summaryrefslogtreecommitdiff
path: root/pse-server/src/test/java/org/psesquared/server/authentication
diff options
context:
space:
mode:
authorOrangerot <purple@orangerot.dev>2024-06-19 00:14:49 +0200
committerOrangerot <purple@orangerot.dev>2024-06-27 12:11:14 +0200
commit5b8851b6c268d0e93c158908fbfae9f8473db5ff (patch)
tree7010eb85d86fa2da06ea4ffbcdb01a685d502ae8 /pse-server/src/test/java/org/psesquared/server/authentication
Initial commitHEADmain
Diffstat (limited to 'pse-server/src/test/java/org/psesquared/server/authentication')
-rw-r--r--pse-server/src/test/java/org/psesquared/server/authentication/api/data/access/AuthenticationDaoTest.java51
-rw-r--r--pse-server/src/test/java/org/psesquared/server/authentication/api/service/AuthenticationServiceTest.java222
-rw-r--r--pse-server/src/test/java/org/psesquared/server/authentication/api/service/EmailServiceTests.java36
3 files changed, 309 insertions, 0 deletions
diff --git a/pse-server/src/test/java/org/psesquared/server/authentication/api/data/access/AuthenticationDaoTest.java b/pse-server/src/test/java/org/psesquared/server/authentication/api/data/access/AuthenticationDaoTest.java
new file mode 100644
index 0000000..c6325ad
--- /dev/null
+++ b/pse-server/src/test/java/org/psesquared/server/authentication/api/data/access/AuthenticationDaoTest.java
@@ -0,0 +1,51 @@
+package org.psesquared.server.authentication.api.data.access;
+
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.psesquared.server.model.Role;
+import org.psesquared.server.model.User;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+@DataJpaTest
+@AutoConfigureTestDatabase(replace = AutoConfigureTestDatabase.Replace.NONE)
+public class AuthenticationDaoTest {
+
+ @Autowired
+ private AuthenticationDao authenticationDao;
+
+ @BeforeEach
+ public void init() {
+ var user = User.builder()
+ .username("username")
+ .email("email")
+ .password("password")
+ .enabled(false)
+ .createdAt(LocalDateTime.now().toEpochSecond(ZoneOffset.UTC))
+ .role(Role.USER)
+ .build();
+ authenticationDao.save(user);
+ }
+
+ @Test
+ public void updateUser() {
+ var user = authenticationDao.findByUsername("username")
+ .orElseThrow();
+ user.setEnabled(true);
+ }
+
+ @AfterEach
+ public void assertUpdated() {
+ var foundUser = authenticationDao.findByUsername("username")
+ .orElseThrow();
+ assertTrue(foundUser.isEnabled());
+ }
+
+}
diff --git a/pse-server/src/test/java/org/psesquared/server/authentication/api/service/AuthenticationServiceTest.java b/pse-server/src/test/java/org/psesquared/server/authentication/api/service/AuthenticationServiceTest.java
new file mode 100644
index 0000000..c8f10b6
--- /dev/null
+++ b/pse-server/src/test/java/org/psesquared/server/authentication/api/service/AuthenticationServiceTest.java
@@ -0,0 +1,222 @@
+package org.psesquared.server.authentication.api.service;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+import java.time.LocalDateTime;
+import java.time.ZoneOffset;
+
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.psesquared.server.BaseTest;
+import org.psesquared.server.authentication.api.controller.ChangePasswordRequest;
+import org.psesquared.server.authentication.api.controller.PasswordRequest;
+import org.psesquared.server.authentication.api.controller.UserInfoRequest;
+import org.psesquared.server.config.JwtService;
+import org.psesquared.server.model.Subscription;
+import org.psesquared.server.model.SubscriptionAction;
+import org.psesquared.server.model.User;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+import jakarta.servlet.http.HttpServletResponse;
+
+public class AuthenticationServiceTest extends BaseTest {
+
+ private static final String recipient = "pse-squared@outlook.com";
+
+ @Autowired
+ public AuthenticationService authenticationService;
+
+ @Autowired
+ public JwtService jwtService;
+
+ @Autowired
+ public EncryptionService encryptionService;
+
+ @Autowired
+ PasswordEncoder passwordEncoder;
+
+ @Test
+ public void testRegisterUser() {
+ UserInfoRequest newUserInfo = new UserInfoRequest("newUsername", "newUserMail@test.com", "123abcABC!");
+ HttpStatus registrationStatus = authenticationService.registerUser(newUserInfo);
+ assertEquals(HttpStatus.OK, registrationStatus);
+
+ UserInfoRequest wrongEmail = new UserInfoRequest("newUsername", "wrongNewUserMail@test.com", "123abcABC!");
+ HttpStatus wrongEmailStatus = authenticationService.registerUser(wrongEmail);
+ assertEquals(HttpStatus.BAD_REQUEST, wrongEmailStatus);
+
+ UserInfoRequest wrongPassword = new UserInfoRequest("newUsername", "newUserMail@test.com", "wrong123abcABC!");
+ HttpStatus wrongPasswordStatus = authenticationService.registerUser(wrongPassword);
+ assertEquals(HttpStatus.BAD_REQUEST, wrongPasswordStatus);
+
+ UserInfoRequest userInfo = new UserInfoRequest("testUser0", "testUser0@mail.de", "testPassword123!0");
+ HttpStatus status = authenticationService.registerUser(userInfo);
+ assertEquals(HttpStatus.BAD_REQUEST, status);
+ }
+
+ @Test
+ public void testInvalidVerifyRegistration() {
+ HttpStatus status = authenticationService.verifyRegistration("notARegisteredUser", "notAValidToken");
+ assertEquals(HttpStatus.NOT_FOUND, status);
+ status = authenticationService.verifyRegistration("testUser0", "stillNotAValidToken");
+ assertEquals(HttpStatus.UNAUTHORIZED, status);
+ User user = authenticationDao.findByUsername("testUser0").orElseThrow();
+ user.setEnabled(true);
+ authenticationDao.save(user);
+ status = authenticationService.verifyRegistration("testUser0", "stillNotAValidToken");
+ assertEquals(HttpStatus.BAD_REQUEST, status);
+ }
+
+ @Test
+ public void testVerifyRegistration() {
+ User user = authenticationDao.findByUsername("testUser0").orElseThrow();
+ String token = jwtService.generateUrlTokenString(user);
+ HttpStatus status = authenticationService.verifyRegistration("testUser0", token);
+ assertEquals(HttpStatus.OK, status);
+ Assertions.assertTrue(authenticationDao.findByUsername("testUser0").orElseThrow().isEnabled());
+ }
+
+ @Test
+ public void testLogin() {
+ HttpServletResponse response = new MockHttpServletResponse();
+ HttpStatus status = authenticationService.login("notARegisteredUser", response);
+ assertEquals(HttpStatus.NOT_FOUND, status);
+ status = authenticationService.login("testUser0", response);
+ assertEquals(HttpStatus.OK, status);
+ }
+
+ @Test
+ public void testLogout() {
+ HttpServletResponse response = new MockHttpServletResponse();
+ HttpStatus status = authenticationService.logout("notARegisteredUser", response);
+ assertEquals(HttpStatus.NOT_FOUND, status);
+ status = authenticationService.logout("testUser0", response);
+ assertEquals(HttpStatus.OK, status);
+ }
+
+ @Test
+ public void testForgotPassword() {
+ final String email = "testUser0@mail.de";
+ HttpStatus status = authenticationService.forgotPassword(email);
+ assertEquals(HttpStatus.NOT_FOUND, status);
+
+ User user = authenticationDao.findByUsername("testUser0").orElseThrow();
+ user.setEmail(encryptionService.saltAndHashEmail(user.getEmail()));
+ authenticationDao.save(user);
+
+ final String saltedAndHashedEmail = user.getEmail();
+
+ status = authenticationService.forgotPassword(saltedAndHashedEmail);
+ assertEquals(HttpStatus.NOT_FOUND, status);
+ status = authenticationService.forgotPassword(email);
+ assertEquals(HttpStatus.OK, status);
+ }
+
+ @Test
+ public void testResetPassword() {
+ User user = authenticationDao.findByUsername("testUser0").orElseThrow();
+ String token = "";
+ PasswordRequest passwordRequest = new PasswordRequest("");
+ HttpStatus status = authenticationService.resetPassword("notAValidUser", token, passwordRequest);
+ assertEquals(HttpStatus.BAD_REQUEST, status);
+
+ final String password = "abcAbc123!";
+ passwordRequest = new PasswordRequest(password);
+ status = authenticationService.resetPassword("notAValidUser", token, passwordRequest);
+ assertEquals(HttpStatus.NOT_FOUND, status);
+
+ status = authenticationService.resetPassword(user.getUsername(), token, passwordRequest);
+ assertEquals(HttpStatus.UNAUTHORIZED, status);
+
+ token = jwtService.generateUrlTokenString(user);
+ status = authenticationService.resetPassword(user.getUsername(), token, passwordRequest);
+ assertEquals(HttpStatus.OK, status);
+
+ user = authenticationDao.findByUsername("testUser0").orElseThrow();
+ assertTrue(passwordEncoder.matches(password, user.getPassword()));
+ }
+
+ @Test
+ public void testChangePassword() {
+ User user = authenticationDao.findByUsername("testUser0").orElseThrow();
+ ChangePasswordRequest changePasswordRequest = new ChangePasswordRequest("", "");
+ HttpStatus status = authenticationService.changePassword("notAValidUser", changePasswordRequest);
+ assertEquals(HttpStatus.BAD_REQUEST, status);
+
+ final String newPassword = "abcAbc123!";
+ changePasswordRequest = new ChangePasswordRequest("", newPassword);
+ status = authenticationService.changePassword("notAValidUser", changePasswordRequest);
+ assertEquals(HttpStatus.NOT_FOUND, status);
+
+ changePasswordRequest = new ChangePasswordRequest("notTheRightPassword", newPassword);
+ status = authenticationService.changePassword(user.getUsername(), changePasswordRequest);
+ assertEquals(HttpStatus.BAD_REQUEST, status);
+
+ changePasswordRequest = new ChangePasswordRequest(user.getPassword(), newPassword);
+ user.setPassword(passwordEncoder.encode(user.getPassword()));
+ authenticationDao.save(user);
+ status = authenticationService.changePassword(user.getUsername(), changePasswordRequest);
+ assertEquals(HttpStatus.OK, status);
+ }
+
+ @Test
+ public void testDeleteUser() {
+ PasswordRequest passwordRequest = new PasswordRequest("");
+ HttpStatus status = authenticationService.deleteUser("notAValidUser", passwordRequest);
+ assertEquals(HttpStatus.NOT_FOUND, status);
+
+ User user = authenticationDao.findByUsername("testUser0").orElseThrow();
+
+ passwordRequest = new PasswordRequest("notTheRightPassword");
+ status = authenticationService.deleteUser(user.getUsername(), passwordRequest);
+ assertEquals(HttpStatus.BAD_REQUEST, status);
+
+ passwordRequest = new PasswordRequest(user.getPassword());
+ user.setPassword(passwordEncoder.encode(user.getPassword()));
+ authenticationDao.save(user);
+
+ status = authenticationService.deleteUser(user.getUsername(), passwordRequest);
+ assertEquals(HttpStatus.OK, status);
+ }
+
+ @Test
+ public void testCascadeDelete() {
+ subscriptionActionDao.deleteAll();
+ UserInfoRequest userInfo = new UserInfoRequest("username", recipient, "123abcABC!");
+ authenticationService.registerUser(userInfo);
+
+ var user = authenticationDao.findByUsername(userInfo.username())
+ .orElseThrow();
+
+ var sub = Subscription.builder()
+ .url("url")
+ .title("title")
+ .timestamp(LocalDateTime.now().toEpochSecond(ZoneOffset.UTC))
+ .build();
+ subscriptionDao.save(sub);
+
+ var subAction1 = SubscriptionAction.builder()
+ .user(user)
+ .timestamp(LocalDateTime.now().toEpochSecond(ZoneOffset.UTC))
+ .subscription(sub)
+ .added(true)
+ .build();
+ subscriptionActionDao.save(subAction1);
+ var subAction2 = SubscriptionAction.builder()
+ .user(user)
+ .timestamp(LocalDateTime.now().toEpochSecond(ZoneOffset.UTC))
+ .subscription(sub)
+ .added(false)
+ .build();
+ subscriptionActionDao.save(subAction2);
+
+ authenticationService.deleteUser(userInfo.username(), new PasswordRequest(userInfo.password()));
+
+ assertEquals(0L, subscriptionActionDao.count());
+ }
+
+}
diff --git a/pse-server/src/test/java/org/psesquared/server/authentication/api/service/EmailServiceTests.java b/pse-server/src/test/java/org/psesquared/server/authentication/api/service/EmailServiceTests.java
new file mode 100644
index 0000000..ed1061e
--- /dev/null
+++ b/pse-server/src/test/java/org/psesquared/server/authentication/api/service/EmailServiceTests.java
@@ -0,0 +1,36 @@
+package org.psesquared.server.authentication.api.service;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.psesquared.server.model.User;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+public class EmailServiceTests {
+
+ @Autowired
+ private EmailServiceImpl emailService;
+
+ private static final String recipient = "pse-squared@outlook.com";
+
+ private User user;
+
+ @BeforeEach
+ void beforeEach() {
+ user = User.builder()
+ .username("Jeff")
+ .email(recipient)
+ .build();
+ }
+
+ @Test
+ void sendValidationMail() {
+ emailService.sendVerification(user.getEmail(), user);
+ }
+
+ @Test
+ void sendPasswordResetMail() {
+ emailService.sendPasswordReset(user.getEmail(), user);
+ }
+}