You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
290 lines
9.9 KiB
290 lines
9.9 KiB
package de.fd.fh.server.access;
|
|
|
|
import com.mongodb.WriteResult;
|
|
import de.fd.fh.server.user.UserId;
|
|
import de.fd.fh.shared.network.messages.LoginResponse;
|
|
import de.fd.fh.shared.network.messages.RegistrateRequest;
|
|
import org.junit.jupiter.api.BeforeEach;
|
|
import org.junit.jupiter.api.Test;
|
|
import org.mockito.ArgumentCaptor;
|
|
import spark.HaltException;
|
|
|
|
import java.time.LocalDateTime;
|
|
import java.util.Base64;
|
|
import java.util.Observable;
|
|
import java.util.Observer;
|
|
|
|
import static org.hamcrest.CoreMatchers.nullValue;
|
|
import static org.hamcrest.MatcherAssert.assertThat;
|
|
import static org.hamcrest.Matchers.notNullValue;
|
|
import static org.junit.jupiter.api.Assertions.*;
|
|
import static org.mockito.ArgumentMatchers.any;
|
|
import static org.mockito.BDDMockito.then;
|
|
import static org.mockito.Mockito.*;
|
|
|
|
class AccessServiceTest implements Observer
|
|
{
|
|
private Object event;
|
|
|
|
@BeforeEach
|
|
void before()
|
|
{
|
|
this.event = null;
|
|
}
|
|
|
|
@Test
|
|
void given_authenticatedUser_when_serverAuthenticateUser_should_authenticateUser()
|
|
{
|
|
final Access access = new Access(
|
|
"testId",
|
|
"testName",
|
|
"testPwd",
|
|
UserId.of("12345"),
|
|
new AccessToken(
|
|
"testToken",
|
|
LocalDateTime.now(),
|
|
Role.USER,
|
|
UserId.of("12345")
|
|
),
|
|
Role.USER);
|
|
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.findByToken(any()))
|
|
.thenReturn(access);
|
|
final String path = "/test/path";
|
|
final String token = "testToken";
|
|
|
|
final AccessToken result = new AccessService(repository).before(path, token);
|
|
|
|
assertThat("User is not authenticated", result, notNullValue());
|
|
then(repository).should().findByToken(any());
|
|
then(repository).shouldHaveNoMoreInteractions();
|
|
}
|
|
|
|
@Test
|
|
void given_notAuthenticatedUser_when_serverAuthenticateUser_should_denyUser()
|
|
{
|
|
final Access access = new Access(
|
|
"testId",
|
|
"testName",
|
|
"testPwd",
|
|
UserId.of("12345"),
|
|
null,
|
|
Role.USER);
|
|
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.findByToken(any()))
|
|
.thenReturn(access);
|
|
final String path = "/test/path";
|
|
final String token = "testToken";
|
|
|
|
assertThrows(HaltException.class, () ->new AccessService(repository).before(path, token));
|
|
|
|
then(repository).should().findByToken(any());
|
|
then(repository).shouldHaveNoMoreInteractions();
|
|
}
|
|
|
|
@Test
|
|
void testUnprotectedLoginPath()
|
|
{
|
|
final String path = "/accounts/login";
|
|
|
|
final AccessToken result = new AccessService(null)
|
|
.before(path, null);
|
|
|
|
assertNull(result);
|
|
}
|
|
|
|
@Test
|
|
void testUnprotectedRegistratePath()
|
|
{
|
|
final String path = "/accounts/registrate";
|
|
|
|
final AccessToken result = new AccessService(null)
|
|
.before(path, null);
|
|
|
|
assertNull(result);
|
|
}
|
|
|
|
@Test
|
|
void given_newUser_when_createUser_should_storeNewUser()
|
|
{
|
|
final RegistrateRequest request =
|
|
RegistrateRequest.of("testUser", "testPwd");
|
|
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.findByUserName(any()))
|
|
.thenReturn(null);
|
|
ArgumentCaptor<Access> accessCaptor = ArgumentCaptor.forClass(Access.class);
|
|
|
|
final AccessService service = new AccessService(repository);
|
|
service.addObserver(this);
|
|
|
|
final boolean result = service.createPlayer(request);
|
|
|
|
assertTrue(result);
|
|
assertThat("No event thrown", this.event, notNullValue());
|
|
|
|
verify(repository).save(accessCaptor.capture());
|
|
final Access createdAccess = accessCaptor.getValue();
|
|
|
|
assertNotNull(createdAccess, "No Access created");
|
|
assertNotNull(createdAccess.get_id(), "No Id created");
|
|
assertNotNull(createdAccess.getUserId(), "No UserId created");
|
|
assertEquals("testUser", createdAccess.getName(), "Wrong Username");
|
|
assertEquals("testPwd", createdAccess.getPassword(), "Wrong Password");
|
|
assertEquals(Role.USER.name(), createdAccess.getRole().name(), "Should be USER");
|
|
assertNull(createdAccess.getToken(), "User should not be logged in");
|
|
|
|
then(repository).should().findByUserName(any());
|
|
then(repository).should().save(any(Access.class));
|
|
then(repository).shouldHaveNoMoreInteractions();
|
|
}
|
|
|
|
@Test
|
|
void given_newUser_when_userNameAlreadyExist_should_storeNewUser()
|
|
{
|
|
final RegistrateRequest request =
|
|
RegistrateRequest.of("testUser", "testPwd");
|
|
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.findByUserName(any()))
|
|
.thenReturn(new Access());
|
|
|
|
final AccessService service = new AccessService(repository);
|
|
service.addObserver(this);
|
|
|
|
final boolean result = service.createPlayer(request);
|
|
|
|
assertFalse(result);
|
|
assertThat("No event thrown", this.event, nullValue());
|
|
|
|
then(repository).should().findByUserName(any());
|
|
then(repository).shouldHaveNoMoreInteractions();
|
|
}
|
|
|
|
@Test
|
|
void given_loggedInUser_when_logout_should_logoutUser()
|
|
{
|
|
final Access access = new Access(
|
|
"testId",
|
|
"testName",
|
|
"testPwd",
|
|
UserId.of("12345"),
|
|
null,
|
|
Role.USER
|
|
);
|
|
final AccessToken token = AccessToken.of(access);
|
|
access.setToken(token);
|
|
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.findByToken(any()))
|
|
.thenReturn(access);
|
|
ArgumentCaptor<Access> accessCaptor = ArgumentCaptor.forClass(Access.class);
|
|
|
|
final AccessService service = new AccessService(repository);
|
|
|
|
final boolean result = service.logout("testToken");
|
|
|
|
assertTrue(result);
|
|
|
|
verify(repository).save(accessCaptor.capture());
|
|
final Access createdAccess = accessCaptor.getValue();
|
|
|
|
assertNotNull(createdAccess, "No Access created");
|
|
assertNotNull(createdAccess.get_id(), "No Id created");
|
|
assertNotNull(createdAccess.getUserId(), "No UserId created");
|
|
assertEquals("testName", createdAccess.getName(), "Wrong Username");
|
|
assertEquals("testPwd", createdAccess.getPassword(), "Wrong Password");
|
|
assertEquals(Role.USER.name(), createdAccess.getRole().name(), "Should be USER");
|
|
assertNull(createdAccess.getToken(), "User should logged out");
|
|
|
|
then(repository).should().findByToken(any());
|
|
then(repository).should().save(any(Access.class));
|
|
then(repository).shouldHaveNoMoreInteractions();
|
|
}
|
|
|
|
@Test
|
|
void given_storedUser_when_loginUser_should_returnLoginRequest()
|
|
{
|
|
final byte[] message = Base64.getEncoder().encode("testName:testPassword".getBytes());
|
|
final String header = "Basic " + new String(message);
|
|
final Access access = new Access(
|
|
"testId",
|
|
"testName",
|
|
"testPassword",
|
|
UserId.of("12345"),
|
|
null,
|
|
Role.USER
|
|
);
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.findByUserName(any()))
|
|
.thenReturn(access);
|
|
|
|
final LoginResponse result = new AccessService(repository).authorization(header);
|
|
|
|
assertNotNull(result);
|
|
assertEquals(result.getName(), "testName", "Wrong UserName");
|
|
assertEquals(result.getUserId(), "12345", "Wrong Password");
|
|
assertNotNull(result.getToken(), "Not logged in");
|
|
}
|
|
|
|
@Test
|
|
void given_storedUserWithWrongPassword_when_loginUser_should_returnAccessDeny()
|
|
{
|
|
final byte[] message = Base64.getEncoder().encode("testName:testPassword".getBytes());
|
|
final String header = "Basic " + new String(message);
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
|
|
final LoginResponse result = new AccessService(repository).authorization(header);
|
|
|
|
assertNull(result, "Return LoginRequest but wrong permissions");
|
|
}
|
|
|
|
@Test
|
|
void given_storedUser_when_deleteUser_should_deleteUser()
|
|
{
|
|
final UserId userId = UserId.of("12345");
|
|
final AccessToken token = new AccessToken(null, null, null, UserId.of("12345"));
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.deleteLoginByUserId(any(UserId.class)))
|
|
.thenReturn(new WriteResult(1, false, null));
|
|
|
|
final AccessService service = new AccessService(repository);
|
|
service.addObserver(this);
|
|
|
|
final boolean result = service.deleteAccount(userId, token);
|
|
|
|
assertTrue(result);
|
|
assertNotNull(event);
|
|
|
|
then(repository).should().deleteLoginByUserId(any(UserId.class));
|
|
then(repository).shouldHaveNoMoreInteractions();
|
|
}
|
|
|
|
@Test
|
|
void given_storedUser_when_deleteUserWithWrongPermission_should_doNothing()
|
|
{
|
|
final UserId userId = UserId.of("12345");
|
|
final AccessToken token = new AccessToken(null, null, null, UserId.of("98765"));
|
|
final AccessRepository repository = mock(AccessRepository.class);
|
|
when(repository.deleteLoginByUserId(any(UserId.class)))
|
|
.thenReturn(new WriteResult(1, false, null));
|
|
|
|
final AccessService service = new AccessService(repository);
|
|
service.addObserver(this);
|
|
|
|
final boolean result = service.deleteAccount(userId, token);
|
|
|
|
assertFalse(result);
|
|
assertNull(event);
|
|
|
|
then(repository).shouldHaveNoInteractions();
|
|
}
|
|
|
|
@Override
|
|
public void update(Observable o, Object arg)
|
|
{
|
|
this.event = arg;
|
|
}
|
|
}
|