View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.business.user;
35  
36  import java.security.SecureRandom;
37  import java.util.List;
38  import java.util.Locale;
39  
40  import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
41  import org.springframework.context.ApplicationContext;
42  
43  import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminAuthentication;
44  import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
45  import fr.paris.lutece.portal.service.spring.SpringContextService;
46  import fr.paris.lutece.test.LuteceTestCase;
47  import fr.paris.lutece.util.password.IPassword;
48  import fr.paris.lutece.util.password.IPasswordFactory;
49  
50  public class AdminUserDAOTest extends LuteceTestCase
51  {
52  
53      private AdminUserDAO getAdminUserDAO( )
54      {
55          AdminUserDAO adminUserDAO = new AdminUserDAO( );
56          ApplicationContext context = SpringContextService.getContext( );
57          AutowireCapableBeanFactory beanFactory = context.getAutowireCapableBeanFactory( );
58          beanFactory.autowireBean( adminUserDAO );
59          return adminUserDAO;
60      }
61  
62      public void testInsertLuteceDefaultAdminUser( )
63      {
64          AdminUserDAO adminUserDAO = getAdminUserDAO( );
65          String randomUsername = "user" + new SecureRandom( ).nextLong( );
66          IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
67  
68          LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
69          user.setPassword( passwordFactory.getPasswordFromCleartext( randomUsername ) );
70          user.setFirstName( randomUsername );
71          user.setLastName( randomUsername );
72          user.setEmail( randomUsername + "@lutece.fr" );
73          adminUserDAO.insert( user );
74  
75          try
76          {
77              LuteceDefaultAdminUser storedUser = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
78              assertEquals( randomUsername, storedUser.getAccessCode( ) );
79              assertEquals( randomUsername, storedUser.getFirstName( ) );
80              assertEquals( randomUsername, storedUser.getLastName( ) );
81              assertEquals( randomUsername + "@lutece.fr", storedUser.getEmail( ) );
82              assertTrue( storedUser.getPassword( ).check( randomUsername ) );
83          }
84          finally
85          {
86              adminUserDAO.delete( user.getUserId( ) );
87          }
88      }
89  
90      public void testLoadDefaultAdminUser( )
91      {
92          AdminUserDAO adminUserDAO = getAdminUserDAO( );
93          LuteceDefaultAdminUser storedUser = adminUserDAO.loadDefaultAdminUser( 1 );
94          assertEquals( "admin", storedUser.getAccessCode( ) );
95          assertEquals( "admin", storedUser.getFirstName( ) );
96          assertEquals( "Admin", storedUser.getLastName( ) );
97          assertEquals( "admin@lutece.fr", storedUser.getEmail( ) );
98          assertEquals( AdminUser.ACTIVE_CODE, storedUser.getStatus( ) );
99          assertTrue( storedUser.getPassword( ).check( "adminadmin" ) );
100         assertEquals( Locale.FRENCH, storedUser.getLocale( ) );
101         assertEquals( 0, storedUser.getUserLevel( ) );
102         assertFalse( storedUser.getAccessibilityMode( ) );
103         assertNull( storedUser.getAccountMaxValidDate( ) );
104         assertEquals( "all", storedUser.getWorkgroupKey( ) );
105     }
106 
107     public void testStoreLuteceDefaultAdminUser( )
108     {
109         AdminUserDAO adminUserDAO = getAdminUserDAO( );
110         String randomUsername = "user" + new SecureRandom( ).nextLong( );
111         IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
112 
113         LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
114         user.setPassword( passwordFactory.getPasswordFromCleartext( randomUsername ) );
115         user.setFirstName( randomUsername );
116         user.setLastName( randomUsername );
117         user.setEmail( randomUsername + "@lutece.fr" );
118         adminUserDAO.insert( user );
119 
120         try
121         {
122             LuteceDefaultAdminUser storedUser = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
123             String changedRandomUsername = randomUsername + "_2";
124             storedUser.setAccessCode( changedRandomUsername );
125             storedUser.setFirstName( changedRandomUsername );
126             storedUser.setLastName( changedRandomUsername );
127             storedUser.setEmail( changedRandomUsername + "@lutece.fr" );
128             storedUser.setPassword( passwordFactory.getPasswordFromCleartext( changedRandomUsername ) );
129 
130             adminUserDAO.store( storedUser, PasswordUpdateMode.UPDATE );
131 
132             storedUser = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
133 
134             assertEquals( changedRandomUsername, storedUser.getAccessCode( ) );
135             assertEquals( changedRandomUsername, storedUser.getFirstName( ) );
136             assertEquals( changedRandomUsername, storedUser.getLastName( ) );
137             assertEquals( changedRandomUsername + "@lutece.fr", storedUser.getEmail( ) );
138             assertTrue( storedUser.getPassword( ).check( changedRandomUsername ) );
139         }
140         finally
141         {
142             adminUserDAO.delete( user.getUserId( ) );
143         }
144     }
145 
146     public void testStoreLuteceDefaultAdminUserIgnorePassword( )
147     {
148         AdminUserDAO adminUserDAO = getAdminUserDAO( );
149         String randomUsername = "user" + new SecureRandom( ).nextLong( );
150         IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
151 
152         LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
153         user.setPassword( passwordFactory.getPasswordFromCleartext( randomUsername ) );
154         user.setFirstName( randomUsername );
155         user.setLastName( randomUsername );
156         user.setEmail( randomUsername + "@lutece.fr" );
157         adminUserDAO.insert( user );
158 
159         try
160         {
161             LuteceDefaultAdminUser storedUser = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
162             String changedRandomUsername = randomUsername + "_2";
163             storedUser.setAccessCode( changedRandomUsername );
164             storedUser.setFirstName( changedRandomUsername );
165             storedUser.setLastName( changedRandomUsername );
166             storedUser.setEmail( changedRandomUsername + "@lutece.fr" );
167             storedUser.setPassword( passwordFactory.getPasswordFromCleartext( changedRandomUsername ) );
168 
169             adminUserDAO.store( storedUser, PasswordUpdateMode.IGNORE );
170 
171             storedUser = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
172 
173             assertEquals( changedRandomUsername, storedUser.getAccessCode( ) );
174             assertEquals( changedRandomUsername, storedUser.getFirstName( ) );
175             assertEquals( changedRandomUsername, storedUser.getLastName( ) );
176             assertEquals( changedRandomUsername + "@lutece.fr", storedUser.getEmail( ) );
177             assertTrue( storedUser.getPassword( ).check( randomUsername ) );
178         }
179         finally
180         {
181             adminUserDAO.delete( user.getUserId( ) );
182         }
183     }
184 
185     public void testPasswordHistory( )
186     {
187         AdminUserDAO adminUserDAO = getAdminUserDAO( );
188         String randomUsername = "user" + new SecureRandom( ).nextLong( );
189         IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
190 
191         LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
192         user.setPassword( passwordFactory.getPasswordFromCleartext( randomUsername ) );
193         user.setFirstName( randomUsername );
194         user.setLastName( randomUsername );
195         user.setEmail( randomUsername + "@lutece.fr" );
196         adminUserDAO.insert( user );
197 
198         try
199         {
200             adminUserDAO.insertNewPasswordInHistory( passwordFactory.getPasswordFromCleartext( "1" ), user.getUserId( ) );
201             Thread.sleep( 1000 ); // Need this because the PRIMARY KEY uses the timestamp
202             adminUserDAO.insertNewPasswordInHistory( passwordFactory.getPasswordFromCleartext( "2" ), user.getUserId( ) );
203             Thread.sleep( 1000 ); // Need this because the PRIMARY KEY uses the timestamp
204             adminUserDAO.insertNewPasswordInHistory( passwordFactory.getPasswordFromCleartext( "3" ), user.getUserId( ) );
205 
206             List<IPassword> passwords = adminUserDAO.selectUserPasswordHistory( user.getUserId( ) );
207             assertNotNull( passwords );
208             assertEquals( 3, passwords.size( ) );
209             assertTrue( passwords.get( 0 ).check( "3" ) );
210             assertTrue( passwords.get( 1 ).check( "2" ) );
211             assertTrue( passwords.get( 2 ).check( "1" ) );
212         }
213         catch( InterruptedException e )
214         {
215             throw new RuntimeException( e ); // Should not happen
216         }
217         finally
218         {
219             try
220             {
221                 adminUserDAO.removeAllPasswordHistoryForUser( user.getUserId( ) );
222             }
223             finally
224             {
225             }
226             adminUserDAO.delete( user.getUserId( ) );
227         }
228     }
229 }