@Test public void testHamcrestMatcher() throws Exception { this.mockMvc.perform(get("/")).andExpect(view().name(containsString("Special"))); }
@Test public void authenticationPrincipalResolved() throws Exception { mockMvc.perform(get("/authentication-principal")) .andExpect(assertResult(authentication.getPrincipal())) .andExpect(view().name("authentication-principal-view")); }
@Test public void deprecatedAuthenticationPrincipalResolved() throws Exception { mockMvc.perform(get("/deprecated-authentication-principal")) .andExpect(assertResult(authentication.getPrincipal())) .andExpect(view().name("deprecated-authentication-principal-view")); }
@Test public void testQRCodeRedirectIfCodeNotValidated() throws Exception { redirectToMFARegistration(); performGetMfaRegister().andExpect(view().name("mfa/qr_code")); UserGoogleMfaCredentials inActiveCreds = (UserGoogleMfaCredentials) session.getAttribute("uaaMfaCredentials"); assertNotNull(inActiveCreds); performGetMfaRegister().andExpect(view().name("mfa/qr_code")); }
@Test public void changePassword_Returns401Unauthorized_WrongCurrentPassword() throws Exception { doThrow(new BadCredentialsException("401 Unauthorized")).when(changePasswordService).changePassword("bob", "wrong", "new secret"); MockHttpServletRequestBuilder post = createRequest("wrong", "new secret", "new secret"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("change_password")) .andExpect(model().attribute("message_code", "unauthorized")); }
@Test void testForgotPasswordPageDoesNotHaveCsrf() throws Exception { mockMvc.perform(get("/forgot_password")) .andExpect(status().isOk()) .andExpect(view().name("forgot_password")) .andExpect(content().string(containsString("action=\"/forgot_password.do\""))) .andExpect(content().string(not(containsString("name=\"X-Uaa-Csrf\"")))); }
@Test public void testAcceptInvitePageWithExpiredCode() throws Exception { when(expiringCodeStore.retrieveCode(anyString(), eq(IdentityZoneHolder.get().getId()))).thenReturn(null); MockHttpServletRequestBuilder get = get("/invitations/accept").param("code", "the_secret_code"); mockMvc.perform(get) .andExpect(status().isUnprocessableEntity()) .andExpect(model().attribute("error_message_code", "code_expired")) .andExpect(view().name("invitations/accept_invite")) .andExpect(xpath("//*[@class='email-display']").doesNotExist()) .andExpect(xpath("//form").doesNotExist()); assertNull(SecurityContextHolder.getContext().getAuthentication()); }
@Test public void changePassword_PasswordNoveltyViolationReported_NewPasswordSameAsCurrentPassword() throws Exception { doThrow(new InvalidPasswordException("Your new password cannot be the same as the old password.")).when(changePasswordService).changePassword("bob", "secret", "new secret"); MockHttpServletRequestBuilder post = createRequest("secret", "new secret", "new secret"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("change_password")) .andExpect(model().attribute("message", "Your new password cannot be the same as the old password.")); }
@Test public void changePassword_ConfirmationPasswordDoesNotMatch() throws Exception { MockHttpServletRequestBuilder post = createRequest("secret", "new secret", "newsecret"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("change_password")) .andExpect(model().attribute("message_code", "form_error")); verifyZeroInteractions(changePasswordService); }
@Test public void changePasswordPage_RendersChangePasswordPage() throws Exception { mockMvc.perform(get("/change_password")) .andExpect(status().isOk()) .andExpect(view().name("change_password")); }
@Test public void legacy_sessionControllerReturnsSessionView() throws Exception { mockMvc.perform(get("/session") .param("clientId","1") .param("messageOrigin", "origin")) .andExpect(view().name("session")) .andExpect(status().isOk()); }
@Test void testLogin_When_DisableInternalUserManagement_Is_True() throws Exception { MockMvcUtils.setDisableInternalUserManagement(webApplicationContext, getUaa().getId(), true); mockMvc.perform(get("/login")) .andExpect(status().isOk()) .andExpect(view().name("login")) .andExpect(model().attributeExists("prompts")) .andExpect(content().string(not(containsString("/create_account")))); MockMvcUtils.setDisableInternalUserManagement(webApplicationContext, getUaa().getId(), false); }
@Test public void testForcePasswordChange() throws Exception { setAuthentication(); mockMvc.perform(get("/force_password_change")) .andExpect(status().isOk()) .andExpect(view().name("force_password_change")) .andExpect(model().attribute("email", "mail")); }
@Test void testLogin() throws Exception { mockMvc.perform(get("/login")) .andExpect(status().isOk()) .andExpect(view().name("login")) .andExpect(model().attribute("links", hasEntry("forgotPasswordLink", "/forgot_password"))) .andExpect(model().attribute("links", hasEntry("createAccountLink", "/create_account"))) .andExpect(model().attributeExists("prompts")) .andExpect(content().string(containsString("/create_account"))); }
@Test public void testInvalidEmail() throws Exception { MockHttpServletRequestBuilder post = post("/create_account.do") .param("email", "wrong") .param("password", "password") .param("password_confirmation", "password") .param("client_id", "app"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("accounts/new_activation_email")) .andExpect(model().attribute("error_message_code", "invalid_email")); }
@Test void ifInvalidOrExpiredCode_goTo_createAccountDefaultPage() throws Exception { mockMvc.perform(get("/verify_user") .param("code", "expired-code")) .andExpect(status().isUnprocessableEntity()) .andExpect(model().attribute("error_message_code", "code_expired")) .andExpect(view().name("accounts/link_prompt")) .andExpect(xpath("//a[text()='here']/@href").string("/create_account")); }
@Test void ifInvalidOrExpiredCode_withNonDefaultSignupLinkProperty_goToNonDefaultSignupPage() throws Exception { String signUpLink = "http://mypage.com/signup"; setProperty("links.signup", signUpLink); mockMvc.perform(get("/verify_user") .param("code", "expired-code")) .andExpect(status().isUnprocessableEntity()) .andExpect(model().attribute("error_message_code", "code_expired")) .andExpect(view().name("accounts/link_prompt")) .andExpect(xpath("//a[text()='here']/@href").string(signUpLink)); }
@Test void testCreateAccountWithDisableSelfService() throws Exception { String subdomain = generator.generate(); IdentityZone zone = MultitenancyFixture.identityZone(subdomain, subdomain); zone.getConfig().getLinks().getSelfService().setSelfServiceLinksEnabled(false); MockMvcUtils.createOtherIdentityZoneAndReturnResult(mockMvc, webApplicationContext, getBaseClientDetails(), zone); mockMvc.perform(get("/create_account") .with(new SetServerNameRequestPostProcessor(subdomain + ".localhost"))) .andExpect(model().attribute("error_message_code", "self_service_disabled")) .andExpect(view().name("error")) .andExpect(status().isNotFound()); }
@Test public void testNewAccountPage() throws Exception { mockMvc.perform(get("/create_account").param("client_id", "client-id").param("redirect_uri", "http://example.com/redirect")) .andExpect(status().isOk()) .andExpect(model().attribute("client_id", "client-id")) .andExpect(model().attribute("redirect_uri", "http://example.com/redirect")) .andExpect(view().name("accounts/new_activation_email")) .andExpect(xpath("//*[@type='hidden' and @value='client-id']").exists()) .andExpect(xpath("//*[@type='hidden' and @value='http://example.com/redirect']").exists()); }