@Test public void multipleLoginsGetDifferentSessionToken() { CreateUserRequest request = getDefaultCreateUserRequest(); ExternalUser createdUser = userService.createUser(request, Role.authenticated); String sessionToken = createdUser.getSessions().get(0).getSessionToken(); LoginRequest loginRequest = new LoginRequest(); loginRequest.setUsername(request.getUser().getEmailAddress()); loginRequest.setPassword(request.getPassword().getPassword()); String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken(); String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken(); assertThat(session1, is(not(session2))); }
@Test public void cleanUpExpiredSessions() { CreateUserRequest request = getDefaultCreateUserRequest(); ExternalUser createdUser = userService.createUser(request, Role.authenticated); LoginRequest loginRequest = new LoginRequest(); loginRequest.setUsername(request.getUser().getEmailAddress()); loginRequest.setPassword(request.getPassword().getPassword()); userService.login(loginRequest).getSessions().get(0).getSessionToken(); userService.login(loginRequest).getSessions().get(0).getSessionToken(); userService.deleteExpiredSessions(-1); ExternalUser externalUser = userService.getUser(createdUser, createdUser.getId()); assertThat(externalUser.getSessions().size(), is(0)); }
@Test public void validLoginWithEmailAddress() throws Exception { CreateUserRequest request = getDefaultCreateUserRequest(); ExternalUser createdUser = userService.createUser(request, Role.authenticated); String sessionToken = createdUser.getSessions().get(0).getSessionToken(); LoginRequest loginRequest = new LoginRequest(); loginRequest.setUsername(request.getUser().getEmailAddress()); loginRequest.setPassword(request.getPassword().getPassword()); ExternalUser loggedInUser = userService.login(loginRequest); assertThat(loggedInUser.getId().toString(), is(createdUser.getId().toString())); assertThat(loggedInUser.getSessions().get(0), is(notNullValue())); // check that a new token was issued assertThat(loggedInUser.getSessions().get(0).getSessionToken(), is(not(sessionToken))); assertThat(loggedInUser.isVerified(), is(false)); }
@Test public void saveActiveSession() { CreateUserRequest request = getDefaultCreateUserRequest(); ExternalUser createdUser = userService.createUser(request, Role.authenticated); UserSession sessionToken1 = createdUser.getSessions().get(0); LoginRequest loginRequest = new LoginRequest(); loginRequest.setUsername(request.getUser().getEmailAddress()); loginRequest.setPassword(request.getPassword().getPassword()); UserSession sessionToken2 = userService.login(loginRequest).getSessions().get(0); createdUser.setActiveSession(sessionToken1); userService.saveUserSession(createdUser); ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId()); // most recently used token assertThat( updatedUser.getSessions().get(0).getSessionToken(), is(sessionToken1.getSessionToken())); }
@Test public void getMostRecentSession() { CreateUserRequest request = getDefaultCreateUserRequest(); ExternalUser createdUser = userService.createUser(request, Role.authenticated); String sessionToken = createdUser.getSessions().get(0).getSessionToken(); LoginRequest loginRequest = new LoginRequest(); loginRequest.setUsername(request.getUser().getEmailAddress()); loginRequest.setPassword(request.getPassword().getPassword()); String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken(); String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken(); ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId()); assertThat(updatedUser.getSessions().size(), is(3)); assertThat(updatedUser.getActiveSession(), is(nullValue())); assertThat( updatedUser.getSessions().get(0).getSessionToken(), is(session2)); // most recently updated session }