@Test
public void assertThatResetKeyMustBeValid() {
User user =
userService.createUserInformation(
"johndoe", "johndoe", "John", "Doe", "john.doe@localhost", "en-US");
ZonedDateTime daysAgo = ZonedDateTime.now().minusHours(25);
user.setActivated(true);
user.setResetDate(daysAgo);
user.setResetKey("1234");
userRepository.save(user);
Optional<User> maybeUser = userService.completePasswordReset("johndoe2", user.getResetKey());
assertThat(maybeUser.isPresent()).isFalse();
userRepository.delete(user);
}
@Override
protected void onLoginSuccess(
HttpServletRequest request,
HttpServletResponse response,
Authentication successfulAuthentication) {
String login = successfulAuthentication.getName();
log.debug("Creating new persistent login for user {}", login);
PersistentToken token =
userRepository
.findOneByLogin(login)
.map(
u -> {
PersistentToken t = new PersistentToken();
t.setSeries(generateSeriesData());
t.setUser(u);
t.setTokenValue(generateTokenData());
t.setTokenDate(LocalDate.now());
t.setIpAddress(request.getRemoteAddr());
t.setUserAgent(request.getHeader("User-Agent"));
return t;
})
.orElseThrow(
() ->
new UsernameNotFoundException(
"User " + login + " was not found in the database"));
try {
persistentTokenRepository.saveAndFlush(token);
addCookie(token, request, response);
} catch (DataAccessException e) {
log.error("Failed to save persistent token ", e);
}
}
@Test
public void testFindNotActivatedUsersByCreationDateBefore() {
userService.removeNotActivatedUsers();
ZonedDateTime now = ZonedDateTime.now();
List<User> users =
userRepository.findAllByActivatedIsFalseAndCreatedDateBefore(now.minusDays(3));
assertThat(users).isEmpty();
}
@Test
public void assertThatOnlyActivatedUserCanRequestPasswordReset() {
User user =
userService.createUserInformation(
"johndoe", "johndoe", "John", "Doe", "john.doe@localhost", "en-US");
Optional<User> maybeUser = userService.requestPasswordReset("john.doe@localhost");
assertThat(maybeUser.isPresent()).isFalse();
userRepository.delete(user);
}
@Test
public void testRemoveOldPersistentTokens() {
User admin = userRepository.findOneByLogin("admin").get();
int existingCount = persistentTokenRepository.findByUser(admin).size();
generateUserToken(admin, "1111-1111", LocalDate.now());
LocalDate now = LocalDate.now();
generateUserToken(admin, "2222-2222", now.minusDays(32));
assertThat(persistentTokenRepository.findByUser(admin)).hasSize(existingCount + 2);
userService.removeOldPersistentTokens();
assertThat(persistentTokenRepository.findByUser(admin)).hasSize(existingCount + 1);
}
@Test
public void assertThatUserCanResetPassword() {
User user =
userService.createUserInformation(
"johndoe", "johndoe", "John", "Doe", "john.doe@localhost", "en-US");
String oldPassword = user.getPassword();
ZonedDateTime daysAgo = ZonedDateTime.now().minusHours(2);
String resetKey = RandomUtil.generateResetKey();
user.setActivated(true);
user.setResetDate(daysAgo);
user.setResetKey(resetKey);
userRepository.save(user);
Optional<User> maybeUser = userService.completePasswordReset("johndoe2", user.getResetKey());
assertThat(maybeUser.isPresent()).isTrue();
assertThat(maybeUser.get().getResetDate()).isNull();
assertThat(maybeUser.get().getResetKey()).isNull();
assertThat(maybeUser.get().getPassword()).isNotEqualTo(oldPassword);
userRepository.delete(user);
}
