@Test(expected = ScimException.class)
public void changePasswordRequestFailsForAdminWithoutOwnCurrentPassword() {
endpoints.setSecurityContextAccessor(mockSecurityContext(joel));
PasswordChangeRequest change = new PasswordChangeRequest();
change.setPassword("newpassword");
endpoints.changePassword(joel.getId(), change);
}
@Test(expected = BadCredentialsException.class)
public void changePasswordFailsForUserIfTheySupplyWrongCurrentPassword() {
endpoints.setSecurityContextAccessor(mockSecurityContext(joel));
PasswordChangeRequest change = new PasswordChangeRequest();
change.setPassword("newpassword");
change.setOldPassword("wrongpassword");
endpoints.changePassword(joel.getId(), change);
}
@Test(expected = ScimException.class)
public void userCantChangeAnotherUsersPassword() {
endpoints.setSecurityContextAccessor(mockSecurityContext(joel));
PasswordChangeRequest change = new PasswordChangeRequest();
change.setOldPassword("password");
change.setPassword("newpassword");
endpoints.changePassword(dale.getId(), change);
}
@Test
public void userCanChangeTheirOwnPasswordIfTheySupplyCorrectCurrentPassword() {
endpoints.setSecurityContextAccessor(mockSecurityContext(joel));
PasswordChangeRequest change = new PasswordChangeRequest();
change.setOldPassword("password");
change.setPassword("newpassword");
endpoints.changePassword(joel.getId(), change);
}
@Test
public void clientCanChangeUserPasswordWithoutCurrentPassword() {
SecurityContextAccessor sca = mockSecurityContext(joel);
when(sca.isClient()).thenReturn(true);
endpoints.setSecurityContextAccessor(sca);
PasswordChangeRequest change = new PasswordChangeRequest();
change.setPassword("newpassword");
endpoints.changePassword(joel.getId(), change);
}
@Test
public void adminCanChangeAnotherUsersPassword() {
SecurityContextAccessor sca = mockSecurityContext(dale);
when(sca.isAdmin()).thenReturn(true);
endpoints.setSecurityContextAccessor(sca);
PasswordChangeRequest change = new PasswordChangeRequest();
change.setPassword("newpassword");
endpoints.changePassword(joel.getId(), change);
}
@Test
public void passwordIsValidated() throws Exception {
endpoints.setSecurityContextAccessor(mockSecurityContext(joel));
PasswordValidator mockPasswordValidator = mock(PasswordValidator.class);
endpoints.setPasswordValidator(mockPasswordValidator);
PasswordChangeRequest change = new PasswordChangeRequest();
change.setOldPassword("password");
change.setPassword("newpassword");
endpoints.changePassword(joel.getId(), change);
verify(mockPasswordValidator).validate("newpassword");
}
@Test
public void changePasswordFailsForNewPasswordIsSameAsCurrentPassword() {
endpoints.setSecurityContextAccessor(mockSecurityContext(joel));
PasswordChangeRequest change = new PasswordChangeRequest();
change.setPassword("password");
change.setOldPassword("password");
try {
endpoints.changePassword(joel.getId(), change);
fail();
} catch (InvalidPasswordException e) {
assertEquals(
"Your new password cannot be the same as the old password.", e.getLocalizedMessage());
}
}
@Before
public void setup() {
JdbcTemplate jdbcTemplate = new JdbcTemplate(database);
JdbcScimUserProvisioning dao =
new JdbcScimUserProvisioning(
jdbcTemplate, new JdbcPagingListFactory(jdbcTemplate, new DefaultLimitSqlAdapter()));
dao.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
endpoints = new PasswordChangeEndpoint();
endpoints.setScimUserProvisioning(dao);
joel = new ScimUser(null, "jdsa", "Joel", "D'sa");
joel.addEmail("*****@*****.**");
dale = new ScimUser(null, "olds", "Dale", "Olds");
dale.addEmail("*****@*****.**");
joel = dao.createUser(joel, "password");
dale = dao.createUser(dale, "password");
}