@Test(expected = ValidationException.class)
 public void nullPasswordRequest() {
   CreateUserRequest request = new CreateUserRequest();
   request.setUser(getUser());
   request.setPassword(new PasswordRequest());
   userService.createUser(request, Role.authenticated);
 }
 @Test(expected = ValidationException.class)
 public void nullEmailAndUsernameRequest() {
   CreateUserRequest request = new CreateUserRequest();
   ExternalUser user =
       ExternalUserBuilder.create().withFirstName("John").withLastName("Smith").build();
   request.setUser(user);
   request.setPassword(new PasswordRequest("password"));
   userService.createUser(request, Role.authenticated);
 }
 @Test(expected = ValidationException.class)
 public void badNameRequest() {
   CreateUserRequest request = new CreateUserRequest();
   ExternalUser user = getUser();
   user.setFirstName(RandomStringUtils.random(101));
   request.setUser(user);
   request.setPassword(new PasswordRequest());
   userService.createUser(request, Role.authenticated);
 }
 @Test(expected = AuthenticationException.class)
 public void invalidPassword() {
   CreateUserRequest request = getDefaultCreateUserRequest();
   ExternalUser user = userService.createUser(request, Role.authenticated);
   LoginRequest loginRequest = new LoginRequest();
   loginRequest.setUsername(request.getUser().getEmailAddress());
   loginRequest.setPassword("qwerty123");
   userService.login(loginRequest);
 }
  @Test
  public void multipleLoginsGetDifferentSessionToken() {
    CreateUserRequest request = getDefaultCreateUserRequest();
    ExternalUser createdUser = userService.createUser(request, Role.authenticated);
    String sessionToken = createdUser.getSessions().get(0).getSessionToken();
    LoginRequest loginRequest = new LoginRequest();
    loginRequest.setUsername(request.getUser().getEmailAddress());
    loginRequest.setPassword(request.getPassword().getPassword());
    String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
    String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();

    assertThat(session1, is(not(session2)));
  }
  @Test
  public void cleanUpExpiredSessions() {

    CreateUserRequest request = getDefaultCreateUserRequest();
    ExternalUser createdUser = userService.createUser(request, Role.authenticated);
    LoginRequest loginRequest = new LoginRequest();
    loginRequest.setUsername(request.getUser().getEmailAddress());
    loginRequest.setPassword(request.getPassword().getPassword());
    userService.login(loginRequest).getSessions().get(0).getSessionToken();
    userService.login(loginRequest).getSessions().get(0).getSessionToken();
    userService.deleteExpiredSessions(-1);
    ExternalUser externalUser = userService.getUser(createdUser, createdUser.getId());
    assertThat(externalUser.getSessions().size(), is(0));
  }
 @Test
 public void validLoginWithEmailAddress() throws Exception {
   CreateUserRequest request = getDefaultCreateUserRequest();
   ExternalUser createdUser = userService.createUser(request, Role.authenticated);
   String sessionToken = createdUser.getSessions().get(0).getSessionToken();
   LoginRequest loginRequest = new LoginRequest();
   loginRequest.setUsername(request.getUser().getEmailAddress());
   loginRequest.setPassword(request.getPassword().getPassword());
   ExternalUser loggedInUser = userService.login(loginRequest);
   assertThat(loggedInUser.getId().toString(), is(createdUser.getId().toString()));
   assertThat(loggedInUser.getSessions().get(0), is(notNullValue()));
   // check that a new token was issued
   assertThat(loggedInUser.getSessions().get(0).getSessionToken(), is(not(sessionToken)));
   assertThat(loggedInUser.isVerified(), is(false));
 }
 @Test
 public void saveActiveSession() {
   CreateUserRequest request = getDefaultCreateUserRequest();
   ExternalUser createdUser = userService.createUser(request, Role.authenticated);
   UserSession sessionToken1 = createdUser.getSessions().get(0);
   LoginRequest loginRequest = new LoginRequest();
   loginRequest.setUsername(request.getUser().getEmailAddress());
   loginRequest.setPassword(request.getPassword().getPassword());
   UserSession sessionToken2 = userService.login(loginRequest).getSessions().get(0);
   createdUser.setActiveSession(sessionToken1);
   userService.saveUserSession(createdUser);
   ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
   // most recently used token
   assertThat(
       updatedUser.getSessions().get(0).getSessionToken(), is(sessionToken1.getSessionToken()));
 }
 @Test
 public void getMostRecentSession() {
   CreateUserRequest request = getDefaultCreateUserRequest();
   ExternalUser createdUser = userService.createUser(request, Role.authenticated);
   String sessionToken = createdUser.getSessions().get(0).getSessionToken();
   LoginRequest loginRequest = new LoginRequest();
   loginRequest.setUsername(request.getUser().getEmailAddress());
   loginRequest.setPassword(request.getPassword().getPassword());
   String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
   String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
   ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
   assertThat(updatedUser.getSessions().size(), is(3));
   assertThat(updatedUser.getActiveSession(), is(nullValue()));
   assertThat(
       updatedUser.getSessions().get(0).getSessionToken(),
       is(session2)); // most recently updated session
 }