatible(MULTIPART_FORM_DATA_TYPE)) {
return;
}
security.validateSession(ctx.getForm().getString("csrf"));
}
Aggregations