@Test public void incorrectCodeIntent() throws Exception { Map<String,String> codeData = new HashMap<>(); codeData.put("user_id", "user-id-001"); codeData.put("email", "user@example.com"); codeData.put("client_id", "client-id"); codeData.put("redirect_uri", "blah.test.com"); when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())).thenReturn(new ExpiringCode("code", new Timestamp(System.currentTimeMillis()), JsonUtils.writeValueAsString(codeData), "incorrect-code-intent"));; MockHttpServletRequestBuilder get = get("/invitations/accept") .param("code", "the_secret_code"); mockMvc.perform(get).andExpect(status().isUnprocessableEntity()); }
@Test public void changeEmail_withIncorrectCode() throws Exception { when(expiringCodeStore.retrieveCode("the_secret_code", IdentityZoneHolder.get().getId())) .thenReturn(new ExpiringCode("the_secret_code", new Timestamp(System.currentTimeMillis()), "{\"userId\":\"user-id-001\",\"email\":\"new@example.com\",\"client_id\":null}", "incorrect-code")); mockMvc.perform(post("/email_changes") .contentType(APPLICATION_JSON) .content("the_secret_code") .accept(APPLICATION_JSON)) .andExpect(MockMvcResultMatchers.status().isUnprocessableEntity()); } }
@Test public void testPasswordAndConfirmAreDifferent() throws Exception { setAuthentication(); when(resourcePropertySource.getProperty("force_password_change.form_error")).thenReturn("Passwords must match and not be empty."); mockMvc.perform( post("/force_password_change") .param("password","pwd") .param("password_confirmation", "nopwd")) .andExpect(status().isUnprocessableEntity()); }
@Test public void changePassword_Returns401Unauthorized_WrongCurrentPassword() throws Exception { doThrow(new BadCredentialsException("401 Unauthorized")).when(changePasswordService).changePassword("bob", "wrong", "new secret"); MockHttpServletRequestBuilder post = createRequest("wrong", "new secret", "new secret"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("change_password")) .andExpect(model().attribute("message_code", "unauthorized")); }
@Test public void changePassword_PasswordPolicyViolationReported() throws Exception { doThrow(new InvalidPasswordException(asList("Msg 2b", "Msg 1b"))).when(changePasswordService).changePassword("bob", "secret", "new secret"); MockHttpServletRequestBuilder post = createRequest("secret", "new secret", "new secret"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("change_password")) .andExpect(model().attribute("message", "Msg 1b Msg 2b")); }
@Test public void testAcceptInvitePageWithExpiredCode() throws Exception { when(expiringCodeStore.retrieveCode(anyString(), eq(IdentityZoneHolder.get().getId()))).thenReturn(null); MockHttpServletRequestBuilder get = get("/invitations/accept").param("code", "the_secret_code"); mockMvc.perform(get) .andExpect(status().isUnprocessableEntity()) .andExpect(model().attribute("error_message_code", "code_expired")) .andExpect(view().name("invitations/accept_invite")) .andExpect(xpath("//*[@class='email-display']").doesNotExist()) .andExpect(xpath("//form").doesNotExist()); assertNull(SecurityContextHolder.getContext().getAuthentication()); }
@Test public void changePassword_PasswordNoveltyViolationReported_NewPasswordSameAsCurrentPassword() throws Exception { doThrow(new InvalidPasswordException("Your new password cannot be the same as the old password.")).when(changePasswordService).changePassword("bob", "secret", "new secret"); MockHttpServletRequestBuilder post = createRequest("secret", "new secret", "new secret"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("change_password")) .andExpect(model().attribute("message", "Your new password cannot be the same as the old password.")); }
@Test public void changePassword_ConfirmationPasswordDoesNotMatch() throws Exception { MockHttpServletRequestBuilder post = createRequest("secret", "new secret", "newsecret"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("change_password")) .andExpect(model().attribute("message_code", "form_error")); verifyZeroInteractions(changePasswordService); }
@Test public void testInvalidPassword() throws Exception { doThrow(new InvalidPasswordException(Arrays.asList("Msg 2", "Msg 1"))).when(accountCreationService).beginActivation("user1@example.com", "password", "app", null); MockHttpServletRequestBuilder post = post("/create_account.do") .param("email", "user1@example.com") .param("password", "password") .param("password_confirmation", "password") .param("client_id", "app"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("accounts/new_activation_email")) .andExpect(model().attribute("error_message", "Msg 1 Msg 2")); }
@Test void testMalformedPasswordPolicyReturnsUnprocessableEntity() throws Exception { IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); PasswordPolicy policy = new PasswordPolicy().setMinLength(6); identityProvider.setConfig(new UaaIdentityProviderDefinition(policy, null)); String accessToken = setUpAccessToken(); updateIdentityProvider(null, identityProvider, accessToken, status().isUnprocessableEntity()); }
@Test void invalid_ldap_origin_returns_UnprocessableEntity() throws Exception { IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.LDAP, IdentityZone.getUaa().getId()); String accessToken = setUpAccessToken(); updateIdentityProvider(null, identityProvider, accessToken, status().isOk()); identityProvider.setOriginKey("other"); updateIdentityProvider(null, identityProvider, accessToken, status().isUnprocessableEntity()); }
@Test void validateOauthProviderConfigDuringCreate() throws Exception { IdentityProvider<AbstractXOAuthIdentityProviderDefinition> identityProvider = getOAuthProviderConfig(); identityProvider.getConfig().setAuthUrl(null); mockMvc.perform(post("/identity-providers") .header("Authorization", "bearer " + adminToken) .content(JsonUtils.writeValueAsString(identityProvider)) .contentType(APPLICATION_JSON) ).andExpect(status().isUnprocessableEntity()); }
@Test public void testResetPasswordPageDuplicate() throws Exception { ExpiringCode code = codeStore.generateCode("{\"user_id\" : \"some-user-id\"}", new Timestamp(System.currentTimeMillis() + 1000000), null, IdentityZoneHolder.get().getId()); mockMvc.perform(get("/reset_password").param("email", "user@example.com").param("code", code.getCode())) .andExpect(status().isOk()) .andExpect(view().name("reset_password")); mockMvc.perform(get("/reset_password").param("email", "user@example.com").param("code", code.getCode())) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("forgot_password")); }
@Test public void testResetPasswordPageWhenExpiringCodeNull() throws Exception { mockMvc.perform(get("/reset_password").param("email", "user@example.com").param("code", "code1")) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("forgot_password")) .andExpect(model().attribute("message_code", "bad_code")); }
@Test void createZoneWithMfaConfigIsNotSupported() throws Exception { MfaProvider<GoogleMfaProviderConfig> mfaProvider = createGoogleMfaProvider(null); String zoneId = new RandomValueStringGenerator(5).generate(); String zoneContent = "{\"id\" : \"" + zoneId + "\", \"name\" : \"" + zoneId + "\", \"subdomain\" : \"" + zoneId + "\", \"config\" : { \"mfaConfig\" : {\"enabled\" : true, \"providerName\" : \"" + mfaProvider.getName() + "\"}}}"; mockMvc.perform(post("/identity-zones") .header("Authorization", "Bearer " + adminToken) .contentType(APPLICATION_JSON) .content(zoneContent)) .andExpect(status().isUnprocessableEntity()) .andReturn().getResponse(); }
@Test void ifInvalidOrExpiredCode_goTo_createAccountDefaultPage() throws Exception { mockMvc.perform(get("/verify_user") .param("code", "expired-code")) .andExpect(status().isUnprocessableEntity()) .andExpect(model().attribute("error_message_code", "code_expired")) .andExpect(view().name("accounts/link_prompt")) .andExpect(xpath("//a[text()='here']/@href").string("/create_account")); }
@Test public void testInvalidEmail() throws Exception { MockHttpServletRequestBuilder post = post("/create_account.do") .param("email", "wrong") .param("password", "password") .param("password_confirmation", "password") .param("client_id", "app"); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("accounts/new_activation_email")) .andExpect(model().attribute("error_message_code", "invalid_email")); }
@Test void ifInvalidOrExpiredCode_withNonDefaultSignupLinkProperty_goToNonDefaultSignupPage() throws Exception { String signUpLink = "http://mypage.com/signup"; setProperty("links.signup", signUpLink); mockMvc.perform(get("/verify_user") .param("code", "expired-code")) .andExpect(status().isUnprocessableEntity()) .andExpect(model().attribute("error_message_code", "code_expired")) .andExpect(view().name("accounts/link_prompt")) .andExpect(xpath("//a[text()='here']/@href").string(signUpLink)); }
@Test public void changePassword_withInvalidPassword_returnsErrorJson() throws Exception { String toolongpassword = new RandomValueStringGenerator(260).generate(); String code = getExpiringCode(null, null); getMockMvc().perform(post("/password_change") .header("Authorization", "Bearer " + loginToken) .contentType(APPLICATION_JSON) .content("{\"code\":\"" + code + "\",\"new_password\":\""+toolongpassword+"\"}")) .andExpect(status().isUnprocessableEntity()) .andExpect(jsonPath("$.error").value("invalid_password")) .andExpect(jsonPath("$.message").value("Password must be no more than 255 characters in length.")); }
@Test public void testPasswordMismatch() throws Exception { MockHttpServletRequestBuilder post = post("/create_account.do") .param("email", "user1@example.com") .param("password", "pass") .param("password_confirmation", "word") .param("client_id", "app"); IdentityZoneHolder.get().getConfig().getLinks().getSelfService().setSelfServiceLinksEnabled(true); mockMvc.perform(post) .andExpect(status().isUnprocessableEntity()) .andExpect(view().name("accounts/new_activation_email")) .andExpect(model().attribute("error_message_code", "form_error")); }