/** * @see org.openmrs.api.UserService#hasDuplicateUsername(org.openmrs.User) */ @Override @Transactional(readOnly = true) public boolean hasDuplicateUsername(User user) throws APIException { return dao.hasDuplicateUsername(user.getUsername(), user.getSystemId(), user.getUserId()); }
@Override public void loggedInOrOut(User user, Event event, Status status) { if (event != null && user != null) { if (Event.LOGIN.equals(event)) { logins.add(user.getUsername() + ":" + event + ":" + status); } else if (Event.LOGOUT.equals(event)) { logouts.add( user.getUsername() + ":" + event + ":" + status); } } }
/** * @see org.openmrs.Attributable#getDisplayString() */ @Override public String getDisplayString() { String returnString = ""; if (getPersonName() != null) { returnString += getPersonName().getFullName() + " "; } returnString += "(" + getUsername() + ")"; return returnString; }
private void updatePassword(User user, String newPassword) { OpenmrsUtil.validatePassword(user.getUsername(), newPassword, user.getSystemId()); dao.changePassword(user, newPassword); }
/** * @see org.openmrs.api.UserService#changeQuestionAnswer(User, String, String) */ @Override public void changeQuestionAnswer(User u, String question, String answer) throws DAOException { log.info("Updating secret question and answer for " + u.getUsername()); LoginCredential credentials = getLoginCredential(u); credentials.setSecretQuestion(question); String hashedAnswer = Security.encodeString(answer.toLowerCase() + credentials.getSalt()); credentials.setSecretAnswer(hashedAnswer); credentials.setDateChanged(new Date()); credentials.setChangedBy(u); updateLoginCredential(credentials); }
/** * @see ContextDAO#authenticate(String,String) */ @Test public void authenticate_shouldAuthenticateGivenUsernameAndPassword() { User u = dao.authenticate("admin", "test"); Assert.assertEquals("Should be the admin user", "admin", u.getUsername()); }
@Test public void createUser_shouldNotAllowSystemIdEqualsUsernameWithLuhnCheckDigit() { User someUser = userService.getUserByUsername(SOME_USERNAME); User newUser = userWithValidPerson(); newUser.setUsername(someUser.getUsername()); newUser.setSystemId(decorateWithLuhnIdentifier(someUser.getUsername())); expectedException.expect(DAOException.class); expectedException.expectMessage( String.format("Username %s or system id %s is already in use.", newUser.getUsername(), newUser.getSystemId())); userService.createUser(newUser, SOME_VALID_PASSWORD); }
@Test public void createUser_shouldNotAllowSystemIdEqualsExistingUsername() { User someUser = userService.getUserByUsername(SOME_USERNAME); User newUser = userWithValidPerson(); newUser.setSystemId(someUser.getUsername()); expectedException.expect(DAOException.class); expectedException.expectMessage( String.format("Username %s or system id %s is already in use.", newUser.getUsername(), newUser.getSystemId())); userService.createUser(newUser, SOME_VALID_PASSWORD); }
@Test public void createUser_shouldNotAllowForDuplicatedUsername() { User someUser = userService.getUserByUsername(SOME_USERNAME); User newUser = userWithValidPerson(); newUser.setUsername(someUser.getUsername()); expectedException.expect(DAOException.class); expectedException.expectMessage( String.format("Username %s or system id %s is already in use.", newUser.getUsername(), Context.getUserService().generateSystemId())); userService.createUser(newUser, SOME_VALID_PASSWORD); }
@Test public void changePasswordUsingSecretAnswer_shouldUpdatePasswordIfSecretIsCorrect() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); userService.changePasswordUsingSecretAnswer("answer", "userServiceTest2"); Context.authenticate(user.getUsername(), "userServiceTest2"); }
/** * @see org.openmrs.api.UserService#saveUser(org.openmrs.User) */ @Override @CacheEvict(value = "userSearchLocales", allEntries = true) public User saveUser(User user) throws APIException { if (user.getUserId() == null) { throw new APIException("This method can be called only to update existing users"); } Context.requirePrivilege(PrivilegeConstants.EDIT_USERS); checkPrivileges(user); if (hasDuplicateUsername(user)) { throw new DAOException("Username " + user.getUsername() + " or system id " + user.getSystemId() + " is already in use."); } return dao.saveUser(user, null); }
@Test public void changePassword_shouldUpdatePasswordOfGivenUserWhenLoggedInUserHasEditUsersPasswordPrivilege() { User user = userService.getUserByUsername(ADMIN_USERNAME); assertNotNull("There needs to be a user with username 'admin' in the database", user); userService.changePassword(user, "testTest123"); Context.authenticate(user.getUsername(), "testTest123"); }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldChangePasswordForGivenUserIfOldPasswordIsNullAndChangingUserHavePrivileges() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String oldPassword = null; String newPassword = "newPasswordString123"; userService.changePassword(user6001, oldPassword, newPassword); Context.authenticate(user6001.getUsername(), newPassword); }
/** * @see UserService#changePassword(User,String,String) */ @Test public void changePassword_shouldChangePasswordForGivenUserIfOldPasswordIsCorrectlyPassed() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); //user 6001 has password userServiceTest User user6001 = userService.getUser(6001); String oldPassword = "userServiceTest"; String newPassword = "newPasswordString123"; userService.changePassword(user6001, oldPassword, newPassword); //try to authenticate with new password Context.authenticate(user6001.getUsername(), newPassword); }
@Test public void createUser_shouldNotAllowDuplicatedSystemId() { User someUser = userService.getUserByUsername(SOME_USERNAME); User newUser = userWithValidPerson(); newUser.setSystemId(someUser.getSystemId()); expectedException.expect(DAOException.class); expectedException.expectMessage( String.format("Username %s or system id %s is already in use.", newUser.getUsername(), newUser.getSystemId())); userService.createUser(newUser, SOME_VALID_PASSWORD); }
@Test public void createUser_shouldNotAllowUsernameEqualsExistingSystemId() { User someUser = userService.getUserByUsername(SOME_USERNAME); User newUser = userWithValidPerson(); newUser.setUsername(someUser.getSystemId()); expectedException.expect(DAOException.class); expectedException.expectMessage( String.format("Username %s or system id %s is already in use.", newUser.getUsername(), Context.getUserService().generateSystemId())); userService.createUser(newUser, SOME_VALID_PASSWORD); }
@Test public void changePasswordUsingSecretAnswer_shouldNotUpdatePasswordIfSecretIsNotCorrect() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); expectedException.expect(APIException.class); expectedException.expectMessage(messages.getMessage("secret.answer.not.correct")); userService.changePasswordUsingSecretAnswer("wrong answer", "userServiceTest2"); }
@Test public void changePassword_shouldNotUpdatePasswordOfGivenUserWhenLoggedInUserDoesNotHaveEditUsersPasswordPrivilege() { executeDataSet(XML_FILENAME_WITH_DATA_FOR_CHANGE_PASSWORD_ACTION); User user = userService.getUser(6001); assertFalse(user.hasPrivilege(PrivilegeConstants.EDIT_USER_PASSWORDS)); Context.authenticate(user.getUsername(), "userServiceTest"); expectedException.expect(APIAuthenticationException.class); expectedException.expectMessage( messages.getMessage("error.privilegesRequired", new Object[] {PrivilegeConstants.EDIT_USER_PASSWORDS}, null)); userService.changePassword(user, "testTest123"); }
@Test public void changePasswordUsingActivationKey_shouldNotUpdatePasswordIfActivationKeyIsIncorrect() { User u = new User(); u.setPerson(new Person()); u.addName(new PersonName("Benjamin", "A", "Wolfe")); u.setUsername("bwolfe"); u.getPerson().setGender("M"); User createdUser = userService.createUser(u, "Openmr5xy"); String key = "wrongactivationkeyin"; Context.authenticate(createdUser.getUsername(), "Openmr5xy"); expectedException.expect(InvalidActivationKeyException.class); expectedException.expectMessage(messages.getMessage("activation.key.not.correct")); userService.changePasswordUsingActivationKey(key, "Pa55w0rd"); }
@Test public void changePassword_shouldNotOverwriteUserSecretQuestionOrAnswer() { dao.changePassword(userJoe, PASSWORD); dao.changeQuestionAnswer(userJoe, SECRET_QUESTION, SECRET_ANSWER); LoginCredential lc = dao.getLoginCredential(userJoe); String hashedSecretAnswer = Security.encodeString(SECRET_ANSWER + lc.getSalt()); assertEquals("question should be set", SECRET_QUESTION, lc.getSecretQuestion()); assertEquals("answer should be set", hashedSecretAnswer, lc.getSecretAnswer()); Context.authenticate(userJoe.getUsername(), PASSWORD); dao.changePassword(PASSWORD, PASSWORD + "foo"); lc = dao.getLoginCredential(userJoe); assertEquals("question should not have changed", SECRET_QUESTION, lc.getSecretQuestion()); assertEquals("answer should not have changed", hashedSecretAnswer, lc.getSecretAnswer()); }