@Test(description = "POST /admin/user/{id}/action/unlock", dependsOnMethods = { "testEditUser" })
public void testUnlockUser() {
// Need to know how many times to fail login to lock account
AdminOrgApi adminOrgApi = adminContext.getApi().getOrgApi();
OrgPasswordPolicySettings settingsToRevertTo = null;
// session api isn't typically exposed to the user, as it is implicit
SessionApi sessionApi = context.utils().injector().getInstance(SessionApi.class);
OrgPasswordPolicySettings settings = adminOrgApi.getSettings(org.getId()).getPasswordPolicy();
assertNotNull(settings);
// Adjust account settings so we can lock the account - be careful to not set invalidLoginsBeforeLockout too low!
if (!settings.isAccountLockoutEnabled()) {
settingsToRevertTo = settings;
settings = settings.toBuilder().accountLockoutEnabled(true).invalidLoginsBeforeLockout(5).build();
settings = adminOrgApi.editPasswordPolicy(org.getId(), settings);
}
assertTrue(settings.isAccountLockoutEnabled());
for (int i = 0; i < settings.getInvalidLoginsBeforeLockout() + 1; i++) {
try {
sessionApi.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), org.getName(), "wrongpassword!");
fail("Managed to login using the wrong password!");
} catch (AuthorizationException e) {
} catch (Exception e) {