use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckTokenCommand method noExistingUserForToken.
private boolean noExistingUserForToken(ChainContext context, User userFromEmail, Optional<User> userFromToken) {
if (!userFromToken.isPresent()) {
AuditLogEvent event = auditLogEventFactory.createEventForUserAuthentication(userFromEmail.getUserName(), String.format("There was an unsuccessful reset password attempt for email address %s, but there was no existing UserToken found for the emailUser associated with that email address.", userFromEmail.getEmail().asString()));
audit.log(event);
context.redirectToWrongToken();
return true;
}
return false;
}
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckTokenCommand method execute.
@Override
public State execute(ChainContext context) throws Exception {
Optional<User> userFromToken = context.getToken().map(Token::fromString).flatMap(token -> userTokenService.getUserForToken(token));
Optional<User> userFromEmail = context.getEmail().map(s -> emailFactory.email(s)).flatMap(email -> credentialService.findUserByMail(email));
if (noExistingUserForEmail(context, userFromEmail))
return FINISH;
if (noExistingUserForToken(context, userFromEmail.get(), userFromToken))
return FINISH;
if (existingUsersDoNotMatch(context, userFromEmail.get(), userFromToken.get()))
return FINISH;
User user = userFromToken.get();
context.setUserName(user.getUserName());
AuditLogEvent event = auditLogEventFactory.createEventForUserAuthentication(user.getUserName(), String.format("There was a successful reset password attempt for email address %s.", user.getEmail().asString()));
audit.log(event);
return CONTINUE;
}
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckTokenCommandTest method execute_withKnownEmailAddress_ButUnknownToken_statusError_AndProperAuditLogging.
@Test
public void execute_withKnownEmailAddress_ButUnknownToken_statusError_AndProperAuditLogging() throws Exception {
User user = aDefaultUser(emailFactory).withUserName("batman").withEmail("bruce@wayneindustries.com").build();
setupContextWith("bruce@wayneindustries.com", "sleutel!");
when(userTokenServiceMock.getUserForToken(Token.fromString("sleutel!"))).thenReturn(Optional.empty());
when(credentialServiceMock.findUserByMail(emailFactory.email("bruce@wayneindustries.com"))).thenReturn(Optional.of(user));
Command.State state = checkTokenCommand.execute(chainContextMock);
assertThat(state).isEqualTo(FINISH);
verify(chainContextMock).redirectToWrongToken();
verify(auditMock).log(auditEventCaptor.capture());
AuditLogEvent auditLogEvent = auditEventCaptor.getValue();
assertThat(auditLogEvent.getCategory()).isEqualTo(AUTHENTICATION);
assertThat(auditLogEvent.getUsername()).isEqualTo("batman");
assertThat(auditLogEvent.getMessage()).isEqualTo(String.format("There was an unsuccessful reset password attempt for email address %s, but there was no existing UserToken found for the emailUser associated with that email address.", "bruce@wayneindustries.com"));
}
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckTokenCommandTest method execute_withTokenInContextAndDatabase_butEmailAddressUserIsDifferentFromTokenUser_statusError_AndProperAuditLogging.
@Test
public void execute_withTokenInContextAndDatabase_butEmailAddressUserIsDifferentFromTokenUser_statusError_AndProperAuditLogging() throws Exception {
User user = aDefaultUser(emailFactory).withId(185L).withUserName("batman").withEmail("bruce@wayneindustries.com").build();
User snarf = aDefaultUser(emailFactory).withId(665L).withUserName("snarf").withEmail("snarf@lioncats.com").build();
setupContextWith("snarf@lioncats.com", "sleutel!");
when(userTokenServiceMock.getUserForToken(Token.fromString("sleutel!"))).thenReturn(Optional.of(user));
when(credentialServiceMock.findUserByMail(emailFactory.email("snarf@lioncats.com"))).thenReturn(Optional.of(snarf));
Command.State state = checkTokenCommand.execute(chainContextMock);
assertThat(state).isEqualTo(FINISH);
verify(chainContextMock).redirectToWrongToken();
verify(auditMock).log(auditEventCaptor.capture());
AuditLogEvent auditLogEvent = auditEventCaptor.getValue();
assertThat(auditLogEvent.getCategory()).isEqualTo(AUTHENTICATION);
assertThat(auditLogEvent.getMessage()).isEqualTo(String.format("There was an unsuccessful reset password attempt for email address %s, but the user associated with the token [%s] was different from the user associated with the email address [%s].", "snarf@lioncats.com", "batman", "snarf"));
}
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class NewPasswordCommandTest method execute_NewPassword.
@Test
public void execute_NewPassword() throws Exception {
when(contextMock.getNewPassword()).thenReturn(Optional.of("newPassword"));
when(contextMock.getNewPasswordConfirmation()).thenReturn("newPassword");
when(contextMock.getUserName()).thenReturn("someUsername");
when(contextMock.getToken()).thenReturn(Optional.of("token"));
AuditLogEvent auditLogEvent = mock(AuditLogEvent.class);
when(auditLogFactory.createEventForSessionForSuccess(contextMock, PASSWORD_CHANGED)).thenReturn(auditLogEvent);
Command.State state = newPasswordCommand.execute(contextMock);
assertThat(state).isEqualTo(FINISH);
verify(userTokenServiceMock).deleteToken(Token.fromString("token"));
verify(credentialServiceMock).changePassword("someUsername", "newPassword", "newPassword");
verify(auditMock).log(auditLogEvent);
verify(contextMock).redirectToNewPasswordSuccessPage();
}
Aggregations