@Test public void userCanChangeTheirOwnPasswordIfTheySupplyCorrectCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("password"); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); }
@RequestMapping(value = "/Users/{userId}/password", method = RequestMethod.PUT) @ResponseBody public ActionResult changePassword(@PathVariable String userId, @RequestBody PasswordChangeRequest change) { String zoneId = IdentityZoneHolder.get().getId(); String oldPassword = change.getOldPassword(); String newPassword = change.getPassword(); throwIfPasswordChangeNotPermitted(userId, oldPassword, zoneId); if (dao.checkPasswordMatches(userId, newPassword, zoneId)) { throw new InvalidPasswordException("Your new password cannot be the same as the old password.", UNPROCESSABLE_ENTITY); } passwordValidator.validate(newPassword); dao.changePassword(userId, oldPassword, newPassword, zoneId); return new ActionResult("ok", "password updated"); }
@Test @OAuth2ContextConfiguration(OAuth2ContextConfiguration.ClientCredentials.class) public void testChangePasswordSucceeds() throws Exception { PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("Newpasswo3d"); HttpHeaders headers = new HttpHeaders(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(userEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.OK, result.getStatusCode()); }
@Test @OAuth2ContextConfiguration(OAuth2ContextConfiguration.ClientCredentials.class) public void testChangePasswordSameAsOldFails() { PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("pas5Word"); HttpHeaders headers = new HttpHeaders(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(userEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.UNPROCESSABLE_ENTITY, result.getStatusCode()); }
@Test(expected = BadCredentialsException.class) public void changePasswordFailsForUserIfTheySupplyWrongCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("newpassword"); change.setOldPassword("wrongpassword"); endpoints.changePassword(joel.getId(), change); }
@Test public void adminCanChangeAnotherUsersPassword() { SecurityContextAccessor sca = mockSecurityContext(dale); when(sca.isAdmin()).thenReturn(true); endpoints.setSecurityContextAccessor(sca); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); }
@Test(expected = ScimException.class) public void userCantChangeAnotherUsersPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("password"); change.setPassword("newpassword"); endpoints.changePassword(dale.getId(), change); }
@Test public void clientCanChangeUserPasswordWithoutCurrentPassword() { SecurityContextAccessor sca = mockSecurityContext(joel); when(sca.isClient()).thenReturn(true); endpoints.setSecurityContextAccessor(sca); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); }
@Test public void changePasswordSucceeds() throws Exception { PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("Passwo3d"); change.setPassword("Newpasswo3d"); HttpHeaders headers = new HttpHeaders(); RestOperations client = serverRunning.getRestTemplate(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(usersEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<PasswordChangeRequest>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.OK, result.getStatusCode()); }
@Test(expected = ScimException.class) public void changePasswordRequestFailsForUserWithoutCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); }
@Test public void passwordIsValidated() throws Exception { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordValidator mockPasswordValidator = mock(PasswordValidator.class); endpoints.setPasswordValidator(mockPasswordValidator); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("password"); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); verify(mockPasswordValidator).validate("newpassword"); }
@Test(expected = ScimException.class) public void changePasswordRequestFailsForAdminWithoutOwnCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); }
@Test public void changePasswordFailsForNewPasswordIsSameAsCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("password"); change.setOldPassword("password"); try { endpoints.changePassword(joel.getId(), change); fail(); } catch (InvalidPasswordException e) { assertEquals("Your new password cannot be the same as the old password.", e.getLocalizedMessage()); } }
PasswordChangeRequest request = new PasswordChangeRequest(); request.setPassword(password); scimUserProvisioning.changePassword(userId, null, password, IdentityZoneHolder.get().getId());
@Test @OAuth2ContextConfiguration(resource = OAuth2ContextConfiguration.Implicit.class, initialize = false) public void testUserChangesOwnPassword() throws Exception { MultiValueMap<String, String> parameters = new LinkedMultiValueMap<String, String>(); parameters.set("source", "credentials"); parameters.set("username", joe.getUserName()); parameters.set("password", "pas5Word"); context.getAccessTokenRequest().putAll(parameters); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("pas5Word"); change.setPassword("Newpasswo3d"); HttpHeaders headers = new HttpHeaders(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(userEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.OK, result.getStatusCode()); }
@Test @OAuth2ContextConfiguration(resource = OAuth2ContextConfiguration.Implicit.class, initialize = false) public void testUserMustSupplyOldPassword() throws Exception { MultiValueMap<String, String> parameters = new LinkedMultiValueMap<String, String>(); parameters.set("source", "credentials"); parameters.set("username", joe.getUserName()); parameters.set("password", "pas5Word"); context.getAccessTokenRequest().putAll(parameters); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("Newpasswo3d"); HttpHeaders headers = new HttpHeaders(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(userEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.BAD_REQUEST, result.getStatusCode()); }
@Test public void changePassword_NewPasswordSameAsOld_ReturnsUnprocessableEntityWithJsonError() throws Exception { ScimUser user = createUser(); PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword(password); request.setPassword(password); mockMvc.perform(put("/Users/" + user.getId() + "/password").header("Authorization", "Bearer " + passwordWriteToken) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isUnprocessableEntity()) .andExpect(jsonPath("$.error").value("invalid_password")) .andExpect(jsonPath("$.message").value("Your new password cannot be the same as the old password.")); }
assertEquals(HttpStatus.UNAUTHORIZED, result.getStatusCode()); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("Newpasswo3d");
@Test void userEndpointUpdatePasswordNotAllowed_For_Origin_UAA() throws Exception { MockMvcUtils.setDisableInternalUserManagement(false, webApplicationContext); ResultActions result = createUser(); ScimUser createdUser = JsonUtils.readValue(result.andReturn().getResponse().getContentAsString(), ScimUser.class); MockMvcUtils.setDisableInternalUserManagement(true, webApplicationContext); PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword(PASSWD); request.setPassword("n3wAw3som3Passwd"); mockMvc.perform(put("/Users/" + createdUser.getId() + "/password") .header("Authorization", "Bearer " + token) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isForbidden()) .andExpect(content() .string(JsonObjectMatcherUtils.matchesJsonObject( new JSONObject() .put("message", MESSAGE_TEXT) .put("error_description", MESSAGE_TEXT) .put("error", ERROR_TEXT)))); }
@BeforeOAuth2Context @OAuth2ContextConfiguration(OAuth2ContextConfiguration.ClientCredentials.class) public void setUpUserAccounts() { RestOperations client = serverRunning.getRestTemplate(); ScimUser user = new ScimUser(); user.setPassword("password"); user.setUserName(JOE); user.setName(new ScimUser.Name("Joe", "User")); user.addEmail("joe@blah.com"); user.setGroups(Arrays.asList(new Group(null, "uaa.user"), new Group(null, "orgs.foo"))); user.setVerified(true); ResponseEntity<ScimUser> newuser = client.postForEntity(serverRunning.getUrl(userEndpoint), user, ScimUser.class); joe = newuser.getBody(); assertEquals(JOE, joe.getUserName()); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("Passwo3d"); HttpHeaders headers = new HttpHeaders(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(userEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<PasswordChangeRequest>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.OK, result.getStatusCode()); // The implicit grant for cf requires extra parameters in the // authorization request context.setParameters(Collections.singletonMap("credentials", testAccounts.getJsonCredentials(joe.getUserName(), "Passwo3d"))); }