private void assertOnCreatedUser(ExternalUser user) throws Exception {
   assertThat(user, is(notNullValue()));
   User foundUser = userRepository.findByUuid(user.getId().toString());
   assertThat(foundUser, is(notNullValue()));
   assertThat(foundUser.getSessions().last().getToken(), is(notNullValue()));
   assertThat(
       foundUser.getSessions().last().getToken(),
       is(user.getSessions().get(user.getSessions().size() - 1).getSessionToken()));
   assertThat(foundUser.hasRole(Role.anonymous), is(false));
   assertThat(foundUser.hasRole(Role.authenticated), is(true));
   assertThat(foundUser.isVerified(), is(false));
 }
 @Test
 public void validLoginWithEmailAddress() throws Exception {
   CreateUserRequest request = getDefaultCreateUserRequest();
   ExternalUser createdUser = userService.createUser(request, Role.authenticated);
   String sessionToken = createdUser.getSessions().get(0).getSessionToken();
   LoginRequest loginRequest = new LoginRequest();
   loginRequest.setUsername(request.getUser().getEmailAddress());
   loginRequest.setPassword(request.getPassword().getPassword());
   ExternalUser loggedInUser = userService.login(loginRequest);
   assertThat(loggedInUser.getId().toString(), is(createdUser.getId().toString()));
   assertThat(loggedInUser.getSessions().get(0), is(notNullValue()));
   // check that a new token was issued
   assertThat(loggedInUser.getSessions().get(0).getSessionToken(), is(not(sessionToken)));
   assertThat(loggedInUser.isVerified(), is(false));
 }
 @Test
 public void saveActiveSession() {
   CreateUserRequest request = getDefaultCreateUserRequest();
   ExternalUser createdUser = userService.createUser(request, Role.authenticated);
   UserSession sessionToken1 = createdUser.getSessions().get(0);
   LoginRequest loginRequest = new LoginRequest();
   loginRequest.setUsername(request.getUser().getEmailAddress());
   loginRequest.setPassword(request.getPassword().getPassword());
   UserSession sessionToken2 = userService.login(loginRequest).getSessions().get(0);
   createdUser.setActiveSession(sessionToken1);
   userService.saveUserSession(createdUser);
   ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
   // most recently used token
   assertThat(
       updatedUser.getSessions().get(0).getSessionToken(), is(sessionToken1.getSessionToken()));
 }
 @Test
 public void getMostRecentSession() {
   CreateUserRequest request = getDefaultCreateUserRequest();
   ExternalUser createdUser = userService.createUser(request, Role.authenticated);
   String sessionToken = createdUser.getSessions().get(0).getSessionToken();
   LoginRequest loginRequest = new LoginRequest();
   loginRequest.setUsername(request.getUser().getEmailAddress());
   loginRequest.setPassword(request.getPassword().getPassword());
   String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
   String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
   ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
   assertThat(updatedUser.getSessions().size(), is(3));
   assertThat(updatedUser.getActiveSession(), is(nullValue()));
   assertThat(
       updatedUser.getSessions().get(0).getSessionToken(),
       is(session2)); // most recently updated session
 }
  @Test
  public void multipleLoginsGetDifferentSessionToken() {
    CreateUserRequest request = getDefaultCreateUserRequest();
    ExternalUser createdUser = userService.createUser(request, Role.authenticated);
    String sessionToken = createdUser.getSessions().get(0).getSessionToken();
    LoginRequest loginRequest = new LoginRequest();
    loginRequest.setUsername(request.getUser().getEmailAddress());
    loginRequest.setPassword(request.getPassword().getPassword());
    String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
    String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();

    assertThat(session1, is(not(session2)));
  }
  @Test
  public void cleanUpExpiredSessions() {

    CreateUserRequest request = getDefaultCreateUserRequest();
    ExternalUser createdUser = userService.createUser(request, Role.authenticated);
    LoginRequest loginRequest = new LoginRequest();
    loginRequest.setUsername(request.getUser().getEmailAddress());
    loginRequest.setPassword(request.getPassword().getPassword());
    userService.login(loginRequest).getSessions().get(0).getSessionToken();
    userService.login(loginRequest).getSessions().get(0).getSessionToken();
    userService.deleteExpiredSessions(-1);
    ExternalUser externalUser = userService.getUser(createdUser, createdUser.getId());
    assertThat(externalUser.getSessions().size(), is(0));
  }