Examples with MotechUser org.motechproject.security.domain.MotechUser used on opensource projects

Example 6 with MotechUser

use of org.motechproject.security.domain.MotechUser in project motech by motech.

the class MotechUserServiceTest method shouldValidateNewPasswordWhenOldHasBeenExpired.

@Test(expected = PasswordValidatorException.class)
public void shouldValidateNewPasswordWhenOldHasBeenExpired() {
    MotechUser motechUser = new MotechUser();
    motechUser.setUserStatus(UserStatus.MUST_CHANGE_PASSWORD);
    motechUser.setPassword(PASSWORD);
    motechUser.setUserName(USER);
    when(motechUsersDao.findByUserName(USER)).thenReturn(motechUser);
    doThrow(new PasswordValidatorException("wrong")).when(validator).validate(NEW_PASSWORD);
    motechUserService.changeExpiredPassword(USER, PASSWORD, NEW_PASSWORD);
}

Example 7 with MotechUser

use of org.motechproject.security.domain.MotechUser in project motech by motech.

the class MotechUserServiceTest method shouldChangePasswordWhenWhenOldHasBeenExpired.

@Test
public void shouldChangePasswordWhenWhenOldHasBeenExpired() {
    MotechUser motechUser = new MotechUser();
    motechUser.setUserStatus(UserStatus.MUST_CHANGE_PASSWORD);
    motechUser.setPassword(PASSWORD);
    motechUser.setUserName(USER);
    motechUser.setFailureLoginCounter(1);
    when(motechUsersDao.findByUserName(USER)).thenReturn(motechUser);
    when(motechPasswordEncoder.isPasswordValid(PASSWORD, PASSWORD)).thenReturn(true);
    when(motechPasswordEncoder.isPasswordValid(PASSWORD, NEW_PASSWORD)).thenReturn(false);
    when(motechPasswordEncoder.encodePassword(NEW_PASSWORD)).thenReturn(NEW_PASSWORD + "_encoded");
    when(settingService.getFailureLoginLimit()).thenReturn(2);
    MotechUserProfile profile = motechUserService.changeExpiredPassword(USER, PASSWORD, NEW_PASSWORD);
    verify(motechUsersDao).update(userCaptor.capture());
    verify(motechPasswordEncoder).encodePassword(NEW_PASSWORD);
    MotechUser capturedUser = userCaptor.getValue();
    assertEquals(USER, capturedUser.getUserName());
    assertEquals(NEW_PASSWORD + "_encoded", capturedUser.getPassword());
    assertNotNull(profile);
    assertEquals(USER, profile.getUserName());
}

Example 8 with MotechUser

use of org.motechproject.security.domain.MotechUser in project motech by motech.

the class AuthoritiesServiceImplTest method shouldRetrieveAuthorities.

@Test
public void shouldRetrieveAuthorities() {
    MotechUser user = mock(MotechUser.class);
    RoleDto role = mock(RoleDto.class);
    List<String> roles = Arrays.asList("role1");
    when(user.getRoles()).thenReturn(roles);
    when(motechRoleService.getRole("role1")).thenReturn(role);
    List<String> permissions = Arrays.asList("permission1");
    when(role.getPermissionNames()).thenReturn(permissions);
    List<GrantedAuthority> authorities = authoritiesService.authoritiesFor(user);
    assertThat(authorities.size(), Is.is(1));
    assertThat(authorities.get(0).getAuthority(), Is.is("permission1"));
}

Example 9 with MotechUser

use of org.motechproject.security.domain.MotechUser in project motech by motech.

the class UserContextServiceImpl method refreshAllUsersContextIfActive.

@Override
@Transactional
public void refreshAllUsersContextIfActive() {
    Collection<HttpSession> sessions = sessionHandler.getAllSessions();
    MotechUser user;
    LOGGER.info("Refreshing context for all active users, number of sessions: {}", sessions.size());
    for (HttpSession session : sessions) {
        SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
        if (context != null) {
            Authentication authentication = context.getAuthentication();
            AbstractAuthenticationToken token;
            User userInSession = (User) authentication.getPrincipal();
            user = motechUsersDao.findByUserName(userInSession.getUsername());
            if (user == null) {
                LOGGER.warn("User {} has a session, but does not exist", userInSession.getUsername());
            } else {
                LOGGER.debug("Refreshing context for user {}", user.getUserName());
                token = getToken(authentication, user);
                context.setAuthentication(token);
            }
        }
    }
    LOGGER.info("Refreshed context for all active users");
}

Example 10 with MotechUser

use of org.motechproject.security.domain.MotechUser in project motech by motech.

the class UserContextServiceImpl method refreshUserContextIfActive.

@Override
@Transactional
public void refreshUserContextIfActive(String userName) {
    LOGGER.info("Refreshing context for user: {}", userName);
    MotechUser user = motechUsersDao.findByUserName(userName);
    Collection<HttpSession> sessions = sessionHandler.getAllSessions();
    for (HttpSession session : sessions) {
        SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT");
        if (context != null) {
            Authentication authentication = context.getAuthentication();
            AbstractAuthenticationToken token;
            User userInSession = (User) authentication.getPrincipal();
            if (userInSession.getUsername().equals(userName)) {
                token = getToken(authentication, user);
                context.setAuthentication(token);
            }
        }
    }
    LOGGER.info("Refreshed context for user: {}", userName);
}