1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.admin;
35
36 import fr.paris.lutece.portal.business.user.AdminUser;
37 import fr.paris.lutece.portal.business.user.AdminUserDAO;
38 import fr.paris.lutece.portal.business.user.AdminUserHome;
39 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminAuthentication;
40 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
41 import fr.paris.lutece.portal.business.user.menu.AccessibilityModeAdminUserMenuItemProvider;
42 import fr.paris.lutece.portal.business.user.menu.LanguageAdminUserMenuItemProvider;
43 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
44 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
45 import fr.paris.lutece.portal.service.admin.AdminUserService;
46 import fr.paris.lutece.portal.service.i18n.I18nService;
47 import fr.paris.lutece.portal.service.message.AdminMessage;
48 import fr.paris.lutece.portal.service.message.AdminMessageService;
49 import fr.paris.lutece.portal.service.security.SecurityTokenService;
50 import fr.paris.lutece.portal.service.spring.SpringContextService;
51 import fr.paris.lutece.portal.service.util.AppPropertiesService;
52 import fr.paris.lutece.portal.web.constants.Messages;
53 import fr.paris.lutece.portal.web.constants.Parameters;
54 import fr.paris.lutece.test.LuteceTestCase;
55 import fr.paris.lutece.test.Utils;
56 import fr.paris.lutece.util.password.IPassword;
57 import fr.paris.lutece.util.password.IPasswordFactory;
58
59 import java.security.SecureRandom;
60 import java.util.List;
61 import java.util.Locale;
62
63 import javax.security.auth.login.FailedLoginException;
64 import javax.security.auth.login.LoginException;
65
66 import org.apache.commons.lang3.StringUtils;
67 import org.springframework.beans.factory.config.AutowireCapableBeanFactory;
68 import org.springframework.context.ApplicationContext;
69 import org.springframework.mock.web.MockHttpServletRequest;
70
71
72
73
74
75 public class AdminMenuJspBeanTest extends LuteceTestCase
76 {
77 private static final String PARAMETER_LANGUAGE = "language";
78 private static final String TEST_USER_ACCESS_CODE = "admin";
79 private static final String TEST_USER_PASSWORD = "admin";
80 private static final String TEST_LANGUAGE = "en";
81 AdminUser _user = new AdminUser( );
82
83 {
84 _user.setFirstName( "first_name" );
85 _user.setLastName( "last_name" );
86 }
87
88
89
90
91 public void testGetAdminMenuHeader( ) throws AccessDeniedException
92 {
93 MockHttpServletRequest request = new MockHttpServletRequest( );
94 getUser( request );
95 Utils.registerAdminUser( request, _user );
96
97 AdminMenuJspBean instance = new AdminMenuJspBean( );
98 assertNotNull( instance.getAdminMenuHeader( request ) );
99 }
100
101
102
103
104 public void testGetAdminMenuUser( ) throws AccessDeniedException
105 {
106 System.out.println( "getAdminMenuUser" );
107
108 MockHttpServletRequest request = new MockHttpServletRequest( );
109 getUser( request );
110 Utils.registerAdminUser( request, _user );
111
112 AdminMenuJspBean instance = new AdminMenuJspBean( );
113 assertTrue( StringUtils.isNotEmpty( instance.getAdminMenuUser( request ) ) );
114 }
115
116
117
118
119 public void testDoChangeLanguage( ) throws AccessDeniedException
120 {
121 MockHttpServletRequest request = new MockHttpServletRequest( );
122 request.addParameter( PARAMETER_LANGUAGE, TEST_LANGUAGE );
123 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
124 SecurityTokenService.getInstance( ).getToken( request, LanguageAdminUserMenuItemProvider.TEMPLATE ) );
125
126 getUser( request );
127 Utils.registerAdminUser( request, _user );
128 _user.setLocale( Locale.FRANCE );
129
130 Locale localeSTored = _user.getLocale( );
131
132 AdminMenuJspBean instance = new AdminMenuJspBean( );
133 instance.doChangeLanguage( request );
134 assertNotSame( localeSTored.getLanguage( ), _user.getLocale( ).getLanguage( ) );
135 }
136
137 public void testDoChangeLanguageInvalidToken( ) throws AccessDeniedException
138 {
139 MockHttpServletRequest request = new MockHttpServletRequest( );
140 request.addParameter( PARAMETER_LANGUAGE, TEST_LANGUAGE );
141 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
142 SecurityTokenService.getInstance( ).getToken( request, LanguageAdminUserMenuItemProvider.TEMPLATE ) + "b" );
143
144 getUser( request );
145 Utils.registerAdminUser( request, _user );
146 _user.setLocale( Locale.FRANCE );
147
148 Locale localeSTored = _user.getLocale( );
149
150 AdminMenuJspBean instance = new AdminMenuJspBean( );
151 try
152 {
153 instance.doChangeLanguage( request );
154 fail( "Should have thrown" );
155 }
156 catch( AccessDeniedException e )
157 {
158 assertSame( localeSTored.getLanguage( ), _user.getLocale( ).getLanguage( ) );
159 }
160 }
161
162 public void testDoChangeLanguageNoToken( ) throws AccessDeniedException
163 {
164 MockHttpServletRequest request = new MockHttpServletRequest( );
165 request.addParameter( PARAMETER_LANGUAGE, TEST_LANGUAGE );
166
167 getUser( request );
168 Utils.registerAdminUser( request, _user );
169 _user.setLocale( Locale.FRANCE );
170
171 Locale localeSTored = _user.getLocale( );
172
173 AdminMenuJspBean instance = new AdminMenuJspBean( );
174 try
175 {
176 instance.doChangeLanguage( request );
177 fail( "Should have thrown" );
178 }
179 catch( AccessDeniedException e )
180 {
181 assertSame( localeSTored.getLanguage( ), _user.getLocale( ).getLanguage( ) );
182 }
183 }
184
185 private void getUser( MockHttpServletRequest request )
186 {
187 try
188 {
189 AdminAuthenticationService.getInstance( ).loginUser( request, TEST_USER_ACCESS_CODE, TEST_USER_PASSWORD );
190 _user = AdminUserService.getAdminUser( request );
191 }
192 catch( FailedLoginException ex )
193 {
194 String strReturn = "../../" + AdminAuthenticationService.getInstance( ).getLoginPageUrl( );
195 }
196 catch( LoginException ex )
197 {
198 String strReturn = "../../" + AdminAuthenticationService.getInstance( ).getLoginPageUrl( );
199 }
200 }
201
202 private AdminUserDAO getAdminUserDAO( )
203 {
204 AdminUserDAO adminUserDAO = new AdminUserDAO( );
205 ApplicationContext context = SpringContextService.getContext( );
206 AutowireCapableBeanFactory beanFactory = context.getAutowireCapableBeanFactory( );
207 beanFactory.autowireBean( adminUserDAO );
208 return adminUserDAO;
209 }
210
211 public void testDoModifyDefaultAdminUserPassword( ) throws AccessDeniedException
212 {
213 AdminUserDAO adminUserDAO = getAdminUserDAO( );
214 String randomUsername = "user" + new SecureRandom( ).nextLong( );
215 String password = "Pa55word!";
216 IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
217
218 LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
219 user.setPassword( passwordFactory.getPasswordFromCleartext( password ) );
220 user.setFirstName( randomUsername );
221 user.setLastName( randomUsername );
222 user.setEmail( randomUsername + "@lutece.fr" );
223 adminUserDAO.insert( user );
224 try
225 {
226 AdminMenuJspBean instance = new AdminMenuJspBean( );
227
228 MockHttpServletRequest request = new MockHttpServletRequest( );
229 request.getSession( true ).setAttribute( "lutece_admin_user", user );
230 instance.doModifyDefaultAdminUserPassword( request );
231 AdminMessage message = AdminMessageService.getMessage( request );
232 assertNotNull( message );
233 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
234
235 request = new MockHttpServletRequest( );
236 request.getSession( true ).setAttribute( "lutece_admin_user", user );
237 request.addParameter( Parameters.PASSWORD_CURRENT, password );
238 instance.doModifyDefaultAdminUserPassword( request );
239 message = AdminMessageService.getMessage( request );
240 assertNotNull( message );
241 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
242
243 request = new MockHttpServletRequest( );
244 request.getSession( true ).setAttribute( "lutece_admin_user", user );
245 request.addParameter( Parameters.PASSWORD_CURRENT, password );
246 request.addParameter( Parameters.NEW_PASSWORD, password + "_mod" );
247 instance.doModifyDefaultAdminUserPassword( request );
248 message = AdminMessageService.getMessage( request );
249 assertNotNull( message );
250 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
251
252 request = new MockHttpServletRequest( );
253 request.getSession( true ).setAttribute( "lutece_admin_user", user );
254 request.addParameter( Parameters.PASSWORD_CURRENT, password );
255 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
256 instance.doModifyDefaultAdminUserPassword( request );
257 message = AdminMessageService.getMessage( request );
258 assertNotNull( message );
259 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
260
261 request = new MockHttpServletRequest( );
262 request.getSession( true ).setAttribute( "lutece_admin_user", user );
263 request.addParameter( Parameters.NEW_PASSWORD, password );
264 instance.doModifyDefaultAdminUserPassword( request );
265 message = AdminMessageService.getMessage( request );
266 assertNotNull( message );
267 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
268
269 request = new MockHttpServletRequest( );
270 request.getSession( true ).setAttribute( "lutece_admin_user", user );
271 request.addParameter( Parameters.NEW_PASSWORD, password );
272 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
273 instance.doModifyDefaultAdminUserPassword( request );
274 message = AdminMessageService.getMessage( request );
275 assertNotNull( message );
276 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
277
278 request = new MockHttpServletRequest( );
279 request.getSession( true ).setAttribute( "lutece_admin_user", user );
280 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
281 instance.doModifyDefaultAdminUserPassword( request );
282 message = AdminMessageService.getMessage( request );
283 assertNotNull( message );
284 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
285
286 request = new MockHttpServletRequest( );
287 request.getSession( true ).setAttribute( "lutece_admin_user", user );
288 request.addParameter( Parameters.PASSWORD_CURRENT, password );
289 request.addParameter( Parameters.NEW_PASSWORD, password );
290 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
291 instance.doModifyDefaultAdminUserPassword( request );
292 message = AdminMessageService.getMessage( request );
293 assertNotNull( message );
294 assertEquals( I18nService.getLocalizedString( "portal.users.message.password.confirm.error", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
295
296 request = new MockHttpServletRequest( );
297 request.getSession( true ).setAttribute( "lutece_admin_user", user );
298 request.addParameter( Parameters.PASSWORD_CURRENT, "BOGUS" );
299 request.addParameter( Parameters.NEW_PASSWORD, password + "_mod" );
300 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
301 instance.doModifyDefaultAdminUserPassword( request );
302 message = AdminMessageService.getMessage( request );
303 assertNotNull( message );
304 assertEquals( I18nService.getLocalizedString( "portal.users.message.password.wrong.current", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
305
306 request = new MockHttpServletRequest( );
307 request.getSession( true ).setAttribute( "lutece_admin_user", user );
308 request.addParameter( Parameters.PASSWORD_CURRENT, password );
309 request.addParameter( Parameters.NEW_PASSWORD, password );
310 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password );
311 instance.doModifyDefaultAdminUserPassword( request );
312 message = AdminMessageService.getMessage( request );
313 assertNotNull( message );
314 assertEquals( I18nService.getLocalizedString( "portal.users.message.password.new.equals.current", Locale.FRENCH ),
315 message.getText( Locale.FRENCH ) );
316
317 request = new MockHttpServletRequest( );
318 request.getSession( true ).setAttribute( "lutece_admin_user", user );
319 request.addParameter( Parameters.PASSWORD_CURRENT, password );
320 request.addParameter( Parameters.NEW_PASSWORD, password + "_mod" );
321 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
322 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
323 SecurityTokenService.getInstance( ).getToken( request, "admin/user/modify_password_default_module.html" ) );
324 instance.doModifyDefaultAdminUserPassword( request );
325 message = AdminMessageService.getMessage( request );
326 assertNotNull( message );
327 assertEquals( AppPropertiesService.getProperty( "lutece.admin.logout.url" ), message.getUrl( ) );
328
329 List<IPassword> history = AdminUserHome.selectUserPasswordHistory( user.getUserId( ) );
330 assertEquals( 1, history.size( ) );
331 assertTrue( history.get( 0 ).check( password + "_mod" ) );
332 }
333 finally
334 {
335 adminUserDAO.delete( user.getUserId( ) );
336 AdminUserHome.removeAllPasswordHistoryForUser( user.getUserId( ) );
337 }
338
339 }
340
341 public void testDoModifyDefaultAdminUserPasswordInvalidToken( ) throws AccessDeniedException
342 {
343 AdminUserDAO adminUserDAO = getAdminUserDAO( );
344 String randomUsername = "user" + new SecureRandom( ).nextLong( );
345 String password = "Pa55word!";
346 IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
347
348 LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
349 user.setPassword( passwordFactory.getPasswordFromCleartext( password ) );
350 user.setFirstName( randomUsername );
351 user.setLastName( randomUsername );
352 user.setEmail( randomUsername + "@lutece.fr" );
353 adminUserDAO.insert( user );
354 AdminMenuJspBean instance = new AdminMenuJspBean( );
355 MockHttpServletRequest request = new MockHttpServletRequest( );
356 request.getSession( true ).setAttribute( "lutece_admin_user", user );
357 request = new MockHttpServletRequest( );
358 request.getSession( true ).setAttribute( "lutece_admin_user", user );
359 request.addParameter( Parameters.PASSWORD_CURRENT, password );
360 request.addParameter( Parameters.NEW_PASSWORD, password + "_mod" );
361 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
362 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
363 SecurityTokenService.getInstance( ).getToken( request, "admin/user/modify_password_default_module.html" ) + "b" );
364 try
365 {
366 instance.doModifyDefaultAdminUserPassword( request );
367 fail( "Shoulf have thrown" );
368 }
369 catch( AccessDeniedException e )
370 {
371 List<IPassword> history = AdminUserHome.selectUserPasswordHistory( user.getUserId( ) );
372 assertEquals( 0, history.size( ) );
373 LuteceDefaultAdminUser stored = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
374 assertTrue( stored.getPassword( ).check( password ) );
375 }
376 }
377
378 public void testDoModifyDefaultAdminUserPasswordNoToken( ) throws AccessDeniedException
379 {
380 AdminUserDAO adminUserDAO = getAdminUserDAO( );
381 String randomUsername = "user" + new SecureRandom( ).nextLong( );
382 String password = "Pa55word!";
383 IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
384
385 LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( randomUsername, new LuteceDefaultAdminAuthentication( ) );
386 user.setPassword( passwordFactory.getPasswordFromCleartext( password ) );
387 user.setFirstName( randomUsername );
388 user.setLastName( randomUsername );
389 user.setEmail( randomUsername + "@lutece.fr" );
390 adminUserDAO.insert( user );
391 AdminMenuJspBean instance = new AdminMenuJspBean( );
392 MockHttpServletRequest request = new MockHttpServletRequest( );
393 request.getSession( true ).setAttribute( "lutece_admin_user", user );
394 request = new MockHttpServletRequest( );
395 request.getSession( true ).setAttribute( "lutece_admin_user", user );
396 request.addParameter( Parameters.PASSWORD_CURRENT, password );
397 request.addParameter( Parameters.NEW_PASSWORD, password + "_mod" );
398 request.addParameter( Parameters.CONFIRM_NEW_PASSWORD, password + "_mod" );
399
400 try
401 {
402 instance.doModifyDefaultAdminUserPassword( request );
403 fail( "Shoulf have thrown" );
404 }
405 catch( AccessDeniedException e )
406 {
407 List<IPassword> history = AdminUserHome.selectUserPasswordHistory( user.getUserId( ) );
408 assertEquals( 0, history.size( ) );
409 LuteceDefaultAdminUser stored = adminUserDAO.loadDefaultAdminUser( user.getUserId( ) );
410 assertTrue( stored.getPassword( ).check( password ) );
411 }
412 }
413
414 public void testDoModifyAccessibilityMode( ) throws AccessDeniedException
415 {
416 MockHttpServletRequest request = new MockHttpServletRequest( );
417 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
418 SecurityTokenService.getInstance( ).getToken( request, AccessibilityModeAdminUserMenuItemProvider.TEMPLATE ) );
419
420 getUser( request );
421 Utils.registerAdminUser( request, _user );
422 boolean bAccessibilityMode = _user.getAccessibilityMode( );
423 try
424 {
425 AdminMenuJspBean instance = new AdminMenuJspBean( );
426 instance.doModifyAccessibilityMode( request );
427 assertEquals( !bAccessibilityMode, _user.getAccessibilityMode( ) );
428 }
429 finally
430 {
431 _user.setAccessibilityMode( bAccessibilityMode );
432 AdminUserHome.update( _user );
433 }
434 }
435
436 public void testDoModifyAccessibilityModeInvalidToken( ) throws AccessDeniedException
437 {
438 MockHttpServletRequest request = new MockHttpServletRequest( );
439 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
440 SecurityTokenService.getInstance( ).getToken( request, AccessibilityModeAdminUserMenuItemProvider.TEMPLATE ) + "b" );
441
442 getUser( request );
443 Utils.registerAdminUser( request, _user );
444 boolean bAccessibilityMode = _user.getAccessibilityMode( );
445 try
446 {
447 AdminMenuJspBean instance = new AdminMenuJspBean( );
448 instance.doModifyAccessibilityMode( request );
449 fail( "Should have thrown" );
450 }
451 catch( AccessDeniedException e )
452 {
453 assertEquals( bAccessibilityMode, _user.getAccessibilityMode( ) );
454 }
455 finally
456 {
457 _user.setAccessibilityMode( bAccessibilityMode );
458 AdminUserHome.update( _user );
459 }
460 }
461
462 public void testDoModifyAccessibilityModeNoToken( ) throws AccessDeniedException
463 {
464 MockHttpServletRequest request = new MockHttpServletRequest( );
465
466 getUser( request );
467 Utils.registerAdminUser( request, _user );
468 boolean bAccessibilityMode = _user.getAccessibilityMode( );
469 try
470 {
471 AdminMenuJspBean instance = new AdminMenuJspBean( );
472 instance.doModifyAccessibilityMode( request );
473 fail( "Should have thrown" );
474 }
475 catch( AccessDeniedException e )
476 {
477 assertEquals( bAccessibilityMode, _user.getAccessibilityMode( ) );
478 }
479 finally
480 {
481 _user.setAccessibilityMode( bAccessibilityMode );
482 AdminUserHome.update( _user );
483 }
484 }
485 }