@Test(expected = ValidationException.class)
public void updateUserWithInvalidEmailAddress() {
ExternalUser user = createUserWithRandomUserName(Role.authenticated);
UpdateUserRequest request = new UpdateUserRequest();
request.setEmailAddress("NotAValidEmailAddress");
userService.saveUser(user.getId().toString(), request);
}
@Test(expected = ValidationException.class)
public void badNameRequest() {
CreateUserRequest request = new CreateUserRequest();
ExternalUser user = getUser();
user.setFirstName(RandomStringUtils.random(101));
request.setUser(user);
request.setPassword(new PasswordRequest());
userService.createUser(request, Role.authenticated);
}
private void assertOnCreatedUser(ExternalUser user) throws Exception {
assertThat(user, is(notNullValue()));
User foundUser = userRepository.findByUuid(user.getId().toString());
assertThat(foundUser, is(notNullValue()));
assertThat(foundUser.getSessions().last().getToken(), is(notNullValue()));
assertThat(
foundUser.getSessions().last().getToken(),
is(user.getSessions().get(user.getSessions().size() - 1).getSessionToken()));
assertThat(foundUser.hasRole(Role.anonymous), is(false));
assertThat(foundUser.hasRole(Role.authenticated), is(true));
assertThat(foundUser.isVerified(), is(false));
}
@Test
public void multipleLoginsGetDifferentSessionToken() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
String sessionToken = createdUser.getSessions().get(0).getSessionToken();
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
assertThat(session1, is(not(session2)));
}
@Test
public void updateUser() {
ExternalUser user = createUserWithRandomUserName(Role.authenticated);
UpdateUserRequest request = new UpdateUserRequest();
request.setFirstName("foo");
request.setLastName("bar");
request.setEmailAddress("*****@*****.**");
userService.saveUser(user.getId(), request);
User loadedUser = userRepository.findByUuid(user.getId());
assertThat(loadedUser.getFirstName(), is("foo"));
assertThat(loadedUser.getLastName(), is("bar"));
assertThat(loadedUser.getEmailAddress(), is("*****@*****.**"));
}
@Test
public void cleanUpExpiredSessions() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
userService.login(loginRequest).getSessions().get(0).getSessionToken();
userService.login(loginRequest).getSessions().get(0).getSessionToken();
userService.deleteExpiredSessions(-1);
ExternalUser externalUser = userService.getUser(createdUser, createdUser.getId());
assertThat(externalUser.getSessions().size(), is(0));
}
@Test
public void validLoginWithEmailAddress() throws Exception {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
String sessionToken = createdUser.getSessions().get(0).getSessionToken();
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
ExternalUser loggedInUser = userService.login(loginRequest);
assertThat(loggedInUser.getId().toString(), is(createdUser.getId().toString()));
assertThat(loggedInUser.getSessions().get(0), is(notNullValue()));
// check that a new token was issued
assertThat(loggedInUser.getSessions().get(0).getSessionToken(), is(not(sessionToken)));
assertThat(loggedInUser.isVerified(), is(false));
}
@Test
public void getMostRecentSession() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
String sessionToken = createdUser.getSessions().get(0).getSessionToken();
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
String session1 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
String session2 = userService.login(loginRequest).getSessions().get(0).getSessionToken();
ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
assertThat(updatedUser.getSessions().size(), is(3));
assertThat(updatedUser.getActiveSession(), is(nullValue()));
assertThat(
updatedUser.getSessions().get(0).getSessionToken(),
is(session2)); // most recently updated session
}
@Test
public void saveActiveSession() {
CreateUserRequest request = getDefaultCreateUserRequest();
ExternalUser createdUser = userService.createUser(request, Role.authenticated);
UserSession sessionToken1 = createdUser.getSessions().get(0);
LoginRequest loginRequest = new LoginRequest();
loginRequest.setUsername(request.getUser().getEmailAddress());
loginRequest.setPassword(request.getPassword().getPassword());
UserSession sessionToken2 = userService.login(loginRequest).getSessions().get(0);
createdUser.setActiveSession(sessionToken1);
userService.saveUserSession(createdUser);
ExternalUser updatedUser = userService.getUser(createdUser, createdUser.getId());
// most recently used token
assertThat(
updatedUser.getSessions().get(0).getSessionToken(), is(sessionToken1.getSessionToken()));
}
@Test
public void getUserByEmailAddress() {
ExternalUser user = createUserWithRandomUserName(Role.authenticated);
ExternalUser foundUser = userService.getUser(user, user.getEmailAddress());
assertThat(foundUser.getId(), is(user.getId()));
}
@Test
public void getValidUser() {
ExternalUser user = createUserWithRandomUserName(Role.authenticated);
ExternalUser foundUser = userService.getUser(user, user.getId().toString());
assertThat(foundUser.getId(), is(user.getId()));
}
@Test(expected = AuthorizationException.class)
public void userNotAuthorizedToDelete() {
ExternalUser userOne = createUserWithRandomUserName(Role.authenticated);
ExternalUser user = createUserWithRandomUserName(Role.authenticated);
userService.deleteUser(userOne, user.getId().toString());
}