@Test
public void multipleLoginsGetDifferentSessionToken() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
String sessionToken = createdUser.getSessions().get(0).getSessionToken();
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
assertThat(session1, is(not(session2)));
}
@Test
public void cleanUpExpiredSessions() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
userService.login(loginRequest).getSessions().get(0).getSessionToken();
userService.login(loginRequest).getSessions().get(0).getSessionToken();
userService.deleteExpiredSessions(-1);
ExternalUser externalUser = userService.getUser(createdUser, createdUser.getId());
assertThat(externalUser.getSessions().size(), is(0));
}
@Test
public void validLoginWithEmailAddress() throws Exception {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
String sessionToken = createdUser.getSessions().get(0).getSessionToken();
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
ExternalUser loggedInUser = userService.login(loginRequest);
assertThat(loggedInUser.getId().toString(), is(createdUser.getId().toString()));
assertThat(loggedInUser.getSessions().get(0), is(notNullValue()));
// check that a new token was issued
assertThat(loggedInUser.getSessions().get(0).getSessionToken(), is(not(sessionToken)));
assertThat(loggedInUser.isVerified(), is(false));
}
@Test
public void saveActiveSession() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
UserSession sessionToken1 = createdUser.getSessions().get(0);
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
UserSession sessionToken2 = userService.login(loginRequest).getSessions().get(0);
createdUser.setActiveSession(sessionToken1);
userService.saveUserSession(createdUser);
ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
// most recently used token
assertThat(
updatedUser.getSessions().get(0).getSessionToken(), is(sessionToken1.getSessionToken()));
}
@Test
public void getMostRecentSession() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
String sessionToken = createdUser.getSessions().get(0).getSessionToken();
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
assertThat(updatedUser.getSessions().size(), is(3));
assertThat(updatedUser.getActiveSession(), is(nullValue()));
assertThat(
updatedUser.getSessions().get(0).getSessionToken(),
is(session2)); // most recently updated session
}