Example 26 with AuditLogEvent
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckPasswordExpiredCommandTest method testExecute_mustChangePasswordAndRequestNotDirectlyToSimba_redirectToChangePasswordWithRequestURLAsTarget.
@Test
public void testExecute_mustChangePasswordAndRequestNotDirectlyToSimba_redirectToChangePasswordWithRequestURLAsTarget() throws Exception {
when(credentialServiceMock.mustChangePasswordOnNextLogon(USER_NAME)).thenReturn(Boolean.TRUE);
when(contextMock.getRequestURL()).thenReturn("requestURL");
when(contextMock.getSimbaWebURL()).thenReturn("simbaWebURL");
State state = command.execute(contextMock);
assertEquals(State.FINISH, state);
verify(auditMock).log(captor.capture());
AuditLogEvent resultAuditLogEvent = captor.getValue();
assertEquals(AuditLogEventCategory.AUTHENTICATION, resultAuditLogEvent.getCategory());
assertEquals(MUST_CHANGE_PASSWORD, resultAuditLogEvent.getMessage());
verify(contextMock).redirectToChangePasswordWithFilter();
}
Also used :
AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent)
State(org.simbasecurity.core.chain.Command.State)
Test(org.junit.Test)
Example 27 with AuditLogEvent
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckPasswordExpiredCommandTest method testExecute_isChangePasswordRequest_continue.
@Test
public void testExecute_isChangePasswordRequest_continue() throws Exception {
when(contextMock.isChangePasswordRequest()).thenReturn(Boolean.TRUE);
State result = command.execute(contextMock);
verify(auditMock).log(captor.capture());
AuditLogEvent resultAuditLogEvent = captor.getValue();
assertEquals(AuditLogEventCategory.AUTHENTICATION, resultAuditLogEvent.getCategory());
assertEquals(SUCCESS + CHECK_PASSWORD_EXPIRED, resultAuditLogEvent.getMessage());
assertEquals(State.CONTINUE, result);
}
Also used :
AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent)
State(org.simbasecurity.core.chain.Command.State)
Test(org.junit.Test)
Example 28 with AuditLogEvent
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class ExcludeResourceCommandTest method testExecute_resourceNotExcluded_continues.
@Test
public void testExecute_resourceNotExcluded_continues() throws Exception {
when(mockExcludedResourceService.isResourceExcluded(DUMMY_URL)).thenReturn(FALSE);
assertEquals(State.CONTINUE, command.execute(contextMock));
verify(auditMock).log(captor.capture());
AuditLogEvent resultAuditLogEvent = captor.getValue();
assertEquals(AuditLogEventCategory.AUTHENTICATION, resultAuditLogEvent.getCategory());
assertEquals(AuditMessages.NO_EXCLUDED_RESOURCE + DUMMY_URL, resultAuditLogEvent.getMessage());
}
Also used :
AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent)
Test(org.junit.Test)
Example 29 with AuditLogEvent
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckTokenCommand method existingUsersDoNotMatch.
private boolean existingUsersDoNotMatch(ChainContext context, User userFromEmail, User userFromToken) {
if (!userFromToken.equals(userFromEmail)) {
AuditLogEvent event = auditLogEventFactory.createEventForAuthentication(context, String.format("There was an unsuccessful reset password attempt for email address %s, but the user associated with the token [%s] was different from the user associated with the email address [%s].", userFromEmail.getEmail().asString(), userFromToken.getUserName(), userFromEmail.getUserName()));
audit.log(event);
context.redirectToWrongToken();
return true;
}
return false;
}
Also used :
AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent)
Example 30 with AuditLogEvent
use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.
the class CheckTokenCommand method noExistingUserForEmail.
private boolean noExistingUserForEmail(ChainContext context, Optional<User> userFromEmail) {
if (!userFromEmail.isPresent()) {
context.getEmail().ifPresent(emailInCtx -> {
AuditLogEvent event = auditLogEventFactory.createEventForAuthentication(context, String.format("There was an unsuccessful reset password attempt for email address %s, but there was no user found for that email address.", emailInCtx));
audit.log(event);
});
context.redirectToWrongToken();
return true;
}
return false;
}
Also used :
AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent)
Aggregations
AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)36
Test (org.junit.Test)32
Command (org.simbasecurity.core.chain.Command)9
User (org.simbasecurity.core.domain.User)8
State (org.simbasecurity.core.chain.Command.State)6
UserTestBuilder.aDefaultUser (org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser)6
SSOToken (org.simbasecurity.api.service.thrift.SSOToken)4
Token (org.simbasecurity.core.domain.communication.token.Token)3
URL (java.net.URL)2
PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)2
Session (org.simbasecurity.core.domain.Session)2
EmailAddress (org.simbasecurity.core.domain.user.EmailAddress)2
TemplateWithLinks (org.simbasecurity.core.service.communication.mail.template.TemplateWithLinks)2
Optional (java.util.Optional)1
Audit (org.simbasecurity.core.audit.Audit)1
AuditLogEventFactory (org.simbasecurity.core.audit.AuditLogEventFactory)1
ChainContext (org.simbasecurity.core.chain.ChainContext)1
CONTINUE (org.simbasecurity.core.chain.Command.State.CONTINUE)1
FINISH (org.simbasecurity.core.chain.Command.State.FINISH)1
UserTestBuilder.aUser (org.simbasecurity.core.domain.UserTestBuilder.aUser)1
