@Test public void error_during_password_reset_invalid_password_exception() throws Exception { reset(service); InvalidPasswordException failed = new InvalidPasswordException("failed", HttpStatus.BAD_REQUEST); when(service.resetPassword(any(ExpiringCode.class), anyString())).thenThrow(failed); error_during_password_reset(failed.getClass()); verify(service, times(1)).resetPassword(any(ExpiringCode.class), eq(password)); }
@Test public void error_during_password_reset_uaa_exception() throws Exception { reset(service); UaaException failed = new UaaException("failed"); when(service.resetPassword(any(ExpiringCode.class), anyString())).thenThrow(failed); error_during_password_reset(failed.getClass()); verify(service, times(1)).resetPassword(any(ExpiringCode.class), eq(password)); }
public void happy_day_password_reset(String redirectUri) throws Exception { filter.doFilterInternal(request, response, chain); //do our assertion verify(service, times(1)).resetPassword(any(ExpiringCode.class), eq(password)); verify(authenticationSuccessHandler, times(0)).onAuthenticationSuccess(same(request), same(response), any(Authentication.class)); assertNull(SecurityContextHolder.getContext().getAuthentication()); if (!StringUtils.hasText(redirectUri) || redirectUri.equals("home")) { verify(response, times(1)).sendRedirect(request.getContextPath() + "/login?success=password_reset"); } else { verify(response, times(1)).sendRedirect(request.getContextPath() + "/login?success=password_reset&form_redirect_uri="+ redirectUri); } verify(chain, times(0)).doFilter(any(), any()); }
@Test public void test_happy_day_password_reset_with_home_redirect() throws Exception { reset(service); resetPasswordResponse = new ResetPasswordService.ResetPasswordResponse(user, "home", null); when(service.resetPassword(any(ExpiringCode.class), eq(password))).thenReturn(resetPasswordResponse); happy_day_password_reset(""); }
@Test public void test_happy_day_password_reset_with_redirect() throws Exception { reset(service); resetPasswordResponse = new ResetPasswordService.ResetPasswordResponse(user, "http://test.com", null); when(service.resetPassword(any(ExpiringCode.class), eq(password))).thenReturn(resetPasswordResponse); happy_day_password_reset(resetPasswordResponse.getRedirectUri()); }
@Test public void test_happy_day_password_reset_with_null_redirect() throws Exception { reset(service); resetPasswordResponse = new ResetPasswordService.ResetPasswordResponse(user, null, null); when(service.resetPassword(any(ExpiringCode.class), eq(password))).thenReturn(resetPasswordResponse); happy_day_password_reset(resetPasswordResponse.getRedirectUri()); }
throw new InvalidCodeException("invalid_code", "Sorry, your reset password link is no longer valid. Please request a new one", 422); ResetPasswordService.ResetPasswordResponse resetPasswordResponse = service.resetPassword(expiringCode, password); String redirectUri = resetPasswordResponse.getRedirectUri(); if (!StringUtils.hasText(redirectUri) || redirectUri.equals("home")) {
@RequestMapping(value = "/password_change", method = RequestMethod.POST) public ResponseEntity<LostPasswordChangeResponse> changePassword(@RequestBody LostPasswordChangeRequest passwordChangeRequest) { ResponseEntity<LostPasswordChangeResponse> responseEntity; if (passwordChangeRequest.getChangeCode() != null) { try { ExpiringCode expiringCode = getExpiringCode(passwordChangeRequest.getChangeCode()); ResetPasswordService.ResetPasswordResponse reset = resetPasswordService.resetPassword(expiringCode, passwordChangeRequest.getNewPassword()); ScimUser user = reset.getUser(); ExpiringCode loginCode = getCode(user.getId(), user.getUserName(), reset.getClientId()); LostPasswordChangeResponse response = new LostPasswordChangeResponse(); response.setUserId(user.getId()); response.setUsername(user.getUserName()); response.setEmail(user.getPrimaryEmail()); response.setLoginCode(loginCode.getCode()); return new ResponseEntity<>(response, OK); } catch (BadCredentialsException e) { return new ResponseEntity<>(UNAUTHORIZED); } catch (ScimResourceNotFoundException e) { return new ResponseEntity<>(NOT_FOUND); } catch (InvalidPasswordException | InvalidCodeException e) { throw e; } catch (Exception e) { return new ResponseEntity<>(INTERNAL_SERVER_ERROR); } } else { responseEntity = new ResponseEntity<>(BAD_REQUEST); } return responseEntity; }
@Before public void setup() throws Exception { codeStore = new InMemoryExpiringCodeStore(); code = codeStore.generateCode("{}", new Timestamp(System.currentTimeMillis() + 10*60*1000), "", IdentityZoneHolder.get().getId()).getCode(); password = "test"; passwordConfirmation = "test"; email = "test@test.org"; request = new MockHttpServletRequest("POST", "/reset_password.do"); request.setParameter("code", code); request.setParameter("password", password); request.setParameter("password_confirmation", passwordConfirmation); request.setParameter("email", email); response = mock(HttpServletResponse.class); chain = mock(FilterChain.class); service = mock(ResetPasswordService.class); user = new ScimUser("id", "username", "first name", "last name"); resetPasswordResponse = new ResetPasswordService.ResetPasswordResponse(user, "/", null); when(service.resetPassword(any(ExpiringCode.class), eq(password))).thenReturn(resetPasswordResponse); authenticationSuccessHandler = mock(AuthenticationSuccessHandler.class); entryPoint = mock(AuthenticationEntryPoint.class); filter = new ResetPasswordAuthenticationFilter(service, authenticationSuccessHandler, entryPoint, codeStore); }