package com.emonster.taroaichat.web.rest; import static org.assertj.core.api.Assertions.assertThat; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*; import com.emonster.taroaichat.IntegrationTest; import com.emonster.taroaichat.config.Constants; import com.emonster.taroaichat.domain.User; import com.emonster.taroaichat.repository.AuthorityRepository; import com.emonster.taroaichat.repository.UserRepository; import com.emonster.taroaichat.security.AuthoritiesConstants; import com.emonster.taroaichat.service.UserService; import com.emonster.taroaichat.service.dto.AdminUserDTO; import com.emonster.taroaichat.service.dto.PasswordChangeDTO; import com.emonster.taroaichat.web.rest.vm.KeyAndPasswordVM; import com.emonster.taroaichat.web.rest.vm.ManagedUserVM; import com.fasterxml.jackson.databind.ObjectMapper; import java.time.Instant; import java.util.*; import java.util.stream.Stream; import org.apache.commons.lang3.RandomStringUtils; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.MethodSource; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc; import org.springframework.http.MediaType; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.test.context.support.WithMockUser; import org.springframework.test.web.servlet.MockMvc; import org.springframework.transaction.annotation.Transactional; /** * Integration tests for the {@link AccountResource} REST controller. */ @AutoConfigureMockMvc @IntegrationTest class AccountResourceIT { static final String TEST_USER_LOGIN = "test"; @Autowired private ObjectMapper om; @Autowired private UserRepository userRepository; @Autowired private AuthorityRepository authorityRepository; @Autowired private UserService userService; @Autowired private PasswordEncoder passwordEncoder; @Autowired private MockMvc restAccountMockMvc; private Long numberOfUsers; @BeforeEach void countUsers() { numberOfUsers = userRepository.count(); } @AfterEach void cleanupAndCheck() { assertThat(userRepository.count()).isEqualTo(numberOfUsers); numberOfUsers = null; } @Test @WithUnauthenticatedMockUser void testNonAuthenticatedUser() throws Exception { restAccountMockMvc.perform(get("/api/authenticate")).andExpect(status().isUnauthorized()); } @Test @WithMockUser(TEST_USER_LOGIN) void testAuthenticatedUser() throws Exception { restAccountMockMvc.perform(get("/api/authenticate").with(request -> request)).andExpect(status().isNoContent()); } @Test @WithMockUser(TEST_USER_LOGIN) void testGetExistingAccount() throws Exception { Set authorities = new HashSet<>(); authorities.add(AuthoritiesConstants.ADMIN); AdminUserDTO user = new AdminUserDTO(); user.setLogin(TEST_USER_LOGIN); user.setFirstName("john"); user.setLastName("doe"); user.setEmail("john.doe@jhipster.com"); user.setImageUrl("http://placehold.it/50x50"); user.setLangKey("en"); user.setAuthorities(authorities); userService.createUser(user); restAccountMockMvc .perform(get("/api/account").accept(MediaType.APPLICATION_JSON)) .andExpect(status().isOk()) .andExpect(content().contentType(MediaType.APPLICATION_JSON_VALUE)) .andExpect(jsonPath("$.login").value(TEST_USER_LOGIN)) .andExpect(jsonPath("$.firstName").value("john")) .andExpect(jsonPath("$.lastName").value("doe")) .andExpect(jsonPath("$.email").value("john.doe@jhipster.com")) .andExpect(jsonPath("$.imageUrl").value("http://placehold.it/50x50")) .andExpect(jsonPath("$.langKey").value("en")) .andExpect(jsonPath("$.authorities").value(AuthoritiesConstants.ADMIN)); userService.deleteUser(TEST_USER_LOGIN); } @Test void testGetUnknownAccount() throws Exception { restAccountMockMvc.perform(get("/api/account").accept(MediaType.APPLICATION_PROBLEM_JSON)).andExpect(status().isUnauthorized()); } @Test @Transactional void testRegisterValid() throws Exception { ManagedUserVM validUser = new ManagedUserVM(); validUser.setLogin("test-register-valid"); validUser.setPassword("password"); validUser.setFirstName("Alice"); validUser.setLastName("Test"); validUser.setEmail("test-register-valid@example.com"); validUser.setImageUrl("http://placehold.it/50x50"); validUser.setLangKey(Constants.DEFAULT_LANGUAGE); validUser.setAuthorities(Collections.singleton(AuthoritiesConstants.USER)); assertThat(userRepository.findOneByLogin("test-register-valid")).isEmpty(); restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(validUser))) .andExpect(status().isCreated()); assertThat(userRepository.findOneByLogin("test-register-valid")).isPresent(); userService.deleteUser("test-register-valid"); } @Test @Transactional void testRegisterInvalidLogin() throws Exception { ManagedUserVM invalidUser = new ManagedUserVM(); invalidUser.setLogin("funky-log(n"); // <-- invalid invalidUser.setPassword("password"); invalidUser.setFirstName("Funky"); invalidUser.setLastName("One"); invalidUser.setEmail("funky@example.com"); invalidUser.setActivated(true); invalidUser.setImageUrl("http://placehold.it/50x50"); invalidUser.setLangKey(Constants.DEFAULT_LANGUAGE); invalidUser.setAuthorities(Collections.singleton(AuthoritiesConstants.USER)); restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(invalidUser))) .andExpect(status().isBadRequest()); Optional user = userRepository.findOneByEmailIgnoreCase("funky@example.com"); assertThat(user).isEmpty(); } static Stream invalidUsers() { return Stream.of( createInvalidUser("bob", "password", "Bob", "Green", "invalid", true), // <-- invalid createInvalidUser("bob", "123", "Bob", "Green", "bob@example.com", true), // password with only 3 digits createInvalidUser("bob", null, "Bob", "Green", "bob@example.com", true) // invalid null password ); } @ParameterizedTest @MethodSource("invalidUsers") @Transactional void testRegisterInvalidUsers(ManagedUserVM invalidUser) throws Exception { restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(invalidUser))) .andExpect(status().isBadRequest()); Optional user = userRepository.findOneByLogin("bob"); assertThat(user).isEmpty(); } private static ManagedUserVM createInvalidUser( String login, String password, String firstName, String lastName, String email, boolean activated ) { ManagedUserVM invalidUser = new ManagedUserVM(); invalidUser.setLogin(login); invalidUser.setPassword(password); invalidUser.setFirstName(firstName); invalidUser.setLastName(lastName); invalidUser.setEmail(email); invalidUser.setActivated(activated); invalidUser.setImageUrl("http://placehold.it/50x50"); invalidUser.setLangKey(Constants.DEFAULT_LANGUAGE); invalidUser.setAuthorities(Collections.singleton(AuthoritiesConstants.USER)); return invalidUser; } @Test @Transactional void testRegisterDuplicateLogin() throws Exception { // First registration ManagedUserVM firstUser = new ManagedUserVM(); firstUser.setLogin("alice"); firstUser.setPassword("password"); firstUser.setFirstName("Alice"); firstUser.setLastName("Something"); firstUser.setEmail("alice@example.com"); firstUser.setImageUrl("http://placehold.it/50x50"); firstUser.setLangKey(Constants.DEFAULT_LANGUAGE); firstUser.setAuthorities(Collections.singleton(AuthoritiesConstants.USER)); // Duplicate login, different email ManagedUserVM secondUser = new ManagedUserVM(); secondUser.setLogin(firstUser.getLogin()); secondUser.setPassword(firstUser.getPassword()); secondUser.setFirstName(firstUser.getFirstName()); secondUser.setLastName(firstUser.getLastName()); secondUser.setEmail("alice2@example.com"); secondUser.setImageUrl(firstUser.getImageUrl()); secondUser.setLangKey(firstUser.getLangKey()); secondUser.setCreatedBy(firstUser.getCreatedBy()); secondUser.setCreatedDate(firstUser.getCreatedDate()); secondUser.setLastModifiedBy(firstUser.getLastModifiedBy()); secondUser.setLastModifiedDate(firstUser.getLastModifiedDate()); secondUser.setAuthorities(new HashSet<>(firstUser.getAuthorities())); // First user restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(firstUser))) .andExpect(status().isCreated()); // Second (non activated) user restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(secondUser))) .andExpect(status().isCreated()); Optional testUser = userRepository.findOneByEmailIgnoreCase("alice2@example.com"); assertThat(testUser).isPresent(); testUser.orElseThrow().setActivated(true); userRepository.save(testUser.orElseThrow()); // Second (already activated) user restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(secondUser))) .andExpect(status().is4xxClientError()); userService.deleteUser("alice"); } @Test @Transactional void testRegisterDuplicateEmail() throws Exception { // First user ManagedUserVM firstUser = new ManagedUserVM(); firstUser.setLogin("test-register-duplicate-email"); firstUser.setPassword("password"); firstUser.setFirstName("Alice"); firstUser.setLastName("Test"); firstUser.setEmail("test-register-duplicate-email@example.com"); firstUser.setImageUrl("http://placehold.it/50x50"); firstUser.setLangKey(Constants.DEFAULT_LANGUAGE); firstUser.setAuthorities(Collections.singleton(AuthoritiesConstants.USER)); // Register first user restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(firstUser))) .andExpect(status().isCreated()); Optional testUser1 = userRepository.findOneByLogin("test-register-duplicate-email"); assertThat(testUser1).isPresent(); // Duplicate email, different login ManagedUserVM secondUser = new ManagedUserVM(); secondUser.setLogin("test-register-duplicate-email-2"); secondUser.setPassword(firstUser.getPassword()); secondUser.setFirstName(firstUser.getFirstName()); secondUser.setLastName(firstUser.getLastName()); secondUser.setEmail(firstUser.getEmail()); secondUser.setImageUrl(firstUser.getImageUrl()); secondUser.setLangKey(firstUser.getLangKey()); secondUser.setAuthorities(new HashSet<>(firstUser.getAuthorities())); // Register second (non activated) user restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(secondUser))) .andExpect(status().isCreated()); Optional testUser2 = userRepository.findOneByLogin("test-register-duplicate-email"); assertThat(testUser2).isEmpty(); Optional testUser3 = userRepository.findOneByLogin("test-register-duplicate-email-2"); assertThat(testUser3).isPresent(); // Duplicate email - with uppercase email address ManagedUserVM userWithUpperCaseEmail = new ManagedUserVM(); userWithUpperCaseEmail.setId(firstUser.getId()); userWithUpperCaseEmail.setLogin("test-register-duplicate-email-3"); userWithUpperCaseEmail.setPassword(firstUser.getPassword()); userWithUpperCaseEmail.setFirstName(firstUser.getFirstName()); userWithUpperCaseEmail.setLastName(firstUser.getLastName()); userWithUpperCaseEmail.setEmail("TEST-register-duplicate-email@example.com"); userWithUpperCaseEmail.setImageUrl(firstUser.getImageUrl()); userWithUpperCaseEmail.setLangKey(firstUser.getLangKey()); userWithUpperCaseEmail.setAuthorities(new HashSet<>(firstUser.getAuthorities())); // Register third (not activated) user restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(userWithUpperCaseEmail))) .andExpect(status().isCreated()); Optional testUser4 = userRepository.findOneByLogin("test-register-duplicate-email-3"); assertThat(testUser4).isPresent(); assertThat(testUser4.orElseThrow().getEmail()).isEqualTo("test-register-duplicate-email@example.com"); testUser4.orElseThrow().setActivated(true); userService.updateUser((new AdminUserDTO(testUser4.orElseThrow()))); // Register 4th (already activated) user restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(secondUser))) .andExpect(status().is4xxClientError()); userService.deleteUser("test-register-duplicate-email-3"); } @Test @Transactional void testRegisterAdminIsIgnored() throws Exception { ManagedUserVM validUser = new ManagedUserVM(); validUser.setLogin("badguy"); validUser.setPassword("password"); validUser.setFirstName("Bad"); validUser.setLastName("Guy"); validUser.setEmail("badguy@example.com"); validUser.setActivated(true); validUser.setImageUrl("http://placehold.it/50x50"); validUser.setLangKey(Constants.DEFAULT_LANGUAGE); validUser.setAuthorities(Collections.singleton(AuthoritiesConstants.ADMIN)); restAccountMockMvc .perform(post("/api/register").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(validUser))) .andExpect(status().isCreated()); Optional userDup = userRepository.findOneWithAuthoritiesByLogin("badguy"); assertThat(userDup).isPresent(); assertThat(userDup.orElseThrow().getAuthorities()) .hasSize(1) .containsExactly(authorityRepository.findById(AuthoritiesConstants.USER).orElseThrow()); userService.deleteUser("badguy"); } @Test @Transactional void testActivateAccount() throws Exception { final String activationKey = "some activation key"; User user = new User(); user.setLogin("activate-account"); user.setEmail("activate-account@example.com"); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setActivated(false); user.setActivationKey(activationKey); userRepository.saveAndFlush(user); restAccountMockMvc.perform(get("/api/activate?key={activationKey}", activationKey)).andExpect(status().isOk()); user = userRepository.findOneByLogin(user.getLogin()).orElse(null); assertThat(user.isActivated()).isTrue(); userService.deleteUser("activate-account"); } @Test @Transactional void testActivateAccountWithWrongKey() throws Exception { restAccountMockMvc.perform(get("/api/activate?key=wrongActivationKey")).andExpect(status().isInternalServerError()); } @Test @Transactional @WithMockUser("save-account") void testSaveAccount() throws Exception { User user = new User(); user.setLogin("save-account"); user.setEmail("save-account@example.com"); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setActivated(true); userRepository.saveAndFlush(user); AdminUserDTO userDTO = new AdminUserDTO(); userDTO.setLogin("not-used"); userDTO.setFirstName("firstname"); userDTO.setLastName("lastname"); userDTO.setEmail("save-account@example.com"); userDTO.setActivated(false); userDTO.setImageUrl("http://placehold.it/50x50"); userDTO.setLangKey(Constants.DEFAULT_LANGUAGE); userDTO.setAuthorities(Collections.singleton(AuthoritiesConstants.ADMIN)); restAccountMockMvc .perform(post("/api/account").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(userDTO))) .andExpect(status().isOk()); User updatedUser = userRepository.findOneWithAuthoritiesByLogin(user.getLogin()).orElse(null); assertThat(updatedUser.getFirstName()).isEqualTo(userDTO.getFirstName()); assertThat(updatedUser.getLastName()).isEqualTo(userDTO.getLastName()); assertThat(updatedUser.getEmail()).isEqualTo(userDTO.getEmail()); assertThat(updatedUser.getLangKey()).isEqualTo(userDTO.getLangKey()); assertThat(updatedUser.getPassword()).isEqualTo(user.getPassword()); assertThat(updatedUser.getImageUrl()).isEqualTo(userDTO.getImageUrl()); assertThat(updatedUser.isActivated()).isTrue(); assertThat(updatedUser.getAuthorities()).isEmpty(); userService.deleteUser("save-account"); } @Test @Transactional @WithMockUser("save-invalid-email") void testSaveInvalidEmail() throws Exception { User user = new User(); user.setLogin("save-invalid-email"); user.setEmail("save-invalid-email@example.com"); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setActivated(true); userRepository.saveAndFlush(user); AdminUserDTO userDTO = new AdminUserDTO(); userDTO.setLogin("not-used"); userDTO.setFirstName("firstname"); userDTO.setLastName("lastname"); userDTO.setEmail("invalid email"); userDTO.setActivated(false); userDTO.setImageUrl("http://placehold.it/50x50"); userDTO.setLangKey(Constants.DEFAULT_LANGUAGE); userDTO.setAuthorities(Collections.singleton(AuthoritiesConstants.ADMIN)); restAccountMockMvc .perform(post("/api/account").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(userDTO))) .andExpect(status().isBadRequest()); assertThat(userRepository.findOneByEmailIgnoreCase("invalid email")).isNotPresent(); userService.deleteUser("save-invalid-email"); } @Test @Transactional @WithMockUser("save-existing-email") void testSaveExistingEmail() throws Exception { User user = new User(); user.setLogin("save-existing-email"); user.setEmail("save-existing-email@example.com"); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setActivated(true); userRepository.saveAndFlush(user); User anotherUser = new User(); anotherUser.setLogin("save-existing-email2"); anotherUser.setEmail("save-existing-email2@example.com"); anotherUser.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); anotherUser.setActivated(true); userRepository.saveAndFlush(anotherUser); AdminUserDTO userDTO = new AdminUserDTO(); userDTO.setLogin("not-used"); userDTO.setFirstName("firstname"); userDTO.setLastName("lastname"); userDTO.setEmail("save-existing-email2@example.com"); userDTO.setActivated(false); userDTO.setImageUrl("http://placehold.it/50x50"); userDTO.setLangKey(Constants.DEFAULT_LANGUAGE); userDTO.setAuthorities(Collections.singleton(AuthoritiesConstants.ADMIN)); restAccountMockMvc .perform(post("/api/account").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(userDTO))) .andExpect(status().isBadRequest()); User updatedUser = userRepository.findOneByLogin("save-existing-email").orElseThrow(); assertThat(updatedUser.getEmail()).isEqualTo("save-existing-email@example.com"); userService.deleteUser("save-existing-email"); userService.deleteUser("save-existing-email2"); } @Test @Transactional @WithMockUser("save-existing-email-and-login") void testSaveExistingEmailAndLogin() throws Exception { User user = new User(); user.setLogin("save-existing-email-and-login"); user.setEmail("save-existing-email-and-login@example.com"); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setActivated(true); userRepository.saveAndFlush(user); AdminUserDTO userDTO = new AdminUserDTO(); userDTO.setLogin("not-used"); userDTO.setFirstName("firstname"); userDTO.setLastName("lastname"); userDTO.setEmail("save-existing-email-and-login@example.com"); userDTO.setActivated(false); userDTO.setImageUrl("http://placehold.it/50x50"); userDTO.setLangKey(Constants.DEFAULT_LANGUAGE); userDTO.setAuthorities(Collections.singleton(AuthoritiesConstants.ADMIN)); restAccountMockMvc .perform(post("/api/account").contentType(MediaType.APPLICATION_JSON).content(om.writeValueAsBytes(userDTO))) .andExpect(status().isOk()); User updatedUser = userRepository.findOneByLogin("save-existing-email-and-login").orElse(null); assertThat(updatedUser.getEmail()).isEqualTo("save-existing-email-and-login@example.com"); userService.deleteUser("save-existing-email-and-login"); } @Test @Transactional @WithMockUser("change-password-wrong-existing-password") void testChangePasswordWrongExistingPassword() throws Exception { User user = new User(); String currentPassword = RandomStringUtils.insecure().nextAlphanumeric(60); user.setPassword(passwordEncoder.encode(currentPassword)); user.setLogin("change-password-wrong-existing-password"); user.setEmail("change-password-wrong-existing-password@example.com"); userRepository.saveAndFlush(user); restAccountMockMvc .perform( post("/api/account/change-password") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(new PasswordChangeDTO("1" + currentPassword, "new password"))) ) .andExpect(status().isBadRequest()); User updatedUser = userRepository.findOneByLogin("change-password-wrong-existing-password").orElse(null); assertThat(passwordEncoder.matches("new password", updatedUser.getPassword())).isFalse(); assertThat(passwordEncoder.matches(currentPassword, updatedUser.getPassword())).isTrue(); userService.deleteUser("change-password-wrong-existing-password"); } @Test @Transactional @WithMockUser("change-password") void testChangePassword() throws Exception { User user = new User(); String currentPassword = RandomStringUtils.insecure().nextAlphanumeric(60); user.setPassword(passwordEncoder.encode(currentPassword)); user.setLogin("change-password"); user.setEmail("change-password@example.com"); userRepository.saveAndFlush(user); restAccountMockMvc .perform( post("/api/account/change-password") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(new PasswordChangeDTO(currentPassword, "new password"))) ) .andExpect(status().isOk()); User updatedUser = userRepository.findOneByLogin("change-password").orElse(null); assertThat(passwordEncoder.matches("new password", updatedUser.getPassword())).isTrue(); userService.deleteUser("change-password"); } @Test @Transactional @WithMockUser("change-password-too-small") void testChangePasswordTooSmall() throws Exception { User user = new User(); String currentPassword = RandomStringUtils.insecure().nextAlphanumeric(60); user.setPassword(passwordEncoder.encode(currentPassword)); user.setLogin("change-password-too-small"); user.setEmail("change-password-too-small@example.com"); userRepository.saveAndFlush(user); String newPassword = RandomStringUtils.insecure().next(ManagedUserVM.PASSWORD_MIN_LENGTH - 1); restAccountMockMvc .perform( post("/api/account/change-password") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(new PasswordChangeDTO(currentPassword, newPassword))) ) .andExpect(status().isBadRequest()); User updatedUser = userRepository.findOneByLogin("change-password-too-small").orElse(null); assertThat(updatedUser.getPassword()).isEqualTo(user.getPassword()); userService.deleteUser("change-password-too-small"); } @Test @Transactional @WithMockUser("change-password-too-long") void testChangePasswordTooLong() throws Exception { User user = new User(); String currentPassword = RandomStringUtils.insecure().nextAlphanumeric(60); user.setPassword(passwordEncoder.encode(currentPassword)); user.setLogin("change-password-too-long"); user.setEmail("change-password-too-long@example.com"); userRepository.saveAndFlush(user); String newPassword = RandomStringUtils.insecure().next(ManagedUserVM.PASSWORD_MAX_LENGTH + 1); restAccountMockMvc .perform( post("/api/account/change-password") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(new PasswordChangeDTO(currentPassword, newPassword))) ) .andExpect(status().isBadRequest()); User updatedUser = userRepository.findOneByLogin("change-password-too-long").orElse(null); assertThat(updatedUser.getPassword()).isEqualTo(user.getPassword()); userService.deleteUser("change-password-too-long"); } @Test @Transactional @WithMockUser("change-password-empty") void testChangePasswordEmpty() throws Exception { User user = new User(); String currentPassword = RandomStringUtils.insecure().nextAlphanumeric(60); user.setPassword(passwordEncoder.encode(currentPassword)); user.setLogin("change-password-empty"); user.setEmail("change-password-empty@example.com"); userRepository.saveAndFlush(user); restAccountMockMvc .perform( post("/api/account/change-password") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(new PasswordChangeDTO(currentPassword, ""))) ) .andExpect(status().isBadRequest()); User updatedUser = userRepository.findOneByLogin("change-password-empty").orElse(null); assertThat(updatedUser.getPassword()).isEqualTo(user.getPassword()); userService.deleteUser("change-password-empty"); } @Test @Transactional void testRequestPasswordReset() throws Exception { User user = new User(); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setActivated(true); user.setLogin("password-reset"); user.setEmail("password-reset@example.com"); user.setLangKey("en"); userRepository.saveAndFlush(user); restAccountMockMvc .perform(post("/api/account/reset-password/init").content("password-reset@example.com")) .andExpect(status().isOk()); userService.deleteUser("password-reset"); } @Test @Transactional void testRequestPasswordResetUpperCaseEmail() throws Exception { User user = new User(); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setActivated(true); user.setLogin("password-reset-upper-case"); user.setEmail("password-reset-upper-case@example.com"); user.setLangKey("en"); userRepository.saveAndFlush(user); restAccountMockMvc .perform(post("/api/account/reset-password/init").content("password-reset-upper-case@EXAMPLE.COM")) .andExpect(status().isOk()); userService.deleteUser("password-reset-upper-case"); } @Test void testRequestPasswordResetWrongEmail() throws Exception { restAccountMockMvc .perform(post("/api/account/reset-password/init").content("password-reset-wrong-email@example.com")) .andExpect(status().isOk()); } @Test @Transactional void testFinishPasswordReset() throws Exception { User user = new User(); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setLogin("finish-password-reset"); user.setEmail("finish-password-reset@example.com"); user.setResetDate(Instant.now().plusSeconds(60)); user.setResetKey("reset key"); userRepository.saveAndFlush(user); KeyAndPasswordVM keyAndPassword = new KeyAndPasswordVM(); keyAndPassword.setKey(user.getResetKey()); keyAndPassword.setNewPassword("new password"); restAccountMockMvc .perform( post("/api/account/reset-password/finish") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(keyAndPassword)) ) .andExpect(status().isOk()); User updatedUser = userRepository.findOneByLogin(user.getLogin()).orElse(null); assertThat(passwordEncoder.matches(keyAndPassword.getNewPassword(), updatedUser.getPassword())).isTrue(); userService.deleteUser("finish-password-reset"); } @Test @Transactional void testFinishPasswordResetTooSmall() throws Exception { User user = new User(); user.setPassword(RandomStringUtils.insecure().nextAlphanumeric(60)); user.setLogin("finish-password-reset-too-small"); user.setEmail("finish-password-reset-too-small@example.com"); user.setResetDate(Instant.now().plusSeconds(60)); user.setResetKey("reset key too small"); userRepository.saveAndFlush(user); KeyAndPasswordVM keyAndPassword = new KeyAndPasswordVM(); keyAndPassword.setKey(user.getResetKey()); keyAndPassword.setNewPassword("foo"); restAccountMockMvc .perform( post("/api/account/reset-password/finish") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(keyAndPassword)) ) .andExpect(status().isBadRequest()); User updatedUser = userRepository.findOneByLogin(user.getLogin()).orElse(null); assertThat(passwordEncoder.matches(keyAndPassword.getNewPassword(), updatedUser.getPassword())).isFalse(); userService.deleteUser("finish-password-reset-too-small"); } @Test @Transactional void testFinishPasswordResetWrongKey() throws Exception { KeyAndPasswordVM keyAndPassword = new KeyAndPasswordVM(); keyAndPassword.setKey("wrong reset key"); keyAndPassword.setNewPassword("new password"); restAccountMockMvc .perform( post("/api/account/reset-password/finish") .contentType(MediaType.APPLICATION_JSON) .content(om.writeValueAsBytes(keyAndPassword)) ) .andExpect(status().isInternalServerError()); } }