@RequestMapping(value = "/verify_user", method = GET) public String verifyUser(Model model, @RequestParam("code") String code, HttpServletResponse response, HttpSession session) throws IOException { AccountCreationService.AccountCreationResponse accountCreation; try { accountCreation = accountCreationService.completeActivation(code); } catch (HttpClientErrorException e) { model.addAttribute("error_message_code", "code_expired"); response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value()); return "accounts/link_prompt"; } String redirectLocation = accountCreation.getRedirectLocation(); String res = "redirect:/login?success=verify_success"; if (!redirectLocation.equals(accountCreationService.getDefaultRedirect())) { res += "&form_redirect_uri=" + redirectLocation; } return res; }
accountCreationService.beginActivation(email.getEmail(), password, clientId, redirectUri); } catch (UaaException e) { return handleUnprocessableEntity(model, response, "error_message_code", "username_exists");
@Test public void testVerifyUser() throws Exception { when(accountCreationService.completeActivation("the_secret_code")) .thenReturn(new AccountCreationService.AccountCreationResponse("newly-created-user-id", "username", "user@example.com", "//example.com/callback")); MockHttpServletRequestBuilder get = get("/verify_user") .param("code", "the_secret_code"); mockMvc.perform(get) .andExpect(status().isFound()) .andExpect(redirectedUrl("/login?success=verify_success&form_redirect_uri=//example.com/callback")); assertNull(SecurityContextHolder.getContext().getAuthentication()); }
@Test public void testSendActivationEmailWithUserNameConflict() throws Exception { doThrow(new UaaException("username already exists", 409)).when(accountCreationService).beginActivation("user1@example.com", "password", "app", null); MockHttpServletRequestBuilder post = post("/create_account.do") .param("email", "user1@example.com") .param("password", "password") .param("password_confirmation", "password") .param("client_id", "app"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("accounts/new_activation_email")) .andExpect(model().attribute("error_message_code", "username_exists")); Mockito.verify(accountCreationService).beginActivation("user1@example.com", "password", "app", null); }
@Test public void testInvalidPassword() throws Exception { doThrow(new InvalidPasswordException(Arrays.asList("Msg 2", "Msg 1"))).when(accountCreationService).beginActivation("user1@example.com", "password", "app", null); MockHttpServletRequestBuilder post = post("/create_account.do") .param("email", "user1@example.com") .param("password", "password") .param("password_confirmation", "password") .param("client_id", "app"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("accounts/new_activation_email")) .andExpect(model().attribute("error_message", "Msg 1 Msg 2")); }
@Test public void testAttemptCreateAccountWithEmailDomainRestriction() throws Exception { MockHttpSession session = new MockHttpSession(); MockHttpServletRequestBuilder post = post("/create_account.do") .session(session) .param("email", "user1@example.com") .param("password", "password") .param("password_confirmation", "password") .param("client_id", "app") .param("redirect_uri", "http://example.com/redirect"); IdentityProvider<OIDCIdentityProviderDefinition> oidcProvider = new IdentityProvider().setActive(true).setType(OriginKeys.OIDC10).setOriginKey(OriginKeys.OIDC10).setConfig(new OIDCIdentityProviderDefinition()); oidcProvider.getConfig().setAuthUrl(new URL("http://localhost:8080/uaa/idp_login")); oidcProvider.getConfig().setEmailDomain(Collections.singletonList("example.com")); when(identityProviderProvisioning.retrieveAll(true, OriginKeys.UAA)).thenReturn(Collections.singletonList(oidcProvider)); mockMvc.perform(post) .andExpect(view().name("accounts/new_activation_email")) .andExpect(model().attribute("error_message_code", "other_idp")); Mockito.verify(accountCreationService, times(0)).beginActivation("user1@example.com", "password", "app", "http://example.com/redirect"); }
@Test public void testSendActivationEmail() throws Exception { MockHttpServletRequestBuilder post = post("/create_account.do") .param("email", "user1@example.com") .param("password", "password") .param("password_confirmation", "password") .param("client_id", "app") .param("redirect_uri", "http://example.com/redirect"); mockMvc.perform(post) .andExpect(status().isFound()) .andExpect(redirectedUrl("accounts/email_sent")); Mockito.verify(accountCreationService).beginActivation("user1@example.com", "password", "app", "http://example.com/redirect"); }