1   package org.apache.turbine.services.security;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import java.util.List;
20  
21  import junit.framework.Test;
22  import junit.framework.TestSuite;
23  
24  import org.apache.turbine.om.security.User;
25  import org.apache.turbine.test.BaseTurbineHsqlTest;
26  import org.apache.turbine.util.security.DataBackendException;
27  import org.apache.turbine.util.security.EntityExistsException;
28  import org.apache.turbine.util.security.PasswordMismatchException;
29  import org.apache.turbine.util.security.UnknownEntityException;
30  
31  public class TestSecurityUserManager
32          extends BaseTurbineHsqlTest
33  {
34      public TestSecurityUserManager(String name)
35              throws Exception
36      {
37          super(name, "conf/test/TurbineResources.properties");
38      }
39  
40      public static Test suite()
41      {
42          return new TestSuite(TestSecurityUserManager.class);
43      }
44  
45      private void checkUserList()
46              throws Exception
47      {
48          SecurityService ss = TurbineSecurity.getService();
49          UserManager um = ss.getUserManager();
50          assertEquals("User added to storage!", um.retrieveList(new org.apache.torque.util.Criteria()).size(), 2);
51      }
52  
53      public void testUserManager1()
54      	throws Exception
55      {
56          SecurityService ss = TurbineSecurity.getService();
57          UserManager um = ss.getUserManager();
58  
59          assertTrue(um.accountExists("admin"));
60          assertFalse(um.accountExists("does-not-exist"));
61  
62          User admin = um.retrieve("admin");
63          assertTrue(um.accountExists(admin));
64  
65          User doesNotExist = TurbineSecurity.getUserInstance();
66          assertFalse(um.accountExists(doesNotExist));
67  
68          checkUserList();
69      }
70  
71      public void testUserManager2()
72      	throws Exception
73      {
74          SecurityService ss = TurbineSecurity.getService();
75          UserManager um = ss.getUserManager();
76  
77          User admin = um.retrieve("admin");
78  
79          try
80          {
81              User doesNotExist = um.retrieve("does-not-exist");
82              fail("Non existing Account was retrieved");
83          }
84          catch (Exception e)
85          {
86              assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
87          }
88  
89          checkUserList();
90      }
91  
92      public void testUserManager3()
93      	throws Exception
94      {
95          SecurityService ss = TurbineSecurity.getService();
96          UserManager um = ss.getUserManager();
97  
98          User admin = um.retrieve("admin", "admin");
99  
100         try
101         {
102             admin = um.retrieve("admin", "no such password");
103             fail("User was authenticated with wrong password");
104         }
105         catch (Exception e)
106         {
107             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
108         }
109 
110         checkUserList();
111     }
112 
113     public void testUserManager4()
114     	throws Exception
115     {
116         SecurityService ss = TurbineSecurity.getService();
117         UserManager um = ss.getUserManager();
118 
119         User admin = um.retrieve("admin");
120         um.store(admin);
121 
122         try
123         {
124             User newbie = TurbineSecurity.getUserInstance();
125             newbie.setName("newbie");
126 
127             um.store(newbie);
128             fail("Non Existing User could be stored!");
129         }
130         catch (Exception e)
131         {
132             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
133         }
134 
135         checkUserList();
136     }
137 
138     public void testUserManager5()
139     	throws Exception
140     {
141         SecurityService ss = TurbineSecurity.getService();
142         UserManager um = ss.getUserManager();
143 
144         User admin = um.retrieve("admin");
145 
146         um.authenticate(admin, "admin");
147 
148         try
149         {
150             User newbie = TurbineSecurity.getUserInstance();
151             newbie.setName("newbie");
152 
153             um.authenticate(newbie, "somePw");
154             fail("User was authenticated with wrong password");
155         }
156         catch (Exception e)
157         {
158             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
159         }
160 
161         checkUserList();
162     }
163 
164     public void testUserManager6()
165             throws Exception
166     {
167         SecurityService ss = TurbineSecurity.getService();
168         UserManager um = ss.getUserManager();
169 
170         User [] users = um.retrieve(new org.apache.torque.util.Criteria());
171         assertNotNull(users);
172         assertEquals("Wrong number of users retrieved!", users.length, 2);
173 
174         List userList = um.retrieveList(new org.apache.torque.util.Criteria());
175         assertNotNull(userList);
176         assertEquals("Wrong number of userList retrieved!", userList.size(), 2);
177 
178         assertEquals("Array and List have different sizes!", users.length, userList.size());
179 
180         checkUserList();
181     }
182 
183     public void testUserManager7()
184     	throws Exception
185     {
186         SecurityService ss = TurbineSecurity.getService();
187         UserManager um = ss.getUserManager();
188 
189         User admin = um.retrieveById(new Integer(1));
190 
191         try
192         {
193             User doesNotExist = um.retrieveById(new Integer(667));
194             fail("Non existing Account was retrieved");
195         }
196         catch (Exception e)
197         {
198             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
199         }
200 
201         checkUserList();
202     }
203 
204     public void testAddUser()
205     	throws Exception
206     {
207         SecurityService ss = TurbineSecurity.getService();
208         UserManager um = ss.getUserManager();
209 
210         User newbie = TurbineSecurity.getUserInstance();
211         newbie.setName("newbie");
212 
213         newbie.setFirstName("John");
214         newbie.setLastName("Doe");
215 
216         um.createAccount(newbie, "newbie");
217 
218         List users = um.retrieveList(new org.apache.torque.util.Criteria());
219         assertEquals("User was not added", users.size(), 3);
220 
221         try
222         {
223             User admin = um.retrieve("admin");
224 
225             um.createAccount(admin, "admin");
226             fail("Existing User could be added!");
227         }
228         catch (Exception e)
229         {
230             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), EntityExistsException.class);
231         }
232 
233         try
234         {
235             User empty = TurbineSecurity.getUserInstance();
236 
237             um.createAccount(empty, "empty");
238             fail("User with empty Username could be added!");
239         }
240         catch (Exception e)
241         {
242             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), DataBackendException.class);
243         }
244 
245         assertEquals("User was not added", users.size(), 3);
246     }
247 
248     public void testRemoveUser()
249     	throws Exception
250     {
251         SecurityService ss = TurbineSecurity.getService();
252         UserManager um = ss.getUserManager();
253 
254         User newbie = um.retrieve("newbie");
255         assertNotNull(newbie);
256 
257         um.removeAccount(newbie);
258 
259         try
260         {
261             User foo = TurbineSecurity.getUserInstance();
262             foo.setName("foo");
263 
264             um.removeAccount(foo);
265             fail("Non Existing User could be deleted!");
266         }
267         catch (Exception e)
268         {
269             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), UnknownEntityException.class);
270         }
271 
272         checkUserList();
273     }
274 
275     public void testChangePassword()
276     	throws Exception
277     {
278         SecurityService ss = TurbineSecurity.getService();
279         UserManager um = ss.getUserManager();
280 
281         User admin = um.retrieve("admin");
282         assertNotNull(admin);
283 
284         um.changePassword(admin, admin.getPassword(), "foobar");
285 
286         User admin2 = um.retrieve("admin");
287         assertEquals("Password was not changed!", "foobar", admin2.getPassword());
288 
289         try
290         {
291             admin = um.retrieve("admin");
292             um.changePassword(admin, "admin", "foobar");
293             fail("Password could be changed without old password!");
294         }
295         catch (Exception e)
296         {
297             assertEquals("Wrong Exception thrown: " + e.getClass().getName(), e.getClass(), PasswordMismatchException.class);
298         }
299 
300         admin2 = um.retrieve("admin");
301         assertEquals("Password was changed!", "foobar", admin2.getPassword());
302 
303         checkUserList();
304     }
305 
306     public void testForcePassword()
307     	throws Exception
308     {
309         SecurityService ss = TurbineSecurity.getService();
310         UserManager um = ss.getUserManager();
311 
312         User admin = um.retrieve("admin");
313         assertNotNull(admin);
314 
315         um.forcePassword(admin, "barbaz");
316 
317         User admin2 = um.retrieve("admin");
318         assertEquals("Password was not changed!", "barbaz", admin2.getPassword());
319 
320         um.forcePassword(admin, "admin");
321 
322         admin2 = um.retrieve("admin");
323         assertEquals("Password was not reset!", "admin", admin2.getPassword());
324 
325 
326         checkUserList();
327     }
328 }
329