1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.user;
35
36 import java.io.File;
37 import java.io.IOException;
38 import java.io.OutputStreamWriter;
39 import java.nio.charset.Charset;
40 import java.security.SecureRandom;
41 import java.util.ArrayList;
42 import java.util.HashMap;
43 import java.util.List;
44 import java.util.Locale;
45 import java.util.Map;
46 import java.util.Map.Entry;
47
48 import org.apache.commons.fileupload.FileItem;
49 import org.apache.commons.fileupload.disk.DiskFileItem;
50 import org.apache.commons.lang3.StringUtils;
51 import org.springframework.mock.web.MockHttpServletRequest;
52 import org.springframework.test.util.ReflectionTestUtils;
53
54 import fr.paris.lutece.portal.business.right.Right;
55 import fr.paris.lutece.portal.business.right.RightHome;
56 import fr.paris.lutece.portal.business.role.Role;
57 import fr.paris.lutece.portal.business.role.RoleHome;
58 import fr.paris.lutece.portal.business.user.AdminUser;
59 import fr.paris.lutece.portal.business.user.AdminUserHome;
60 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
61 import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
62 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroup;
63 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
64 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
65 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
66 import fr.paris.lutece.portal.service.admin.AdminUserService;
67 import fr.paris.lutece.portal.service.admin.PasswordResetException;
68 import fr.paris.lutece.portal.service.i18n.I18nService;
69 import fr.paris.lutece.portal.service.message.AdminMessage;
70 import fr.paris.lutece.portal.service.message.AdminMessageService;
71 import fr.paris.lutece.portal.service.regularexpression.RegularExpressionService;
72 import fr.paris.lutece.portal.service.security.SecurityTokenService;
73 import fr.paris.lutece.portal.service.security.UserNotSignedException;
74 import fr.paris.lutece.portal.service.spring.SpringContextService;
75 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
76 import fr.paris.lutece.portal.service.util.AppException;
77 import fr.paris.lutece.portal.service.util.AppPropertiesService;
78 import fr.paris.lutece.portal.web.constants.Messages;
79 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
80 import fr.paris.lutece.portal.web.l10n.LocaleService;
81 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
82 import fr.paris.lutece.test.LuteceTestCase;
83 import fr.paris.lutece.util.password.IPasswordFactory;
84 import javax.servlet.http.HttpServletRequest;
85
86 public class AdminUserJspBeanTest extends LuteceTestCase
87 {
88 public static final String RIGHT_CORE_USERS_MANAGEMENT = "CORE_USERS_MANAGEMENT";
89
90 public void testDoCreateAdminUser( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
91 {
92 AdminUserJspBean bean = new AdminUserJspBean( );
93 MockHttpServletRequest request = new MockHttpServletRequest( );
94 request.setParameter( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
95 bean.doCreateAdminUser( request );
96 AdminMessage message = AdminMessageService.getMessage( request );
97 assertNotNull( message );
98 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
99
100 String randomUserName = "User_" + new SecureRandom( ).nextLong( );
101 try
102 {
103 request = new MockHttpServletRequest( );
104 request.addParameter( "access_code", randomUserName );
105 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
106 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
107 bean.doCreateAdminUser( request );
108 message = AdminMessageService.getMessage( request );
109 assertNotNull( message );
110 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
111
112 request = new MockHttpServletRequest( );
113 request.addParameter( "access_code", randomUserName );
114 request.addParameter( "last_name", randomUserName );
115 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
116 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
117 bean.doCreateAdminUser( request );
118 message = AdminMessageService.getMessage( request );
119 assertNotNull( message );
120 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
121
122 request = new MockHttpServletRequest( );
123 request.addParameter( "access_code", randomUserName );
124 request.addParameter( "last_name", randomUserName );
125 request.addParameter( "first_name", randomUserName );
126 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
127 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
128 bean.doCreateAdminUser( request );
129 message = AdminMessageService.getMessage( request );
130 assertNotNull( message );
131 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
132
133 request = new MockHttpServletRequest( );
134 request.addParameter( "access_code", randomUserName );
135 request.addParameter( "last_name", randomUserName );
136 request.addParameter( "first_name", randomUserName );
137 request.addParameter( "email", " " );
138 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
139 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
140 bean.doCreateAdminUser( request );
141 message = AdminMessageService.getMessage( request );
142 assertNotNull( message );
143 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
144
145 request = new MockHttpServletRequest( );
146 request.addParameter( "access_code", "admin" );
147 request.addParameter( "last_name", randomUserName );
148 request.addParameter( "first_name", randomUserName );
149 request.addParameter( "email", randomUserName + "@lutece.fr" );
150 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
151 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
152 bean.doCreateAdminUser( request );
153 message = AdminMessageService.getMessage( request );
154 assertNotNull( message );
155 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessCodeAlreadyUsed", Locale.FRENCH ),
156 message.getText( Locale.FRENCH ) );
157
158 request = new MockHttpServletRequest( );
159 request.addParameter( "access_code", randomUserName );
160 request.addParameter( "last_name", randomUserName );
161 request.addParameter( "first_name", randomUserName );
162 request.addParameter( "email", "admin@lutece.fr" );
163 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
164 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
165 bean.doCreateAdminUser( request );
166 message = AdminMessageService.getMessage( request );
167 assertNotNull( message );
168 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessEmailUsed", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
169
170 request = new MockHttpServletRequest( );
171 request.addParameter( "access_code", randomUserName );
172 request.addParameter( "last_name", randomUserName );
173 request.addParameter( "first_name", randomUserName );
174 request.addParameter( "email", randomUserName + "@lutece.fr" );
175 request.addParameter( "user_level", "0" );
176 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
177 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
178 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
179 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
180 bean.doCreateAdminUser( request );
181 message = AdminMessageService.getMessage( request );
182 assertNotNull( message );
183 assertEquals( I18nService.getLocalizedString( Messages.USER_ACCESS_DENIED, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
184
185 request = new MockHttpServletRequest( );
186 request.addParameter( "access_code", randomUserName );
187 request.addParameter( "last_name", randomUserName );
188 request.addParameter( "first_name", randomUserName );
189 request.addParameter( "email", randomUserName + "@lutece.fr" );
190 request.addParameter( "user_level", "0" );
191 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
192 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
193 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
194 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
195 bean.doCreateAdminUser( request );
196 message = AdminMessageService.getMessage( request );
197 assertNotNull( message );
198 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
199
200 request = new MockHttpServletRequest( );
201 request.addParameter( "access_code", randomUserName );
202 request.addParameter( "last_name", randomUserName );
203 request.addParameter( "first_name", randomUserName );
204 request.addParameter( "email", randomUserName + "@lutece.fr" );
205 request.addParameter( "user_level", "0" );
206 request.addParameter( "first_password", randomUserName );
207 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
208 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
209 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
210 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
211 bean.doCreateAdminUser( request );
212 message = AdminMessageService.getMessage( request );
213 assertNotNull( message );
214 assertEquals( I18nService.getLocalizedString( "portal.users.message.differentsPassword", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
215
216 request = new MockHttpServletRequest( );
217 request.addParameter( "access_code", randomUserName );
218 request.addParameter( "last_name", randomUserName );
219 request.addParameter( "first_name", randomUserName );
220 request.addParameter( "email", randomUserName + "@lutece.fr" );
221 request.addParameter( "user_level", "0" );
222 request.addParameter( "first_password", randomUserName );
223 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
224 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
225 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
226 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
227 bean.doCreateAdminUser( request );
228 message = AdminMessageService.getMessage( request );
229 assertNotNull( message );
230 assertEquals( I18nService.getLocalizedString( "portal.users.message.differentsPassword", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
231
232 request = new MockHttpServletRequest( );
233 request.addParameter( "access_code", randomUserName );
234 request.addParameter( "last_name", randomUserName );
235 request.addParameter( "first_name", randomUserName );
236 request.addParameter( "email", randomUserName + "@lutece.fr" );
237 request.addParameter( "user_level", "0" );
238 request.addParameter( "first_password", randomUserName );
239 request.addParameter( "second_password", randomUserName );
240 request.addParameter( "status", Integer.toString( AdminUser.ACTIVE_CODE ) );
241 request.addParameter( "language", "fr" );
242 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
243 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
244 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
245 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
246 bean.doCreateAdminUser( request );
247 message = AdminMessageService.getMessage( request );
248 assertNull( message );
249 AdminUser createdUser = AdminUserHome.findUserByLogin( randomUserName );
250 assertNotNull( createdUser );
251 LuteceDefaultAdminUser createdUserWithPassword = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( createdUser.getUserId( ) );
252 assertNotNull( createdUserWithPassword );
253 assertTrue( createdUserWithPassword.getPassword( ).check( randomUserName ) );
254 }
255 finally
256 {
257 AdminUser user = AdminUserHome.findUserByLogin( randomUserName );
258 if ( user != null )
259 {
260 AdminUserHome.remove( user.getUserId( ) );
261 }
262 }
263 }
264
265 public void testDoCreateAdminUserInvalidToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
266 {
267 AdminUserJspBean bean = new AdminUserJspBean( );
268 MockHttpServletRequest request = new MockHttpServletRequest( );
269 String randomUserName = "User_" + new SecureRandom( ).nextLong( );
270 try
271 {
272 request.addParameter( "access_code", randomUserName );
273 request.addParameter( "last_name", randomUserName );
274 request.addParameter( "first_name", randomUserName );
275 request.addParameter( "email", randomUserName + "@lutece.fr" );
276 request.addParameter( "user_level", "0" );
277 request.addParameter( "first_password", randomUserName );
278 request.addParameter( "second_password", randomUserName );
279 request.addParameter( "status", Integer.toString( AdminUser.ACTIVE_CODE ) );
280 request.addParameter( "language", "fr" );
281 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
282 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
283 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) + "b" );
284 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
285 bean.doCreateAdminUser( request );
286 fail( "Should have thrown" );
287 }
288 catch( AccessDeniedException e )
289 {
290 AdminMessage message = AdminMessageService.getMessage( request );
291 assertNull( message );
292 AdminUser createdUser = AdminUserHome.findUserByLogin( randomUserName );
293 assertNull( createdUser );
294 }
295 finally
296 {
297 AdminUser user = AdminUserHome.findUserByLogin( randomUserName );
298 if ( user != null )
299 {
300 AdminUserHome.remove( user.getUserId( ) );
301 }
302 }
303 }
304
305 public void testDoCreateAdminUserNoToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
306 {
307 AdminUserJspBean bean = new AdminUserJspBean( );
308 MockHttpServletRequest request = new MockHttpServletRequest( );
309 String randomUserName = "User_" + new SecureRandom( ).nextLong( );
310 try
311 {
312 request.addParameter( "access_code", randomUserName );
313 request.addParameter( "last_name", randomUserName );
314 request.addParameter( "first_name", randomUserName );
315 request.addParameter( "email", randomUserName + "@lutece.fr" );
316 request.addParameter( "user_level", "0" );
317 request.addParameter( "first_password", randomUserName );
318 request.addParameter( "second_password", randomUserName );
319 request.addParameter( "status", Integer.toString( AdminUser.ACTIVE_CODE ) );
320 request.addParameter( "language", "fr" );
321 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
322 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
323 bean.doCreateAdminUser( request );
324 fail( "Should have thrown" );
325 }
326 catch( AccessDeniedException e )
327 {
328 AdminMessage message = AdminMessageService.getMessage( request );
329 assertNull( message );
330 AdminUser createdUser = AdminUserHome.findUserByLogin( randomUserName );
331 assertNull( createdUser );
332 }
333 finally
334 {
335 AdminUser user = AdminUserHome.findUserByLogin( randomUserName );
336 if ( user != null )
337 {
338 AdminUserHome.remove( user.getUserId( ) );
339 }
340 }
341 }
342
343 private AdminUser getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( )
344 {
345 AdminUser user = new AdminUser( );
346 user.setUserLevel( 1 );
347 Map<String, Right> rights = new HashMap<>( 1 );
348 rights.put( RIGHT_CORE_USERS_MANAGEMENT, new Right( ) );
349 user.setRights( rights );
350 return user;
351 }
352
353 private AdminUser getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( )
354 {
355 AdminUser user = new AdminUser( );
356 user.setUserLevel( 0 );
357 Map<String, Right> rights = new HashMap<>( 1 );
358 rights.put( RIGHT_CORE_USERS_MANAGEMENT, new Right( ) );
359 user.setRights( rights );
360 return user;
361 }
362
363 public void testDoModifyAdminUser( ) throws AccessDeniedException, UserNotSignedException
364 {
365 AdminUser userToModify = getUserToModify( );
366 try
367 {
368 AdminUserJspBean bean = new AdminUserJspBean( );
369 MockHttpServletRequest request = new MockHttpServletRequest( );
370 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
371 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
372 try
373 {
374 bean.doModifyAdminUser( request );
375 fail( "Should not be able to modify a user with a lower level" );
376 }
377 catch( AccessDeniedException e )
378 {
379 }
380
381 request = new MockHttpServletRequest( );
382 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
383 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
384 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
385 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
386 bean.doModifyAdminUser( request );
387 AdminMessage message = AdminMessageService.getMessage( request );
388 assertNotNull( message );
389 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
390
391 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
392
393 request = new MockHttpServletRequest( );
394 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
395 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
396 request.addParameter( "access_code", modifiedName );
397 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
398 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
399 bean.doModifyAdminUser( request );
400 message = AdminMessageService.getMessage( request );
401 assertNotNull( message );
402 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
403
404 request = new MockHttpServletRequest( );
405 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
406 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
407 request.addParameter( "access_code", modifiedName );
408 request.addParameter( "last_name", modifiedName );
409 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
410 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
411 bean.doModifyAdminUser( request );
412 message = AdminMessageService.getMessage( request );
413 assertNotNull( message );
414 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
415
416 request = new MockHttpServletRequest( );
417 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
418 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
419 request.addParameter( "access_code", modifiedName );
420 request.addParameter( "last_name", modifiedName );
421 request.addParameter( "first_name", modifiedName );
422 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
423 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
424 bean.doModifyAdminUser( request );
425 message = AdminMessageService.getMessage( request );
426 assertNotNull( message );
427 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
428
429 request = new MockHttpServletRequest( );
430 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
431 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
432 request.addParameter( "access_code", modifiedName );
433 request.addParameter( "last_name", modifiedName );
434 request.addParameter( "first_name", modifiedName );
435 request.addParameter( "email", " " );
436 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
437 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
438 bean.doModifyAdminUser( request );
439 message = AdminMessageService.getMessage( request );
440 assertNotNull( message );
441 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
442
443 request = new MockHttpServletRequest( );
444 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
445 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
446 request.addParameter( "access_code", "admin" );
447 request.addParameter( "last_name", modifiedName );
448 request.addParameter( "first_name", modifiedName );
449 request.addParameter( "email", modifiedName + "@lutece.fr" );
450 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
451 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
452 bean.doModifyAdminUser( request );
453 message = AdminMessageService.getMessage( request );
454 assertNotNull( message );
455 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessCodeAlreadyUsed", Locale.FRENCH ),
456 message.getText( Locale.FRENCH ) );
457
458 request = new MockHttpServletRequest( );
459 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
460 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
461 request.addParameter( "access_code", modifiedName );
462 request.addParameter( "last_name", modifiedName );
463 request.addParameter( "first_name", modifiedName );
464 request.addParameter( "email", "admin@lutece.fr" );
465 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
466 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
467 bean.doModifyAdminUser( request );
468 message = AdminMessageService.getMessage( request );
469 assertNotNull( message );
470 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessEmailUsed", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
471 }
472 finally
473 {
474 disposeOfUser( userToModify );
475 }
476 }
477
478 public void testDoModifyAdminUserSuccess( ) throws AccessDeniedException, UserNotSignedException
479 {
480 AdminUser userToModify = getUserToModify( );
481 try
482 {
483 AdminUserJspBean bean = new AdminUserJspBean( );
484 MockHttpServletRequest request = new MockHttpServletRequest( );
485 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
486 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
487 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
488 request.addParameter( "access_code", modifiedName );
489 request.addParameter( "last_name", modifiedName );
490 request.addParameter( "first_name", modifiedName );
491 request.addParameter( "email", userToModify.getEmail( ) );
492 request.addParameter( "status", Integer.toString( AdminUser.NOT_ACTIVE_CODE ) );
493 request.addParameter( "language", Locale.KOREA.toString( ) );
494 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
495 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
496 bean.doModifyAdminUser( request );
497 AdminMessage message = AdminMessageService.getMessage( request );
498 assertNull( message );
499 AdminUser stored = AdminUserHome.findByPrimaryKey( userToModify.getUserId( ) );
500 assertNotNull( stored );
501 assertEquals( modifiedName, stored.getAccessCode( ) );
502 assertEquals( modifiedName, stored.getFirstName( ) );
503 assertEquals( modifiedName, stored.getLastName( ) );
504 assertEquals( AdminUser.NOT_ACTIVE_CODE, stored.getStatus( ) );
505 assertEquals( Locale.KOREA.toString( ).toLowerCase( ), stored.getLocale( ).toString( ).toLowerCase( ) );
506 }
507 finally
508 {
509 disposeOfUser( userToModify );
510 }
511 }
512
513 public void testDoModifyAdminUserNoToken( ) throws AccessDeniedException, UserNotSignedException
514 {
515 AdminUser userToModify = getUserToModify( );
516 try
517 {
518 AdminUserJspBean bean = new AdminUserJspBean( );
519 MockHttpServletRequest request = new MockHttpServletRequest( );
520 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
521 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
522 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
523 request.addParameter( "access_code", modifiedName );
524 request.addParameter( "last_name", modifiedName );
525 request.addParameter( "first_name", modifiedName );
526 request.addParameter( "email", userToModify.getEmail( ) );
527 request.addParameter( "status", Integer.toString( AdminUser.NOT_ACTIVE_CODE ) );
528 request.addParameter( "language", Locale.KOREA.toString( ) );
529 bean.doModifyAdminUser( request );
530 fail( "Should have thrown " );
531 }
532 catch( AccessDeniedException e )
533 {
534 AdminUser stored = AdminUserHome.findByPrimaryKey( userToModify.getUserId( ) );
535 assertNotNull( stored );
536 assertEquals( userToModify.getAccessCode( ), stored.getAccessCode( ) );
537 assertEquals( userToModify.getFirstName( ), stored.getFirstName( ) );
538 assertEquals( userToModify.getLastName( ), stored.getLastName( ) );
539 assertEquals( AdminUser.ACTIVE_CODE, stored.getStatus( ) );
540 assertEquals( LocaleService.getDefault( ), stored.getLocale( ) );
541 }
542 finally
543 {
544 disposeOfUser( userToModify );
545 }
546 }
547
548 public void testDoModifyAdminUserInvalidToken( ) throws AccessDeniedException, UserNotSignedException
549 {
550 AdminUser userToModify = getUserToModify( );
551 try
552 {
553 AdminUserJspBean bean = new AdminUserJspBean( );
554 MockHttpServletRequest request = new MockHttpServletRequest( );
555 request = new MockHttpServletRequest( );
556 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
557 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
558 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
559 request.addParameter( "access_code", modifiedName );
560 request.addParameter( "last_name", modifiedName );
561 request.addParameter( "first_name", modifiedName );
562 request.addParameter( "email", userToModify.getEmail( ) );
563 request.addParameter( "status", Integer.toString( AdminUser.NOT_ACTIVE_CODE ) );
564 request.addParameter( "language", Locale.KOREA.toString( ) );
565 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
566 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) + "b" );
567 bean.doModifyAdminUser( request );
568 fail( "Should have thrown " );
569 }
570 catch( AccessDeniedException e )
571 {
572 AdminUser stored = AdminUserHome.findByPrimaryKey( userToModify.getUserId( ) );
573 assertNotNull( stored );
574 assertEquals( userToModify.getAccessCode( ), stored.getAccessCode( ) );
575 assertEquals( userToModify.getFirstName( ), stored.getFirstName( ) );
576 assertEquals( userToModify.getLastName( ), stored.getLastName( ) );
577 assertEquals( AdminUser.ACTIVE_CODE, stored.getStatus( ) );
578 assertEquals( LocaleService.getDefault( ), stored.getLocale( ) );
579 }
580 finally
581 {
582 disposeOfUser( userToModify );
583 }
584 }
585
586 private AdminUser getUserToModify( )
587 {
588 String randomName = "User_" + new SecureRandom( ).nextLong( );
589 LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
590 user.setAccessCode( randomName );
591 user.setFirstName( randomName );
592 user.setLastName( randomName );
593 user.setEmail( randomName + "@lutece.fr" );
594 user.setUserLevel( 0 );
595 user.setStatus( AdminUser.ACTIVE_CODE );
596 IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
597 user.setPassword( passwordFactory.getPasswordFromCleartext( "PASSWORD" ) );
598 AdminUserHome.create( user );
599 AdminUserHome.createRightForUser( user.getUserId( ), RIGHT_CORE_USERS_MANAGEMENT );
600 AdminUserHome.createRoleForUser( user.getUserId( ), "all_site_manager" );
601 return AdminUserHome.findByPrimaryKey( user.getUserId( ) );
602 }
603
604 private void disposeOfUser( AdminUser user )
605 {
606 AdminUserHome.removeAllRolesForUser( user.getUserId( ) );
607 AdminUserHome.removeAllOwnRightsForUser( user );
608 AdminUserHome.remove( user.getUserId( ) );
609 }
610
611 public void testDoUseAdvancedSecurityParametersDoNotChangePassword( ) throws AccessDeniedException, UserNotSignedException
612 {
613 boolean bUseAdvancesSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
614 AdminUserJspBean bean = new AdminUserJspBean( );
615 try
616 {
617 LuteceDefaultAdminUser admin = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( 1 );
618 assertTrue( admin.getPassword( ).check( "adminadmin" ) );
619 MockHttpServletRequest request = new MockHttpServletRequest( );
620 registerAdminUserAdmin( request );
621 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
622
623 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
624 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
625 bean.doUseAdvancedSecurityParameters( request );
626 admin = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( 1 );
627 assertTrue( admin.getPassword( ).check( "adminadmin" ) );
628 }
629 finally
630 {
631 if ( bUseAdvancesSecurityParameters )
632 {
633 AdminUserService.useAdvancedSecurityParameters( );
634 }
635 else
636 {
637 AdminUserService.removeAdvancedSecurityParameters( );
638 }
639 }
640 }
641
642 public void testGetCreateAdminUserTEMPLATE_DEFAULT_CREATE_USER( ) throws PasswordResetException, AccessDeniedException
643 {
644 try
645 {
646 AdminUserJspBean bean = new AdminUserJspBean( );
647 MockHttpServletRequest request = new MockHttpServletRequest( );
648 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
649 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
650 bean.getCreateAdminUser( request );
651 }
652 catch( AppException e )
653 {
654 fail( "Shouldn't have thrown" );
655 }
656 }
657
658 public void testGetModifyUserPasswordUserNotfound( ) throws AccessDeniedException, UserNotSignedException
659 {
660 AdminUserJspBean bean = new AdminUserJspBean( );
661 MockHttpServletRequest request = new MockHttpServletRequest( );
662 request.setParameter( "id_user", Integer.toString( Integer.MIN_VALUE ) );
663 try
664 {
665 bean.getModifyUserPassword( request );
666 fail( "Should have thrown" );
667 }
668 catch( AppException e )
669 {
670
671 }
672 }
673
674 public void testGetModifyUserPasswordNotDefaultModule( ) throws AccessDeniedException, UserNotSignedException
675 {
676 AdminUserJspBean bean = new AdminUserJspBean( );
677 MockHttpServletRequest request = new MockHttpServletRequest( );
678 request.setParameter( "id_user", Integer.toString( 1 ) );
679 ReflectionTestUtils.setField( AdminAuthenticationService.getInstance( ), "_bUseDefaultModule", Boolean.FALSE );
680 try
681 {
682 bean.getModifyUserPassword( request );
683 fail( "Should have thrown" );
684 }
685 catch( AppException e )
686 {
687
688 }
689 finally
690 {
691 ReflectionTestUtils.setField( AdminAuthenticationService.getInstance( ), "_bUseDefaultModule", Boolean.TRUE );
692 }
693 }
694
695 public void testGetModifyUserPasswordNoRight( ) throws AccessDeniedException, UserNotSignedException
696 {
697 AdminUserJspBean bean = new AdminUserJspBean( );
698 MockHttpServletRequest request = new MockHttpServletRequest( );
699 request.getSession( true ).setAttribute( "lutece_admin_user", AdminUserHome.findUserByLogin( "lutece" ) );
700 request.setParameter( "id_user", Integer.toString( 1 ) );
701 try
702 {
703 bean.getModifyUserPassword( request );
704 fail( "Should have thrown" );
705 }
706 catch( AccessDeniedException e )
707 {
708
709 }
710 }
711
712 public void testGetModifyUserPassword( ) throws AccessDeniedException, UserNotSignedException
713 {
714 AdminUserJspBean bean = new AdminUserJspBean( );
715 MockHttpServletRequest request = new MockHttpServletRequest( );
716 AdminUser user = getUserToModify( );
717 try
718 {
719 AdminAuthenticationService.getInstance( ).registerUser( request, user );
720 request.setParameter( "id_user", Integer.toString( 1 ) );
721 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
722 String html = bean.getModifyUserPassword( request );
723 assertNotNull( html );
724 assertTrue( html.contains( I18nService.getLocalizedString( "portal.users.modify_user_password.pageTitle", Locale.FRANCE ) ) );
725 }
726 finally
727 {
728 disposeOfUser( user );
729 }
730 }
731
732 public void testDoModifyAdminUserPasswordNoRight( )
733 {
734 AdminUserJspBean bean = new AdminUserJspBean( );
735 MockHttpServletRequest request = new MockHttpServletRequest( );
736 request.getSession( true ).setAttribute( "lutece_admin_user", AdminUserHome.findUserByLogin( "lutece" ) );
737 request.setParameter( "id_user", Integer.toString( 1 ) );
738 try
739 {
740 bean.doModifyAdminUserPassword( request );
741 fail( "Should have thrown" );
742 }
743 catch( AccessDeniedException e )
744 {
745
746 }
747 }
748
749 public void testDoModifyAdminUserPassword( ) throws AccessDeniedException, UserNotSignedException
750 {
751 AdminUserJspBean bean = new AdminUserJspBean( );
752 MockHttpServletRequest request = new MockHttpServletRequest( );
753 AdminUser user = getUserToModify( );
754 try
755 {
756 AdminAuthenticationService.getInstance( ).registerUser( request, user );
757 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
758 String password = "CHANGEDCHANGED";
759 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
760 request.setParameter( "first_password", password );
761 request.setParameter( "second_password", password );
762 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
763 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
764 String url = bean.doModifyAdminUserPassword( request );
765 assertEquals( "ManageUsers.jsp", url );
766 assertTrue( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
767 }
768 finally
769 {
770 disposeOfUser( user );
771 }
772 }
773
774 public void testDoModifyAdminUserPasswordNotFound( ) throws AccessDeniedException, UserNotSignedException
775 {
776 AdminUserJspBean bean = new AdminUserJspBean( );
777 MockHttpServletRequest request = new MockHttpServletRequest( );
778 AdminUser user = getUserToModify( );
779 String password = "CHANGEDCHANGED";
780 try
781 {
782 AdminAuthenticationService.getInstance( ).registerUser( request, user );
783 request.setParameter( "id_user", Integer.toString( Integer.MIN_VALUE ) );
784 request.setParameter( "first_password", password );
785 request.setParameter( "second_password", password );
786 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
787 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
788 bean.doModifyAdminUserPassword( request );
789 fail( "should have thrown" );
790 }
791 catch( AppException e )
792 {
793 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
794 }
795 finally
796 {
797 disposeOfUser( user );
798 }
799 }
800
801 public void testDoModifyAdminUserPasswordNoFirst( ) throws AccessDeniedException, UserNotSignedException
802 {
803 AdminUserJspBean bean = new AdminUserJspBean( );
804 MockHttpServletRequest request = new MockHttpServletRequest( );
805 AdminUser user = getUserToModify( );
806 try
807 {
808 AdminAuthenticationService.getInstance( ).registerUser( request, user );
809 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
810 String password = "CHANGEDCHANGED";
811 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
812 request.setParameter( "second_password", password );
813 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
814 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
815 bean.doModifyAdminUserPassword( request );
816 AdminMessage message = AdminMessageService.getMessage( request );
817 assertNotNull( message );
818 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
819 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
820 }
821 finally
822 {
823 disposeOfUser( user );
824 }
825 }
826
827 public void testDoModifyAdminUserPasswordNoSecond( ) throws AccessDeniedException, UserNotSignedException
828 {
829 AdminUserJspBean bean = new AdminUserJspBean( );
830 MockHttpServletRequest request = new MockHttpServletRequest( );
831 AdminUser user = getUserToModify( );
832 try
833 {
834 AdminAuthenticationService.getInstance( ).registerUser( request, user );
835 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
836 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
837 String password = "CHANGEDCHANGED";
838 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
839 request.setParameter( "first_password", password );
840 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
841 bean.doModifyAdminUserPassword( request );
842 AdminMessage message = AdminMessageService.getMessage( request );
843 assertNotNull( message );
844 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
845 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
846 }
847 finally
848 {
849 disposeOfUser( user );
850 }
851 }
852
853 public void testDoModifyAdminUserPasswordDifferentSecond( ) throws AccessDeniedException, UserNotSignedException
854 {
855 AdminUserJspBean bean = new AdminUserJspBean( );
856 MockHttpServletRequest request = new MockHttpServletRequest( );
857 AdminUser user = getUserToModify( );
858 try
859 {
860 AdminAuthenticationService.getInstance( ).registerUser( request, user );
861 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
862 String password = "CHANGEDCHANGED";
863 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
864 request.setParameter( "first_password", password );
865 request.setParameter( "second_password", password + "-" );
866 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
867 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
868 bean.doModifyAdminUserPassword( request );
869 AdminMessage message = AdminMessageService.getMessage( request );
870 assertNotNull( message );
871 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
872 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
873 }
874 finally
875 {
876 disposeOfUser( user );
877 }
878 }
879
880 public void testDoModifyAdminUserPasswordWeak( ) throws AccessDeniedException, UserNotSignedException
881 {
882 AdminUserJspBean bean = new AdminUserJspBean( );
883 MockHttpServletRequest request = new MockHttpServletRequest( );
884 AdminUser user = getUserToModify( );
885 try
886 {
887 AdminAuthenticationService.getInstance( ).registerUser( request, user );
888 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
889 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
890 String password = "W";
891 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
892 request.setParameter( "first_password", password );
893 request.setParameter( "second_password", password );
894 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
895 bean.doModifyAdminUserPassword( request );
896 AdminMessage message = AdminMessageService.getMessage( request );
897 assertNotNull( message );
898 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
899 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
900 }
901 finally
902 {
903 disposeOfUser( user );
904 }
905 }
906
907 public void testDoModifyAdminUserPasswordNoToken( ) throws AccessDeniedException, UserNotSignedException
908 {
909 AdminUserJspBean bean = new AdminUserJspBean( );
910 MockHttpServletRequest request = new MockHttpServletRequest( );
911 AdminUser user = getUserToModify( );
912 String password = "CHANGEDCHANGED";
913 try
914 {
915 AdminAuthenticationService.getInstance( ).registerUser( request, user );
916 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
917 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
918 request.setParameter( "first_password", password );
919 request.setParameter( "second_password", password );
920 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
921 bean.doModifyAdminUserPassword( request );
922 fail( "Should have thrown" );
923 }
924 catch( AccessDeniedException e )
925 {
926 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
927 }
928 finally
929 {
930 disposeOfUser( user );
931 }
932 }
933
934 public void testDoModifyAdminUserPasswordInvalidToken( ) throws AccessDeniedException, UserNotSignedException
935 {
936 AdminUserJspBean bean = new AdminUserJspBean( );
937 MockHttpServletRequest request = new MockHttpServletRequest( );
938 AdminUser user = getUserToModify( );
939 String password = "CHANGEDCHANGED";
940 try
941 {
942 AdminAuthenticationService.getInstance( ).registerUser( request, user );
943 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
944 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
945 request.setParameter( "first_password", password );
946 request.setParameter( "second_password", password );
947 request.setParameter( "token", "invalid" );
948 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
949 bean.doModifyAdminUserPassword( request );
950 fail( "Should have thrown" );
951 }
952 catch( AccessDeniedException e )
953 {
954 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
955 }
956 finally
957 {
958 disposeOfUser( user );
959 }
960 }
961
962 public void testDoModifyAdminUserRights( ) throws AccessDeniedException, UserNotSignedException
963 {
964 AdminUserJspBean bean = new AdminUserJspBean( );
965 MockHttpServletRequest request = new MockHttpServletRequest( );
966 AdminUser user = getUserToModify( );
967 try
968 {
969 for ( Right right : RightHome.getRightsList( ) )
970 {
971 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
972 {
973 assertTrue( AdminUserHome.hasRight( user, right.getId( ) ) );
974 }
975 else
976 {
977 assertFalse( AdminUserHome.hasRight( user, right.getId( ) ) );
978 }
979 }
980 AdminAuthenticationService.getInstance( ).registerUser( request, user );
981 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
982 for ( Right right : RightHome.getRightsList( ) )
983 {
984 request.addParameter( "right", right.getId( ) );
985 }
986 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
987 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRights.jsp" ) );
988 bean.doModifyAdminUserRights( request );
989 assertNull( AdminMessageService.getMessage( request ) );
990 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
991 for ( Right right : RightHome.getRightsList( ) )
992 {
993 assertTrue( AdminUserHome.hasRight( stored, right.getId( ) ) );
994 }
995 }
996 finally
997 {
998 disposeOfUser( user );
999 }
1000 }
1001
1002 public void testDoModifyAdminUserRightsInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1003 {
1004 AdminUserJspBean bean = new AdminUserJspBean( );
1005 MockHttpServletRequest request = new MockHttpServletRequest( );
1006 AdminUser user = getUserToModify( );
1007 try
1008 {
1009 for ( Right right : RightHome.getRightsList( ) )
1010 {
1011 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1012 {
1013 assertTrue( AdminUserHome.hasRight( user, right.getId( ) ) );
1014 }
1015 else
1016 {
1017 assertFalse( AdminUserHome.hasRight( user, right.getId( ) ) );
1018 }
1019 }
1020 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1021 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1022 for ( Right right : RightHome.getRightsList( ) )
1023 {
1024 request.addParameter( "right", right.getId( ) );
1025 }
1026 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1027 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRights.jsp" ) + "b" );
1028 bean.doModifyAdminUserRights( request );
1029 fail( "Should have thrown" );
1030 }
1031 catch( AccessDeniedException e )
1032 {
1033 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1034 for ( Right right : RightHome.getRightsList( ) )
1035 {
1036 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1037 {
1038 assertTrue( AdminUserHome.hasRight( stored, right.getId( ) ) );
1039 }
1040 else
1041 {
1042 assertFalse( AdminUserHome.hasRight( stored, right.getId( ) ) );
1043 }
1044 }
1045 }
1046 finally
1047 {
1048 disposeOfUser( user );
1049 }
1050 }
1051
1052 public void testDoModifyAdminUserRightsNoToken( ) throws AccessDeniedException, UserNotSignedException
1053 {
1054 AdminUserJspBean bean = new AdminUserJspBean( );
1055 MockHttpServletRequest request = new MockHttpServletRequest( );
1056 AdminUser user = getUserToModify( );
1057 try
1058 {
1059 for ( Right right : RightHome.getRightsList( ) )
1060 {
1061 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1062 {
1063 assertTrue( AdminUserHome.hasRight( user, right.getId( ) ) );
1064 }
1065 else
1066 {
1067 assertFalse( AdminUserHome.hasRight( user, right.getId( ) ) );
1068 }
1069 }
1070 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1071 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1072 for ( Right right : RightHome.getRightsList( ) )
1073 {
1074 request.addParameter( "right", right.getId( ) );
1075 }
1076 bean.doModifyAdminUserRights( request );
1077 fail( "Should have thrown" );
1078 }
1079 catch( AccessDeniedException e )
1080 {
1081 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1082 for ( Right right : RightHome.getRightsList( ) )
1083 {
1084 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1085 {
1086 assertTrue( AdminUserHome.hasRight( stored, right.getId( ) ) );
1087 }
1088 else
1089 {
1090 assertFalse( AdminUserHome.hasRight( stored, right.getId( ) ) );
1091 }
1092 }
1093 }
1094 finally
1095 {
1096 disposeOfUser( user );
1097 }
1098 }
1099
1100 public void testDoModifyAdminUserRoles( ) throws AccessDeniedException, UserNotSignedException
1101 {
1102 AdminUserJspBean bean = new AdminUserJspBean( );
1103 MockHttpServletRequest request = new MockHttpServletRequest( );
1104 AdminUser user = getUserToModify( );
1105 try
1106 {
1107 for ( Role role : RoleHome.findAll( ) )
1108 {
1109 assertFalse( AdminUserHome.hasRole( user, role.getRole( ) ) );
1110 }
1111 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1112 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1113 assertFalse( RoleHome.findAll( ).isEmpty( ) );
1114 for ( Role role : RoleHome.findAll( ) )
1115 {
1116 request.addParameter( "roles", role.getRole( ) );
1117 }
1118 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1119 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRoles.jsp" ) );
1120 bean.doModifyAdminUserRoles( request );
1121 assertNull( AdminMessageService.getMessage( request ) );
1122 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1123 for ( Role role : RoleHome.findAll( ) )
1124 {
1125 assertTrue( AdminUserHome.hasRole( stored, role.getRole( ) ) );
1126 }
1127 }
1128 finally
1129 {
1130 disposeOfUser( user );
1131 }
1132 }
1133
1134 public void testDoModifyAdminUserRolesInvladidToken( ) throws AccessDeniedException, UserNotSignedException
1135 {
1136 AdminUserJspBean bean = new AdminUserJspBean( );
1137 MockHttpServletRequest request = new MockHttpServletRequest( );
1138 AdminUser user = getUserToModify( );
1139 try
1140 {
1141 for ( Role role : RoleHome.findAll( ) )
1142 {
1143 assertFalse( AdminUserHome.hasRole( user, role.getRole( ) ) );
1144 }
1145 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1146 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1147 assertFalse( RoleHome.findAll( ).isEmpty( ) );
1148 for ( Role role : RoleHome.findAll( ) )
1149 {
1150 request.addParameter( "roles", role.getRole( ) );
1151 }
1152 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1153 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRoles.jsp" ) + "b" );
1154 bean.doModifyAdminUserRoles( request );
1155 fail( "Should have thrown" );
1156 }
1157 catch( AccessDeniedException e )
1158 {
1159 assertNull( AdminMessageService.getMessage( request ) );
1160 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1161 for ( Role role : RoleHome.findAll( ) )
1162 {
1163 assertFalse( AdminUserHome.hasRole( stored, role.getRole( ) ) );
1164 }
1165 }
1166 finally
1167 {
1168 disposeOfUser( user );
1169 }
1170 }
1171
1172 public void testDoModifyAdminUserRolesNoToken( ) throws AccessDeniedException, UserNotSignedException
1173 {
1174 AdminUserJspBean bean = new AdminUserJspBean( );
1175 MockHttpServletRequest request = new MockHttpServletRequest( );
1176 AdminUser user = getUserToModify( );
1177 try
1178 {
1179 for ( Role role : RoleHome.findAll( ) )
1180 {
1181 assertFalse( AdminUserHome.hasRole( user, role.getRole( ) ) );
1182 }
1183 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1184 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1185 assertFalse( RoleHome.findAll( ).isEmpty( ) );
1186 for ( Role role : RoleHome.findAll( ) )
1187 {
1188 request.addParameter( "roles", role.getRole( ) );
1189 }
1190 bean.doModifyAdminUserRoles( request );
1191 fail( "Should have thrown" );
1192 }
1193 catch( AccessDeniedException e )
1194 {
1195 assertNull( AdminMessageService.getMessage( request ) );
1196 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1197 for ( Role role : RoleHome.findAll( ) )
1198 {
1199 assertFalse( AdminUserHome.hasRole( stored, role.getRole( ) ) );
1200 }
1201 }
1202 finally
1203 {
1204 disposeOfUser( user );
1205 }
1206 }
1207
1208 public void testDoModifyAdminUserWorkgroups( ) throws AccessDeniedException, UserNotSignedException
1209 {
1210 AdminUserJspBean bean = new AdminUserJspBean( );
1211 MockHttpServletRequest request = new MockHttpServletRequest( );
1212 AdminUser user = getUserToModify( );
1213 AdminWorkgroup workgroup = null;
1214 try
1215 {
1216 workgroup = new AdminWorkgroup( );
1217 workgroup.setKey( user.getAccessCode( ) );
1218 workgroup.setDescription( user.getAccessCode( ) );
1219 AdminWorkgroupHome.create( workgroup );
1220 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1221 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1222 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1223 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1224 request.setParameter( "workgroup", workgroup.getKey( ) );
1225 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
1226 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserWorkgroups.jsp" ) );
1227 bean.doModifyAdminUserWorkgroups( request );
1228 assertNull( AdminMessageService.getMessage( request ) );
1229 assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1230 }
1231 finally
1232 {
1233 if ( workgroup != null )
1234 {
1235 AdminWorkgroupHome.removeAllUsersForWorkgroup( workgroup.getKey( ) );
1236 AdminWorkgroupHome.remove( workgroup.getKey( ) );
1237 }
1238 disposeOfUser( user );
1239 }
1240
1241 }
1242
1243 public void testDoModifyAdminUserWorkgroupsInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1244 {
1245 AdminUserJspBean bean = new AdminUserJspBean( );
1246 MockHttpServletRequest request = new MockHttpServletRequest( );
1247 AdminUser user = getUserToModify( );
1248 AdminWorkgroup workgroup = null;
1249 try
1250 {
1251 workgroup = new AdminWorkgroup( );
1252 workgroup.setKey( user.getAccessCode( ) );
1253 workgroup.setDescription( user.getAccessCode( ) );
1254 AdminWorkgroupHome.create( workgroup );
1255 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1256 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1257 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1258 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1259 request.setParameter( "workgroup", workgroup.getKey( ) );
1260 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
1261 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserWorkgroups.jsp" ) + "b" );
1262 bean.doModifyAdminUserWorkgroups( request );
1263 fail( "Should have thrown" );
1264 }
1265 catch( AccessDeniedException e )
1266 {
1267 assertNull( AdminMessageService.getMessage( request ) );
1268 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1269 }
1270 finally
1271 {
1272 if ( workgroup != null )
1273 {
1274 AdminWorkgroupHome.removeAllUsersForWorkgroup( workgroup.getKey( ) );
1275 AdminWorkgroupHome.remove( workgroup.getKey( ) );
1276 }
1277 disposeOfUser( user );
1278 }
1279
1280 }
1281
1282 public void testDoModifyAdminUserWorkgroupsNoToken( ) throws AccessDeniedException, UserNotSignedException
1283 {
1284 AdminUserJspBean bean = new AdminUserJspBean( );
1285 MockHttpServletRequest request = new MockHttpServletRequest( );
1286 AdminUser user = getUserToModify( );
1287 AdminWorkgroup workgroup = null;
1288 try
1289 {
1290 workgroup = new AdminWorkgroup( );
1291 workgroup.setKey( user.getAccessCode( ) );
1292 workgroup.setDescription( user.getAccessCode( ) );
1293 AdminWorkgroupHome.create( workgroup );
1294 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1295 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1296 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1297 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1298 request.setParameter( "workgroup", workgroup.getKey( ) );
1299 bean.doModifyAdminUserWorkgroups( request );
1300 fail( "Should have thrown" );
1301 }
1302 catch( AccessDeniedException e )
1303 {
1304 assertNull( AdminMessageService.getMessage( request ) );
1305 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1306 }
1307 finally
1308 {
1309 if ( workgroup != null )
1310 {
1311 AdminWorkgroupHome.removeAllUsersForWorkgroup( workgroup.getKey( ) );
1312 AdminWorkgroupHome.remove( workgroup.getKey( ) );
1313 }
1314 disposeOfUser( user );
1315 }
1316
1317 }
1318
1319 public void testGetAnonymizeAdminUser( )
1320 {
1321 AdminUserJspBean bean = new AdminUserJspBean( );
1322 MockHttpServletRequest request = new MockHttpServletRequest( );
1323 AdminUser user = getUserToModify( );
1324 try
1325 {
1326 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1327 bean.getAnonymizeAdminUser( request );
1328 AdminMessage message = AdminMessageService.getMessage( request );
1329 assertNotNull( message );
1330 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
1331 }
1332 finally
1333 {
1334 disposeOfUser( user );
1335 }
1336 }
1337
1338 public void testDoAnonymizeAdminUser( ) throws AccessDeniedException, UserNotSignedException
1339 {
1340 AdminUserJspBean bean = new AdminUserJspBean( );
1341
1342 MockHttpServletRequest request = new MockHttpServletRequest( );
1343 registerAdminUserAdmin( request );
1344 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1345
1346 AdminUser the_user = AdminUserService.getAdminUser( request );
1347
1348 AdminUser user = getUserToModify( );
1349 try
1350 {
1351 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1352 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1353 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoAnonymizeAdminUser.jsp" ) );
1354 bean.doAnonymizeAdminUser( request );
1355 assertNull( AdminMessageService.getMessage( request ) );
1356 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1357 assertFalse( user.getAccessCode( ).equals( stored.getAccessCode( ) ) );
1358 assertFalse( user.getFirstName( ).equals( stored.getFirstName( ) ) );
1359 assertFalse( user.getLastName( ).equals( stored.getLastName( ) ) );
1360 assertFalse( user.getEmail( ).equals( stored.getEmail( ) ) );
1361 }
1362 finally
1363 {
1364 disposeOfUser( user );
1365 }
1366 }
1367
1368 public void testDoAnonymizeAdminUserInvalidToken( ) throws AccessDeniedException
1369 {
1370 AdminUserJspBean bean = new AdminUserJspBean( );
1371 MockHttpServletRequest request = new MockHttpServletRequest( );
1372 AdminUser user = getUserToModify( );
1373 try
1374 {
1375 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1376 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1377 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoAnonymizeAdminUser.jsp" ) + "b" );
1378 bean.doAnonymizeAdminUser( request );
1379 fail( "Should have thrown" );
1380 }
1381 catch( AccessDeniedException e )
1382 {
1383 assertNull( AdminMessageService.getMessage( request ) );
1384 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1385 assertEquals( user.getAccessCode( ), stored.getAccessCode( ) );
1386 assertEquals( user.getFirstName( ), stored.getFirstName( ) );
1387 assertEquals( user.getLastName( ), stored.getLastName( ) );
1388 assertEquals( user.getEmail( ), stored.getEmail( ) );
1389 }
1390 finally
1391 {
1392 disposeOfUser( user );
1393 }
1394 }
1395
1396 public void testDoAnonymizeAdminUserNoToken( ) throws AccessDeniedException
1397 {
1398 AdminUserJspBean bean = new AdminUserJspBean( );
1399 MockHttpServletRequest request = new MockHttpServletRequest( );
1400 AdminUser user = getUserToModify( );
1401 try
1402 {
1403 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1404 bean.doAnonymizeAdminUser( request );
1405 fail( "Should have thrown" );
1406 }
1407 catch( AccessDeniedException e )
1408 {
1409 assertNull( AdminMessageService.getMessage( request ) );
1410 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1411 assertEquals( user.getAccessCode( ), stored.getAccessCode( ) );
1412 assertEquals( user.getFirstName( ), stored.getFirstName( ) );
1413 assertEquals( user.getLastName( ), stored.getLastName( ) );
1414 assertEquals( user.getEmail( ), stored.getEmail( ) );
1415 }
1416 finally
1417 {
1418 disposeOfUser( user );
1419 }
1420 }
1421
1422 public void testDoChangeFieldAnonymizeAdminUsers( ) throws AccessDeniedException
1423 {
1424 AdminUserJspBean bean = new AdminUserJspBean( );
1425 MockHttpServletRequest request = new MockHttpServletRequest( );
1426 Map<String, Boolean> origStatusMap = AdminUserHome.getAnonymizationStatusUserStaticField( );
1427 try
1428 {
1429 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1430 {
1431 assertTrue( entry.getValue( ) );
1432 }
1433 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1434 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
1435 bean.doChangeFieldAnonymizeAdminUsers( request );
1436 for ( Entry<String, Boolean> entry : AdminUserHome.getAnonymizationStatusUserStaticField( ).entrySet( ) )
1437 {
1438 assertFalse( entry.getValue( ) );
1439 }
1440 }
1441 finally
1442 {
1443 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1444 {
1445 AdminUserHome.updateAnonymizationStatusUserStaticField( entry.getKey( ), entry.getValue( ) );
1446 }
1447 }
1448 }
1449
1450 public void testDoChangeFieldAnonymizeAdminUsersInvalidToken( ) throws AccessDeniedException
1451 {
1452 AdminUserJspBean bean = new AdminUserJspBean( );
1453 MockHttpServletRequest request = new MockHttpServletRequest( );
1454 Map<String, Boolean> origStatusMap = AdminUserHome.getAnonymizationStatusUserStaticField( );
1455 try
1456 {
1457 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1458 {
1459 assertTrue( entry.getValue( ) );
1460 }
1461 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1462 SecurityTokenService.getInstance( ).getToken( request, "admin/user/field_anonymize_admin_user.html" ) + "b" );
1463 bean.doChangeFieldAnonymizeAdminUsers( request );
1464 fail( "Should have thrown" );
1465 }
1466 catch( AccessDeniedException e )
1467 {
1468 for ( Entry<String, Boolean> entry : AdminUserHome.getAnonymizationStatusUserStaticField( ).entrySet( ) )
1469 {
1470 assertTrue( entry.getValue( ) );
1471 }
1472 }
1473 finally
1474 {
1475 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1476 {
1477 AdminUserHome.updateAnonymizationStatusUserStaticField( entry.getKey( ), entry.getValue( ) );
1478 }
1479 }
1480 }
1481
1482 public void testDoChangeFieldAnonymizeAdminUsersNoToken( ) throws AccessDeniedException
1483 {
1484 AdminUserJspBean bean = new AdminUserJspBean( );
1485 MockHttpServletRequest request = new MockHttpServletRequest( );
1486 Map<String, Boolean> origStatusMap = AdminUserHome.getAnonymizationStatusUserStaticField( );
1487 try
1488 {
1489 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1490 {
1491 assertTrue( entry.getValue( ) );
1492 }
1493 bean.doChangeFieldAnonymizeAdminUsers( request );
1494 fail( "Should have thrown" );
1495 }
1496 catch( AccessDeniedException e )
1497 {
1498 for ( Entry<String, Boolean> entry : AdminUserHome.getAnonymizationStatusUserStaticField( ).entrySet( ) )
1499 {
1500 assertTrue( entry.getValue( ) );
1501 }
1502 }
1503 finally
1504 {
1505 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1506 {
1507 AdminUserHome.updateAnonymizationStatusUserStaticField( entry.getKey( ), entry.getValue( ) );
1508 }
1509 }
1510 }
1511
1512 public void testDoConfirmRemoveAdminUser( ) throws AccessDeniedException, UserNotSignedException
1513 {
1514 AdminUserJspBean bean = new AdminUserJspBean( );
1515 MockHttpServletRequest request = new MockHttpServletRequest( );
1516 AdminUser user = getUserToModify( );
1517 try
1518 {
1519 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1520 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1521 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1522 bean.doConfirmRemoveAdminUser( request );
1523 AdminMessage message = AdminMessageService.getMessage( request );
1524 assertNotNull( message );
1525 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
1526 }
1527 finally
1528 {
1529 disposeOfUser( user );
1530 }
1531 }
1532
1533 public void testDoRemoveAdminUser( ) throws AccessDeniedException, UserNotSignedException
1534 {
1535 AdminUserJspBean bean = new AdminUserJspBean( );
1536 MockHttpServletRequest request = new MockHttpServletRequest( );
1537 AdminUser user = getUserToModify( );
1538 try
1539 {
1540 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1541 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1542 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoRemoveUser.jsp" ) );
1543 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1544 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1545 bean.doRemoveAdminUser( request );
1546 assertNull( AdminMessageService.getMessage( request ) );
1547 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1548 assertNull( stored );
1549 }
1550 finally
1551 {
1552 disposeOfUser( user );
1553 }
1554 }
1555
1556 public void testDoRemoveAdminUserInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1557 {
1558 AdminUserJspBean bean = new AdminUserJspBean( );
1559 MockHttpServletRequest request = new MockHttpServletRequest( );
1560 AdminUser user = getUserToModify( );
1561 try
1562 {
1563 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1564 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1565 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoRemoveUser.jsp" ) + "b" );
1566 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1567 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1568 bean.doRemoveAdminUser( request );
1569 fail( "Should have thrown" );
1570 }
1571 catch( AccessDeniedException e )
1572 {
1573 assertNull( AdminMessageService.getMessage( request ) );
1574 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1575 assertNotNull( stored );
1576 }
1577 finally
1578 {
1579 disposeOfUser( user );
1580 }
1581 }
1582
1583 public void testDoRemoveAdminUserNoToken( ) throws AccessDeniedException, UserNotSignedException
1584 {
1585 AdminUserJspBean bean = new AdminUserJspBean( );
1586 MockHttpServletRequest request = new MockHttpServletRequest( );
1587 AdminUser user = getUserToModify( );
1588 try
1589 {
1590 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1591 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1592 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1593 bean.doRemoveAdminUser( request );
1594 fail( "Should have thrown" );
1595 }
1596 catch( AccessDeniedException e )
1597 {
1598 assertNull( AdminMessageService.getMessage( request ) );
1599 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1600 assertNotNull( stored );
1601 }
1602 finally
1603 {
1604 disposeOfUser( user );
1605 }
1606 }
1607
1608 public void testDoImportUsersFromFile( ) throws AccessDeniedException, UserNotSignedException, IOException
1609 {
1610 AdminUserJspBean bean = new AdminUserJspBean( );
1611 MockHttpServletRequest request = new MockHttpServletRequest( );
1612 request.addParameter( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ImportUser.jsp" ) );
1613 AdminUser user = getUserToModify( );
1614 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1615 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1616 Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
1617 List<FileItem> fileItems = new ArrayList<>( );
1618 FileItem file = new DiskFileItem( "import_file", "application/csv", true, "junit.csv", 1024, new File( System.getProperty( "java.io.tmpdir" ) ) );
1619 OutputStreamWriter writer = new OutputStreamWriter( file.getOutputStream( ), Charset.forName( "UTF-8" ) );
1620 writer.write( "test;test;test;test@test.fr;" + AdminUser.ACTIVE_CODE + ";" + Locale.FRANCE + ";0;false;false;;;" );
1621 writer.close( );
1622 fileItems.add( file );
1623 multipartFiles.put( "import_file", fileItems );
1624 Map<String, String [ ]> parameters = request.getParameterMap( );
1625 MultipartHttpServletRequest multipartRequest = new MultipartHttpServletRequest( request, multipartFiles, parameters );
1626 bean.getImportUsersFromFile( request );
1627 AdminUser importedUser = null;
1628 try
1629 {
1630 bean.doImportUsersFromFile( multipartRequest );
1631 importedUser = AdminUserHome.findUserByLogin( "test" );
1632 assertNotNull( importedUser );
1633 assertEquals( "test", importedUser.getAccessCode( ) );
1634 assertEquals( "test", importedUser.getFirstName( ) );
1635 assertEquals( "test", importedUser.getLastName( ) );
1636 assertEquals( "test@test.fr", importedUser.getEmail( ) );
1637 assertEquals( AdminUser.ACTIVE_CODE, importedUser.getStatus( ) );
1638 }
1639 finally
1640 {
1641 if ( importedUser != null )
1642 {
1643 disposeOfUser( importedUser );
1644 }
1645 disposeOfUser( user );
1646 }
1647 }
1648
1649 public void testDoImportUsersFromFileInvalidToken( ) throws AccessDeniedException, UserNotSignedException, IOException
1650 {
1651 AdminUserJspBean bean = new AdminUserJspBean( );
1652 MockHttpServletRequest request = new MockHttpServletRequest( );
1653 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1654 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ImportUser.jsp" ) + "b" );
1655 AdminUser user = getUserToModify( );
1656 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1657 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1658 Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
1659 List<FileItem> fileItems = new ArrayList<>( );
1660 FileItem file = new DiskFileItem( "import_file", "application/csv", true, "junit.csv", 1024, new File( System.getProperty( "java.io.tmpdir" ) ) );
1661 OutputStreamWriter writer = new OutputStreamWriter( file.getOutputStream( ), Charset.forName( "UTF-8" ) );
1662 writer.write( "test;test;test;test@test.fr;" + AdminUser.ACTIVE_CODE + ";" + Locale.FRANCE + ";0;false;false;;;" );
1663 writer.close( );
1664 fileItems.add( file );
1665 multipartFiles.put( "import_file", fileItems );
1666 Map<String, String [ ]> parameters = request.getParameterMap( );
1667 MultipartHttpServletRequest multipartRequest = new MultipartHttpServletRequest( request, multipartFiles, parameters );
1668 bean.getImportUsersFromFile( request );
1669 AdminUser importedUser = null;
1670 try
1671 {
1672 bean.doImportUsersFromFile( multipartRequest );
1673 fail( "Should have thrown" );
1674 }
1675 catch( AccessDeniedException e )
1676 {
1677 importedUser = AdminUserHome.findUserByLogin( "test" );
1678 assertNull( importedUser );
1679 }
1680 finally
1681 {
1682 if ( importedUser != null )
1683 {
1684 disposeOfUser( importedUser );
1685 }
1686 disposeOfUser( user );
1687 }
1688 }
1689
1690 public void testDoImportUsersFromFileNoToken( ) throws AccessDeniedException, UserNotSignedException, IOException
1691 {
1692 AdminUserJspBean bean = new AdminUserJspBean( );
1693 MockHttpServletRequest request = new MockHttpServletRequest( );
1694 AdminUser user = getUserToModify( );
1695 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1696 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1697 Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
1698 List<FileItem> fileItems = new ArrayList<>( );
1699 FileItem file = new DiskFileItem( "import_file", "application/csv", true, "junit.csv", 1024, new File( System.getProperty( "java.io.tmpdir" ) ) );
1700 OutputStreamWriter writer = new OutputStreamWriter( file.getOutputStream( ), Charset.forName( "UTF-8" ) );
1701 writer.write( "test;test;test;test@test.fr;" + AdminUser.ACTIVE_CODE + ";" + Locale.FRANCE + ";0;false;false;;;" );
1702 writer.close( );
1703 fileItems.add( file );
1704 multipartFiles.put( "import_file", fileItems );
1705 Map<String, String [ ]> parameters = request.getParameterMap( );
1706 MultipartHttpServletRequest multipartRequest = new MultipartHttpServletRequest( request, multipartFiles, parameters );
1707 bean.getImportUsersFromFile( request );
1708 AdminUser importedUser = null;
1709 try
1710 {
1711 bean.doImportUsersFromFile( multipartRequest );
1712 fail( "Should have thrown" );
1713 }
1714 catch( AccessDeniedException e )
1715 {
1716 importedUser = AdminUserHome.findUserByLogin( "test" );
1717 assertNull( importedUser );
1718 }
1719 finally
1720 {
1721 if ( importedUser != null )
1722 {
1723 disposeOfUser( importedUser );
1724 }
1725 disposeOfUser( user );
1726 }
1727 }
1728
1729 public void testDoInsertRegularExpression( ) throws AccessDeniedException, UserNotSignedException
1730 {
1731 AdminUserJspBean bean = new AdminUserJspBean( );
1732 MockHttpServletRequest request = new MockHttpServletRequest( );
1733 AdminUser user = getUserToModify( );
1734 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1735 request.setParameter( "id_expression", "1" );
1736 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1737 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
1738 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1739 try
1740 {
1741 assertNotNull( bean.doInsertRegularExpression( request ) );
1742 }
1743 finally
1744 {
1745 AdminUserService.doRemoveRegularExpression( 1 );
1746 disposeOfUser( user );
1747 }
1748 }
1749
1750 public void testDoInsertRegularExpressionInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1751 {
1752 AdminUserJspBean bean = new AdminUserJspBean( );
1753 MockHttpServletRequest request = new MockHttpServletRequest( );
1754 AdminUser user = getUserToModify( );
1755 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1756 request.setParameter( "id_expression", "1" );
1757 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1758 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
1759 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1760 try
1761 {
1762 bean.doInsertRegularExpression( request );
1763 fail( "Should have thrown" );
1764 }
1765 catch( AccessDeniedException e )
1766 {
1767
1768 }
1769 finally
1770 {
1771 AdminUserService.doRemoveRegularExpression( 1 );
1772 disposeOfUser( user );
1773 }
1774 }
1775
1776 public void testDoInsertRegularExpressionNoToken( ) throws AccessDeniedException, UserNotSignedException
1777 {
1778 AdminUserJspBean bean = new AdminUserJspBean( );
1779 MockHttpServletRequest request = new MockHttpServletRequest( );
1780 AdminUser user = getUserToModify( );
1781 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1782 request.setParameter( "id_expression", "1" );
1783 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1784 try
1785 {
1786 bean.doInsertRegularExpression( request );
1787 fail( "Should have thrown" );
1788 }
1789 catch( AccessDeniedException e )
1790 {
1791
1792 }
1793 finally
1794 {
1795 AdminUserService.doRemoveRegularExpression( 1 );
1796 disposeOfUser( user );
1797 }
1798 }
1799
1800 public void testDoModifyAccountLifeTimeEmails( ) throws AccessDeniedException
1801 {
1802 String origEmailSender = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" );
1803 String origEmailSubject = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" );
1804 String origEmailBody = DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" );
1805 AdminUserJspBean bean = new AdminUserJspBean( );
1806 MockHttpServletRequest request = new MockHttpServletRequest( );
1807 request.setParameter( "email_type", "first" );
1808 request.setParameter( "email_sender", "junit" );
1809 request.setParameter( "email_subject", "junit" );
1810 request.setParameter( "email_body", "junit" );
1811 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1812 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp" ) );
1813 try
1814 {
1815 bean.doModifyAccountLifeTimeEmails( request );
1816 assertEquals( "junit", AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" ) );
1817 assertEquals( "junit", AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" ) );
1818 assertEquals( "junit", DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" ) );
1819 }
1820 finally
1821 {
1822 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_sender", origEmailSender );
1823 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_subject", origEmailSubject );
1824 DatabaseTemplateService.updateTemplate( "core_first_alert_mail", origEmailBody );
1825 }
1826 }
1827
1828 public void testDoModifyAccountLifeTimeEmailsInvalidToken( )
1829 {
1830 String origEmailSender = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" );
1831 String origEmailSubject = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" );
1832 String origEmailBody = DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" );
1833 AdminUserJspBean bean = new AdminUserJspBean( );
1834 MockHttpServletRequest request = new MockHttpServletRequest( );
1835 request.setParameter( "email_type", "first" );
1836 request.setParameter( "email_sender", "junit" );
1837 request.setParameter( "email_subject", "junit" );
1838 request.setParameter( "email_body", "junit" );
1839 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1840 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) + "b" );
1841 try
1842 {
1843 bean.doModifyAccountLifeTimeEmails( request );
1844 fail( "Should have thrown" );
1845 }
1846 catch( AccessDeniedException e )
1847 {
1848 assertEquals( origEmailSender, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" ) );
1849 assertEquals( origEmailSubject, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" ) );
1850 assertEquals( origEmailBody, DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" ) );
1851 }
1852 finally
1853 {
1854 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_sender", origEmailSender );
1855 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_subject", origEmailSubject );
1856 DatabaseTemplateService.updateTemplate( "core_first_alert_mail", origEmailBody );
1857 }
1858 }
1859
1860 public void testDoModifyAccountLifeTimeEmailsNoToken( )
1861 {
1862 String origEmailSender = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" );
1863 String origEmailSubject = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" );
1864 String origEmailBody = DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" );
1865 AdminUserJspBean bean = new AdminUserJspBean( );
1866 MockHttpServletRequest request = new MockHttpServletRequest( );
1867 request.setParameter( "email_type", "first" );
1868 request.setParameter( "email_sender", "junit" );
1869 request.setParameter( "email_subject", "junit" );
1870 request.setParameter( "email_body", "junit" );
1871 try
1872 {
1873 bean.doModifyAccountLifeTimeEmails( request );
1874 fail( "Should have thrown" );
1875 }
1876 catch( AccessDeniedException e )
1877 {
1878 assertEquals( origEmailSender, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" ) );
1879 assertEquals( origEmailSubject, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" ) );
1880 assertEquals( origEmailBody, DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" ) );
1881 }
1882 finally
1883 {
1884 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_sender", origEmailSender );
1885 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_subject", origEmailSubject );
1886 DatabaseTemplateService.updateTemplate( "core_first_alert_mail", origEmailBody );
1887 }
1888 }
1889
1890 public void testDoModifyDefaultUserParameterValues( ) throws AccessDeniedException, UserNotSignedException
1891 {
1892 String origDefaultStatus = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS );
1893 String origDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
1894 String origDefaultNotification = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION );
1895 String origDefaultLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
1896 AdminUserJspBean bean = new AdminUserJspBean( );
1897 MockHttpServletRequest request = new MockHttpServletRequest( );
1898 AdminUser user = getUserToModify( );
1899 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1900 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1901 request.setParameter( "status", Integer.toString( AdminUser.ANONYMIZED_CODE ) );
1902 request.setParameter( "user_level", "10" );
1903 request.setParameter( "notify_user", "false" );
1904 request.setParameter( "language", Locale.CANADA_FRENCH.toString( ) );
1905 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1906 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
1907 try
1908 {
1909 bean.doModifyDefaultUserParameterValues( request );
1910 assertEquals( Integer.toString( AdminUser.ANONYMIZED_CODE ), DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
1911 assertEquals( "10", DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL ) );
1912 assertEquals( "false", DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
1913 assertEquals( Locale.CANADA_FRENCH.toString( ), DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE ) );
1914 }
1915 finally
1916 {
1917 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, origDefaultStatus );
1918 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, origDefaultLevel );
1919 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, origDefaultNotification );
1920 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, origDefaultLanguage );
1921 disposeOfUser( user );
1922 }
1923 }
1924
1925 public void testDoModifyDefaultUserParameterValuesInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1926 {
1927 String origDefaultStatus = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS );
1928 String origDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
1929 String origDefaultNotification = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION );
1930 String origDefaultLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
1931 AdminUserJspBean bean = new AdminUserJspBean( );
1932 MockHttpServletRequest request = new MockHttpServletRequest( );
1933 AdminUser user = getUserToModify( );
1934 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1935 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1936 request.setParameter( "status", Integer.toString( AdminUser.ANONYMIZED_CODE ) );
1937 request.setParameter( "user_level", "10" );
1938 request.setParameter( "notify_user", "false" );
1939 request.setParameter( "language", Locale.CANADA_FRENCH.toString( ) );
1940 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1941 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
1942 try
1943 {
1944 bean.doModifyDefaultUserParameterValues( request );
1945 fail( "Should have thrown" );
1946 }
1947 catch( AccessDeniedException e )
1948 {
1949 assertEquals( origDefaultStatus, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
1950 assertEquals( origDefaultLevel, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL ) );
1951 assertEquals( origDefaultNotification, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
1952 assertEquals( origDefaultLanguage, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE ) );
1953 }
1954 finally
1955 {
1956 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, origDefaultStatus );
1957 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, origDefaultLevel );
1958 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, origDefaultNotification );
1959 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, origDefaultLanguage );
1960 disposeOfUser( user );
1961 }
1962 }
1963
1964 public void testDoModifyDefaultUserParameterValuesNoToken( ) throws AccessDeniedException, UserNotSignedException
1965 {
1966 String origDefaultStatus = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS );
1967 String origDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
1968 String origDefaultNotification = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION );
1969 String origDefaultLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
1970 AdminUserJspBean bean = new AdminUserJspBean( );
1971 MockHttpServletRequest request = new MockHttpServletRequest( );
1972 AdminUser user = getUserToModify( );
1973 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1974 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1975 request.setParameter( "status", Integer.toString( AdminUser.ANONYMIZED_CODE ) );
1976 request.setParameter( "user_level", "10" );
1977 request.setParameter( "notify_user", "false" );
1978 request.setParameter( "language", Locale.CANADA_FRENCH.toString( ) );
1979 try
1980 {
1981 bean.doModifyDefaultUserParameterValues( request );
1982 fail( "Should have thrown" );
1983 }
1984 catch( AccessDeniedException e )
1985 {
1986 assertEquals( origDefaultStatus, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
1987 assertEquals( origDefaultLevel, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL ) );
1988 assertEquals( origDefaultNotification, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
1989 assertEquals( origDefaultLanguage, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE ) );
1990 }
1991 finally
1992 {
1993 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, origDefaultStatus );
1994 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, origDefaultLevel );
1995 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, origDefaultNotification );
1996 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, origDefaultLanguage );
1997 disposeOfUser( user );
1998 }
1999 }
2000
2001 public void testDoModifyDefaultUserSecurityValues( ) throws AccessDeniedException, UserNotSignedException
2002 {
2003 assertFalse( "Test does not account for advanced security parameters",
2004 AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2005 boolean origForceChangePasswordReinit = Boolean
2006 .parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) );
2007 int origPasswordMinimumLength = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH );
2008 int origResetTokenValidity = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY );
2009 boolean origLockResetTokenToSession = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION );
2010 int origAccountLifeTime = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME );
2011 int origTimeBeforeAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT );
2012 int origNbAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT );
2013 int origTimeBetweenAlertsAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT );
2014 int origAccessFailuresMax = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX );
2015 int origAccessFailuresInterval = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL );
2016 String origBannedDomainNames = AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES );
2017 AdminUserJspBean bean = new AdminUserJspBean( );
2018 MockHttpServletRequest request = new MockHttpServletRequest( );
2019 AdminUser user = getUserToModify( );
2020 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2021 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2022 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2023 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2024 request.setParameter( "force_change_password_reinit", origForceChangePasswordReinit ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2025 request.setParameter( "password_minimum_length", Integer.toString( origPasswordMinimumLength + 1 ) );
2026 request.setParameter( "reset_token_validity", Integer.toString( origResetTokenValidity + 1 ) );
2027 request.setParameter( "lock_reset_token_to_session", origLockResetTokenToSession ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2028 request.setParameter( "account_life_time", Integer.toString( origAccountLifeTime + 1 ) );
2029 request.setParameter( "time_before_alert_account", Integer.toString( origTimeBeforeAlertAccount + 1 ) );
2030 request.setParameter( "nb_alert_account", Integer.toString( origNbAlertAccount + 1 ) );
2031 request.setParameter( "time_between_alerts_account", Integer.toString( origTimeBetweenAlertsAccount + 1 ) );
2032 request.setParameter( "access_failures_max", Integer.toString( origAccessFailuresMax + 1 ) );
2033 request.setParameter( "access_failures_interval", Integer.toString( origAccessFailuresInterval + 1 ) );
2034 request.setParameter( "banned_domain_names", origBannedDomainNames + "b" );
2035 try
2036 {
2037 bean.doModifyDefaultUserSecurityValues( request );
2038 assertEquals( !origForceChangePasswordReinit,
2039 Boolean.parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) ) );
2040 assertEquals( origPasswordMinimumLength + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
2041 assertEquals( origResetTokenValidity + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY ) );
2042 assertEquals( !origLockResetTokenToSession, AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION ) );
2043 assertEquals( origAccountLifeTime + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME ) );
2044 assertEquals( origTimeBeforeAlertAccount + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT ) );
2045 assertEquals( origNbAlertAccount + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT ) );
2046 assertEquals( origTimeBetweenAlertsAccount + 1,
2047 AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2048 assertEquals( origAccessFailuresMax + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX ) );
2049 assertEquals( origAccessFailuresInterval + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL ) );
2050 assertEquals( origBannedDomainNames + "b", AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES ) );
2051 }
2052 finally
2053 {
2054 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, Boolean.toString( origForceChangePasswordReinit ) );
2055 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, Integer.toString( origPasswordMinimumLength ) );
2056 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, Integer.toString( origResetTokenValidity ) );
2057 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, Boolean.toString( origLockResetTokenToSession ) );
2058 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, Integer.toString( origAccountLifeTime ) );
2059 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, Integer.toString( origTimeBeforeAlertAccount ) );
2060 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, Integer.toString( origNbAlertAccount ) );
2061 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, Integer.toString( origTimeBetweenAlertsAccount ) );
2062 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, Integer.toString( origAccessFailuresMax ) );
2063 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, Integer.toString( origAccessFailuresInterval ) );
2064 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, origBannedDomainNames );
2065 disposeOfUser( user );
2066 }
2067 }
2068
2069 public void testDoModifyDefaultUserSecurityValuesInvalidToken( ) throws AccessDeniedException, UserNotSignedException
2070 {
2071 assertFalse( "Test does not account for advanced security parameters",
2072 AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2073 boolean origForceChangePasswordReinit = Boolean
2074 .parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) );
2075 int origPasswordMinimumLength = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH );
2076 int origResetTokenValidity = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY );
2077 boolean origLockResetTokenToSession = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION );
2078 int origAccountLifeTime = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME );
2079 int origTimeBeforeAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT );
2080 int origNbAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT );
2081 int origTimeBetweenAlertsAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT );
2082 int origAccessFailuresMax = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX );
2083 int origAccessFailuresInterval = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL );
2084 String origBannedDomainNames = AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES );
2085 AdminUserJspBean bean = new AdminUserJspBean( );
2086 MockHttpServletRequest request = new MockHttpServletRequest( );
2087 AdminUser user = getUserToModify( );
2088 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2089 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2090 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2091 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2092 request.setParameter( "force_change_password_reinit", origForceChangePasswordReinit ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2093 request.setParameter( "password_minimum_length", Integer.toString( origPasswordMinimumLength + 1 ) );
2094 request.setParameter( "reset_token_validity", Integer.toString( origResetTokenValidity + 1 ) );
2095 request.setParameter( "lock_reset_token_to_session", origLockResetTokenToSession ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2096 request.setParameter( "account_life_time", Integer.toString( origAccountLifeTime + 1 ) );
2097 request.setParameter( "time_before_alert_account", Integer.toString( origTimeBeforeAlertAccount + 1 ) );
2098 request.setParameter( "nb_alert_account", Integer.toString( origNbAlertAccount + 1 ) );
2099 request.setParameter( "time_between_alerts_account", Integer.toString( origTimeBetweenAlertsAccount + 1 ) );
2100 request.setParameter( "access_failures_max", Integer.toString( origAccessFailuresMax + 1 ) );
2101 request.setParameter( "access_failures_interval", Integer.toString( origAccessFailuresInterval + 1 ) );
2102 request.setParameter( "banned_domain_names", origBannedDomainNames + "b" );
2103 try
2104 {
2105 bean.doModifyDefaultUserSecurityValues( request );
2106 fail( "Should have thrown" );
2107 }
2108 catch( AccessDeniedException e )
2109 {
2110 assertEquals( origForceChangePasswordReinit,
2111 Boolean.parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) ) );
2112 assertEquals( origPasswordMinimumLength, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
2113 assertEquals( origResetTokenValidity, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY ) );
2114 assertEquals( origLockResetTokenToSession, AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION ) );
2115 assertEquals( origAccountLifeTime, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME ) );
2116 assertEquals( origTimeBeforeAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT ) );
2117 assertEquals( origNbAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT ) );
2118 assertEquals( origTimeBetweenAlertsAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2119 assertEquals( origAccessFailuresMax, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX ) );
2120 assertEquals( origAccessFailuresInterval, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL ) );
2121 assertEquals( origBannedDomainNames, AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES ) );
2122 }
2123 finally
2124 {
2125 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, Boolean.toString( origForceChangePasswordReinit ) );
2126 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, Integer.toString( origPasswordMinimumLength ) );
2127 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, Integer.toString( origResetTokenValidity ) );
2128 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, Boolean.toString( origLockResetTokenToSession ) );
2129 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, Integer.toString( origAccountLifeTime ) );
2130 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, Integer.toString( origTimeBeforeAlertAccount ) );
2131 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, Integer.toString( origNbAlertAccount ) );
2132 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, Integer.toString( origTimeBetweenAlertsAccount ) );
2133 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, Integer.toString( origAccessFailuresMax ) );
2134 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, Integer.toString( origAccessFailuresInterval ) );
2135 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, origBannedDomainNames );
2136 disposeOfUser( user );
2137 }
2138 }
2139
2140 public void testDoModifyDefaultUserSecurityValuesNoToken( ) throws AccessDeniedException, UserNotSignedException
2141 {
2142 assertFalse( "Test does not account for advanced security parameters",
2143 AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2144 boolean origForceChangePasswordReinit = Boolean
2145 .parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) );
2146 int origPasswordMinimumLength = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH );
2147 int origResetTokenValidity = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY );
2148 boolean origLockResetTokenToSession = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION );
2149 int origAccountLifeTime = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME );
2150 int origTimeBeforeAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT );
2151 int origNbAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT );
2152 int origTimeBetweenAlertsAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT );
2153 int origAccessFailuresMax = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX );
2154 int origAccessFailuresInterval = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL );
2155 String origBannedDomainNames = AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES );
2156 AdminUserJspBean bean = new AdminUserJspBean( );
2157 MockHttpServletRequest request = new MockHttpServletRequest( );
2158 AdminUser user = getUserToModify( );
2159 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2160 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2161 request.setParameter( "force_change_password_reinit", origForceChangePasswordReinit ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2162 request.setParameter( "password_minimum_length", Integer.toString( origPasswordMinimumLength + 1 ) );
2163 request.setParameter( "reset_token_validity", Integer.toString( origResetTokenValidity + 1 ) );
2164 request.setParameter( "lock_reset_token_to_session", origLockResetTokenToSession ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2165 request.setParameter( "account_life_time", Integer.toString( origAccountLifeTime + 1 ) );
2166 request.setParameter( "time_before_alert_account", Integer.toString( origTimeBeforeAlertAccount + 1 ) );
2167 request.setParameter( "nb_alert_account", Integer.toString( origNbAlertAccount + 1 ) );
2168 request.setParameter( "time_between_alerts_account", Integer.toString( origTimeBetweenAlertsAccount + 1 ) );
2169 request.setParameter( "access_failures_max", Integer.toString( origAccessFailuresMax + 1 ) );
2170 request.setParameter( "access_failures_interval", Integer.toString( origAccessFailuresInterval + 1 ) );
2171 request.setParameter( "banned_domain_names", origBannedDomainNames + "b" );
2172 try
2173 {
2174 bean.doModifyDefaultUserSecurityValues( request );
2175 fail( "Should have thrown" );
2176 }
2177 catch( AccessDeniedException e )
2178 {
2179 assertEquals( origForceChangePasswordReinit,
2180 Boolean.parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) ) );
2181 assertEquals( origPasswordMinimumLength, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
2182 assertEquals( origResetTokenValidity, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY ) );
2183 assertEquals( origLockResetTokenToSession, AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION ) );
2184 assertEquals( origAccountLifeTime, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME ) );
2185 assertEquals( origTimeBeforeAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT ) );
2186 assertEquals( origNbAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT ) );
2187 assertEquals( origTimeBetweenAlertsAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2188 assertEquals( origAccessFailuresMax, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX ) );
2189 assertEquals( origAccessFailuresInterval, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL ) );
2190 assertEquals( origBannedDomainNames, AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES ) );
2191 }
2192 finally
2193 {
2194 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, Boolean.toString( origForceChangePasswordReinit ) );
2195 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, Integer.toString( origPasswordMinimumLength ) );
2196 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, Integer.toString( origResetTokenValidity ) );
2197 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, Boolean.toString( origLockResetTokenToSession ) );
2198 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, Integer.toString( origAccountLifeTime ) );
2199 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, Integer.toString( origTimeBeforeAlertAccount ) );
2200 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, Integer.toString( origNbAlertAccount ) );
2201 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, Integer.toString( origTimeBetweenAlertsAccount ) );
2202 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, Integer.toString( origAccessFailuresMax ) );
2203 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, Integer.toString( origAccessFailuresInterval ) );
2204 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, origBannedDomainNames );
2205 disposeOfUser( user );
2206 }
2207 }
2208
2209 public void testDoModifyEmailPattern( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2210 {
2211 String origEmailPattern = getEmailPattern( );
2212 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2213 AdminUserJspBean bean = new AdminUserJspBean( );
2214 MockHttpServletRequest request = new MockHttpServletRequest( );
2215 AdminUser user = getUserToModify( );
2216 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2217 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2218 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2219 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2220 request.setParameter( "is_email_pattern_set_manually", Boolean.FALSE.toString( ) );
2221 request.setParameter( "email_pattern", origEmailPattern + "b" );
2222 try
2223 {
2224 bean.doModifyEmailPattern( request );
2225 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2226 assertTrue( isEmailPatternSetManually( ) );
2227 }
2228 finally
2229 {
2230 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2231 disposeOfUser( user );
2232 }
2233 }
2234
2235
2236
2237
2238
2239
2240 private static String getDefaultEmailPattern( )
2241 {
2242 return AppPropertiesService.getProperty( "lutece.email.pattern" );
2243 }
2244
2245
2246
2247
2248
2249
2250
2251 private static String getEmailPattern( )
2252 {
2253 String strEmailPattern = getDefaultEmailPattern( );
2254 String emailPattern = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_EMAIL_PATTERN );
2255
2256 if ( emailPattern != null )
2257 {
2258 strEmailPattern = emailPattern;
2259 }
2260
2261 return strEmailPattern;
2262 }
2263
2264
2265
2266
2267
2268
2269 private static boolean isEmailPatternSetManually( )
2270 {
2271 boolean bIsSetManually = true;
2272
2273 if ( RegularExpressionService.getInstance( ).isAvailable( ) )
2274 {
2275 String emailPatternVerifyBy = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_EMAIL_PATTERN_VERIFY_BY );
2276
2277 if ( StringUtils.isNotBlank( emailPatternVerifyBy ) )
2278 {
2279 bIsSetManually = false;
2280 }
2281 }
2282
2283 return bIsSetManually;
2284 }
2285
2286 public void testDoModifyEmailPatternInvalidToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2287 {
2288 String origEmailPattern = getEmailPattern( );
2289 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2290 AdminUserJspBean bean = new AdminUserJspBean( );
2291 MockHttpServletRequest request = new MockHttpServletRequest( );
2292 AdminUser user = getUserToModify( );
2293 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2294 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2295 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2296 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2297 request.setParameter( "is_email_pattern_set_manually", Boolean.FALSE.toString( ) );
2298 request.setParameter( "email_pattern", origEmailPattern + "b" );
2299 try
2300 {
2301 bean.doModifyEmailPattern( request );
2302 fail( "Should have thrown" );
2303 }
2304 catch( AccessDeniedException e )
2305 {
2306 assertEquals( origEmailPattern, getEmailPattern( ) );
2307 assertTrue( isEmailPatternSetManually( ) );
2308 }
2309 finally
2310 {
2311 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2312 disposeOfUser( user );
2313 }
2314 }
2315
2316 public void testDoModifyEmailPatternNoToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2317 {
2318 String origEmailPattern = getEmailPattern( );
2319 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2320 AdminUserJspBean bean = new AdminUserJspBean( );
2321 MockHttpServletRequest request = new MockHttpServletRequest( );
2322 AdminUser user = getUserToModify( );
2323 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2324 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2325 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2326 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2327 request.setParameter( "is_email_pattern_set_manually", Boolean.FALSE.toString( ) );
2328 request.setParameter( "email_pattern", origEmailPattern + "b" );
2329 try
2330 {
2331 bean.doModifyEmailPattern( request );
2332 fail( "Should have thrown" );
2333 }
2334 catch( AccessDeniedException e )
2335 {
2336 assertEquals( origEmailPattern, getEmailPattern( ) );
2337 assertTrue( isEmailPatternSetManually( ) );
2338 }
2339 finally
2340 {
2341 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2342 disposeOfUser( user );
2343 }
2344 }
2345
2346 public void testGetChangeUseAdvancedSecurityParametersToFalse( )
2347 {
2348 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2349 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2350 try
2351 {
2352 AdminUserJspBean bean = new AdminUserJspBean( );
2353 MockHttpServletRequest request = new MockHttpServletRequest( );
2354 bean.getChangeUseAdvancedSecurityParameters( request );
2355 AdminMessage message = AdminMessageService.getMessage( request );
2356 assertNotNull( message );
2357 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
2358 }
2359 finally
2360 {
2361 if ( origUseAdvancedSecurityParameters )
2362 {
2363 AdminUserService.useAdvancedSecurityParameters( );
2364 }
2365 else
2366 {
2367 AdminUserService.removeAdvancedSecurityParameters( );
2368 }
2369 }
2370 }
2371
2372 public void testGetChangeUseAdvancedSecurityParametersToTrue( )
2373 {
2374 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2375 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2376 try
2377 {
2378 AdminUserJspBean bean = new AdminUserJspBean( );
2379 MockHttpServletRequest request = new MockHttpServletRequest( );
2380 bean.getChangeUseAdvancedSecurityParameters( request );
2381 AdminMessage message = AdminMessageService.getMessage( request );
2382 assertNotNull( message );
2383 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
2384 }
2385 finally
2386 {
2387 if ( origUseAdvancedSecurityParameters )
2388 {
2389 AdminUserService.useAdvancedSecurityParameters( );
2390 }
2391 else
2392 {
2393 AdminUserService.removeAdvancedSecurityParameters( );
2394 }
2395 }
2396 }
2397
2398 public void testDoRemoveAdvancedSecurityParameters( ) throws AccessDeniedException, UserNotSignedException
2399 {
2400 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2401 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2402 try
2403 {
2404 AdminUserJspBean bean = new AdminUserJspBean( );
2405 MockHttpServletRequest request = new MockHttpServletRequest( );
2406 registerAdminUserAdmin( request );
2407 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2408
2409 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2410 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2411 bean.doRemoveAdvancedSecurityParameters( request );
2412 assertFalse( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2413 }
2414 finally
2415 {
2416 if ( origUseAdvancedSecurityParameters )
2417 {
2418 AdminUserService.useAdvancedSecurityParameters( );
2419 }
2420 else
2421 {
2422 AdminUserService.removeAdvancedSecurityParameters( );
2423 }
2424 }
2425 }
2426
2427 public void testDoRemoveAdvancedSecurityParametersInvalidToken( ) throws AccessDeniedException
2428 {
2429 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2430 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2431 try
2432 {
2433 AdminUserJspBean bean = new AdminUserJspBean( );
2434 MockHttpServletRequest request = new MockHttpServletRequest( );
2435 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2436 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2437 bean.doRemoveAdvancedSecurityParameters( request );
2438 fail( "should have thrown" );
2439 }
2440 catch( AccessDeniedException e )
2441 {
2442 assertTrue( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2443 }
2444 finally
2445 {
2446 if ( origUseAdvancedSecurityParameters )
2447 {
2448 AdminUserService.useAdvancedSecurityParameters( );
2449 }
2450 else
2451 {
2452 AdminUserService.removeAdvancedSecurityParameters( );
2453 }
2454 }
2455 }
2456
2457 public void testDoRemoveAdvancedSecurityParametersNoToken( ) throws AccessDeniedException
2458 {
2459 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2460 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2461 try
2462 {
2463 AdminUserJspBean bean = new AdminUserJspBean( );
2464 MockHttpServletRequest request = new MockHttpServletRequest( );
2465 bean.doRemoveAdvancedSecurityParameters( request );
2466 fail( "should have thrown" );
2467 }
2468 catch( AccessDeniedException e )
2469 {
2470 assertTrue( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2471 }
2472 finally
2473 {
2474 if ( origUseAdvancedSecurityParameters )
2475 {
2476 AdminUserService.useAdvancedSecurityParameters( );
2477 }
2478 else
2479 {
2480 AdminUserService.removeAdvancedSecurityParameters( );
2481 }
2482 }
2483 }
2484
2485 public void testDoUseAdvancedSecurityParameters( ) throws AccessDeniedException, UserNotSignedException
2486 {
2487 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2488 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2489 try
2490 {
2491 AdminUserJspBean bean = new AdminUserJspBean( );
2492 MockHttpServletRequest request = new MockHttpServletRequest( );
2493 registerAdminUserAdmin( request );
2494 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2495
2496 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2497 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2498 bean.doUseAdvancedSecurityParameters( request );
2499 assertTrue( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2500 }
2501 finally
2502 {
2503 if ( origUseAdvancedSecurityParameters )
2504 {
2505 AdminUserService.useAdvancedSecurityParameters( );
2506 }
2507 else
2508 {
2509 AdminUserService.removeAdvancedSecurityParameters( );
2510 }
2511 }
2512 }
2513
2514 public void testDoUseAdvancedSecurityParametersInvalidToken( ) throws AccessDeniedException
2515 {
2516 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2517 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2518 try
2519 {
2520 AdminUserJspBean bean = new AdminUserJspBean( );
2521 MockHttpServletRequest request = new MockHttpServletRequest( );
2522 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2523 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2524 bean.doUseAdvancedSecurityParameters( request );
2525 fail( "should have thrown" );
2526 }
2527 catch( AccessDeniedException e )
2528 {
2529 assertFalse( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2530 }
2531 finally
2532 {
2533 if ( origUseAdvancedSecurityParameters )
2534 {
2535 AdminUserService.useAdvancedSecurityParameters( );
2536 }
2537 else
2538 {
2539 AdminUserService.removeAdvancedSecurityParameters( );
2540 }
2541 }
2542 }
2543
2544 public void testDoUseAdvancedSecurityParametersNoToken( ) throws AccessDeniedException
2545 {
2546 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2547 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2548 try
2549 {
2550 AdminUserJspBean bean = new AdminUserJspBean( );
2551 MockHttpServletRequest request = new MockHttpServletRequest( );
2552 bean.doUseAdvancedSecurityParameters( request );
2553 fail( "should have thrown" );
2554 }
2555 catch( AccessDeniedException e )
2556 {
2557 assertFalse( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2558 }
2559 finally
2560 {
2561 if ( origUseAdvancedSecurityParameters )
2562 {
2563 AdminUserService.useAdvancedSecurityParameters( );
2564 }
2565 else
2566 {
2567 AdminUserService.removeAdvancedSecurityParameters( );
2568 }
2569 }
2570 }
2571
2572 public void testDoRemoveRegularExpression( ) throws AccessDeniedException, UserNotSignedException
2573 {
2574 AdminUserJspBean bean = new AdminUserJspBean( );
2575 MockHttpServletRequest request = new MockHttpServletRequest( );
2576 AdminUser user = getUserToModify( );
2577 try
2578 {
2579 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2580 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2581 request.setParameter( "id_expression", "1" );
2582 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2583 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2584 assertNotNull( bean.doRemoveRegularExpression( request ) );
2585 }
2586 finally
2587 {
2588 disposeOfUser( user );
2589 }
2590 }
2591
2592 public void testDoRemoveRegularExpressionInvalidToken( ) throws AccessDeniedException, UserNotSignedException
2593 {
2594 AdminUserJspBean bean = new AdminUserJspBean( );
2595 MockHttpServletRequest request = new MockHttpServletRequest( );
2596 AdminUser user = getUserToModify( );
2597 try
2598 {
2599 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2600 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2601 request.setParameter( "id_expression", "1" );
2602 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2603 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2604 bean.doRemoveRegularExpression( request );
2605 fail( "Should have thrown" );
2606 }
2607 catch( AccessDeniedException e )
2608 {
2609
2610 }
2611 finally
2612 {
2613 disposeOfUser( user );
2614 }
2615 }
2616
2617 public void testDoRemoveRegularExpressionNoToken( ) throws AccessDeniedException, UserNotSignedException
2618 {
2619 AdminUserJspBean bean = new AdminUserJspBean( );
2620 MockHttpServletRequest request = new MockHttpServletRequest( );
2621 AdminUser user = getUserToModify( );
2622 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2623 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2624 request.setParameter( "id_expression", "1" );
2625 try
2626 {
2627 bean.doRemoveRegularExpression( request );
2628 fail( "Should have thrown" );
2629 }
2630 catch( AccessDeniedException e )
2631 {
2632
2633 }
2634 finally
2635 {
2636 disposeOfUser( user );
2637 }
2638 }
2639
2640 public void testDoModifyEmailPatternReset( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2641 {
2642 String origEmailPattern = getEmailPattern( );
2643 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2644 AdminUser user = getUserToModify( );
2645 try
2646 {
2647 AdminUserService.doModifyEmailPattern( origEmailPattern + "b", isEmailPatternSetManually( ) );
2648 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2649 AdminUserJspBean bean = new AdminUserJspBean( );
2650 MockHttpServletRequest request = new MockHttpServletRequest( );
2651 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2652 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2653 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2654 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2655 request.setParameter( "reset", "reset" );
2656 bean.doModifyEmailPattern( request );
2657 assertEquals( origEmailPattern, getEmailPattern( ) );
2658 assertTrue( isEmailPatternSetManually( ) );
2659 }
2660 finally
2661 {
2662 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2663 disposeOfUser( user );
2664 }
2665 }
2666
2667 public void testDoModifyEmailPatternResetInvalidToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2668 {
2669 String origEmailPattern = getEmailPattern( );
2670 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2671 AdminUserService.doModifyEmailPattern( origEmailPattern + "b", isEmailPatternSetManually( ) );
2672 AdminUser user = getUserToModify( );
2673 try
2674 {
2675 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2676 AdminUserJspBean bean = new AdminUserJspBean( );
2677 MockHttpServletRequest request = new MockHttpServletRequest( );
2678 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2679 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2680 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2681 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2682 request.setParameter( "reset", "reset" );
2683 bean.doModifyEmailPattern( request );
2684 fail( "Should have thrown" );
2685 }
2686 catch( AccessDeniedException e )
2687 {
2688 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2689 }
2690 finally
2691 {
2692 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2693 disposeOfUser( user );
2694 }
2695 }
2696
2697 public void testDoModifyEmailPatternResetNoToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2698 {
2699 String origEmailPattern = getEmailPattern( );
2700 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2701 AdminUserService.doModifyEmailPattern( origEmailPattern + "b", isEmailPatternSetManually( ) );
2702 AdminUser user = getUserToModify( );
2703 try
2704 {
2705 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2706 AdminUserJspBean bean = new AdminUserJspBean( );
2707 MockHttpServletRequest request = new MockHttpServletRequest( );
2708 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2709 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2710 request.setParameter( "reset", "reset" );
2711 bean.doModifyEmailPattern( request );
2712 fail( "Should have thrown" );
2713 }
2714 catch( AccessDeniedException e )
2715 {
2716 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2717 }
2718 finally
2719 {
2720 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2721 disposeOfUser( user );
2722 }
2723 }
2724
2725
2726
2727
2728
2729
2730
2731
2732 private void registerAdminUserAdmin( HttpServletRequest request ) throws AccessDeniedException, UserNotSignedException
2733 {
2734 AdminUser adminUser = AdminUserHome.findUserByLogin( "admin" );
2735 adminUser.setStatus( 0 );
2736 adminUser.setUserLevel( 0 );
2737 adminUser.setPasswordReset( false );
2738
2739 AdminUserHome.update( adminUser );
2740
2741 AdminAuthenticationService.getInstance( ).registerUser( request, adminUser );
2742 }
2743 }