@Test public void changePasswordSucceeds() throws Exception { PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("Passwo3d"); change.setPassword("Newpasswo3d"); HttpHeaders headers = new HttpHeaders(); RestOperations client = serverRunning.getRestTemplate(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(usersEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<PasswordChangeRequest>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.OK, result.getStatusCode()); }
@Test public void passwordIsValidated() throws Exception { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordValidator mockPasswordValidator = mock(PasswordValidator.class); endpoints.setPasswordValidator(mockPasswordValidator); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("password"); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); verify(mockPasswordValidator).validate("newpassword"); }
@Test(expected = ScimException.class) public void userCantChangeAnotherUsersPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("password"); change.setPassword("newpassword"); endpoints.changePassword(dale.getId(), change); }
@Test @OAuth2ContextConfiguration(resource = OAuth2ContextConfiguration.Implicit.class, initialize = false) public void testUserChangesOwnPassword() throws Exception { MultiValueMap<String, String> parameters = new LinkedMultiValueMap<String, String>(); parameters.set("source", "credentials"); parameters.set("username", joe.getUserName()); parameters.set("password", "pas5Word"); context.getAccessTokenRequest().putAll(parameters); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("pas5Word"); change.setPassword("Newpasswo3d"); HttpHeaders headers = new HttpHeaders(); ResponseEntity<Void> result = client .exchange(serverRunning.getUrl(userEndpoint) + "/{id}/password", HttpMethod.PUT, new HttpEntity<>(change, headers), Void.class, joe.getId()); assertEquals(HttpStatus.OK, result.getStatusCode()); }
@Test public void userCanChangeTheirOwnPasswordIfTheySupplyCorrectCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setOldPassword("password"); change.setPassword("newpassword"); endpoints.changePassword(joel.getId(), change); }
@Test(expected = BadCredentialsException.class) public void changePasswordFailsForUserIfTheySupplyWrongCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("newpassword"); change.setOldPassword("wrongpassword"); endpoints.changePassword(joel.getId(), change); }
@Test public void changePasswordFailsForNewPasswordIsSameAsCurrentPassword() { endpoints.setSecurityContextAccessor(mockSecurityContext(joel)); PasswordChangeRequest change = new PasswordChangeRequest(); change.setPassword("password"); change.setOldPassword("password"); try { endpoints.changePassword(joel.getId(), change); fail(); } catch (InvalidPasswordException e) { assertEquals("Your new password cannot be the same as the old password.", e.getLocalizedMessage()); } }
@Test void userEndpointUpdatePasswordNotAllowed_For_Origin_UAA() throws Exception { MockMvcUtils.setDisableInternalUserManagement(false, webApplicationContext); ResultActions result = createUser(); ScimUser createdUser = JsonUtils.readValue(result.andReturn().getResponse().getContentAsString(), ScimUser.class); MockMvcUtils.setDisableInternalUserManagement(true, webApplicationContext); PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword(PASSWD); request.setPassword("n3wAw3som3Passwd"); mockMvc.perform(put("/Users/" + createdUser.getId() + "/password") .header("Authorization", "Bearer " + token) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isForbidden()) .andExpect(content() .string(JsonObjectMatcherUtils.matchesJsonObject( new JSONObject() .put("message", MESSAGE_TEXT) .put("error_description", MESSAGE_TEXT) .put("error", ERROR_TEXT)))); }
@Test public void changePassword_NewPasswordSameAsOld_ReturnsUnprocessableEntityWithJsonError() throws Exception { ScimUser user = createUser(); PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword(password); request.setPassword(password); mockMvc.perform(put("/Users/" + user.getId() + "/password").header("Authorization", "Bearer " + passwordWriteToken) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isUnprocessableEntity()) .andExpect(jsonPath("$.error").value("invalid_password")) .andExpect(jsonPath("$.message").value("Your new password cannot be the same as the old password.")); }
@Test public void changePassword_SuccessfullyChangePassword() throws Exception { ScimUser user = createUser(); PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword(password); request.setPassword("n3wAw3som3Passwd"); MockHttpServletRequestBuilder put = put("/Users/" + user.getId() +"/password") .header("Authorization", "Bearer " + passwordWriteToken) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request)) .accept(APPLICATION_JSON); mockMvc.perform(put) .andExpect(status().isOk()) .andExpect(jsonPath("$.status").value("ok")) .andExpect(jsonPath("$.message").value("password updated")); }
@Test public void changePassword_WithBadOldPassword_ReturnsUnauthorizedError() throws Exception { ScimUser user = createUser(); String userToken = testClient.getUserOAuthAccessToken("cf", "", user.getUserName(), password, "password.write"); PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword("wrongPassword"); request.setPassword(password); mockMvc.perform(put("/Users/" + user.getId() + "/password") .header("Authorization", "Bearer " + userToken) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request))) .andExpect(status().isUnauthorized()) .andExpect(jsonPath("$.error_description").value("Old password is incorrect")) .andExpect(jsonPath("$.error").value("unauthorized")) ; }
@Test public void changePassword_withInvalidPassword_returnsErrorJson() throws Exception { ScimUser user = createUser(); PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword(password); String tooLongPassword = new RandomValueStringGenerator(260).generate(); request.setPassword(tooLongPassword); MockHttpServletRequestBuilder putRequest = put("/Users/" + user.getId() + "/password") .header("Authorization", "Bearer " + passwordWriteToken) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(request)); mockMvc.perform(putRequest) .andExpect(status().isBadRequest()) .andExpect(jsonPath("$.error").value("invalid_password")) .andExpect(jsonPath("$.message").value("Password must be no more than 255 characters in length.")); }
@Test void test_Change_Password() throws Exception { PasswordChangeRequest request = new PasswordChangeRequest(); request.setOldPassword("secret"); request.setPassword("newsecret");