1 package net.avcompris.examples.users3.core.tests;
2
3 import static net.avcompris.commons3.core.tests.CoreTestUtils.grantAll;
4 import static net.avcompris.commons3.core.tests.CoreTestUtils.newCorrelationId;
5 import static net.avcompris.commons3.core.tests.CoreTestUtils.random20;
6 import static net.avcompris.commons3.core.tests.CoreTestUtils.random40;
7 import static net.avcompris.commons3.core.tests.CoreTestUtils.random8;
8 import static net.avcompris.commons3.databeans.DataBeans.instantiate;
9 import static net.avcompris.examples.shared3.core.tests.MyCoreTestUtils.defaultUser;
10 import static net.avcompris.examples.users3.core.tests.UsersCoreTestUtils.setCorrelationId;
11 import static org.apache.commons.lang3.CharEncoding.UTF_8;
12 import static org.apache.commons.lang3.StringUtils.isBlank;
13 import static org.junit.jupiter.api.Assertions.assertEquals;
14 import static org.junit.jupiter.api.Assertions.assertNotEquals;
15 import static org.junit.jupiter.api.Assertions.assertNotNull;
16 import static org.junit.jupiter.api.Assertions.assertNull;
17 import static org.junit.jupiter.api.Assertions.assertSame;
18 import static org.junit.jupiter.api.Assertions.assertThrows;
19 import static org.junit.jupiter.api.Assertions.assertTrue;
20
21 import java.io.File;
22
23 import org.apache.commons.io.FileUtils;
24 import org.apache.commons.lang3.tuple.Pair;
25 import org.junit.jupiter.api.BeforeEach;
26 import org.junit.jupiter.api.Test;
27
28 import net.avcompris.commons3.api.User;
29 import net.avcompris.commons3.api.UserSession;
30 import net.avcompris.commons3.api.UserSessions;
31 import net.avcompris.commons3.api.exception.UnauthenticatedException;
32 import net.avcompris.commons3.core.AuthService;
33 import net.avcompris.commons3.core.tests.AbstractServiceTest;
34 import net.avcompris.commons3.utils.Clock;
35 import net.avcompris.commons3.utils.LogFactory;
36 import net.avcompris.examples.shared3.Role;
37 import net.avcompris.examples.users3.api.UserCreate;
38 import net.avcompris.examples.users3.api.UserInfo;
39 import net.avcompris.examples.users3.core.api.UsersService;
40 import net.avcompris.examples.users3.core.impl.AuthServiceImpl;
41 import net.avcompris.examples.users3.core.impl.UsersServiceImpl;
42 import net.avcompris.examples.users3.dao.AuthDao;
43 import net.avcompris.examples.users3.dao.UsersDao;
44
45 public abstract class AbstractAuthServiceTest extends AbstractServiceTest<Pair<UsersDao, AuthDao>> {
46
47 protected AuthService authService;
48 protected UsersService usersService;
49 protected Clock dummyClock;
50
51 protected File superadminAuthorizationFile;
52
53 @BeforeEach
54 public final void setUpBeans() throws Exception {
55
56 dummyClock = new DummyClock(60);
57
58 final Pair<UsersDao, AuthDao> beans = getBeans(dummyClock);
59
60 final UsersDao usersDao = beans.getLeft();
61 final AuthDao authDao = beans.getRight();
62
63 final String superadminAuthorizationFilePath = "target/superadmin.authorization";
64
65 System.setProperty("superadmin.authorizationFile", superadminAuthorizationFilePath);
66
67 superadminAuthorizationFile = new File(superadminAuthorizationFilePath);
68
69 FileUtils.touch(superadminAuthorizationFile);
70
71 authService = new AuthServiceImpl(grantAll(), dummyClock, usersDao, authDao);
72 usersService = new UsersServiceImpl(grantAll(), dummyClock, usersDao, authDao);
73
74 LogFactory.resetCorrelationId();
75 }
76
77 @Test
78 public final void testSuperadminAuthorization() throws Exception {
79
80 final String authorization = random20();
81
82 FileUtils.writeStringToFile(superadminAuthorizationFile, authorization, UTF_8);
83
84 final User user = authService.getAuthenticatedUser(authorization, null);
85
86 assertSame(Role.SUPERADMIN, user.getRole());
87 }
88
89 @Test
90 public final void testCreate10Users() throws Exception {
91
92 final String password = random8();
93 final String correlationId = setCorrelationId(newCorrelationId());
94
95 for (int i = 0; i < 10; ++i) {
96
97 usersService.createUser(correlationId, defaultUser(), random40("USER-"), instantiate(UserCreate.class)
98 .setRole(Role.REGULAR)
99 .setPassword(password)
100 .setEnabled(true));
101 }
102 }
103
104 @Test
105 public final void testCreateUsernamePassword() throws Exception {
106
107 final String username = random40("USER-");
108 final String password = random8();
109 final String correlationId = setCorrelationId(newCorrelationId());
110
111 final UserInfo userInfo0 = usersService.createUser(correlationId, defaultUser(), username,
112 instantiate(UserCreate.class)
113 .setRole(Role.REGULAR)
114 .setPassword(password)
115 .setEnabled(true));
116
117 assertEquals(username, userInfo0.getUsername());
118 assertSame(Role.REGULAR, userInfo0.getRole());
119 assertNotNull(userInfo0.getCreatedAt());
120 assertEquals(userInfo0.getCreatedAt(), userInfo0.getUpdatedAt());
121 assertNull(userInfo0.getLastActiveAt());
122 assertEquals(1, userInfo0.getRevision());
123
124 final UserSession session = authService.authenticate(correlationId, username, password);
125
126 final String userSessionId = session.getUserSessionId();
127
128 assertEquals(username, session.getUsername());
129 assertNotNull(session.getCreatedAt());
130 assertNotNull(session.getUpdatedAt());
131 assertNotNull(session.getExpiresAt());
132 assertNull(session.getExpiredAt());
133
134 final User user = authService.getAuthenticatedUser(null, userSessionId);
135
136 assertEquals(username, user.getUsername());
137 assertSame(Role.REGULAR, user.getRole());
138
139 final UserInfo userInfo2 = usersService.getUser(correlationId, defaultUser(), username);
140
141 assertEquals(username, userInfo2.getUsername());
142 assertEquals(userInfo2.getCreatedAt(), userInfo2.getUpdatedAt());
143 assertNotNull(userInfo2.getLastActiveAt());
144 assertEquals(1, userInfo2.getRevision());
145 }
146
147 @Test
148 public final void testInvalidUsernamePassword() throws Exception {
149
150 final String username = random40("USER-");
151 final String password = random8();
152 final String correlationId = setCorrelationId(newCorrelationId());
153
154 assertThrows(UnauthenticatedException.class, ()
155
156 -> authService.authenticate(correlationId, username, password));
157 }
158
159 @Test
160 public final void testGetSessions_null() throws Exception {
161
162 final UserSessions sessions = authService.getUserSessions(newCorrelationId(), defaultUser(), null);
163
164 assertNotNull(sessions);
165
166 sessions.getStart();
167 sessions.getLimit();
168 sessions.getSize();
169 sessions.getTotal();
170 sessions.getTookMs();
171 assertNotNull(sessions.getResults());
172 assertTrue(isBlank(sessions.getSqlWhereClause()));
173 }
174
175 @Test
176 public final void testSessionExpires() throws Exception {
177
178 final String username = random40("USER-");
179 final String password = random8();
180 final String correlationId = setCorrelationId(newCorrelationId());
181
182 usersService.createUser(correlationId, defaultUser(), username, instantiate(UserCreate.class)
183 .setPassword(password)
184 .setRole(Role.REGULAR)
185 .setEnabled(true));
186
187 final UserSession session0 = authService.authenticate(correlationId, username, password);
188
189 assertEquals(session0.getCreatedAt(), session0.getUpdatedAt());
190 assertNotNull(session0.getExpiresAt());
191 assertNull(session0.getExpiredAt());
192
193 final String userSessionId = session0.getUserSessionId();
194
195 final User user1 = authService.getAuthenticatedUser(null, userSessionId);
196
197 assertNotNull(user1);
198
199 dummyClock.now();
200
201 final User user2 = authService.getAuthenticatedUser(null, userSessionId);
202
203 assertNotNull(user2);
204
205 final UserSession session2 = authService.getUserSession(correlationId, defaultUser(), userSessionId);
206
207 assertEquals(session0.getCreatedAt(), session2.getCreatedAt());
208 assertNotEquals(session2.getCreatedAt(), session2.getUpdatedAt());
209 assertNull(session2.getExpiredAt());
210
211 assertNotNull(user2);
212
213 for (int i = 0; i < 100; ++i) {
214 dummyClock.now();
215 }
216
217 final User user3 = authService.getAuthenticatedUser(null, userSessionId);
218
219 assertNull(user3);
220
221 final UserSession session3 = authService.getUserSession(correlationId, defaultUser(), userSessionId);
222
223 assertEquals(session0.getCreatedAt(), session3.getCreatedAt());
224 assertNotEquals(session3.getCreatedAt(), session3.getUpdatedAt());
225 assertNotNull(session3.getExpiresAt());
226 assertNotNull(session3.getExpiredAt());
227 }
228
229 @Test
230 public final void testSessionKeptAliveDoesntExpire() throws Exception {
231
232 final String username = random40("USER-");
233 final String password = random8();
234 final String correlationId = setCorrelationId(newCorrelationId());
235
236 usersService.createUser(correlationId, defaultUser(), username, instantiate(UserCreate.class)
237 .setPassword(password)
238 .setRole(Role.REGULAR)
239 .setEnabled(true));
240
241 final UserSession session0 = authService.authenticate(correlationId, username, password);
242
243 assertEquals(session0.getCreatedAt(), session0.getUpdatedAt());
244 assertNotNull(session0.getExpiresAt());
245 assertNull(session0.getExpiredAt());
246
247 final String userSessionId = session0.getUserSessionId();
248
249 final User user1 = authService.getAuthenticatedUser(null, userSessionId);
250
251 assertNotNull(user1);
252
253 dummyClock.now();
254
255 final User user2 = authService.getAuthenticatedUser(null, userSessionId);
256
257 assertNotNull(user2);
258
259 final UserSession session2 = authService.getUserSession(correlationId, defaultUser(), userSessionId);
260
261 assertEquals(session0.getCreatedAt(), session2.getCreatedAt());
262 assertNotEquals(session2.getCreatedAt(), session2.getUpdatedAt());
263 assertNull(session2.getExpiredAt());
264
265 assertNotNull(user2);
266
267 for (int i = 0; i < 100; ++i) {
268
269 authService.getAuthenticatedUser(null, userSessionId);
270
271 dummyClock.now();
272 }
273
274 final User user3 = authService.getAuthenticatedUser(null, userSessionId);
275
276 assertNotNull(user3);
277
278 final UserSession session3 = authService.getUserSession(correlationId, defaultUser(), userSessionId);
279
280 assertEquals(session0.getCreatedAt(), session3.getCreatedAt());
281 assertNotEquals(session3.getCreatedAt(), session3.getUpdatedAt());
282 assertNotNull(session3.getExpiresAt());
283 assertNull(session3.getExpiredAt());
284 }
285
286 @Test
287 public final void testUnauthorizedByAuthorization() throws Exception {
288
289 final String authorization = random20();
290
291
292
293
294 final User user = authService.getAuthenticatedUser(authorization, null);
295
296 assertNull(user);
297 }
298
299 @Test
300 public final void testTerminateMySession() throws Exception {
301
302 final String username = random40("USER-");
303 final String password = random8();
304 final String correlationId = setCorrelationId(newCorrelationId());
305
306 final int sessionCount0 = authService.getUserSessions(correlationId, defaultUser(), null).getTotal();
307
308 usersService.createUser(correlationId, defaultUser(), username, instantiate(UserCreate.class)
309 .setPassword(password)
310 .setRole(Role.REGULAR)
311 .setEnabled(true));
312
313 assertEquals(sessionCount0, authService.getUserSessions(correlationId, defaultUser(), null).getTotal());
314
315 final UserSession session0 = authService.authenticate(correlationId, username, password);
316
317 assertEquals(session0.getCreatedAt(), session0.getUpdatedAt());
318 assertNotNull(session0.getExpiresAt());
319 assertNull(session0.getExpiredAt());
320
321 final UserSessions sessions1 = authService.getUserSessions(correlationId, defaultUser(), null);
322
323 assertEquals(sessionCount0 + 1, sessions1.getTotal());
324
325 final String userSessionId = session0.getUserSessionId();
326
327 assertEquals(userSessionId, sessions1.getResults()[0].getUserSessionId());
328
329 final User user1 = authService.getAuthenticatedUser(null, userSessionId);
330
331 assertNotNull(user1);
332
333 dummyClock.now();
334
335 authService.terminateMySession(correlationId, user1, userSessionId);
336
337 final User user2 = authService.getAuthenticatedUser(null, userSessionId);
338
339 assertNull(user2);
340
341 final UserSession session2 = authService.getUserSession(correlationId, defaultUser(), userSessionId);
342
343 assertEquals(session0.getCreatedAt(), session2.getCreatedAt());
344 assertNotEquals(session2.getCreatedAt(), session2.getUpdatedAt());
345 assertNotNull(session2.getExpiresAt());
346 assertNotNull(session2.getExpiredAt());
347 assertEquals(session2.getUpdatedAt(), session2.getExpiredAt());
348 }
349
350 @Test
351 public final void testTerminateUserSession() throws Exception {
352
353 final String username = random40("USER-");
354 final String password = random8();
355 final String correlationId = setCorrelationId(newCorrelationId());
356
357 usersService.createUser(correlationId, defaultUser(), username, instantiate(UserCreate.class)
358 .setPassword(password)
359 .setRole(Role.REGULAR)
360 .setEnabled(true));
361
362 final UserSession session0 = authService.authenticate(correlationId, username, password);
363
364 assertEquals(session0.getCreatedAt(), session0.getUpdatedAt());
365 assertNotNull(session0.getExpiresAt());
366 assertNull(session0.getExpiredAt());
367
368 final String userSessionId = session0.getUserSessionId();
369
370 final User user1 = authService.getAuthenticatedUser(null, userSessionId);
371
372 assertNotNull(user1);
373
374 dummyClock.now();
375
376 authService.terminateUserSession(correlationId, defaultUser(), userSessionId);
377
378 final User user2 = authService.getAuthenticatedUser(null, userSessionId);
379
380 assertNull(user2);
381
382 final UserSession session2 = authService.getUserSession(correlationId, defaultUser(), userSessionId);
383
384 assertEquals(session0.getCreatedAt(), session2.getCreatedAt());
385 assertNotEquals(session2.getCreatedAt(), session2.getUpdatedAt());
386 assertNotNull(session2.getExpiresAt());
387 assertNotNull(session2.getExpiredAt());
388 assertNotEquals(session2.getUpdatedAt(), session2.getExpiredAt());
389 }
390 }