1   package org.apache.turbine.services.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import java.util.List;
23  
24  import junit.framework.Test;
25  import junit.framework.TestSuite;
26  
27  import org.apache.turbine.om.security.User;
28  import org.apache.turbine.test.BaseTurbineHsqlTest;
29  import org.apache.turbine.util.security.DataBackendException;
30  import org.apache.turbine.util.security.EntityExistsException;
31  import org.apache.turbine.util.security.PasswordMismatchException;
32  import org.apache.turbine.util.security.UnknownEntityException;
33  
34  public class TestSecurityUserManager
35          extends BaseTurbineHsqlTest
36  {
37      public TestSecurityUserManager(String name)
38              throws Exception
39      {
40          super(name, "conf/test/TurbineResources.properties");
41      }
42  
43      public static Test suite()
44      {
45          return new TestSuite(TestSecurityUserManager.class);
46      }
47  
48      private void checkUserList()
49              throws Exception
50      {
51          SecurityService ss = TurbineSecurity.getService();
52          UserManager um = ss.getUserManager();
53          assertEquals("User added to storage!", um.retrieveList(new org.apache.torque.util.Criteria()).size(), 2);
54      }
55  
56      public void testUserManager1()
57      	throws Exception
58      {
59          SecurityService ss = TurbineSecurity.getService();
60          UserManager um = ss.getUserManager();
61  
62          assertTrue(um.accountExists("admin"));
63          assertFalse(um.accountExists("does-not-exist"));
64  
65          User admin = um.retrieve("admin");
66          assertTrue(um.accountExists(admin));
67  
68          User doesNotExist = TurbineSecurity.getUserInstance();
69          assertFalse(um.accountExists(doesNotExist));
70  
71          checkUserList();
72      }
73  
74      public void testUserManager2()
75      	throws Exception
76      {
77          SecurityService ss = TurbineSecurity.getService();
78          UserManager um = ss.getUserManager();
79  
80          User admin = um.retrieve("admin");
81  
82          try
83          {
84              User doesNotExist = um.retrieve("does-not-exist");
85              fail("Non existing Account was retrieved");
86          }
87          catch (Exception e)
88          {
89              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
90          }
91  
92          checkUserList();
93      }
94  
95      public void testUserManager3()
96      	throws Exception
97      {
98          SecurityService ss = TurbineSecurity.getService();
99          UserManager um = ss.getUserManager();
100 
101         User admin = um.retrieve("admin", "admin");
102 
103         try
104         {
105             admin = um.retrieve("admin", "no such password");
106             fail("User was authenticated with wrong password");
107         }
108         catch (Exception e)
109         {
110             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
111         }
112 
113         checkUserList();
114     }
115 
116     public void testUserManager4()
117     	throws Exception
118     {
119         SecurityService ss = TurbineSecurity.getService();
120         UserManager um = ss.getUserManager();
121 
122         User admin = um.retrieve("admin");
123         um.store(admin);
124 
125         try
126         {
127             User newbie = TurbineSecurity.getUserInstance();
128             newbie.setName("newbie");
129 
130             um.store(newbie);
131             fail("Non Existing User could be stored!");
132         }
133         catch (Exception e)
134         {
135             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
136         }
137 
138         checkUserList();
139     }
140 
141     public void testUserManager5()
142     	throws Exception
143     {
144         SecurityService ss = TurbineSecurity.getService();
145         UserManager um = ss.getUserManager();
146 
147         User admin = um.retrieve("admin");
148 
149         um.authenticate(admin, "admin");
150 
151         try
152         {
153             User newbie = TurbineSecurity.getUserInstance();
154             newbie.setName("newbie");
155 
156             um.authenticate(newbie, "somePw");
157             fail("User was authenticated with wrong password");
158         }
159         catch (Exception e)
160         {
161             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
162         }
163 
164         checkUserList();
165     }
166 
167     public void testUserManager6()
168             throws Exception
169     {
170         SecurityService ss = TurbineSecurity.getService();
171         UserManager um = ss.getUserManager();
172 
173         User [] users = um.retrieve(new org.apache.torque.util.Criteria());
174         assertNotNull(users);
175         assertEquals("Wrong number of users retrieved!", users.length, 2);
176 
177         List userList = um.retrieveList(new org.apache.torque.util.Criteria());
178         assertNotNull(userList);
179         assertEquals("Wrong number of userList retrieved!", userList.size(), 2);
180 
181         assertEquals("Array and List have different sizes!", users.length, userList.size());
182 
183         checkUserList();
184     }
185 
186     public void testUserManager7()
187     	throws Exception
188     {
189         SecurityService ss = TurbineSecurity.getService();
190         UserManager um = ss.getUserManager();
191 
192         User admin = um.retrieveById(new Integer(1));
193 
194         try
195         {
196             User doesNotExist = um.retrieveById(new Integer(667));
197             fail("Non existing Account was retrieved");
198         }
199         catch (Exception e)
200         {
201             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
202         }
203 
204         checkUserList();
205     }
206 
207     public void testAddUser()
208     	throws Exception
209     {
210         SecurityService ss = TurbineSecurity.getService();
211         UserManager um = ss.getUserManager();
212 
213         User newbie = TurbineSecurity.getUserInstance();
214         newbie.setName("newbie");
215 
216         newbie.setFirstName("John");
217         newbie.setLastName("Doe");
218 
219         um.createAccount(newbie, "newbie");
220 
221         List users = um.retrieveList(new org.apache.torque.util.Criteria());
222         assertEquals("User was not added", users.size(), 3);
223 
224         try
225         {
226             User admin = um.retrieve("admin");
227 
228             um.createAccount(admin, "admin");
229             fail("Existing User could be added!");
230         }
231         catch (Exception e)
232         {
233             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), EntityExistsException.class);
234         }
235 
236         try
237         {
238             User empty = TurbineSecurity.getUserInstance();
239 
240             um.createAccount(empty, "empty");
241             fail("User with empty Username could be added!");
242         }
243         catch (Exception e)
244         {
245             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), DataBackendException.class);
246         }
247 
248         assertEquals("User was not added", users.size(), 3);
249     }
250 
251     public void testRemoveUser()
252     	throws Exception
253     {
254         SecurityService ss = TurbineSecurity.getService();
255         UserManager um = ss.getUserManager();
256 
257         User newbie = um.retrieve("newbie");
258         assertNotNull(newbie);
259 
260         um.removeAccount(newbie);
261 
262         try
263         {
264             User foo = TurbineSecurity.getUserInstance();
265             foo.setName("foo");
266 
267             um.removeAccount(foo);
268             fail("Non Existing User could be deleted!");
269         }
270         catch (Exception e)
271         {
272             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
273         }
274 
275         checkUserList();
276     }
277 
278     public void testChangePassword()
279     	throws Exception
280     {
281         SecurityService ss = TurbineSecurity.getService();
282         UserManager um = ss.getUserManager();
283 
284         User admin = um.retrieve("admin");
285         assertNotNull(admin);
286 
287         um.changePassword(admin, admin.getPassword(), "foobar");
288 
289         User admin2 = um.retrieve("admin");
290         assertEquals("Password was not changed!", "foobar", admin2.getPassword());
291 
292         try
293         {
294             admin = um.retrieve("admin");
295             um.changePassword(admin, "admin", "foobar");
296             fail("Password could be changed without old password!");
297         }
298         catch (Exception e)
299         {
300             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
301         }
302 
303         admin2 = um.retrieve("admin");
304         assertEquals("Password was changed!", "foobar", admin2.getPassword());
305 
306         checkUserList();
307     }
308 
309     public void testForcePassword()
310     	throws Exception
311     {
312         SecurityService ss = TurbineSecurity.getService();
313         UserManager um = ss.getUserManager();
314 
315         User admin = um.retrieve("admin");
316         assertNotNull(admin);
317 
318         um.forcePassword(admin, "barbaz");
319 
320         User admin2 = um.retrieve("admin");
321         assertEquals("Password was not changed!", "barbaz", admin2.getPassword());
322 
323         um.forcePassword(admin, "admin");
324 
325         admin2 = um.retrieve("admin");
326         assertEquals("Password was not reset!", "admin", admin2.getPassword());
327 
328 
329         checkUserList();
330     }
331 }
332