View Javadoc
1   /*
2    * Copyright (c) 2002-2025, City of Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.portal.business.user.authentication;
35  
36  import java.security.SecureRandom;
37  
38  import javax.security.auth.login.LoginException;
39  
40  import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
41  import org.springframework.context.ApplicationContext;
42  import org.springframework.mock.web.MockHttpServletRequest;
43  
44  import fr.paris.lutece.portal.business.user.AdminUser;
45  import fr.paris.lutece.portal.business.user.AdminUserDAO;
46  import fr.paris.lutece.portal.service.spring.SpringContextService;
47  import fr.paris.lutece.test.LuteceTestCase;
48  import fr.paris.lutece.util.password.IPassword;
49  
50  public class LuteceDefaultAdminAuthenticationTest extends LuteceTestCase
51  {
52      private static final String PASSWORD = "PASSWORD";
53  
54      private LuteceDefaultAdminAuthentication getLuteceDefaultAdminAuthentication( )
55      {
56          LuteceDefaultAdminAuthentication adminAuth = new LuteceDefaultAdminAuthentication( );
57          LuteceDefaultAdminUserDAO dao = new LuteceDefaultAdminUserDAO( );
58          AutowireCapableBeanFactory beanFactory = SpringContextService.getContext( ).getAutowireCapableBeanFactory( );
59          beanFactory.autowireBean( dao );
60          adminAuth.setDao( dao );
61          beanFactory.autowireBean( adminAuth );
62          return adminAuth;
63      }
64  
65      private AdminUserDAO getAdminUserDAO( )
66      {
67          AdminUserDAO adminUserDAO = new AdminUserDAO( );
68          ApplicationContext context = SpringContextService.getContext( );
69          AutowireCapableBeanFactory beanFactory = context.getAutowireCapableBeanFactory( );
70          beanFactory.autowireBean( adminUserDAO );
71          return adminUserDAO;
72      }
73  
74      public void testLoginUpgradePassword( )
75      {
76          LuteceDefaultAdminAuthentication adminAuth = getLuteceDefaultAdminAuthentication( );
77          AdminUserDAO adminUserDAO = getAdminUserDAO( );
78          String randomUsername = "user" + new SecureRandom( ).nextLong( );
79  
80          LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
81          user.setPassword( new IPassword( )
82          {
83  
84              @Override
85              public boolean isLegacy( )
86              {
87                  return true;
88              }
89  
90              @Override
91              public String getStorableRepresentation( )
92              {
93                  return "PLAINTEXT:" + PASSWORD;
94              }
95  
96              @Override
97              public boolean check( String strCleartextPassword )
98              {
99                  return PASSWORD.equals( strCleartextPassword );
100             }
101         } );
102         user.setFirstName( randomUsername );
103         user.setLastName( randomUsername );
104         user.setEmail( randomUsername + "@lutece.fr" );
105         adminUserDAO.insert( user );
106         try
107         {
108             // check that password is legacy
109             LuteceDefaultAdminUser defaultAdminUser = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
110             assertNotNull( defaultAdminUser );
111             assertTrue( defaultAdminUser.getPassword( ).isLegacy( ) );
112             // login
113             AdminUser authenticated = adminAuth.login( randomUsername, PASSWORD, new MockHttpServletRequest( ) );
114             assertNotNull( authenticated );
115             // check that password is not legacy anymore
116             LuteceDefaultAdminUser defaultAdminUserAthenticated = adminUserDAO.loadDefaultAdminUser( authenticated.getUserId( ) );
117             assertNotNull( defaultAdminUserAthenticated );
118             assertFalse( defaultAdminUserAthenticated.getPassword( ).isLegacy( ) );
119             // retry login to check that password has not changed
120             authenticated = adminAuth.login( randomUsername, PASSWORD, new MockHttpServletRequest( ) );
121             assertNotNull( authenticated );
122         }
123         catch( LoginException e )
124         {
125             fail( e.getMessage( ) );
126         }
127         finally
128         {
129             adminUserDAO.delete( user.getUserId( ) );
130         }
131     }
132 }