1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34 package fr.paris.lutece.portal.web.user;
35
36 import java.io.File;
37 import java.io.IOException;
38 import java.io.OutputStreamWriter;
39 import java.nio.charset.Charset;
40 import java.security.SecureRandom;
41 import java.util.ArrayList;
42 import java.util.HashMap;
43 import java.util.List;
44 import java.util.Locale;
45 import java.util.Map;
46 import java.util.Map.Entry;
47
48 import org.apache.commons.fileupload.FileItem;
49 import org.apache.commons.fileupload.disk.DiskFileItem;
50 import org.apache.commons.lang3.StringUtils;
51 import org.springframework.mock.web.MockHttpServletRequest;
52 import org.springframework.test.util.ReflectionTestUtils;
53
54 import fr.paris.lutece.portal.business.right.Right;
55 import fr.paris.lutece.portal.business.right.RightHome;
56 import fr.paris.lutece.portal.business.role.Role;
57 import fr.paris.lutece.portal.business.role.RoleHome;
58 import fr.paris.lutece.portal.business.user.AdminUser;
59 import fr.paris.lutece.portal.business.user.AdminUserHome;
60 import fr.paris.lutece.portal.business.user.authentication.LuteceDefaultAdminUser;
61 import fr.paris.lutece.portal.business.user.parameter.DefaultUserParameterHome;
62 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroup;
63 import fr.paris.lutece.portal.business.workgroup.AdminWorkgroupHome;
64 import fr.paris.lutece.portal.service.admin.AccessDeniedException;
65 import fr.paris.lutece.portal.service.admin.AdminAuthenticationService;
66 import fr.paris.lutece.portal.service.admin.AdminUserService;
67 import fr.paris.lutece.portal.service.admin.PasswordResetException;
68 import fr.paris.lutece.portal.service.i18n.I18nService;
69 import fr.paris.lutece.portal.service.message.AdminMessage;
70 import fr.paris.lutece.portal.service.message.AdminMessageService;
71 import fr.paris.lutece.portal.service.regularexpression.RegularExpressionService;
72 import fr.paris.lutece.portal.service.security.SecurityTokenService;
73 import fr.paris.lutece.portal.service.security.UserNotSignedException;
74 import fr.paris.lutece.portal.service.spring.SpringContextService;
75 import fr.paris.lutece.portal.service.template.DatabaseTemplateService;
76 import fr.paris.lutece.portal.service.util.AppException;
77 import fr.paris.lutece.portal.service.util.AppPropertiesService;
78 import fr.paris.lutece.portal.web.constants.Messages;
79 import fr.paris.lutece.portal.web.dashboard.AdminDashboardJspBean;
80 import fr.paris.lutece.portal.web.l10n.LocaleService;
81 import fr.paris.lutece.portal.web.upload.MultipartHttpServletRequest;
82 import fr.paris.lutece.test.LuteceTestCase;
83 import fr.paris.lutece.util.password.IPasswordFactory;
84 import javax.servlet.http.HttpServletRequest;
85
86 public class AdminUserJspBeanTest extends LuteceTestCase
87 {
88 public static final String RIGHT_CORE_USERS_MANAGEMENT = "CORE_USERS_MANAGEMENT";
89
90 public void testDoCreateAdminUser( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
91 {
92 AdminUserJspBean bean = new AdminUserJspBean( );
93 MockHttpServletRequest request = new MockHttpServletRequest( );
94 request.setParameter( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
95 bean.doCreateAdminUser( request );
96 AdminMessage message = AdminMessageService.getMessage( request );
97 assertNotNull( message );
98 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
99
100 String randomUserName = "User_" + new SecureRandom( ).nextLong( );
101 try
102 {
103 request = new MockHttpServletRequest( );
104 request.addParameter( "access_code", randomUserName );
105 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
106 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
107 bean.doCreateAdminUser( request );
108 message = AdminMessageService.getMessage( request );
109 assertNotNull( message );
110 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
111
112 request = new MockHttpServletRequest( );
113 request.addParameter( "access_code", randomUserName );
114 request.addParameter( "last_name", randomUserName );
115 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
116 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
117 bean.doCreateAdminUser( request );
118 message = AdminMessageService.getMessage( request );
119 assertNotNull( message );
120 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
121
122 request = new MockHttpServletRequest( );
123 request.addParameter( "access_code", randomUserName );
124 request.addParameter( "last_name", randomUserName );
125 request.addParameter( "first_name", randomUserName );
126 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
127 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
128 bean.doCreateAdminUser( request );
129 message = AdminMessageService.getMessage( request );
130 assertNotNull( message );
131 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
132
133 request = new MockHttpServletRequest( );
134 request.addParameter( "access_code", randomUserName );
135 request.addParameter( "last_name", randomUserName );
136 request.addParameter( "first_name", randomUserName );
137 request.addParameter( "email", " " );
138 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
139 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
140 bean.doCreateAdminUser( request );
141 message = AdminMessageService.getMessage( request );
142 assertNotNull( message );
143 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
144
145 request = new MockHttpServletRequest( );
146 request.addParameter( "access_code", "admin" );
147 request.addParameter( "last_name", randomUserName );
148 request.addParameter( "first_name", randomUserName );
149 request.addParameter( "email", randomUserName + "@lutece.fr" );
150 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
151 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
152 bean.doCreateAdminUser( request );
153 message = AdminMessageService.getMessage( request );
154 assertNotNull( message );
155 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessCodeAlreadyUsed", Locale.FRENCH ),
156 message.getText( Locale.FRENCH ) );
157
158 request = new MockHttpServletRequest( );
159 request.addParameter( "access_code", randomUserName );
160 request.addParameter( "last_name", randomUserName );
161 request.addParameter( "first_name", randomUserName );
162 request.addParameter( "email", "admin@lutece.fr" );
163 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
164 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
165 bean.doCreateAdminUser( request );
166 message = AdminMessageService.getMessage( request );
167 assertNotNull( message );
168 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessEmailUsed", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
169
170 request = new MockHttpServletRequest( );
171 request.addParameter( "access_code", randomUserName );
172 request.addParameter( "last_name", randomUserName );
173 request.addParameter( "first_name", randomUserName );
174 request.addParameter( "email", randomUserName + "@lutece.fr" );
175 request.addParameter( "user_level", "0" );
176 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
177 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
178 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
179 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
180 bean.doCreateAdminUser( request );
181 message = AdminMessageService.getMessage( request );
182 assertNotNull( message );
183 assertEquals( I18nService.getLocalizedString( Messages.USER_ACCESS_DENIED, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
184
185 request = new MockHttpServletRequest( );
186 request.addParameter( "access_code", randomUserName );
187 request.addParameter( "last_name", randomUserName );
188 request.addParameter( "first_name", randomUserName );
189 request.addParameter( "email", randomUserName + "@lutece.fr" );
190 request.addParameter( "user_level", "0" );
191 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
192 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
193 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
194 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
195 bean.doCreateAdminUser( request );
196 message = AdminMessageService.getMessage( request );
197 assertNotNull( message );
198 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
199
200 request = new MockHttpServletRequest( );
201 request.addParameter( "access_code", randomUserName );
202 request.addParameter( "last_name", randomUserName );
203 request.addParameter( "first_name", randomUserName );
204 request.addParameter( "email", randomUserName + "@lutece.fr" );
205 request.addParameter( "user_level", "0" );
206 request.addParameter( "first_password", randomUserName );
207 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
208 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
209 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
210 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
211 bean.doCreateAdminUser( request );
212 message = AdminMessageService.getMessage( request );
213 assertNotNull( message );
214 assertEquals( I18nService.getLocalizedString( "portal.users.message.differentsPassword", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
215
216 request = new MockHttpServletRequest( );
217 request.addParameter( "access_code", randomUserName );
218 request.addParameter( "last_name", randomUserName );
219 request.addParameter( "first_name", randomUserName );
220 request.addParameter( "email", randomUserName + "@lutece.fr" );
221 request.addParameter( "user_level", "0" );
222 request.addParameter( "first_password", randomUserName );
223 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
224 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
225 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
226 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
227 bean.doCreateAdminUser( request );
228 message = AdminMessageService.getMessage( request );
229 assertNotNull( message );
230 assertEquals( I18nService.getLocalizedString( "portal.users.message.differentsPassword", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
231
232 request = new MockHttpServletRequest( );
233 request.addParameter( "access_code", randomUserName );
234 request.addParameter( "last_name", randomUserName );
235 request.addParameter( "first_name", randomUserName );
236 request.addParameter( "email", randomUserName + "@lutece.fr" );
237 request.addParameter( "user_level", "0" );
238 request.addParameter( "first_password", randomUserName );
239 request.addParameter( "second_password", randomUserName );
240 request.addParameter( "status", Integer.toString( AdminUser.ACTIVE_CODE ) );
241 request.addParameter( "language", "fr" );
242 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
243 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
244 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) );
245 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
246 bean.doCreateAdminUser( request );
247 message = AdminMessageService.getMessage( request );
248 assertNull( message );
249 AdminUser createdUser = AdminUserHome.findUserByLogin( randomUserName );
250 assertNotNull( createdUser );
251 LuteceDefaultAdminUser createdUserWithPassword = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( createdUser.getUserId( ) );
252 assertNotNull( createdUserWithPassword );
253 assertTrue( createdUserWithPassword.getPassword( ).check( randomUserName ) );
254 }
255 finally
256 {
257 AdminUser user = AdminUserHome.findUserByLogin( randomUserName );
258 if ( user != null )
259 {
260 AdminUserHome.remove( user.getUserId( ) );
261 }
262 }
263 }
264
265 public void testDoCreateAdminUserInvalidToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
266 {
267 AdminUserJspBean bean = new AdminUserJspBean( );
268 MockHttpServletRequest request = new MockHttpServletRequest( );
269 String randomUserName = "User_" + new SecureRandom( ).nextLong( );
270 try
271 {
272 request.addParameter( "access_code", randomUserName );
273 request.addParameter( "last_name", randomUserName );
274 request.addParameter( "first_name", randomUserName );
275 request.addParameter( "email", randomUserName + "@lutece.fr" );
276 request.addParameter( "user_level", "0" );
277 request.addParameter( "first_password", randomUserName );
278 request.addParameter( "second_password", randomUserName );
279 request.addParameter( "status", Integer.toString( AdminUser.ACTIVE_CODE ) );
280 request.addParameter( "language", "fr" );
281 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
282 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
283 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/CreateUser.jsp" ) + "b" );
284 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
285 bean.doCreateAdminUser( request );
286 fail( "Should have thrown" );
287 }
288 catch( AccessDeniedException e )
289 {
290 AdminMessage message = AdminMessageService.getMessage( request );
291 assertNull( message );
292 AdminUser createdUser = AdminUserHome.findUserByLogin( randomUserName );
293 assertNull( createdUser );
294 }
295 finally
296 {
297 AdminUser user = AdminUserHome.findUserByLogin( randomUserName );
298 if ( user != null )
299 {
300 AdminUserHome.remove( user.getUserId( ) );
301 }
302 }
303 }
304
305 public void testDoCreateAdminUserNoToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
306 {
307 AdminUserJspBean bean = new AdminUserJspBean( );
308 MockHttpServletRequest request = new MockHttpServletRequest( );
309 String randomUserName = "User_" + new SecureRandom( ).nextLong( );
310 try
311 {
312 request.addParameter( "access_code", randomUserName );
313 request.addParameter( "last_name", randomUserName );
314 request.addParameter( "first_name", randomUserName );
315 request.addParameter( "email", randomUserName + "@lutece.fr" );
316 request.addParameter( "user_level", "0" );
317 request.addParameter( "first_password", randomUserName );
318 request.addParameter( "second_password", randomUserName );
319 request.addParameter( "status", Integer.toString( AdminUser.ACTIVE_CODE ) );
320 request.addParameter( "language", "fr" );
321 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
322 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
323 bean.doCreateAdminUser( request );
324 fail( "Should have thrown" );
325 }
326 catch( AccessDeniedException e )
327 {
328 AdminMessage message = AdminMessageService.getMessage( request );
329 assertNull( message );
330 AdminUser createdUser = AdminUserHome.findUserByLogin( randomUserName );
331 assertNull( createdUser );
332 }
333 finally
334 {
335 AdminUser user = AdminUserHome.findUserByLogin( randomUserName );
336 if ( user != null )
337 {
338 AdminUserHome.remove( user.getUserId( ) );
339 }
340 }
341 }
342
343 private AdminUser getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( )
344 {
345 AdminUser user = new AdminUser( );
346 user.setUserLevel( 1 );
347 Map<String, Right> rights = new HashMap<>( 1 );
348 rights.put( RIGHT_CORE_USERS_MANAGEMENT, new Right( ) );
349 user.setRights( rights );
350 return user;
351 }
352
353 private AdminUser getLevel0AdminUserWithCORE_USERS_MANAGEMENTRight( )
354 {
355 AdminUser user = new AdminUser( );
356 user.setUserLevel( 0 );
357 Map<String, Right> rights = new HashMap<>( 1 );
358 rights.put( RIGHT_CORE_USERS_MANAGEMENT, new Right( ) );
359 user.setRights( rights );
360 return user;
361 }
362
363 public void testDoModifyAdminUser( ) throws AccessDeniedException, UserNotSignedException
364 {
365 AdminUser userToModify = getUserToModify( );
366 try
367 {
368 AdminUserJspBean bean = new AdminUserJspBean( );
369 MockHttpServletRequest request = new MockHttpServletRequest( );
370 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
371 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
372 try
373 {
374 bean.doModifyAdminUser( request );
375 fail( "Should not be able to modify a user with a lower level" );
376 }
377 catch( AccessDeniedException e )
378 {
379 }
380
381 request = new MockHttpServletRequest( );
382 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
383 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
384 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
385 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
386 bean.doModifyAdminUser( request );
387 AdminMessage message = AdminMessageService.getMessage( request );
388 assertNotNull( message );
389 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
390
391 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
392
393 request = new MockHttpServletRequest( );
394 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
395 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
396 request.addParameter( "access_code", modifiedName );
397 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
398 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
399 bean.doModifyAdminUser( request );
400 message = AdminMessageService.getMessage( request );
401 assertNotNull( message );
402 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
403
404 request = new MockHttpServletRequest( );
405 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
406 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
407 request.addParameter( "access_code", modifiedName );
408 request.addParameter( "last_name", modifiedName );
409 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
410 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
411 bean.doModifyAdminUser( request );
412 message = AdminMessageService.getMessage( request );
413 assertNotNull( message );
414 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
415
416 request = new MockHttpServletRequest( );
417 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
418 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
419 request.addParameter( "access_code", modifiedName );
420 request.addParameter( "last_name", modifiedName );
421 request.addParameter( "first_name", modifiedName );
422 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
423 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
424 bean.doModifyAdminUser( request );
425 message = AdminMessageService.getMessage( request );
426 assertNotNull( message );
427 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
428
429 request = new MockHttpServletRequest( );
430 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
431 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
432 request.addParameter( "access_code", modifiedName );
433 request.addParameter( "last_name", modifiedName );
434 request.addParameter( "first_name", modifiedName );
435 request.addParameter( "email", " " );
436 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
437 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
438 bean.doModifyAdminUser( request );
439 message = AdminMessageService.getMessage( request );
440 assertNotNull( message );
441 assertEquals( I18nService.getLocalizedString( Messages.MANDATORY_FIELDS, Locale.FRENCH ), message.getText( Locale.FRENCH ) );
442
443 request = new MockHttpServletRequest( );
444 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
445 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
446 request.addParameter( "access_code", "admin" );
447 request.addParameter( "last_name", modifiedName );
448 request.addParameter( "first_name", modifiedName );
449 request.addParameter( "email", modifiedName + "@lutece.fr" );
450 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
451 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
452 bean.doModifyAdminUser( request );
453 message = AdminMessageService.getMessage( request );
454 assertNotNull( message );
455 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessCodeAlreadyUsed", Locale.FRENCH ),
456 message.getText( Locale.FRENCH ) );
457
458 request = new MockHttpServletRequest( );
459 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
460 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
461 request.addParameter( "access_code", modifiedName );
462 request.addParameter( "last_name", modifiedName );
463 request.addParameter( "first_name", modifiedName );
464 request.addParameter( "email", "admin@lutece.fr" );
465 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
466 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
467 bean.doModifyAdminUser( request );
468 message = AdminMessageService.getMessage( request );
469 assertNotNull( message );
470 assertEquals( I18nService.getLocalizedString( "portal.users.message.user.accessEmailUsed", Locale.FRENCH ), message.getText( Locale.FRENCH ) );
471 }
472 finally
473 {
474 disposeOfUser( userToModify );
475 }
476 }
477
478 public void testDoModifyAdminUserSuccess( ) throws AccessDeniedException, UserNotSignedException
479 {
480 AdminUser userToModify = getUserToModify( );
481 try
482 {
483 AdminUserJspBean bean = new AdminUserJspBean( );
484 MockHttpServletRequest request = new MockHttpServletRequest( );
485 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
486 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
487 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
488 request.addParameter( "access_code", modifiedName );
489 request.addParameter( "last_name", modifiedName );
490 request.addParameter( "first_name", modifiedName );
491 request.addParameter( "email", userToModify.getEmail( ) );
492 request.addParameter( "status", Integer.toString( AdminUser.NOT_ACTIVE_CODE ) );
493 request.addParameter( "language", Locale.KOREA.toString( ) );
494 request.addParameter("user_level", "0");
495 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
496 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) );
497 bean.doModifyAdminUser( request );
498 AdminMessage message = AdminMessageService.getMessage( request );
499 assertNull( message );
500 AdminUser stored = AdminUserHome.findByPrimaryKey( userToModify.getUserId( ) );
501 assertNotNull( stored );
502 assertEquals( modifiedName, stored.getAccessCode( ) );
503 assertEquals( modifiedName, stored.getFirstName( ) );
504 assertEquals( modifiedName, stored.getLastName( ) );
505 assertEquals( AdminUser.NOT_ACTIVE_CODE, stored.getStatus( ) );
506 assertEquals( Locale.KOREA.toString( ).toLowerCase( ), stored.getLocale( ).toString( ).toLowerCase( ) );
507 }
508 finally
509 {
510 disposeOfUser( userToModify );
511 }
512 }
513
514 public void testDoModifyAdminUserNoToken( ) throws AccessDeniedException, UserNotSignedException
515 {
516 AdminUser userToModify = getUserToModify( );
517 try
518 {
519 AdminUserJspBean bean = new AdminUserJspBean( );
520 MockHttpServletRequest request = new MockHttpServletRequest( );
521 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
522 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
523 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
524 request.addParameter( "access_code", modifiedName );
525 request.addParameter( "last_name", modifiedName );
526 request.addParameter( "first_name", modifiedName );
527 request.addParameter( "email", userToModify.getEmail( ) );
528 request.addParameter( "status", Integer.toString( AdminUser.NOT_ACTIVE_CODE ) );
529 request.addParameter( "language", Locale.KOREA.toString( ) );
530 bean.doModifyAdminUser( request );
531 fail( "Should have thrown " );
532 }
533 catch( AccessDeniedException e )
534 {
535 AdminUser stored = AdminUserHome.findByPrimaryKey( userToModify.getUserId( ) );
536 assertNotNull( stored );
537 assertEquals( userToModify.getAccessCode( ), stored.getAccessCode( ) );
538 assertEquals( userToModify.getFirstName( ), stored.getFirstName( ) );
539 assertEquals( userToModify.getLastName( ), stored.getLastName( ) );
540 assertEquals( AdminUser.ACTIVE_CODE, stored.getStatus( ) );
541 assertEquals( LocaleService.getDefault( ), stored.getLocale( ) );
542 }
543 finally
544 {
545 disposeOfUser( userToModify );
546 }
547 }
548
549 public void testDoModifyAdminUserInvalidToken( ) throws AccessDeniedException, UserNotSignedException
550 {
551 AdminUser userToModify = getUserToModify( );
552 try
553 {
554 AdminUserJspBean bean = new AdminUserJspBean( );
555 MockHttpServletRequest request = new MockHttpServletRequest( );
556 request = new MockHttpServletRequest( );
557 AdminAuthenticationService.getInstance( ).registerUser( request, AdminUserHome.findUserByLogin( "admin" ) );
558 request.addParameter( "id_user", Integer.toString( userToModify.getUserId( ) ) );
559 final String modifiedName = userToModify.getAccessCode( ) + "_mod";
560 request.addParameter( "access_code", modifiedName );
561 request.addParameter( "last_name", modifiedName );
562 request.addParameter( "first_name", modifiedName );
563 request.addParameter( "email", userToModify.getEmail( ) );
564 request.addParameter( "status", Integer.toString( AdminUser.NOT_ACTIVE_CODE ) );
565 request.addParameter( "language", Locale.KOREA.toString( ) );
566 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
567 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyUser.jsp" ) + "b" );
568 bean.doModifyAdminUser( request );
569 fail( "Should have thrown " );
570 }
571 catch( AccessDeniedException e )
572 {
573 AdminUser stored = AdminUserHome.findByPrimaryKey( userToModify.getUserId( ) );
574 assertNotNull( stored );
575 assertEquals( userToModify.getAccessCode( ), stored.getAccessCode( ) );
576 assertEquals( userToModify.getFirstName( ), stored.getFirstName( ) );
577 assertEquals( userToModify.getLastName( ), stored.getLastName( ) );
578 assertEquals( AdminUser.ACTIVE_CODE, stored.getStatus( ) );
579 assertEquals( LocaleService.getDefault( ), stored.getLocale( ) );
580 }
581 finally
582 {
583 disposeOfUser( userToModify );
584 }
585 }
586
587 private AdminUser getUserToModify( )
588 {
589 String randomName = "User_" + new SecureRandom( ).nextLong( );
590 LuteceDefaultAdminUser user = new LuteceDefaultAdminUser( );
591 user.setAccessCode( randomName );
592 user.setFirstName( randomName );
593 user.setLastName( randomName );
594 user.setEmail( randomName + "@lutece.fr" );
595 user.setUserLevel( 0 );
596 user.setStatus( AdminUser.ACTIVE_CODE );
597 IPasswordFactory passwordFactory = SpringContextService.getBean( IPasswordFactory.BEAN_NAME );
598 user.setPassword( passwordFactory.getPasswordFromCleartext( "PASSWORD" ) );
599 AdminUserHome.create( user );
600 AdminUserHome.createRightForUser( user.getUserId( ), RIGHT_CORE_USERS_MANAGEMENT );
601 AdminUserHome.createRoleForUser( user.getUserId( ), "all_site_manager" );
602 return AdminUserHome.findByPrimaryKey( user.getUserId( ) );
603 }
604
605 private void disposeOfUser( AdminUser user )
606 {
607 AdminUserHome.removeAllRolesForUser( user.getUserId( ) );
608 AdminUserHome.removeAllOwnRightsForUser( user );
609 AdminUserHome.remove( user.getUserId( ) );
610 }
611
612 public void testDoUseAdvancedSecurityParametersDoNotChangePassword( ) throws AccessDeniedException, UserNotSignedException
613 {
614 boolean bUseAdvancesSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
615 AdminUserJspBean bean = new AdminUserJspBean( );
616 try
617 {
618 LuteceDefaultAdminUser admin = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( 1 );
619 assertTrue( admin.getPassword( ).check( "adminadmin" ) );
620 MockHttpServletRequest request = new MockHttpServletRequest( );
621 registerAdminUserAdmin( request );
622 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
623
624 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
625 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
626 bean.doUseAdvancedSecurityParameters( request );
627 admin = AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( 1 );
628 assertTrue( admin.getPassword( ).check( "adminadmin" ) );
629 }
630 finally
631 {
632 if ( bUseAdvancesSecurityParameters )
633 {
634 AdminUserService.useAdvancedSecurityParameters( );
635 }
636 else
637 {
638 AdminUserService.removeAdvancedSecurityParameters( );
639 }
640 }
641 }
642
643 public void testGetCreateAdminUserTEMPLATE_DEFAULT_CREATE_USER( ) throws PasswordResetException, AccessDeniedException
644 {
645 try
646 {
647 AdminUserJspBean bean = new AdminUserJspBean( );
648 MockHttpServletRequest request = new MockHttpServletRequest( );
649 request.getSession( true ).setAttribute( "lutece_admin_user", getLevel1AdminUserWithCORE_USERS_MANAGEMENTRight( ) );
650 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
651 bean.getCreateAdminUser( request );
652 }
653 catch( AppException e )
654 {
655 fail( "Shouldn't have thrown" );
656 }
657 }
658
659 public void testGetModifyUserPasswordUserNotfound( ) throws AccessDeniedException, UserNotSignedException
660 {
661 AdminUserJspBean bean = new AdminUserJspBean( );
662 MockHttpServletRequest request = new MockHttpServletRequest( );
663 request.setParameter( "id_user", Integer.toString( Integer.MIN_VALUE ) );
664 try
665 {
666 bean.getModifyUserPassword( request );
667 fail( "Should have thrown" );
668 }
669 catch( AppException e )
670 {
671
672 }
673 }
674
675 public void testGetModifyUserPasswordNotDefaultModule( ) throws AccessDeniedException, UserNotSignedException
676 {
677 AdminUserJspBean bean = new AdminUserJspBean( );
678 MockHttpServletRequest request = new MockHttpServletRequest( );
679 request.setParameter( "id_user", Integer.toString( 1 ) );
680 ReflectionTestUtils.setField( AdminAuthenticationService.getInstance( ), "_bUseDefaultModule", Boolean.FALSE );
681 try
682 {
683 bean.getModifyUserPassword( request );
684 fail( "Should have thrown" );
685 }
686 catch( AppException e )
687 {
688
689 }
690 finally
691 {
692 ReflectionTestUtils.setField( AdminAuthenticationService.getInstance( ), "_bUseDefaultModule", Boolean.TRUE );
693 }
694 }
695
696 public void testGetModifyUserPasswordNoRight( ) throws AccessDeniedException, UserNotSignedException
697 {
698 AdminUserJspBean bean = new AdminUserJspBean( );
699 MockHttpServletRequest request = new MockHttpServletRequest( );
700 request.getSession( true ).setAttribute( "lutece_admin_user", AdminUserHome.findUserByLogin( "lutece" ) );
701 request.setParameter( "id_user", Integer.toString( 1 ) );
702 try
703 {
704 bean.getModifyUserPassword( request );
705 fail( "Should have thrown" );
706 }
707 catch( AccessDeniedException e )
708 {
709
710 }
711 }
712
713 public void testGetModifyUserPassword( ) throws AccessDeniedException, UserNotSignedException
714 {
715 AdminUserJspBean bean = new AdminUserJspBean( );
716 MockHttpServletRequest request = new MockHttpServletRequest( );
717 AdminUser user = getUserToModify( );
718 try
719 {
720 AdminAuthenticationService.getInstance( ).registerUser( request, user );
721 request.setParameter( "id_user", Integer.toString( 1 ) );
722 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
723 String html = bean.getModifyUserPassword( request );
724 assertNotNull( html );
725 assertTrue( html.contains( I18nService.getLocalizedString( "portal.users.modify_user_password.pageTitle", Locale.FRANCE ) ) );
726 }
727 finally
728 {
729 disposeOfUser( user );
730 }
731 }
732
733 public void testDoModifyAdminUserPasswordNoRight( )
734 {
735 AdminUserJspBean bean = new AdminUserJspBean( );
736 MockHttpServletRequest request = new MockHttpServletRequest( );
737 request.getSession( true ).setAttribute( "lutece_admin_user", AdminUserHome.findUserByLogin( "lutece" ) );
738 request.setParameter( "id_user", Integer.toString( 1 ) );
739 try
740 {
741 bean.doModifyAdminUserPassword( request );
742 fail( "Should have thrown" );
743 }
744 catch( AccessDeniedException e )
745 {
746
747 }
748 }
749
750 public void testDoModifyAdminUserPassword( ) throws AccessDeniedException, UserNotSignedException
751 {
752 AdminUserJspBean bean = new AdminUserJspBean( );
753 MockHttpServletRequest request = new MockHttpServletRequest( );
754 AdminUser user = getUserToModify( );
755 try
756 {
757 AdminAuthenticationService.getInstance( ).registerUser( request, user );
758 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
759 String password = "CHANGEDCHANGED";
760 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
761 request.setParameter( "first_password", password );
762 request.setParameter( "second_password", password );
763 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
764 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
765 String url = bean.doModifyAdminUserPassword( request );
766 assertEquals( "ManageUsers.jsp", url );
767 assertTrue( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
768 }
769 finally
770 {
771 disposeOfUser( user );
772 }
773 }
774
775 public void testDoModifyAdminUserPasswordNotFound( ) throws AccessDeniedException, UserNotSignedException
776 {
777 AdminUserJspBean bean = new AdminUserJspBean( );
778 MockHttpServletRequest request = new MockHttpServletRequest( );
779 AdminUser user = getUserToModify( );
780 String password = "CHANGEDCHANGED";
781 try
782 {
783 AdminAuthenticationService.getInstance( ).registerUser( request, user );
784 request.setParameter( "id_user", Integer.toString( Integer.MIN_VALUE ) );
785 request.setParameter( "first_password", password );
786 request.setParameter( "second_password", password );
787 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
788 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
789 bean.doModifyAdminUserPassword( request );
790 fail( "should have thrown" );
791 }
792 catch( AppException e )
793 {
794 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
795 }
796 finally
797 {
798 disposeOfUser( user );
799 }
800 }
801
802 public void testDoModifyAdminUserPasswordNoFirst( ) throws AccessDeniedException, UserNotSignedException
803 {
804 AdminUserJspBean bean = new AdminUserJspBean( );
805 MockHttpServletRequest request = new MockHttpServletRequest( );
806 AdminUser user = getUserToModify( );
807 try
808 {
809 AdminAuthenticationService.getInstance( ).registerUser( request, user );
810 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
811 String password = "CHANGEDCHANGED";
812 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
813 request.setParameter( "second_password", password );
814 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
815 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
816 bean.doModifyAdminUserPassword( request );
817 AdminMessage message = AdminMessageService.getMessage( request );
818 assertNotNull( message );
819 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
820 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
821 }
822 finally
823 {
824 disposeOfUser( user );
825 }
826 }
827
828 public void testDoModifyAdminUserPasswordNoSecond( ) throws AccessDeniedException, UserNotSignedException
829 {
830 AdminUserJspBean bean = new AdminUserJspBean( );
831 MockHttpServletRequest request = new MockHttpServletRequest( );
832 AdminUser user = getUserToModify( );
833 try
834 {
835 AdminAuthenticationService.getInstance( ).registerUser( request, user );
836 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
837 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
838 String password = "CHANGEDCHANGED";
839 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
840 request.setParameter( "first_password", password );
841 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
842 bean.doModifyAdminUserPassword( request );
843 AdminMessage message = AdminMessageService.getMessage( request );
844 assertNotNull( message );
845 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
846 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
847 }
848 finally
849 {
850 disposeOfUser( user );
851 }
852 }
853
854 public void testDoModifyAdminUserPasswordDifferentSecond( ) throws AccessDeniedException, UserNotSignedException
855 {
856 AdminUserJspBean bean = new AdminUserJspBean( );
857 MockHttpServletRequest request = new MockHttpServletRequest( );
858 AdminUser user = getUserToModify( );
859 try
860 {
861 AdminAuthenticationService.getInstance( ).registerUser( request, user );
862 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
863 String password = "CHANGEDCHANGED";
864 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
865 request.setParameter( "first_password", password );
866 request.setParameter( "second_password", password + "-" );
867 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
868 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
869 bean.doModifyAdminUserPassword( request );
870 AdminMessage message = AdminMessageService.getMessage( request );
871 assertNotNull( message );
872 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
873 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
874 }
875 finally
876 {
877 disposeOfUser( user );
878 }
879 }
880
881 public void testDoModifyAdminUserPasswordWeak( ) throws AccessDeniedException, UserNotSignedException
882 {
883 AdminUserJspBean bean = new AdminUserJspBean( );
884 MockHttpServletRequest request = new MockHttpServletRequest( );
885 AdminUser user = getUserToModify( );
886 try
887 {
888 AdminAuthenticationService.getInstance( ).registerUser( request, user );
889 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
890 request.setParameter( "token", SecurityTokenService.getInstance( ).getToken( request, "portal.users.modify_user_password.pageTitle" ) );
891 String password = "W";
892 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
893 request.setParameter( "first_password", password );
894 request.setParameter( "second_password", password );
895 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
896 bean.doModifyAdminUserPassword( request );
897 AdminMessage message = AdminMessageService.getMessage( request );
898 assertNotNull( message );
899 assertEquals( AdminMessage.TYPE_STOP, message.getType( ) );
900 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
901 }
902 finally
903 {
904 disposeOfUser( user );
905 }
906 }
907
908 public void testDoModifyAdminUserPasswordNoToken( ) throws AccessDeniedException, UserNotSignedException
909 {
910 AdminUserJspBean bean = new AdminUserJspBean( );
911 MockHttpServletRequest request = new MockHttpServletRequest( );
912 AdminUser user = getUserToModify( );
913 String password = "CHANGEDCHANGED";
914 try
915 {
916 AdminAuthenticationService.getInstance( ).registerUser( request, user );
917 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
918 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
919 request.setParameter( "first_password", password );
920 request.setParameter( "second_password", password );
921 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
922 bean.doModifyAdminUserPassword( request );
923 fail( "Should have thrown" );
924 }
925 catch( AccessDeniedException e )
926 {
927 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
928 }
929 finally
930 {
931 disposeOfUser( user );
932 }
933 }
934
935 public void testDoModifyAdminUserPasswordInvalidToken( ) throws AccessDeniedException, UserNotSignedException
936 {
937 AdminUserJspBean bean = new AdminUserJspBean( );
938 MockHttpServletRequest request = new MockHttpServletRequest( );
939 AdminUser user = getUserToModify( );
940 String password = "CHANGEDCHANGED";
941 try
942 {
943 AdminAuthenticationService.getInstance( ).registerUser( request, user );
944 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
945 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
946 request.setParameter( "first_password", password );
947 request.setParameter( "second_password", password );
948 request.setParameter( "token", "invalid" );
949 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
950 bean.doModifyAdminUserPassword( request );
951 fail( "Should have thrown" );
952 }
953 catch( AccessDeniedException e )
954 {
955 assertFalse( AdminUserHome.findLuteceDefaultAdminUserByPrimaryKey( user.getUserId( ) ).getPassword( ).check( password ) );
956 }
957 finally
958 {
959 disposeOfUser( user );
960 }
961 }
962
963 public void testDoModifyAdminUserRights( ) throws AccessDeniedException, UserNotSignedException
964 {
965 AdminUserJspBean bean = new AdminUserJspBean( );
966 MockHttpServletRequest request = new MockHttpServletRequest( );
967 AdminUser user = getUserToModify( );
968 try
969 {
970 for ( Right right : RightHome.getRightsList( ) )
971 {
972 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
973 {
974 assertTrue( AdminUserHome.hasRight( user, right.getId( ) ) );
975 }
976 else
977 {
978 assertFalse( AdminUserHome.hasRight( user, right.getId( ) ) );
979 }
980 }
981 AdminAuthenticationService.getInstance( ).registerUser( request, user );
982 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
983 for ( Right right : RightHome.getRightsList( ) )
984 {
985 request.addParameter( "right", right.getId( ) );
986 }
987 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
988 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRights.jsp" ) );
989 bean.doModifyAdminUserRights( request );
990 assertNull( AdminMessageService.getMessage( request ) );
991 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
992 for ( Right right : RightHome.getRightsList( ) )
993 {
994 assertTrue( AdminUserHome.hasRight( stored, right.getId( ) ) );
995 }
996 }
997 finally
998 {
999 disposeOfUser( user );
1000 }
1001 }
1002
1003 public void testDoModifyAdminUserRightsInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1004 {
1005 AdminUserJspBean bean = new AdminUserJspBean( );
1006 MockHttpServletRequest request = new MockHttpServletRequest( );
1007 AdminUser user = getUserToModify( );
1008 try
1009 {
1010 for ( Right right : RightHome.getRightsList( ) )
1011 {
1012 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1013 {
1014 assertTrue( AdminUserHome.hasRight( user, right.getId( ) ) );
1015 }
1016 else
1017 {
1018 assertFalse( AdminUserHome.hasRight( user, right.getId( ) ) );
1019 }
1020 }
1021 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1022 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1023 for ( Right right : RightHome.getRightsList( ) )
1024 {
1025 request.addParameter( "right", right.getId( ) );
1026 }
1027 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1028 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRights.jsp" ) + "b" );
1029 bean.doModifyAdminUserRights( request );
1030 fail( "Should have thrown" );
1031 }
1032 catch( AccessDeniedException e )
1033 {
1034 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1035 for ( Right right : RightHome.getRightsList( ) )
1036 {
1037 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1038 {
1039 assertTrue( AdminUserHome.hasRight( stored, right.getId( ) ) );
1040 }
1041 else
1042 {
1043 assertFalse( AdminUserHome.hasRight( stored, right.getId( ) ) );
1044 }
1045 }
1046 }
1047 finally
1048 {
1049 disposeOfUser( user );
1050 }
1051 }
1052
1053 public void testDoModifyAdminUserRightsNoToken( ) throws AccessDeniedException, UserNotSignedException
1054 {
1055 AdminUserJspBean bean = new AdminUserJspBean( );
1056 MockHttpServletRequest request = new MockHttpServletRequest( );
1057 AdminUser user = getUserToModify( );
1058 try
1059 {
1060 for ( Right right : RightHome.getRightsList( ) )
1061 {
1062 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1063 {
1064 assertTrue( AdminUserHome.hasRight( user, right.getId( ) ) );
1065 }
1066 else
1067 {
1068 assertFalse( AdminUserHome.hasRight( user, right.getId( ) ) );
1069 }
1070 }
1071 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1072 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1073 for ( Right right : RightHome.getRightsList( ) )
1074 {
1075 request.addParameter( "right", right.getId( ) );
1076 }
1077 bean.doModifyAdminUserRights( request );
1078 fail( "Should have thrown" );
1079 }
1080 catch( AccessDeniedException e )
1081 {
1082 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1083 for ( Right right : RightHome.getRightsList( ) )
1084 {
1085 if ( RIGHT_CORE_USERS_MANAGEMENT.equals( right.getId( ) ) )
1086 {
1087 assertTrue( AdminUserHome.hasRight( stored, right.getId( ) ) );
1088 }
1089 else
1090 {
1091 assertFalse( AdminUserHome.hasRight( stored, right.getId( ) ) );
1092 }
1093 }
1094 }
1095 finally
1096 {
1097 disposeOfUser( user );
1098 }
1099 }
1100
1101 public void testDoModifyAdminUserRoles( ) throws AccessDeniedException, UserNotSignedException
1102 {
1103 AdminUserJspBean bean = new AdminUserJspBean( );
1104 MockHttpServletRequest request = new MockHttpServletRequest( );
1105 AdminUser user = getUserToModify( );
1106 try
1107 {
1108 for ( Role role : RoleHome.findAll( ) )
1109 {
1110 assertFalse( AdminUserHome.hasRole( user, role.getRole( ) ) );
1111 }
1112 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1113 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1114 assertFalse( RoleHome.findAll( ).isEmpty( ) );
1115 for ( Role role : RoleHome.findAll( ) )
1116 {
1117 request.addParameter( "roles", role.getRole( ) );
1118 }
1119 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1120 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRoles.jsp" ) );
1121 bean.doModifyAdminUserRoles( request );
1122 assertNull( AdminMessageService.getMessage( request ) );
1123 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1124 for ( Role role : RoleHome.findAll( ) )
1125 {
1126 assertTrue( AdminUserHome.hasRole( stored, role.getRole( ) ) );
1127 }
1128 }
1129 finally
1130 {
1131 disposeOfUser( user );
1132 }
1133 }
1134
1135 public void testDoModifyAdminUserRolesInvladidToken( ) throws AccessDeniedException, UserNotSignedException
1136 {
1137 AdminUserJspBean bean = new AdminUserJspBean( );
1138 MockHttpServletRequest request = new MockHttpServletRequest( );
1139 AdminUser user = getUserToModify( );
1140 try
1141 {
1142 for ( Role role : RoleHome.findAll( ) )
1143 {
1144 assertFalse( AdminUserHome.hasRole( user, role.getRole( ) ) );
1145 }
1146 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1147 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1148 assertFalse( RoleHome.findAll( ).isEmpty( ) );
1149 for ( Role role : RoleHome.findAll( ) )
1150 {
1151 request.addParameter( "roles", role.getRole( ) );
1152 }
1153 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1154 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserRoles.jsp" ) + "b" );
1155 bean.doModifyAdminUserRoles( request );
1156 fail( "Should have thrown" );
1157 }
1158 catch( AccessDeniedException e )
1159 {
1160 assertNull( AdminMessageService.getMessage( request ) );
1161 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1162 for ( Role role : RoleHome.findAll( ) )
1163 {
1164 assertFalse( AdminUserHome.hasRole( stored, role.getRole( ) ) );
1165 }
1166 }
1167 finally
1168 {
1169 disposeOfUser( user );
1170 }
1171 }
1172
1173 public void testDoModifyAdminUserRolesNoToken( ) throws AccessDeniedException, UserNotSignedException
1174 {
1175 AdminUserJspBean bean = new AdminUserJspBean( );
1176 MockHttpServletRequest request = new MockHttpServletRequest( );
1177 AdminUser user = getUserToModify( );
1178 try
1179 {
1180 for ( Role role : RoleHome.findAll( ) )
1181 {
1182 assertFalse( AdminUserHome.hasRole( user, role.getRole( ) ) );
1183 }
1184 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1185 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1186 assertFalse( RoleHome.findAll( ).isEmpty( ) );
1187 for ( Role role : RoleHome.findAll( ) )
1188 {
1189 request.addParameter( "roles", role.getRole( ) );
1190 }
1191 bean.doModifyAdminUserRoles( request );
1192 fail( "Should have thrown" );
1193 }
1194 catch( AccessDeniedException e )
1195 {
1196 assertNull( AdminMessageService.getMessage( request ) );
1197 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1198 for ( Role role : RoleHome.findAll( ) )
1199 {
1200 assertFalse( AdminUserHome.hasRole( stored, role.getRole( ) ) );
1201 }
1202 }
1203 finally
1204 {
1205 disposeOfUser( user );
1206 }
1207 }
1208
1209 public void testDoModifyAdminUserWorkgroups( ) throws AccessDeniedException, UserNotSignedException
1210 {
1211 AdminUserJspBean bean = new AdminUserJspBean( );
1212 MockHttpServletRequest request = new MockHttpServletRequest( );
1213 AdminUser user = getUserToModify( );
1214 AdminWorkgroup workgroup = null;
1215 try
1216 {
1217 workgroup = new AdminWorkgroup( );
1218 workgroup.setKey( user.getAccessCode( ) );
1219 workgroup.setDescription( user.getAccessCode( ) );
1220 AdminWorkgroupHome.create( workgroup );
1221 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1222 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1223 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1224 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1225 request.setParameter( "workgroup", workgroup.getKey( ) );
1226 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
1227 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserWorkgroups.jsp" ) );
1228 bean.doModifyAdminUserWorkgroups( request );
1229 assertNull( AdminMessageService.getMessage( request ) );
1230 assertTrue( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1231 }
1232 finally
1233 {
1234 if ( workgroup != null )
1235 {
1236 AdminWorkgroupHome.removeAllUsersForWorkgroup( workgroup.getKey( ) );
1237 AdminWorkgroupHome.remove( workgroup.getKey( ) );
1238 }
1239 disposeOfUser( user );
1240 }
1241
1242 }
1243
1244 public void testDoModifyAdminUserWorkgroupsInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1245 {
1246 AdminUserJspBean bean = new AdminUserJspBean( );
1247 MockHttpServletRequest request = new MockHttpServletRequest( );
1248 AdminUser user = getUserToModify( );
1249 AdminWorkgroup workgroup = null;
1250 try
1251 {
1252 workgroup = new AdminWorkgroup( );
1253 workgroup.setKey( user.getAccessCode( ) );
1254 workgroup.setDescription( user.getAccessCode( ) );
1255 AdminWorkgroupHome.create( workgroup );
1256 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1257 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1258 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1259 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1260 request.setParameter( "workgroup", workgroup.getKey( ) );
1261 request.setParameter( SecurityTokenService.PARAMETER_TOKEN,
1262 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ManageUserWorkgroups.jsp" ) + "b" );
1263 bean.doModifyAdminUserWorkgroups( request );
1264 fail( "Should have thrown" );
1265 }
1266 catch( AccessDeniedException e )
1267 {
1268 assertNull( AdminMessageService.getMessage( request ) );
1269 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1270 }
1271 finally
1272 {
1273 if ( workgroup != null )
1274 {
1275 AdminWorkgroupHome.removeAllUsersForWorkgroup( workgroup.getKey( ) );
1276 AdminWorkgroupHome.remove( workgroup.getKey( ) );
1277 }
1278 disposeOfUser( user );
1279 }
1280
1281 }
1282
1283 public void testDoModifyAdminUserWorkgroupsNoToken( ) throws AccessDeniedException, UserNotSignedException
1284 {
1285 AdminUserJspBean bean = new AdminUserJspBean( );
1286 MockHttpServletRequest request = new MockHttpServletRequest( );
1287 AdminUser user = getUserToModify( );
1288 AdminWorkgroup workgroup = null;
1289 try
1290 {
1291 workgroup = new AdminWorkgroup( );
1292 workgroup.setKey( user.getAccessCode( ) );
1293 workgroup.setDescription( user.getAccessCode( ) );
1294 AdminWorkgroupHome.create( workgroup );
1295 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1296 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1297 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1298 request.setParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1299 request.setParameter( "workgroup", workgroup.getKey( ) );
1300 bean.doModifyAdminUserWorkgroups( request );
1301 fail( "Should have thrown" );
1302 }
1303 catch( AccessDeniedException e )
1304 {
1305 assertNull( AdminMessageService.getMessage( request ) );
1306 assertFalse( AdminWorkgroupHome.isUserInWorkgroup( user, workgroup.getKey( ) ) );
1307 }
1308 finally
1309 {
1310 if ( workgroup != null )
1311 {
1312 AdminWorkgroupHome.removeAllUsersForWorkgroup( workgroup.getKey( ) );
1313 AdminWorkgroupHome.remove( workgroup.getKey( ) );
1314 }
1315 disposeOfUser( user );
1316 }
1317
1318 }
1319
1320 public void testGetAnonymizeAdminUser( )
1321 {
1322 AdminUserJspBean bean = new AdminUserJspBean( );
1323 MockHttpServletRequest request = new MockHttpServletRequest( );
1324 AdminUser user = getUserToModify( );
1325 try
1326 {
1327 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1328 bean.getAnonymizeAdminUser( request );
1329 AdminMessage message = AdminMessageService.getMessage( request );
1330 assertNotNull( message );
1331 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
1332 }
1333 finally
1334 {
1335 disposeOfUser( user );
1336 }
1337 }
1338
1339 public void testDoAnonymizeAdminUser( ) throws AccessDeniedException, UserNotSignedException
1340 {
1341 AdminUserJspBean bean = new AdminUserJspBean( );
1342
1343 MockHttpServletRequest request = new MockHttpServletRequest( );
1344 registerAdminUserAdmin( request );
1345 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1346
1347 AdminUser the_user = AdminUserService.getAdminUser( request );
1348
1349 AdminUser user = getUserToModify( );
1350 try
1351 {
1352 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1353 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1354 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoAnonymizeAdminUser.jsp" ) );
1355 bean.doAnonymizeAdminUser( request );
1356 assertNull( AdminMessageService.getMessage( request ) );
1357 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1358 assertFalse( user.getAccessCode( ).equals( stored.getAccessCode( ) ) );
1359 assertFalse( user.getFirstName( ).equals( stored.getFirstName( ) ) );
1360 assertFalse( user.getLastName( ).equals( stored.getLastName( ) ) );
1361 assertFalse( user.getEmail( ).equals( stored.getEmail( ) ) );
1362 }
1363 finally
1364 {
1365 disposeOfUser( user );
1366 }
1367 }
1368
1369 public void testDoAnonymizeAdminUserInvalidToken( ) throws AccessDeniedException
1370 {
1371 AdminUserJspBean bean = new AdminUserJspBean( );
1372 MockHttpServletRequest request = new MockHttpServletRequest( );
1373 AdminUser user = getUserToModify( );
1374 try
1375 {
1376 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1377 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1378 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoAnonymizeAdminUser.jsp" ) + "b" );
1379 bean.doAnonymizeAdminUser( request );
1380 fail( "Should have thrown" );
1381 }
1382 catch( AccessDeniedException e )
1383 {
1384 assertNull( AdminMessageService.getMessage( request ) );
1385 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1386 assertEquals( user.getAccessCode( ), stored.getAccessCode( ) );
1387 assertEquals( user.getFirstName( ), stored.getFirstName( ) );
1388 assertEquals( user.getLastName( ), stored.getLastName( ) );
1389 assertEquals( user.getEmail( ), stored.getEmail( ) );
1390 }
1391 finally
1392 {
1393 disposeOfUser( user );
1394 }
1395 }
1396
1397 public void testDoAnonymizeAdminUserNoToken( ) throws AccessDeniedException
1398 {
1399 AdminUserJspBean bean = new AdminUserJspBean( );
1400 MockHttpServletRequest request = new MockHttpServletRequest( );
1401 AdminUser user = getUserToModify( );
1402 try
1403 {
1404 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1405 bean.doAnonymizeAdminUser( request );
1406 fail( "Should have thrown" );
1407 }
1408 catch( AccessDeniedException e )
1409 {
1410 assertNull( AdminMessageService.getMessage( request ) );
1411 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1412 assertEquals( user.getAccessCode( ), stored.getAccessCode( ) );
1413 assertEquals( user.getFirstName( ), stored.getFirstName( ) );
1414 assertEquals( user.getLastName( ), stored.getLastName( ) );
1415 assertEquals( user.getEmail( ), stored.getEmail( ) );
1416 }
1417 finally
1418 {
1419 disposeOfUser( user );
1420 }
1421 }
1422
1423 public void testDoChangeFieldAnonymizeAdminUsers( ) throws AccessDeniedException
1424 {
1425 AdminUserJspBean bean = new AdminUserJspBean( );
1426 MockHttpServletRequest request = new MockHttpServletRequest( );
1427 Map<String, Boolean> origStatusMap = AdminUserHome.getAnonymizationStatusUserStaticField( );
1428 try
1429 {
1430 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1431 {
1432 assertTrue( entry.getValue( ) );
1433 }
1434 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1435 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
1436 bean.doChangeFieldAnonymizeAdminUsers( request );
1437 for ( Entry<String, Boolean> entry : AdminUserHome.getAnonymizationStatusUserStaticField( ).entrySet( ) )
1438 {
1439 assertFalse( entry.getValue( ) );
1440 }
1441 }
1442 finally
1443 {
1444 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1445 {
1446 AdminUserHome.updateAnonymizationStatusUserStaticField( entry.getKey( ), entry.getValue( ) );
1447 }
1448 }
1449 }
1450
1451 public void testDoChangeFieldAnonymizeAdminUsersInvalidToken( ) throws AccessDeniedException
1452 {
1453 AdminUserJspBean bean = new AdminUserJspBean( );
1454 MockHttpServletRequest request = new MockHttpServletRequest( );
1455 Map<String, Boolean> origStatusMap = AdminUserHome.getAnonymizationStatusUserStaticField( );
1456 try
1457 {
1458 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1459 {
1460 assertTrue( entry.getValue( ) );
1461 }
1462 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1463 SecurityTokenService.getInstance( ).getToken( request, "admin/user/field_anonymize_admin_user.html" ) + "b" );
1464 bean.doChangeFieldAnonymizeAdminUsers( request );
1465 fail( "Should have thrown" );
1466 }
1467 catch( AccessDeniedException e )
1468 {
1469 for ( Entry<String, Boolean> entry : AdminUserHome.getAnonymizationStatusUserStaticField( ).entrySet( ) )
1470 {
1471 assertTrue( entry.getValue( ) );
1472 }
1473 }
1474 finally
1475 {
1476 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1477 {
1478 AdminUserHome.updateAnonymizationStatusUserStaticField( entry.getKey( ), entry.getValue( ) );
1479 }
1480 }
1481 }
1482
1483 public void testDoChangeFieldAnonymizeAdminUsersNoToken( ) throws AccessDeniedException
1484 {
1485 AdminUserJspBean bean = new AdminUserJspBean( );
1486 MockHttpServletRequest request = new MockHttpServletRequest( );
1487 Map<String, Boolean> origStatusMap = AdminUserHome.getAnonymizationStatusUserStaticField( );
1488 try
1489 {
1490 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1491 {
1492 assertTrue( entry.getValue( ) );
1493 }
1494 bean.doChangeFieldAnonymizeAdminUsers( request );
1495 fail( "Should have thrown" );
1496 }
1497 catch( AccessDeniedException e )
1498 {
1499 for ( Entry<String, Boolean> entry : AdminUserHome.getAnonymizationStatusUserStaticField( ).entrySet( ) )
1500 {
1501 assertTrue( entry.getValue( ) );
1502 }
1503 }
1504 finally
1505 {
1506 for ( Entry<String, Boolean> entry : origStatusMap.entrySet( ) )
1507 {
1508 AdminUserHome.updateAnonymizationStatusUserStaticField( entry.getKey( ), entry.getValue( ) );
1509 }
1510 }
1511 }
1512
1513 public void testDoConfirmRemoveAdminUser( ) throws AccessDeniedException, UserNotSignedException
1514 {
1515 AdminUserJspBean bean = new AdminUserJspBean( );
1516 MockHttpServletRequest request = new MockHttpServletRequest( );
1517 AdminUser user = getUserToModify( );
1518 try
1519 {
1520 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1521 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1522 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1523 bean.doConfirmRemoveAdminUser( request );
1524 AdminMessage message = AdminMessageService.getMessage( request );
1525 assertNotNull( message );
1526 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
1527 }
1528 finally
1529 {
1530 disposeOfUser( user );
1531 }
1532 }
1533
1534 public void testDoRemoveAdminUser( ) throws AccessDeniedException, UserNotSignedException
1535 {
1536 AdminUserJspBean bean = new AdminUserJspBean( );
1537 MockHttpServletRequest request = new MockHttpServletRequest( );
1538 AdminUser user = getUserToModify( );
1539 try
1540 {
1541 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1542 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1543 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoRemoveUser.jsp" ) );
1544 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1545 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1546 bean.doRemoveAdminUser( request );
1547 assertNull( AdminMessageService.getMessage( request ) );
1548 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1549 assertNull( stored );
1550 }
1551 finally
1552 {
1553 disposeOfUser( user );
1554 }
1555 }
1556
1557 public void testDoRemoveAdminUserInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1558 {
1559 AdminUserJspBean bean = new AdminUserJspBean( );
1560 MockHttpServletRequest request = new MockHttpServletRequest( );
1561 AdminUser user = getUserToModify( );
1562 try
1563 {
1564 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1565 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1566 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/DoRemoveUser.jsp" ) + "b" );
1567 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1568 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1569 bean.doRemoveAdminUser( request );
1570 fail( "Should have thrown" );
1571 }
1572 catch( AccessDeniedException e )
1573 {
1574 assertNull( AdminMessageService.getMessage( request ) );
1575 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1576 assertNotNull( stored );
1577 }
1578 finally
1579 {
1580 disposeOfUser( user );
1581 }
1582 }
1583
1584 public void testDoRemoveAdminUserNoToken( ) throws AccessDeniedException, UserNotSignedException
1585 {
1586 AdminUserJspBean bean = new AdminUserJspBean( );
1587 MockHttpServletRequest request = new MockHttpServletRequest( );
1588 AdminUser user = getUserToModify( );
1589 try
1590 {
1591 request.addParameter( "id_user", Integer.toString( user.getUserId( ) ) );
1592 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1593 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1594 bean.doRemoveAdminUser( request );
1595 fail( "Should have thrown" );
1596 }
1597 catch( AccessDeniedException e )
1598 {
1599 assertNull( AdminMessageService.getMessage( request ) );
1600 AdminUser stored = AdminUserHome.findByPrimaryKey( user.getUserId( ) );
1601 assertNotNull( stored );
1602 }
1603 finally
1604 {
1605 disposeOfUser( user );
1606 }
1607 }
1608
1609 public void testDoImportUsersFromFile( ) throws AccessDeniedException, UserNotSignedException, IOException
1610 {
1611 AdminUserJspBean bean = new AdminUserJspBean( );
1612 MockHttpServletRequest request = new MockHttpServletRequest( );
1613 request.addParameter( SecurityTokenService.PARAMETER_TOKEN, SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ImportUser.jsp" ) );
1614 AdminUser user = getUserToModify( );
1615 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1616 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1617 Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
1618 List<FileItem> fileItems = new ArrayList<>( );
1619 FileItem file = new DiskFileItem( "import_file", "application/csv", true, "junit.csv", 1024, new File( System.getProperty( "java.io.tmpdir" ) ) );
1620 OutputStreamWriter writer = new OutputStreamWriter( file.getOutputStream( ), Charset.forName( "UTF-8" ) );
1621 writer.write( "test;test;test;test@test.fr;" + AdminUser.ACTIVE_CODE + ";" + Locale.FRANCE + ";0;false;false;;;" );
1622 writer.close( );
1623 fileItems.add( file );
1624 multipartFiles.put( "import_file", fileItems );
1625 Map<String, String [ ]> parameters = request.getParameterMap( );
1626 MultipartHttpServletRequest multipartRequest = new MultipartHttpServletRequest( request, multipartFiles, parameters );
1627 bean.getImportUsersFromFile( request );
1628 AdminUser importedUser = null;
1629 try
1630 {
1631 bean.doImportUsersFromFile( multipartRequest );
1632 importedUser = AdminUserHome.findUserByLogin( "test" );
1633 assertNotNull( importedUser );
1634 assertEquals( "test", importedUser.getAccessCode( ) );
1635 assertEquals( "test", importedUser.getFirstName( ) );
1636 assertEquals( "test", importedUser.getLastName( ) );
1637 assertEquals( "test@test.fr", importedUser.getEmail( ) );
1638 assertEquals( AdminUser.ACTIVE_CODE, importedUser.getStatus( ) );
1639 }
1640 finally
1641 {
1642 if ( importedUser != null )
1643 {
1644 disposeOfUser( importedUser );
1645 }
1646 disposeOfUser( user );
1647 }
1648 }
1649
1650 public void testDoImportUsersFromFileInvalidToken( ) throws AccessDeniedException, UserNotSignedException, IOException
1651 {
1652 AdminUserJspBean bean = new AdminUserJspBean( );
1653 MockHttpServletRequest request = new MockHttpServletRequest( );
1654 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1655 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ImportUser.jsp" ) + "b" );
1656 AdminUser user = getUserToModify( );
1657 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1658 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1659 Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
1660 List<FileItem> fileItems = new ArrayList<>( );
1661 FileItem file = new DiskFileItem( "import_file", "application/csv", true, "junit.csv", 1024, new File( System.getProperty( "java.io.tmpdir" ) ) );
1662 OutputStreamWriter writer = new OutputStreamWriter( file.getOutputStream( ), Charset.forName( "UTF-8" ) );
1663 writer.write( "test;test;test;test@test.fr;" + AdminUser.ACTIVE_CODE + ";" + Locale.FRANCE + ";0;false;false;;;" );
1664 writer.close( );
1665 fileItems.add( file );
1666 multipartFiles.put( "import_file", fileItems );
1667 Map<String, String [ ]> parameters = request.getParameterMap( );
1668 MultipartHttpServletRequest multipartRequest = new MultipartHttpServletRequest( request, multipartFiles, parameters );
1669 bean.getImportUsersFromFile( request );
1670 AdminUser importedUser = null;
1671 try
1672 {
1673 bean.doImportUsersFromFile( multipartRequest );
1674 fail( "Should have thrown" );
1675 }
1676 catch( AccessDeniedException e )
1677 {
1678 importedUser = AdminUserHome.findUserByLogin( "test" );
1679 assertNull( importedUser );
1680 }
1681 finally
1682 {
1683 if ( importedUser != null )
1684 {
1685 disposeOfUser( importedUser );
1686 }
1687 disposeOfUser( user );
1688 }
1689 }
1690
1691 public void testDoImportUsersFromFileNoToken( ) throws AccessDeniedException, UserNotSignedException, IOException
1692 {
1693 AdminUserJspBean bean = new AdminUserJspBean( );
1694 MockHttpServletRequest request = new MockHttpServletRequest( );
1695 AdminUser user = getUserToModify( );
1696 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1697 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1698 Map<String, List<FileItem>> multipartFiles = new HashMap<>( );
1699 List<FileItem> fileItems = new ArrayList<>( );
1700 FileItem file = new DiskFileItem( "import_file", "application/csv", true, "junit.csv", 1024, new File( System.getProperty( "java.io.tmpdir" ) ) );
1701 OutputStreamWriter writer = new OutputStreamWriter( file.getOutputStream( ), Charset.forName( "UTF-8" ) );
1702 writer.write( "test;test;test;test@test.fr;" + AdminUser.ACTIVE_CODE + ";" + Locale.FRANCE + ";0;false;false;;;" );
1703 writer.close( );
1704 fileItems.add( file );
1705 multipartFiles.put( "import_file", fileItems );
1706 Map<String, String [ ]> parameters = request.getParameterMap( );
1707 MultipartHttpServletRequest multipartRequest = new MultipartHttpServletRequest( request, multipartFiles, parameters );
1708 bean.getImportUsersFromFile( request );
1709 AdminUser importedUser = null;
1710 try
1711 {
1712 bean.doImportUsersFromFile( multipartRequest );
1713 fail( "Should have thrown" );
1714 }
1715 catch( AccessDeniedException e )
1716 {
1717 importedUser = AdminUserHome.findUserByLogin( "test" );
1718 assertNull( importedUser );
1719 }
1720 finally
1721 {
1722 if ( importedUser != null )
1723 {
1724 disposeOfUser( importedUser );
1725 }
1726 disposeOfUser( user );
1727 }
1728 }
1729
1730 public void testDoInsertRegularExpression( ) throws AccessDeniedException, UserNotSignedException
1731 {
1732 AdminUserJspBean bean = new AdminUserJspBean( );
1733 MockHttpServletRequest request = new MockHttpServletRequest( );
1734 AdminUser user = getUserToModify( );
1735 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1736 request.setParameter( "id_expression", "1" );
1737 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1738 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
1739 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1740 try
1741 {
1742 assertNotNull( bean.doInsertRegularExpression( request ) );
1743 }
1744 finally
1745 {
1746 AdminUserService.doRemoveRegularExpression( 1 );
1747 disposeOfUser( user );
1748 }
1749 }
1750
1751 public void testDoInsertRegularExpressionInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1752 {
1753 AdminUserJspBean bean = new AdminUserJspBean( );
1754 MockHttpServletRequest request = new MockHttpServletRequest( );
1755 AdminUser user = getUserToModify( );
1756 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1757 request.setParameter( "id_expression", "1" );
1758 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1759 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
1760 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1761 try
1762 {
1763 bean.doInsertRegularExpression( request );
1764 fail( "Should have thrown" );
1765 }
1766 catch( AccessDeniedException e )
1767 {
1768
1769 }
1770 finally
1771 {
1772 AdminUserService.doRemoveRegularExpression( 1 );
1773 disposeOfUser( user );
1774 }
1775 }
1776
1777 public void testDoInsertRegularExpressionNoToken( ) throws AccessDeniedException, UserNotSignedException
1778 {
1779 AdminUserJspBean bean = new AdminUserJspBean( );
1780 MockHttpServletRequest request = new MockHttpServletRequest( );
1781 AdminUser user = getUserToModify( );
1782 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1783 request.setParameter( "id_expression", "1" );
1784 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1785 try
1786 {
1787 bean.doInsertRegularExpression( request );
1788 fail( "Should have thrown" );
1789 }
1790 catch( AccessDeniedException e )
1791 {
1792
1793 }
1794 finally
1795 {
1796 AdminUserService.doRemoveRegularExpression( 1 );
1797 disposeOfUser( user );
1798 }
1799 }
1800
1801 public void testDoModifyAccountLifeTimeEmails( ) throws AccessDeniedException
1802 {
1803 String origEmailSender = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" );
1804 String origEmailSubject = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" );
1805 String origEmailBody = DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" );
1806 AdminUserJspBean bean = new AdminUserJspBean( );
1807 MockHttpServletRequest request = new MockHttpServletRequest( );
1808 request.setParameter( "email_type", "first" );
1809 request.setParameter( "email_sender", "junit" );
1810 request.setParameter( "email_subject", "junit" );
1811 request.setParameter( "email_body", "junit" );
1812 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1813 SecurityTokenService.getInstance( ).getToken( request, "jsp/admin/user/ModifyAccountLifeTimeEmails.jsp" ) );
1814 try
1815 {
1816 bean.doModifyAccountLifeTimeEmails( request );
1817 assertEquals( "junit", AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" ) );
1818 assertEquals( "junit", AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" ) );
1819 assertEquals( "junit", DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" ) );
1820 }
1821 finally
1822 {
1823 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_sender", origEmailSender );
1824 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_subject", origEmailSubject );
1825 DatabaseTemplateService.updateTemplate( "core_first_alert_mail", origEmailBody );
1826 }
1827 }
1828
1829 public void testDoModifyAccountLifeTimeEmailsInvalidToken( )
1830 {
1831 String origEmailSender = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" );
1832 String origEmailSubject = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" );
1833 String origEmailBody = DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" );
1834 AdminUserJspBean bean = new AdminUserJspBean( );
1835 MockHttpServletRequest request = new MockHttpServletRequest( );
1836 request.setParameter( "email_type", "first" );
1837 request.setParameter( "email_sender", "junit" );
1838 request.setParameter( "email_subject", "junit" );
1839 request.setParameter( "email_body", "junit" );
1840 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1841 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) + "b" );
1842 try
1843 {
1844 bean.doModifyAccountLifeTimeEmails( request );
1845 fail( "Should have thrown" );
1846 }
1847 catch( AccessDeniedException e )
1848 {
1849 assertEquals( origEmailSender, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" ) );
1850 assertEquals( origEmailSubject, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" ) );
1851 assertEquals( origEmailBody, DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" ) );
1852 }
1853 finally
1854 {
1855 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_sender", origEmailSender );
1856 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_subject", origEmailSubject );
1857 DatabaseTemplateService.updateTemplate( "core_first_alert_mail", origEmailBody );
1858 }
1859 }
1860
1861 public void testDoModifyAccountLifeTimeEmailsNoToken( )
1862 {
1863 String origEmailSender = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" );
1864 String origEmailSubject = AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" );
1865 String origEmailBody = DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" );
1866 AdminUserJspBean bean = new AdminUserJspBean( );
1867 MockHttpServletRequest request = new MockHttpServletRequest( );
1868 request.setParameter( "email_type", "first" );
1869 request.setParameter( "email_sender", "junit" );
1870 request.setParameter( "email_subject", "junit" );
1871 request.setParameter( "email_body", "junit" );
1872 try
1873 {
1874 bean.doModifyAccountLifeTimeEmails( request );
1875 fail( "Should have thrown" );
1876 }
1877 catch( AccessDeniedException e )
1878 {
1879 assertEquals( origEmailSender, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_sender" ) );
1880 assertEquals( origEmailSubject, AdminUserService.getSecurityParameter( "core.advanced_parameters.first_alert_mail_subject" ) );
1881 assertEquals( origEmailBody, DatabaseTemplateService.getTemplateFromKey( "core_first_alert_mail" ) );
1882 }
1883 finally
1884 {
1885 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_sender", origEmailSender );
1886 AdminUserService.updateSecurityParameter( "core.advanced_parameters.first_alert_mail_subject", origEmailSubject );
1887 DatabaseTemplateService.updateTemplate( "core_first_alert_mail", origEmailBody );
1888 }
1889 }
1890
1891 public void testDoModifyDefaultUserParameterValues( ) throws AccessDeniedException, UserNotSignedException
1892 {
1893 String origDefaultStatus = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS );
1894 String origDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
1895 String origDefaultNotification = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION );
1896 String origDefaultLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
1897 AdminUserJspBean bean = new AdminUserJspBean( );
1898 MockHttpServletRequest request = new MockHttpServletRequest( );
1899 AdminUser user = getUserToModify( );
1900 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1901 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1902 request.setParameter( "status", Integer.toString( AdminUser.ANONYMIZED_CODE ) );
1903 request.setParameter( "user_level", "10" );
1904 request.setParameter( "notify_user", "false" );
1905 request.setParameter( "language", Locale.CANADA_FRENCH.toString( ) );
1906 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1907 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
1908 try
1909 {
1910 bean.doModifyDefaultUserParameterValues( request );
1911 assertEquals( Integer.toString( AdminUser.ANONYMIZED_CODE ), DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
1912 assertEquals( "10", DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL ) );
1913 assertEquals( "false", DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
1914 assertEquals( Locale.CANADA_FRENCH.toString( ), DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE ) );
1915 }
1916 finally
1917 {
1918 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, origDefaultStatus );
1919 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, origDefaultLevel );
1920 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, origDefaultNotification );
1921 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, origDefaultLanguage );
1922 disposeOfUser( user );
1923 }
1924 }
1925
1926 public void testDoModifyDefaultUserParameterValuesInvalidToken( ) throws AccessDeniedException, UserNotSignedException
1927 {
1928 String origDefaultStatus = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS );
1929 String origDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
1930 String origDefaultNotification = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION );
1931 String origDefaultLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
1932 AdminUserJspBean bean = new AdminUserJspBean( );
1933 MockHttpServletRequest request = new MockHttpServletRequest( );
1934 AdminUser user = getUserToModify( );
1935 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1936 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1937 request.setParameter( "status", Integer.toString( AdminUser.ANONYMIZED_CODE ) );
1938 request.setParameter( "user_level", "10" );
1939 request.setParameter( "notify_user", "false" );
1940 request.setParameter( "language", Locale.CANADA_FRENCH.toString( ) );
1941 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
1942 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
1943 try
1944 {
1945 bean.doModifyDefaultUserParameterValues( request );
1946 fail( "Should have thrown" );
1947 }
1948 catch( AccessDeniedException e )
1949 {
1950 assertEquals( origDefaultStatus, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
1951 assertEquals( origDefaultLevel, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL ) );
1952 assertEquals( origDefaultNotification, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
1953 assertEquals( origDefaultLanguage, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE ) );
1954 }
1955 finally
1956 {
1957 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, origDefaultStatus );
1958 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, origDefaultLevel );
1959 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, origDefaultNotification );
1960 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, origDefaultLanguage );
1961 disposeOfUser( user );
1962 }
1963 }
1964
1965 public void testDoModifyDefaultUserParameterValuesNoToken( ) throws AccessDeniedException, UserNotSignedException
1966 {
1967 String origDefaultStatus = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS );
1968 String origDefaultLevel = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL );
1969 String origDefaultNotification = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION );
1970 String origDefaultLanguage = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE );
1971 AdminUserJspBean bean = new AdminUserJspBean( );
1972 MockHttpServletRequest request = new MockHttpServletRequest( );
1973 AdminUser user = getUserToModify( );
1974 AdminAuthenticationService.getInstance( ).registerUser( request, user );
1975 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
1976 request.setParameter( "status", Integer.toString( AdminUser.ANONYMIZED_CODE ) );
1977 request.setParameter( "user_level", "10" );
1978 request.setParameter( "notify_user", "false" );
1979 request.setParameter( "language", Locale.CANADA_FRENCH.toString( ) );
1980 try
1981 {
1982 bean.doModifyDefaultUserParameterValues( request );
1983 fail( "Should have thrown" );
1984 }
1985 catch( AccessDeniedException e )
1986 {
1987 assertEquals( origDefaultStatus, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_STATUS ) );
1988 assertEquals( origDefaultLevel, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LEVEL ) );
1989 assertEquals( origDefaultNotification, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION ) );
1990 assertEquals( origDefaultLanguage, DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE ) );
1991 }
1992 finally
1993 {
1994 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_STATUS, origDefaultStatus );
1995 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LEVEL, origDefaultLevel );
1996 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_NOTIFICATION, origDefaultNotification );
1997 DefaultUserParameterHome.update( AdminUserService.DSKEY_DEFAULT_USER_LANGUAGE, origDefaultLanguage );
1998 disposeOfUser( user );
1999 }
2000 }
2001
2002 public void testDoModifyDefaultUserSecurityValues( ) throws AccessDeniedException, UserNotSignedException
2003 {
2004 assertFalse( "Test does not account for advanced security parameters",
2005 AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2006 boolean origForceChangePasswordReinit = Boolean
2007 .parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) );
2008 int origPasswordMinimumLength = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH );
2009 int origResetTokenValidity = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY );
2010 boolean origLockResetTokenToSession = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION );
2011 int origAccountLifeTime = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME );
2012 int origTimeBeforeAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT );
2013 int origNbAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT );
2014 int origTimeBetweenAlertsAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT );
2015 int origAccessFailuresMax = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX );
2016 int origAccessFailuresInterval = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL );
2017 String origBannedDomainNames = AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES );
2018 AdminUserJspBean bean = new AdminUserJspBean( );
2019 MockHttpServletRequest request = new MockHttpServletRequest( );
2020 AdminUser user = getUserToModify( );
2021 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2022 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2023 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2024 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2025 request.setParameter( "force_change_password_reinit", origForceChangePasswordReinit ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2026 request.setParameter( "password_minimum_length", Integer.toString( origPasswordMinimumLength + 1 ) );
2027 request.setParameter( "reset_token_validity", Integer.toString( origResetTokenValidity + 1 ) );
2028 request.setParameter( "lock_reset_token_to_session", origLockResetTokenToSession ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2029 request.setParameter( "account_life_time", Integer.toString( origAccountLifeTime + 1 ) );
2030 request.setParameter( "time_before_alert_account", Integer.toString( origTimeBeforeAlertAccount + 1 ) );
2031 request.setParameter( "nb_alert_account", Integer.toString( origNbAlertAccount + 1 ) );
2032 request.setParameter( "time_between_alerts_account", Integer.toString( origTimeBetweenAlertsAccount + 1 ) );
2033 request.setParameter( "access_failures_max", Integer.toString( origAccessFailuresMax + 1 ) );
2034 request.setParameter( "access_failures_interval", Integer.toString( origAccessFailuresInterval + 1 ) );
2035 request.setParameter( "banned_domain_names", origBannedDomainNames + "b" );
2036 try
2037 {
2038 bean.doModifyDefaultUserSecurityValues( request );
2039 assertEquals( !origForceChangePasswordReinit,
2040 Boolean.parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) ) );
2041 assertEquals( origPasswordMinimumLength + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
2042 assertEquals( origResetTokenValidity + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY ) );
2043 assertEquals( !origLockResetTokenToSession, AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION ) );
2044 assertEquals( origAccountLifeTime + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME ) );
2045 assertEquals( origTimeBeforeAlertAccount + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT ) );
2046 assertEquals( origNbAlertAccount + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT ) );
2047 assertEquals( origTimeBetweenAlertsAccount + 1,
2048 AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2049 assertEquals( origAccessFailuresMax + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX ) );
2050 assertEquals( origAccessFailuresInterval + 1, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL ) );
2051 assertEquals( origBannedDomainNames + "b", AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES ) );
2052 }
2053 finally
2054 {
2055 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, Boolean.toString( origForceChangePasswordReinit ) );
2056 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, Integer.toString( origPasswordMinimumLength ) );
2057 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, Integer.toString( origResetTokenValidity ) );
2058 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, Boolean.toString( origLockResetTokenToSession ) );
2059 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, Integer.toString( origAccountLifeTime ) );
2060 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, Integer.toString( origTimeBeforeAlertAccount ) );
2061 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, Integer.toString( origNbAlertAccount ) );
2062 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, Integer.toString( origTimeBetweenAlertsAccount ) );
2063 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, Integer.toString( origAccessFailuresMax ) );
2064 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, Integer.toString( origAccessFailuresInterval ) );
2065 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, origBannedDomainNames );
2066 disposeOfUser( user );
2067 }
2068 }
2069
2070 public void testDoModifyDefaultUserSecurityValuesInvalidToken( ) throws AccessDeniedException, UserNotSignedException
2071 {
2072 assertFalse( "Test does not account for advanced security parameters",
2073 AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2074 boolean origForceChangePasswordReinit = Boolean
2075 .parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) );
2076 int origPasswordMinimumLength = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH );
2077 int origResetTokenValidity = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY );
2078 boolean origLockResetTokenToSession = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION );
2079 int origAccountLifeTime = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME );
2080 int origTimeBeforeAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT );
2081 int origNbAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT );
2082 int origTimeBetweenAlertsAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT );
2083 int origAccessFailuresMax = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX );
2084 int origAccessFailuresInterval = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL );
2085 String origBannedDomainNames = AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES );
2086 AdminUserJspBean bean = new AdminUserJspBean( );
2087 MockHttpServletRequest request = new MockHttpServletRequest( );
2088 AdminUser user = getUserToModify( );
2089 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2090 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2091 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2092 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2093 request.setParameter( "force_change_password_reinit", origForceChangePasswordReinit ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2094 request.setParameter( "password_minimum_length", Integer.toString( origPasswordMinimumLength + 1 ) );
2095 request.setParameter( "reset_token_validity", Integer.toString( origResetTokenValidity + 1 ) );
2096 request.setParameter( "lock_reset_token_to_session", origLockResetTokenToSession ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2097 request.setParameter( "account_life_time", Integer.toString( origAccountLifeTime + 1 ) );
2098 request.setParameter( "time_before_alert_account", Integer.toString( origTimeBeforeAlertAccount + 1 ) );
2099 request.setParameter( "nb_alert_account", Integer.toString( origNbAlertAccount + 1 ) );
2100 request.setParameter( "time_between_alerts_account", Integer.toString( origTimeBetweenAlertsAccount + 1 ) );
2101 request.setParameter( "access_failures_max", Integer.toString( origAccessFailuresMax + 1 ) );
2102 request.setParameter( "access_failures_interval", Integer.toString( origAccessFailuresInterval + 1 ) );
2103 request.setParameter( "banned_domain_names", origBannedDomainNames + "b" );
2104 try
2105 {
2106 bean.doModifyDefaultUserSecurityValues( request );
2107 fail( "Should have thrown" );
2108 }
2109 catch( AccessDeniedException e )
2110 {
2111 assertEquals( origForceChangePasswordReinit,
2112 Boolean.parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) ) );
2113 assertEquals( origPasswordMinimumLength, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
2114 assertEquals( origResetTokenValidity, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY ) );
2115 assertEquals( origLockResetTokenToSession, AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION ) );
2116 assertEquals( origAccountLifeTime, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME ) );
2117 assertEquals( origTimeBeforeAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT ) );
2118 assertEquals( origNbAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT ) );
2119 assertEquals( origTimeBetweenAlertsAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2120 assertEquals( origAccessFailuresMax, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX ) );
2121 assertEquals( origAccessFailuresInterval, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL ) );
2122 assertEquals( origBannedDomainNames, AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES ) );
2123 }
2124 finally
2125 {
2126 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, Boolean.toString( origForceChangePasswordReinit ) );
2127 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, Integer.toString( origPasswordMinimumLength ) );
2128 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, Integer.toString( origResetTokenValidity ) );
2129 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, Boolean.toString( origLockResetTokenToSession ) );
2130 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, Integer.toString( origAccountLifeTime ) );
2131 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, Integer.toString( origTimeBeforeAlertAccount ) );
2132 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, Integer.toString( origNbAlertAccount ) );
2133 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, Integer.toString( origTimeBetweenAlertsAccount ) );
2134 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, Integer.toString( origAccessFailuresMax ) );
2135 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, Integer.toString( origAccessFailuresInterval ) );
2136 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, origBannedDomainNames );
2137 disposeOfUser( user );
2138 }
2139 }
2140
2141 public void testDoModifyDefaultUserSecurityValuesNoToken( ) throws AccessDeniedException, UserNotSignedException
2142 {
2143 assertFalse( "Test does not account for advanced security parameters",
2144 AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2145 boolean origForceChangePasswordReinit = Boolean
2146 .parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) );
2147 int origPasswordMinimumLength = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH );
2148 int origResetTokenValidity = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY );
2149 boolean origLockResetTokenToSession = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION );
2150 int origAccountLifeTime = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME );
2151 int origTimeBeforeAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT );
2152 int origNbAlertAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT );
2153 int origTimeBetweenAlertsAccount = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT );
2154 int origAccessFailuresMax = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX );
2155 int origAccessFailuresInterval = AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL );
2156 String origBannedDomainNames = AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES );
2157 AdminUserJspBean bean = new AdminUserJspBean( );
2158 MockHttpServletRequest request = new MockHttpServletRequest( );
2159 AdminUser user = getUserToModify( );
2160 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2161 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2162 request.setParameter( "force_change_password_reinit", origForceChangePasswordReinit ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2163 request.setParameter( "password_minimum_length", Integer.toString( origPasswordMinimumLength + 1 ) );
2164 request.setParameter( "reset_token_validity", Integer.toString( origResetTokenValidity + 1 ) );
2165 request.setParameter( "lock_reset_token_to_session", origLockResetTokenToSession ? Boolean.FALSE.toString( ) : Boolean.TRUE.toString( ) );
2166 request.setParameter( "account_life_time", Integer.toString( origAccountLifeTime + 1 ) );
2167 request.setParameter( "time_before_alert_account", Integer.toString( origTimeBeforeAlertAccount + 1 ) );
2168 request.setParameter( "nb_alert_account", Integer.toString( origNbAlertAccount + 1 ) );
2169 request.setParameter( "time_between_alerts_account", Integer.toString( origTimeBetweenAlertsAccount + 1 ) );
2170 request.setParameter( "access_failures_max", Integer.toString( origAccessFailuresMax + 1 ) );
2171 request.setParameter( "access_failures_interval", Integer.toString( origAccessFailuresInterval + 1 ) );
2172 request.setParameter( "banned_domain_names", origBannedDomainNames + "b" );
2173 try
2174 {
2175 bean.doModifyDefaultUserSecurityValues( request );
2176 fail( "Should have thrown" );
2177 }
2178 catch( AccessDeniedException e )
2179 {
2180 assertEquals( origForceChangePasswordReinit,
2181 Boolean.parseBoolean( DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT ) ) );
2182 assertEquals( origPasswordMinimumLength, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH ) );
2183 assertEquals( origResetTokenValidity, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY ) );
2184 assertEquals( origLockResetTokenToSession, AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION ) );
2185 assertEquals( origAccountLifeTime, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME ) );
2186 assertEquals( origTimeBeforeAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT ) );
2187 assertEquals( origNbAlertAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT ) );
2188 assertEquals( origTimeBetweenAlertsAccount, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT ) );
2189 assertEquals( origAccessFailuresMax, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX ) );
2190 assertEquals( origAccessFailuresInterval, AdminUserService.getIntegerSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL ) );
2191 assertEquals( origBannedDomainNames, AdminUserService.getLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES ) );
2192 }
2193 finally
2194 {
2195 DefaultUserParameterHome.update( AdminUserService.DSKEY_FORCE_CHANGE_PASSWORD_REINIT, Boolean.toString( origForceChangePasswordReinit ) );
2196 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_PASSWORD_MINIMUM_LENGTH, Integer.toString( origPasswordMinimumLength ) );
2197 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_RESET_TOKEN_VALIDITY, Integer.toString( origResetTokenValidity ) );
2198 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_LOCK_RESET_TOKEN_TO_SESSION, Boolean.toString( origLockResetTokenToSession ) );
2199 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCOUNT_LIFE_TIME, Integer.toString( origAccountLifeTime ) );
2200 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BEFORE_ALERT_ACCOUNT, Integer.toString( origTimeBeforeAlertAccount ) );
2201 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_NB_ALERT_ACCOUNT, Integer.toString( origNbAlertAccount ) );
2202 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_TIME_BETWEEN_ALERTS_ACCOUNT, Integer.toString( origTimeBetweenAlertsAccount ) );
2203 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_MAX, Integer.toString( origAccessFailuresMax ) );
2204 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_ACCES_FAILURES_INTERVAL, Integer.toString( origAccessFailuresInterval ) );
2205 AdminUserService.updateLargeSecurityParameter( AdminUserService.DSKEY_BANNED_DOMAIN_NAMES, origBannedDomainNames );
2206 disposeOfUser( user );
2207 }
2208 }
2209
2210 public void testDoModifyEmailPattern( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2211 {
2212 String origEmailPattern = getEmailPattern( );
2213 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2214 AdminUserJspBean bean = new AdminUserJspBean( );
2215 MockHttpServletRequest request = new MockHttpServletRequest( );
2216 AdminUser user = getUserToModify( );
2217 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2218 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2219 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2220 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2221 request.setParameter( "is_email_pattern_set_manually", Boolean.FALSE.toString( ) );
2222 request.setParameter( "email_pattern", origEmailPattern + "b" );
2223 try
2224 {
2225 bean.doModifyEmailPattern( request );
2226 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2227 assertTrue( isEmailPatternSetManually( ) );
2228 }
2229 finally
2230 {
2231 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2232 disposeOfUser( user );
2233 }
2234 }
2235
2236
2237
2238
2239
2240
2241 private static String getDefaultEmailPattern( )
2242 {
2243 return AppPropertiesService.getProperty( "lutece.email.pattern" );
2244 }
2245
2246
2247
2248
2249
2250
2251
2252 private static String getEmailPattern( )
2253 {
2254 String strEmailPattern = getDefaultEmailPattern( );
2255 String emailPattern = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_EMAIL_PATTERN );
2256
2257 if ( emailPattern != null )
2258 {
2259 strEmailPattern = emailPattern;
2260 }
2261
2262 return strEmailPattern;
2263 }
2264
2265
2266
2267
2268
2269
2270 private static boolean isEmailPatternSetManually( )
2271 {
2272 boolean bIsSetManually = true;
2273
2274 if ( RegularExpressionService.getInstance( ).isAvailable( ) )
2275 {
2276 String emailPatternVerifyBy = DefaultUserParameterHome.findByKey( AdminUserService.DSKEY_EMAIL_PATTERN_VERIFY_BY );
2277
2278 if ( StringUtils.isNotBlank( emailPatternVerifyBy ) )
2279 {
2280 bIsSetManually = false;
2281 }
2282 }
2283
2284 return bIsSetManually;
2285 }
2286
2287 public void testDoModifyEmailPatternInvalidToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2288 {
2289 String origEmailPattern = getEmailPattern( );
2290 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2291 AdminUserJspBean bean = new AdminUserJspBean( );
2292 MockHttpServletRequest request = new MockHttpServletRequest( );
2293 AdminUser user = getUserToModify( );
2294 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2295 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2296 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2297 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2298 request.setParameter( "is_email_pattern_set_manually", Boolean.FALSE.toString( ) );
2299 request.setParameter( "email_pattern", origEmailPattern + "b" );
2300 try
2301 {
2302 bean.doModifyEmailPattern( request );
2303 fail( "Should have thrown" );
2304 }
2305 catch( AccessDeniedException e )
2306 {
2307 assertEquals( origEmailPattern, getEmailPattern( ) );
2308 assertTrue( isEmailPatternSetManually( ) );
2309 }
2310 finally
2311 {
2312 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2313 disposeOfUser( user );
2314 }
2315 }
2316
2317 public void testDoModifyEmailPatternNoToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2318 {
2319 String origEmailPattern = getEmailPattern( );
2320 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2321 AdminUserJspBean bean = new AdminUserJspBean( );
2322 MockHttpServletRequest request = new MockHttpServletRequest( );
2323 AdminUser user = getUserToModify( );
2324 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2325 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2326 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2327 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2328 request.setParameter( "is_email_pattern_set_manually", Boolean.FALSE.toString( ) );
2329 request.setParameter( "email_pattern", origEmailPattern + "b" );
2330 try
2331 {
2332 bean.doModifyEmailPattern( request );
2333 fail( "Should have thrown" );
2334 }
2335 catch( AccessDeniedException e )
2336 {
2337 assertEquals( origEmailPattern, getEmailPattern( ) );
2338 assertTrue( isEmailPatternSetManually( ) );
2339 }
2340 finally
2341 {
2342 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2343 disposeOfUser( user );
2344 }
2345 }
2346
2347 public void testGetChangeUseAdvancedSecurityParametersToFalse( )
2348 {
2349 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2350 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2351 try
2352 {
2353 AdminUserJspBean bean = new AdminUserJspBean( );
2354 MockHttpServletRequest request = new MockHttpServletRequest( );
2355 bean.getChangeUseAdvancedSecurityParameters( request );
2356 AdminMessage message = AdminMessageService.getMessage( request );
2357 assertNotNull( message );
2358 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
2359 }
2360 finally
2361 {
2362 if ( origUseAdvancedSecurityParameters )
2363 {
2364 AdminUserService.useAdvancedSecurityParameters( );
2365 }
2366 else
2367 {
2368 AdminUserService.removeAdvancedSecurityParameters( );
2369 }
2370 }
2371 }
2372
2373 public void testGetChangeUseAdvancedSecurityParametersToTrue( )
2374 {
2375 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2376 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2377 try
2378 {
2379 AdminUserJspBean bean = new AdminUserJspBean( );
2380 MockHttpServletRequest request = new MockHttpServletRequest( );
2381 bean.getChangeUseAdvancedSecurityParameters( request );
2382 AdminMessage message = AdminMessageService.getMessage( request );
2383 assertNotNull( message );
2384 assertTrue( message.getRequestParameters( ).containsKey( SecurityTokenService.PARAMETER_TOKEN ) );
2385 }
2386 finally
2387 {
2388 if ( origUseAdvancedSecurityParameters )
2389 {
2390 AdminUserService.useAdvancedSecurityParameters( );
2391 }
2392 else
2393 {
2394 AdminUserService.removeAdvancedSecurityParameters( );
2395 }
2396 }
2397 }
2398
2399 public void testDoRemoveAdvancedSecurityParameters( ) throws AccessDeniedException, UserNotSignedException
2400 {
2401 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2402 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2403 try
2404 {
2405 AdminUserJspBean bean = new AdminUserJspBean( );
2406 MockHttpServletRequest request = new MockHttpServletRequest( );
2407 registerAdminUserAdmin( request );
2408 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2409
2410 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2411 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2412 bean.doRemoveAdvancedSecurityParameters( request );
2413 assertFalse( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2414 }
2415 finally
2416 {
2417 if ( origUseAdvancedSecurityParameters )
2418 {
2419 AdminUserService.useAdvancedSecurityParameters( );
2420 }
2421 else
2422 {
2423 AdminUserService.removeAdvancedSecurityParameters( );
2424 }
2425 }
2426 }
2427
2428 public void testDoRemoveAdvancedSecurityParametersInvalidToken( ) throws AccessDeniedException
2429 {
2430 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2431 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2432 try
2433 {
2434 AdminUserJspBean bean = new AdminUserJspBean( );
2435 MockHttpServletRequest request = new MockHttpServletRequest( );
2436 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2437 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2438 bean.doRemoveAdvancedSecurityParameters( request );
2439 fail( "should have thrown" );
2440 }
2441 catch( AccessDeniedException e )
2442 {
2443 assertTrue( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2444 }
2445 finally
2446 {
2447 if ( origUseAdvancedSecurityParameters )
2448 {
2449 AdminUserService.useAdvancedSecurityParameters( );
2450 }
2451 else
2452 {
2453 AdminUserService.removeAdvancedSecurityParameters( );
2454 }
2455 }
2456 }
2457
2458 public void testDoRemoveAdvancedSecurityParametersNoToken( ) throws AccessDeniedException
2459 {
2460 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2461 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.TRUE.toString( ) );
2462 try
2463 {
2464 AdminUserJspBean bean = new AdminUserJspBean( );
2465 MockHttpServletRequest request = new MockHttpServletRequest( );
2466 bean.doRemoveAdvancedSecurityParameters( request );
2467 fail( "should have thrown" );
2468 }
2469 catch( AccessDeniedException e )
2470 {
2471 assertTrue( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2472 }
2473 finally
2474 {
2475 if ( origUseAdvancedSecurityParameters )
2476 {
2477 AdminUserService.useAdvancedSecurityParameters( );
2478 }
2479 else
2480 {
2481 AdminUserService.removeAdvancedSecurityParameters( );
2482 }
2483 }
2484 }
2485
2486 public void testDoUseAdvancedSecurityParameters( ) throws AccessDeniedException, UserNotSignedException
2487 {
2488 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2489 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2490 try
2491 {
2492 AdminUserJspBean bean = new AdminUserJspBean( );
2493 MockHttpServletRequest request = new MockHttpServletRequest( );
2494 registerAdminUserAdmin( request );
2495 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2496
2497 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2498 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2499 bean.doUseAdvancedSecurityParameters( request );
2500 assertTrue( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2501 }
2502 finally
2503 {
2504 if ( origUseAdvancedSecurityParameters )
2505 {
2506 AdminUserService.useAdvancedSecurityParameters( );
2507 }
2508 else
2509 {
2510 AdminUserService.removeAdvancedSecurityParameters( );
2511 }
2512 }
2513 }
2514
2515 public void testDoUseAdvancedSecurityParametersInvalidToken( ) throws AccessDeniedException
2516 {
2517 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2518 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2519 try
2520 {
2521 AdminUserJspBean bean = new AdminUserJspBean( );
2522 MockHttpServletRequest request = new MockHttpServletRequest( );
2523 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2524 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2525 bean.doUseAdvancedSecurityParameters( request );
2526 fail( "should have thrown" );
2527 }
2528 catch( AccessDeniedException e )
2529 {
2530 assertFalse( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2531 }
2532 finally
2533 {
2534 if ( origUseAdvancedSecurityParameters )
2535 {
2536 AdminUserService.useAdvancedSecurityParameters( );
2537 }
2538 else
2539 {
2540 AdminUserService.removeAdvancedSecurityParameters( );
2541 }
2542 }
2543 }
2544
2545 public void testDoUseAdvancedSecurityParametersNoToken( ) throws AccessDeniedException
2546 {
2547 boolean origUseAdvancedSecurityParameters = AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS );
2548 AdminUserService.updateSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS, Boolean.FALSE.toString( ) );
2549 try
2550 {
2551 AdminUserJspBean bean = new AdminUserJspBean( );
2552 MockHttpServletRequest request = new MockHttpServletRequest( );
2553 bean.doUseAdvancedSecurityParameters( request );
2554 fail( "should have thrown" );
2555 }
2556 catch( AccessDeniedException e )
2557 {
2558 assertFalse( AdminUserService.getBooleanSecurityParameter( AdminUserService.DSKEY_USE_ADVANCED_SECURITY_PARAMETERS ) );
2559 }
2560 finally
2561 {
2562 if ( origUseAdvancedSecurityParameters )
2563 {
2564 AdminUserService.useAdvancedSecurityParameters( );
2565 }
2566 else
2567 {
2568 AdminUserService.removeAdvancedSecurityParameters( );
2569 }
2570 }
2571 }
2572
2573 public void testDoRemoveRegularExpression( ) throws AccessDeniedException, UserNotSignedException
2574 {
2575 AdminUserJspBean bean = new AdminUserJspBean( );
2576 MockHttpServletRequest request = new MockHttpServletRequest( );
2577 AdminUser user = getUserToModify( );
2578 try
2579 {
2580 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2581 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2582 request.setParameter( "id_expression", "1" );
2583 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2584 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2585 assertNotNull( bean.doRemoveRegularExpression( request ) );
2586 }
2587 finally
2588 {
2589 disposeOfUser( user );
2590 }
2591 }
2592
2593 public void testDoRemoveRegularExpressionInvalidToken( ) throws AccessDeniedException, UserNotSignedException
2594 {
2595 AdminUserJspBean bean = new AdminUserJspBean( );
2596 MockHttpServletRequest request = new MockHttpServletRequest( );
2597 AdminUser user = getUserToModify( );
2598 try
2599 {
2600 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2601 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2602 request.setParameter( "id_expression", "1" );
2603 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2604 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2605 bean.doRemoveRegularExpression( request );
2606 fail( "Should have thrown" );
2607 }
2608 catch( AccessDeniedException e )
2609 {
2610
2611 }
2612 finally
2613 {
2614 disposeOfUser( user );
2615 }
2616 }
2617
2618 public void testDoRemoveRegularExpressionNoToken( ) throws AccessDeniedException, UserNotSignedException
2619 {
2620 AdminUserJspBean bean = new AdminUserJspBean( );
2621 MockHttpServletRequest request = new MockHttpServletRequest( );
2622 AdminUser user = getUserToModify( );
2623 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2624 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2625 request.setParameter( "id_expression", "1" );
2626 try
2627 {
2628 bean.doRemoveRegularExpression( request );
2629 fail( "Should have thrown" );
2630 }
2631 catch( AccessDeniedException e )
2632 {
2633
2634 }
2635 finally
2636 {
2637 disposeOfUser( user );
2638 }
2639 }
2640
2641 public void testDoModifyEmailPatternReset( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2642 {
2643 String origEmailPattern = getEmailPattern( );
2644 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2645 AdminUser user = getUserToModify( );
2646 try
2647 {
2648 AdminUserService.doModifyEmailPattern( origEmailPattern + "b", isEmailPatternSetManually( ) );
2649 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2650 AdminUserJspBean bean = new AdminUserJspBean( );
2651 MockHttpServletRequest request = new MockHttpServletRequest( );
2652 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2653 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2654 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2655 SecurityTokenService.getInstance( ).getToken( request, AdminDashboardJspBean.TEMPLATE_MANAGE_DASHBOARDS ) );
2656 request.setParameter( "reset", "reset" );
2657 bean.doModifyEmailPattern( request );
2658 assertEquals( origEmailPattern, getEmailPattern( ) );
2659 assertTrue( isEmailPatternSetManually( ) );
2660 }
2661 finally
2662 {
2663 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2664 disposeOfUser( user );
2665 }
2666 }
2667
2668 public void testDoModifyEmailPatternResetInvalidToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2669 {
2670 String origEmailPattern = getEmailPattern( );
2671 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2672 AdminUserService.doModifyEmailPattern( origEmailPattern + "b", isEmailPatternSetManually( ) );
2673 AdminUser user = getUserToModify( );
2674 try
2675 {
2676 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2677 AdminUserJspBean bean = new AdminUserJspBean( );
2678 MockHttpServletRequest request = new MockHttpServletRequest( );
2679 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2680 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2681 request.addParameter( SecurityTokenService.PARAMETER_TOKEN,
2682 SecurityTokenService.getInstance( ).getToken( request, "ManageAdvancedParameters.jsp" ) + "b" );
2683 request.setParameter( "reset", "reset" );
2684 bean.doModifyEmailPattern( request );
2685 fail( "Should have thrown" );
2686 }
2687 catch( AccessDeniedException e )
2688 {
2689 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2690 }
2691 finally
2692 {
2693 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2694 disposeOfUser( user );
2695 }
2696 }
2697
2698 public void testDoModifyEmailPatternResetNoToken( ) throws PasswordResetException, AccessDeniedException, UserNotSignedException
2699 {
2700 String origEmailPattern = getEmailPattern( );
2701 assertTrue( "plugin-regularexpression is not there", isEmailPatternSetManually( ) );
2702 AdminUserService.doModifyEmailPattern( origEmailPattern + "b", isEmailPatternSetManually( ) );
2703 AdminUser user = getUserToModify( );
2704 try
2705 {
2706 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2707 AdminUserJspBean bean = new AdminUserJspBean( );
2708 MockHttpServletRequest request = new MockHttpServletRequest( );
2709 AdminAuthenticationService.getInstance( ).registerUser( request, user );
2710 bean.init( request, RIGHT_CORE_USERS_MANAGEMENT );
2711 request.setParameter( "reset", "reset" );
2712 bean.doModifyEmailPattern( request );
2713 fail( "Should have thrown" );
2714 }
2715 catch( AccessDeniedException e )
2716 {
2717 assertEquals( origEmailPattern + "b", getEmailPattern( ) );
2718 }
2719 finally
2720 {
2721 AdminUserService.doModifyEmailPattern( origEmailPattern, isEmailPatternSetManually( ) );
2722 disposeOfUser( user );
2723 }
2724 }
2725
2726
2727
2728
2729
2730
2731
2732
2733 private void registerAdminUserAdmin( HttpServletRequest request ) throws AccessDeniedException, UserNotSignedException
2734 {
2735 AdminUser adminUser = AdminUserHome.findUserByLogin( "admin" );
2736 adminUser.setStatus( 0 );
2737 adminUser.setUserLevel( 0 );
2738 adminUser.setPasswordReset( false );
2739
2740 AdminUserHome.update( adminUser );
2741
2742 AdminAuthenticationService.getInstance( ).registerUser( request, adminUser );
2743 }
2744 }