use of uk.gov.pay.adminusers.model.User in project pay-adminusers by alphagov.
the class UserServicesTest method shouldReturnUserAndNotResetLoginCount_ifAuthenticationSuccessfulButUserDisabled.
@Test
void shouldReturnUserAndNotResetLoginCount_ifAuthenticationSuccessfulButUserDisabled() {
User user = aUser();
user.setLoginCounter(2);
user.setDisabled(true);
UserEntity userEntity = aUserEntityWithTrimmings(user);
userEntity.setPassword("hashed-password");
when(mockPasswordHasher.isEqual("random-password", "hashed-password")).thenReturn(true);
when(mockUserDao.findByUsername(USER_USERNAME)).thenReturn(Optional.of(userEntity));
Optional<User> userOptional = underTest.authenticate(USER_USERNAME, "random-password");
assertTrue(userOptional.isPresent());
User authenticatedUser = userOptional.get();
assertThat(authenticatedUser.getUsername(), is(USER_USERNAME));
assertThat(authenticatedUser.isDisabled(), is(true));
assertThat(authenticatedUser.getLinks().size(), is(1));
assertThat(userEntity.getLoginCounter(), is(2));
}
use of uk.gov.pay.adminusers.model.User in project pay-adminusers by alphagov.
the class UserServicesTest method shouldReturnEmptyAndDisable_whenAuthenticate2FA_ifUnsuccessfulMaxRetry.
@Test
void shouldReturnEmptyAndDisable_whenAuthenticate2FA_ifUnsuccessfulMaxRetry() {
User user = aUser();
user.setLoginCounter(3);
UserEntity userEntity = aUserEntityWithTrimmings(user);
when(mockUserDao.findByExternalId(user.getExternalId())).thenReturn(Optional.of(userEntity));
when(mockSecondFactorAuthenticator.authorize(user.getOtpKey(), 123456)).thenReturn(false);
when(mockUserDao.merge(userEntityArgumentCaptor.capture())).thenReturn(mock(UserEntity.class));
Optional<User> tokenOptional = underTest.authenticateSecondFactor(user.getExternalId(), 123456);
assertFalse(tokenOptional.isPresent());
UserEntity savedUser = userEntityArgumentCaptor.getValue();
assertThat(savedUser.getLoginCounter(), is(4));
assertThat(savedUser.isDisabled(), is(true));
}
use of uk.gov.pay.adminusers.model.User in project pay-adminusers by alphagov.
the class UserServicesTest method shouldReturnUser_whenActivateNewOtpKey_ifCodeIncorrect.
@Test
void shouldReturnUser_whenActivateNewOtpKey_ifCodeIncorrect() {
User user = aUser();
UserEntity userEntity = UserEntity.from(user);
userEntity.setSecondFactor(SecondFactorMethod.SMS);
userEntity.setOtpKey("Original OTP key");
userEntity.setProvisionalOtpKey("New OTP key");
userEntity.setProvisionalOtpKeyCreatedAt(ZonedDateTime.now(ZoneOffset.UTC).minusMinutes(89));
when(mockUserDao.findByExternalId(user.getExternalId())).thenReturn(Optional.of(userEntity));
when(mockSecondFactorAuthenticator.authorize("New OTP key", 123456)).thenReturn(false);
Optional<User> result = underTest.activateNewOtpKey(user.getExternalId(), SecondFactorMethod.APP, 123456);
assertFalse(result.isPresent());
assertThat(userEntity.getOtpKey(), is("Original OTP key"));
assertThat(userEntity.getSecondFactor(), is(SecondFactorMethod.SMS));
verify(mockUserDao, never()).merge(any(UserEntity.class));
}
use of uk.gov.pay.adminusers.model.User in project pay-adminusers by alphagov.
the class UserServicesTest method shouldReturnUser_whenActivateNewOtpKey_ifProvisionalOtpCodeCreatedAtTooLongAgo.
@Test
void shouldReturnUser_whenActivateNewOtpKey_ifProvisionalOtpCodeCreatedAtTooLongAgo() {
User user = aUser();
UserEntity userEntity = UserEntity.from(user);
userEntity.setSecondFactor(SecondFactorMethod.SMS);
userEntity.setOtpKey("Original OTP key");
userEntity.setProvisionalOtpKey("New OTP key");
userEntity.setProvisionalOtpKeyCreatedAt(ZonedDateTime.now(ZoneOffset.UTC).minusMinutes(91));
when(mockUserDao.findByExternalId(user.getExternalId())).thenReturn(Optional.of(userEntity));
Optional<User> result = underTest.activateNewOtpKey(user.getExternalId(), SecondFactorMethod.APP, 123456);
assertFalse(result.isPresent());
assertThat(userEntity.getOtpKey(), is("Original OTP key"));
assertThat(userEntity.getSecondFactor(), is(SecondFactorMethod.SMS));
verify(mockUserDao, never()).merge(any(UserEntity.class));
}
use of uk.gov.pay.adminusers.model.User in project pay-adminusers by alphagov.
the class UserServicesTest method shouldReturnEmptyAndIncrementLoginCount_ifAuthenticationFail.
@Test
void shouldReturnEmptyAndIncrementLoginCount_ifAuthenticationFail() {
User user = aUser();
user.setLoginCounter(1);
UserEntity userEntity = aUserEntityWithTrimmings(user);
userEntity.setPassword("hashed-password");
when(mockUserDao.findByUsername(USER_USERNAME)).thenReturn(Optional.of(UserEntity.from(user)));
when(mockUserDao.merge(userEntityArgumentCaptor.capture())).thenReturn(mock(UserEntity.class));
Optional<User> userOptional = underTest.authenticate(USER_USERNAME, "random-password");
assertFalse(userOptional.isPresent());
UserEntity savedUser = userEntityArgumentCaptor.getValue();
assertTrue(within(3, SECONDS, savedUser.getCreatedAt()).matches(savedUser.getUpdatedAt()));
assertThat(savedUser.getLoginCounter(), is(2));
assertThat(savedUser.isDisabled(), is(false));
}
Aggregations