AuthImplTest.java
/***************************************************************************
Copyright 2015 Emily Estes
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
***************************************************************************/
package net.metanotion.formsauth;
import java.net.URLDecoder;
import java.sql.Connection;
import java.sql.DriverManager;
import java.util.ArrayList;
import java.util.HashMap;
import javax.sql.DataSource;
import net.metanotion.authident.UserToken;
import net.metanotion.sql.DbUtil;
import net.metanotion.sqlauthident.SQLRealm;
import net.metanotion.util.SecureString;
import net.metanotion.util.StateMachine;
import net.metanotion.web.HttpValues;
public final class AuthImplTest {
private static void assertTrue(final boolean result) {
if(!result) { throw new AssertionError("Expected true"); }
}
public static final int ARGS_URL = 0;
public static final int ARGS_DBNAME = 1;
public static final int ARGS_USER = 2;
public static final int ARGS_PASS = 3;
public static void main(final String[] args) throws Exception {
final String url = args[ARGS_URL];
final String dbName = args[ARGS_DBNAME];
final String user = args[ARGS_USER];
final String pass = args[ARGS_PASS];
try (final Connection conn = DriverManager.getConnection(url, user, pass)) {
DbUtil.createDatabase(conn, dbName, user, true);
}
final DataSource ds = DbUtil.startDBConnectionPool(url + dbName, user, pass);
try (final Connection conn = ds.getConnection()) {
DbUtil.runSchema(conn, SQLRealm.schemaFactory());
}
final SQLRealm r = new SQLRealm(ds);
final UserToken noName = r.createUser();
final AuthStore store = new AuthStoreJDBC(ds);
final AuthMailerCache cache = new AuthMailerCache();
final AuthImpl auth = new AuthImpl(store, r, cache, "/test/",
AuthFactory.ALWAYS_VALIDATE, AuthFactory.NULL_CREATE_ACCOUNT);
final TestSession session = new TestSession();
auth.api();
assertTrue(403 == auth.login(session, "test", new SecureString("asdf"), null).getHttpStatus());
assertTrue(200 == auth.logout(session).getHttpStatus());
assertTrue(200 == auth.requestPasswordReset("").getHttpStatus());
assertTrue(cache.emails.size() == 0);
assertTrue(200 == auth.requestPasswordReset("test").getHttpStatus());
assertTrue(cache.emails.size() == 0);
assertTrue(400 == auth.resetPassword(1, "a", new SecureString(""), new SecureString("")).getHttpStatus());
assertTrue(400 == auth.resetPassword(1, "a", new SecureString("a"), new SecureString("b")).getHttpStatus());
assertTrue(400 == auth.resetPassword(1, "a", new SecureString("asdf"), new SecureString("asdf"))
.getHttpStatus());
assertTrue(200 == auth.sendAccountValidation("test").getHttpStatus());
assertTrue(cache.emails.size() == 0);
assertTrue(201 == auth.createAccount(session, "test", new SecureString("asdf"), new SecureString("asdf"), null)
.getHttpStatus());
assertTrue(cache.emails.size() == 1);
assertTrue(201 == auth.addAccount((UserToken) session.lastEvent, "a2", new SecureString("asdf"), null)
.getHttpStatus());
assertTrue(cache.emails.size() == 2);
assertTrue(422 == auth.addAccount((UserToken) session.lastEvent, "", new SecureString("asdf"), null)
.getHttpStatus());
assertTrue(403 == auth.addAccount((UserToken) session.lastEvent, "a3", new SecureString("as"), null)
.getHttpStatus());
assertTrue(422 == auth.addAccount((UserToken) session.lastEvent, "a2", new SecureString("asdf"), null)
.getHttpStatus());
assertTrue(403 == auth.removeAccount((UserToken) session.lastEvent, "a2", new SecureString("asdf1"))
.getHttpStatus());
assertTrue(200 == auth.removeAccount((UserToken) session.lastEvent, "a2", new SecureString("asdf"))
.getHttpStatus());
auth.sendAccountValidation("test");
assertTrue(cache.emails.size() == 3);
auth.sendAccountValidation("");
assertTrue(cache.emails.size() == 3);
assertTrue(403 == auth.changePassword((UserToken) session.lastEvent, new SecureString(""),
new SecureString("asdf"), new SecureString("asdf")).getHttpStatus());
assertTrue(403 == auth.changePassword((UserToken) session.lastEvent, new SecureString("awef"),
new SecureString("asdf"), new SecureString("as")).getHttpStatus());
assertTrue(403 == auth.changePassword((UserToken) session.lastEvent, new SecureString("awef"),
new SecureString("asd"), new SecureString("asdf")).getHttpStatus());
assertTrue(200 == auth.changePassword((UserToken) session.lastEvent, new SecureString("asdf"),
new SecureString("awef"), new SecureString("awef")).getHttpStatus());
assertTrue(403 == auth.changePassword(noName, new SecureString("awef"),
new SecureString("asdf"), new SecureString("asdf")).getHttpStatus());
auth.validateAccount(1, "a");
final Email v = cache.emails.get(cache.emails.size() - 1);
assertTrue(200 == auth.validateAccount(Long.valueOf(v.vid), URLDecoder.decode(v.token, "UTF-8")).getHttpStatus());
final AccountInfo info = (AccountInfo) auth.whoAmI((UserToken) session.lastEvent);
assertTrue("test".equals(info.username));
assertTrue(info.accounts.size() == 1);
assertTrue(422 == ((HttpValues) auth.whoAmI(null)).getHttpStatus());
assertTrue(422 == ((HttpValues) auth.whoAmI(noName)).getHttpStatus());
auth.logout(session);
auth.login(session, "test", new SecureString("awef"), null);
auth.requestPasswordReset("");
assertTrue(cache.emails.size() == 3);
auth.requestPasswordReset("test");
assertTrue(cache.emails.size() == 4);
final Email reset = cache.emails.get(cache.emails.size() - 1);
assertTrue(200 == auth.resetPassword(Long.valueOf(reset.rid), URLDecoder.decode(reset.token, "UTF-8"),
new SecureString("qwerty"), new SecureString("qwerty")).getHttpStatus());
assertTrue(422 == auth.createAccount(session, "", new SecureString("asdf"), new SecureString("asdf"), null)
.getHttpStatus());
assertTrue(422 == auth.createAccount(session, "bad", new SecureString(""), new SecureString("asdf"), null)
.getHttpStatus());
assertTrue(422 == auth.createAccount(session, "bad", new SecureString("asd"), new SecureString("as"), null)
.getHttpStatus());
assertTrue(422 == auth.createAccount(session, "test", new SecureString("asdf"), new SecureString("asdf"), null)
.getHttpStatus());
}
public static final class TestSession implements StateMachine<TestSession> {
public Object lastEvent = null;
@Override public void nextState(final Object event) { this.lastEvent = event; }
@Override public TestSession state() { return this; }
}
public static final class Email {
public final String message;
public final String email;
public final String vid;
public final String rid;
public final String token;
public Email(final String message, final String email, final String vid, final String rid, final String token) {
this.message = message;
this.email = email;
this.vid = vid;
this.rid = rid;
this.token = token;
}
}
public static final class AuthMailerCache implements AuthMailer {
public final ArrayList<Email> emails = new ArrayList<>();
@Override public void createAccount(final String email, final String validationId, final String token) {
emails.add(new Email("create", email, validationId, null, token));
}
@Override public void addAccount(final String email, final String validationId, final String token) {
emails.add(new Email("add", email, validationId, null, token));
}
@Override public void validationEmail(final String email, final String validationId, final String token) {
emails.add(new Email("validate", email, validationId, null, token));
}
@Override public void resetPassword(final String email, final String resetId, final String token) {
emails.add(new Email("reset", email, null, resetId, token));
}
@Override public void welcomeWithPasswordReset(final String email, final String resetId, final String token) {
emails.add(new Email("welcome", email, null, resetId, token));
}
}
}