Search in sources :

Example 11 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class CheckTokenCommand method noExistingUserForToken.

private boolean noExistingUserForToken(ChainContext context, User userFromEmail, Optional<User> userFromToken) {
    if (!userFromToken.isPresent()) {
        AuditLogEvent event = auditLogEventFactory.createEventForUserAuthentication(userFromEmail.getUserName(), String.format("There was an unsuccessful reset password attempt for email address %s, but there was no existing UserToken found for the emailUser associated with that email address.", userFromEmail.getEmail().asString()));
        audit.log(event);
        context.redirectToWrongToken();
        return true;
    }
    return false;
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent)

Example 12 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class CheckTokenCommand method execute.

@Override
public State execute(ChainContext context) throws Exception {
    Optional<User> userFromToken = context.getToken().map(Token::fromString).flatMap(token -> userTokenService.getUserForToken(token));
    Optional<User> userFromEmail = context.getEmail().map(s -> emailFactory.email(s)).flatMap(email -> credentialService.findUserByMail(email));
    if (noExistingUserForEmail(context, userFromEmail))
        return FINISH;
    if (noExistingUserForToken(context, userFromEmail.get(), userFromToken))
        return FINISH;
    if (existingUsersDoNotMatch(context, userFromEmail.get(), userFromToken.get()))
        return FINISH;
    User user = userFromToken.get();
    context.setUserName(user.getUserName());
    AuditLogEvent event = auditLogEventFactory.createEventForUserAuthentication(user.getUserName(), String.format("There was a successful reset password attempt for email address %s.", user.getEmail().asString()));
    audit.log(event);
    return CONTINUE;
}
Also used : AuditLogEventFactory(org.simbasecurity.core.audit.AuditLogEventFactory) CONTINUE(org.simbasecurity.core.chain.Command.State.CONTINUE) FINISH(org.simbasecurity.core.chain.Command.State.FINISH) Autowired(org.springframework.beans.factory.annotation.Autowired) ChainContext(org.simbasecurity.core.chain.ChainContext) UserTokenService(org.simbasecurity.core.service.communication.token.UserTokenService) EmailFactory(org.simbasecurity.core.domain.user.EmailFactory) User(org.simbasecurity.core.domain.User) Component(org.springframework.stereotype.Component) Command(org.simbasecurity.core.chain.Command) CredentialService(org.simbasecurity.core.service.CredentialService) Audit(org.simbasecurity.core.audit.Audit) AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) Optional(java.util.Optional) Token(org.simbasecurity.core.domain.communication.token.Token) AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) User(org.simbasecurity.core.domain.User)

Example 13 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class CheckTokenCommandTest method execute_withKnownEmailAddress_ButUnknownToken_statusError_AndProperAuditLogging.

@Test
public void execute_withKnownEmailAddress_ButUnknownToken_statusError_AndProperAuditLogging() throws Exception {
    User user = aDefaultUser(emailFactory).withUserName("batman").withEmail("bruce@wayneindustries.com").build();
    setupContextWith("bruce@wayneindustries.com", "sleutel!");
    when(userTokenServiceMock.getUserForToken(Token.fromString("sleutel!"))).thenReturn(Optional.empty());
    when(credentialServiceMock.findUserByMail(emailFactory.email("bruce@wayneindustries.com"))).thenReturn(Optional.of(user));
    Command.State state = checkTokenCommand.execute(chainContextMock);
    assertThat(state).isEqualTo(FINISH);
    verify(chainContextMock).redirectToWrongToken();
    verify(auditMock).log(auditEventCaptor.capture());
    AuditLogEvent auditLogEvent = auditEventCaptor.getValue();
    assertThat(auditLogEvent.getCategory()).isEqualTo(AUTHENTICATION);
    assertThat(auditLogEvent.getUsername()).isEqualTo("batman");
    assertThat(auditLogEvent.getMessage()).isEqualTo(String.format("There was an unsuccessful reset password attempt for email address %s, but there was no existing UserToken found for the emailUser associated with that email address.", "bruce@wayneindustries.com"));
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) UserTestBuilder.aDefaultUser(org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser) User(org.simbasecurity.core.domain.User) Command(org.simbasecurity.core.chain.Command) Test(org.junit.Test)

Example 14 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class CheckTokenCommandTest method execute_withTokenInContextAndDatabase_butEmailAddressUserIsDifferentFromTokenUser_statusError_AndProperAuditLogging.

@Test
public void execute_withTokenInContextAndDatabase_butEmailAddressUserIsDifferentFromTokenUser_statusError_AndProperAuditLogging() throws Exception {
    User user = aDefaultUser(emailFactory).withId(185L).withUserName("batman").withEmail("bruce@wayneindustries.com").build();
    User snarf = aDefaultUser(emailFactory).withId(665L).withUserName("snarf").withEmail("snarf@lioncats.com").build();
    setupContextWith("snarf@lioncats.com", "sleutel!");
    when(userTokenServiceMock.getUserForToken(Token.fromString("sleutel!"))).thenReturn(Optional.of(user));
    when(credentialServiceMock.findUserByMail(emailFactory.email("snarf@lioncats.com"))).thenReturn(Optional.of(snarf));
    Command.State state = checkTokenCommand.execute(chainContextMock);
    assertThat(state).isEqualTo(FINISH);
    verify(chainContextMock).redirectToWrongToken();
    verify(auditMock).log(auditEventCaptor.capture());
    AuditLogEvent auditLogEvent = auditEventCaptor.getValue();
    assertThat(auditLogEvent.getCategory()).isEqualTo(AUTHENTICATION);
    assertThat(auditLogEvent.getMessage()).isEqualTo(String.format("There was an unsuccessful reset password attempt for email address %s, but the user associated with the token [%s] was different from the user associated with the email address [%s].", "snarf@lioncats.com", "batman", "snarf"));
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) UserTestBuilder.aDefaultUser(org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser) User(org.simbasecurity.core.domain.User) Command(org.simbasecurity.core.chain.Command) Test(org.junit.Test)

Example 15 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class NewPasswordCommandTest method execute_NewPassword.

@Test
public void execute_NewPassword() throws Exception {
    when(contextMock.getNewPassword()).thenReturn(Optional.of("newPassword"));
    when(contextMock.getNewPasswordConfirmation()).thenReturn("newPassword");
    when(contextMock.getUserName()).thenReturn("someUsername");
    when(contextMock.getToken()).thenReturn(Optional.of("token"));
    AuditLogEvent auditLogEvent = mock(AuditLogEvent.class);
    when(auditLogFactory.createEventForSessionForSuccess(contextMock, PASSWORD_CHANGED)).thenReturn(auditLogEvent);
    Command.State state = newPasswordCommand.execute(contextMock);
    assertThat(state).isEqualTo(FINISH);
    verify(userTokenServiceMock).deleteToken(Token.fromString("token"));
    verify(credentialServiceMock).changePassword("someUsername", "newPassword", "newPassword");
    verify(auditMock).log(auditLogEvent);
    verify(contextMock).redirectToNewPasswordSuccessPage();
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) Command(org.simbasecurity.core.chain.Command) Test(org.junit.Test)

Aggregations

AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)36 Test (org.junit.Test)32 Command (org.simbasecurity.core.chain.Command)9 User (org.simbasecurity.core.domain.User)8 State (org.simbasecurity.core.chain.Command.State)6 UserTestBuilder.aDefaultUser (org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser)6 SSOToken (org.simbasecurity.api.service.thrift.SSOToken)4 Token (org.simbasecurity.core.domain.communication.token.Token)3 URL (java.net.URL)2 PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)2 Session (org.simbasecurity.core.domain.Session)2 EmailAddress (org.simbasecurity.core.domain.user.EmailAddress)2 TemplateWithLinks (org.simbasecurity.core.service.communication.mail.template.TemplateWithLinks)2 Optional (java.util.Optional)1 Audit (org.simbasecurity.core.audit.Audit)1 AuditLogEventFactory (org.simbasecurity.core.audit.AuditLogEventFactory)1 ChainContext (org.simbasecurity.core.chain.ChainContext)1 CONTINUE (org.simbasecurity.core.chain.Command.State.CONTINUE)1 FINISH (org.simbasecurity.core.chain.Command.State.FINISH)1 UserTestBuilder.aUser (org.simbasecurity.core.domain.UserTestBuilder.aUser)1