Search in sources :

Example 31 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class CheckTokenCommandTest method execute_withUnknownEmailAddress_statusError_AndProperAuditLogging.

@Test
public void execute_withUnknownEmailAddress_statusError_AndProperAuditLogging() throws Exception {
    User user = aDefaultUser(emailFactory).withEmail("bruce@wayneindustries.com").build();
    setupContextWith("bruce@wayneindustries.com", "sleutel!");
    when(userTokenServiceMock.getUserForToken(Token.fromString("sleutel!"))).thenReturn(Optional.of(user));
    when(credentialServiceMock.findUserByMail(emailFactory.email("bruce@wayneindustries.com"))).thenReturn(Optional.empty());
    Command.State state = checkTokenCommand.execute(chainContextMock);
    assertThat(state).isEqualTo(FINISH);
    verify(chainContextMock).redirectToWrongToken();
    verify(auditMock).log(auditEventCaptor.capture());
    AuditLogEvent auditLogEvent = auditEventCaptor.getValue();
    assertThat(auditLogEvent.getCategory()).isEqualTo(AUTHENTICATION);
    assertThat(auditLogEvent.getMessage()).isEqualTo(String.format("There was an unsuccessful reset password attempt for email address %s, but there was no user found for that email address.", "bruce@wayneindustries.com"));
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) UserTestBuilder.aDefaultUser(org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser) User(org.simbasecurity.core.domain.User) Command(org.simbasecurity.core.chain.Command) Test(org.junit.Test)

Example 32 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class CheckTokenCommandTest method execute_withTokenInContextAndDatabase_EmailAddressUserIsSameAsTokenUser_statusContinue.

@Test
public void execute_withTokenInContextAndDatabase_EmailAddressUserIsSameAsTokenUser_statusContinue() throws Exception {
    User user = aDefaultUser(emailFactory).withUserName("batman").withEmail("bruce@wayneindustries.com").build();
    setupContextWith("bruce@wayneindustries.com", "sleutel!");
    when(userTokenServiceMock.getUserForToken(Token.fromString("sleutel!"))).thenReturn(Optional.of(user));
    when(credentialServiceMock.findUserByMail(emailFactory.email("bruce@wayneindustries.com"))).thenReturn(Optional.of(user));
    Command.State state = checkTokenCommand.execute(chainContextMock);
    assertThat(state).isEqualTo(CONTINUE);
    verify(chainContextMock).setUserName("batman");
    verify(auditMock).log(auditEventCaptor.capture());
    AuditLogEvent auditLogEvent = auditEventCaptor.getValue();
    assertThat(auditLogEvent.getCategory()).isEqualTo(AUTHENTICATION);
    assertThat(auditLogEvent.getUsername()).isEqualTo("batman");
    assertThat(auditLogEvent.getMessage()).isEqualTo(String.format("There was a successful reset password attempt for email address %s.", "bruce@wayneindustries.com"));
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) UserTestBuilder.aDefaultUser(org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser) User(org.simbasecurity.core.domain.User) Command(org.simbasecurity.core.chain.Command) Test(org.junit.Test)

Example 33 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class ResetPasswordCommandTest method execute_EmailKnown_WillSendMailAndRedirect.

@Test
public void execute_EmailKnown_WillSendMailAndRedirect() throws Exception {
    User user = aUser().build();
    when(chainContextMock.getEmail()).thenReturn(Optional.of("someEmail@bla.com"));
    when(credentialServiceMock.findUserByMail(emailFactory.email("someEmail@bla.com"))).thenReturn(Optional.ofNullable(user));
    AuditLogEvent auditLogEvent = mock(AuditLogEvent.class);
    when(auditLogEventFactory.createEventForUserAuthentication(eq(user.getName()), anyString())).thenReturn(auditLogEvent);
    Command.State state = resetPasswordCommand.execute(chainContextMock);
    verify(resetPasswordServiceMock).sendResetPasswordMessageTo(user, resetReason);
    assertThat(state).isEqualTo(FINISH);
    verify(chainContextMock).redirectToPasswordReset();
    verify(audit).log(auditLogEvent);
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) UserTestBuilder.aUser(org.simbasecurity.core.domain.UserTestBuilder.aUser) User(org.simbasecurity.core.domain.User) Command(org.simbasecurity.core.chain.Command) Test(org.junit.Test)

Example 34 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class ResetPasswordCommandTest method execute_EmailUnknown_WillNotSendMailButWillRedirect.

@Test
public void execute_EmailUnknown_WillNotSendMailButWillRedirect() throws Exception {
    when(chainContextMock.getEmail()).thenReturn(Optional.of("someEmail@bla.com"));
    when(credentialServiceMock.findUserByMail(emailFactory.email("someEmail@bla.com"))).thenReturn(Optional.empty());
    AuditLogEvent auditLogEvent = mock(AuditLogEvent.class);
    when(auditLogEventFactory.createEventForUserAuthentication(isNull(), anyString())).thenReturn(auditLogEvent);
    Command.State state = resetPasswordCommand.execute(chainContextMock);
    verifyZeroInteractions(resetPasswordServiceMock);
    assertThat(state).isEqualTo(FINISH);
    verify(chainContextMock).redirectToPasswordReset();
    verify(audit).log(auditLogEvent);
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) Command(org.simbasecurity.core.chain.Command) Test(org.junit.Test)

Example 35 with AuditLogEvent

use of org.simbasecurity.core.audit.AuditLogEvent in project simba-os by cegeka.

the class ResetPasswordServiceTest method sendMessageForNewUser_WillTriggerAuditloggingForNewUser.

@Test
public void sendMessageForNewUser_WillTriggerAuditloggingForNewUser() throws Exception {
    EmailAddress email = emailFactory.email("something@mail.com");
    User user = aDefaultUser().withUserName("otherTest").withEmail(email).withLanguage(en_US).build();
    Token token = Token.generateToken();
    when(tokenManagerMock.generateToken(user, newUserReason)).thenReturn(token);
    URL link = new URL("http://www.google.com");
    List<URL> links = Collections.singletonList(link);
    when(linkGeneratorMock.generateResetPasswordLinks(email, token)).thenReturn(links);
    when(templateServiceMock.createMailBodyWithLink(new TemplateWithLinks(newUserReason.getTemplate(), links), en_US)).thenReturn("someBody");
    when(templateServiceMock.createMailSubject(newUserReason.getSubjectTemplate(), en_US)).thenReturn("New user");
    ArgumentCaptor<AuditLogEvent> logCaptor = ArgumentCaptor.forClass(AuditLogEvent.class);
    resetPasswordService.sendResetPasswordMessageTo(user, newUserReason);
    verify(mailServiceMock).sendMail(mail().from(emailFactory.email("bla@hotmail.com")).to(email).subject("New user").body("someBody"));
    verify(auditMock).log(logCaptor.capture());
    assertThat(logCaptor.getValue()).extracting(AuditLogEvent::getUsername, AuditLogEvent::getMessage, AuditLogEvent::getCategory).containsExactly("otherTest", "Email has been sent to user for following reason: NewUser", AUTHENTICATION);
}
Also used : AuditLogEvent(org.simbasecurity.core.audit.AuditLogEvent) UserTestBuilder.aDefaultUser(org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser) User(org.simbasecurity.core.domain.User) Token(org.simbasecurity.core.domain.communication.token.Token) EmailAddress(org.simbasecurity.core.domain.user.EmailAddress) URL(java.net.URL) TemplateWithLinks(org.simbasecurity.core.service.communication.mail.template.TemplateWithLinks) Test(org.junit.Test)

Aggregations

AuditLogEvent (org.simbasecurity.core.audit.AuditLogEvent)36 Test (org.junit.Test)32 Command (org.simbasecurity.core.chain.Command)9 User (org.simbasecurity.core.domain.User)8 State (org.simbasecurity.core.chain.Command.State)6 UserTestBuilder.aDefaultUser (org.simbasecurity.core.domain.UserTestBuilder.aDefaultUser)6 SSOToken (org.simbasecurity.api.service.thrift.SSOToken)4 Token (org.simbasecurity.core.domain.communication.token.Token)3 URL (java.net.URL)2 PolicyDecision (org.simbasecurity.api.service.thrift.PolicyDecision)2 Session (org.simbasecurity.core.domain.Session)2 EmailAddress (org.simbasecurity.core.domain.user.EmailAddress)2 TemplateWithLinks (org.simbasecurity.core.service.communication.mail.template.TemplateWithLinks)2 Optional (java.util.Optional)1 Audit (org.simbasecurity.core.audit.Audit)1 AuditLogEventFactory (org.simbasecurity.core.audit.AuditLogEventFactory)1 ChainContext (org.simbasecurity.core.chain.ChainContext)1 CONTINUE (org.simbasecurity.core.chain.Command.State.CONTINUE)1 FINISH (org.simbasecurity.core.chain.Command.State.FINISH)1 UserTestBuilder.aUser (org.simbasecurity.core.domain.UserTestBuilder.aUser)1