package org.uned.agonzalo16.bitacora.service.security;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.when;
import java.util.ArrayList;
import java.util.List;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.util.DigestUtils;
import org.uned.agonzalo16.bitacora.dao.UserDao;
import org.uned.agonzalo16.bitacora.domain.User;
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations = "classpath:/META-INF/spring/applicationContext-test.xml")
public class AuthenticationProviderTest {
@Autowired
private AuthenticationProvider authenticationProvider;
@Mock
private UserDao userDao;
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
authenticationProvider.setUserDao(userDao);
}
@Test
public void testEmptyPassword() {
try {
authenticationProvider.retrieveUser("user", new UsernamePasswordAuthenticationToken("user", ""));
fail("password is empty");
} catch (BadCredentialsException ex) {
}
}
@Test
public void testInvalidUser() {
List<User> users = new ArrayList<User>();
users.add(new User());
when(userDao.findAll()).thenReturn(users);
when(userDao.findByUsername((String) any())).thenReturn(null);
try {
authenticationProvider.retrieveUser("user", new UsernamePasswordAuthenticationToken("user", "pass"));
fail("invalid user");
} catch (BadCredentialsException ex) {
}
}
@Test
public void testNoPassword() {
List<User> users = new ArrayList<User>();
users.add(new User());
when(userDao.findAll()).thenReturn(users);
User user = new User();
user.setActive(true);
user.setUsername("user");
when(userDao.findByUsername((String) any())).thenReturn(user);
try {
authenticationProvider.retrieveUser("user", new UsernamePasswordAuthenticationToken("user", "pass"));
fail("no password");
} catch (BadCredentialsException ex) {
}
}
@Test
public void testInvalidPassword() {
List<User> users = new ArrayList<User>();
users.add(new User());
when(userDao.findAll()).thenReturn(users);
User user = new User();
user.setPassword("xxxxXXXxxxxXXX");
user.setActive(true);
user.setUsername("user");
when(userDao.findByUsername((String) any())).thenReturn(user);
try {
authenticationProvider.retrieveUser("user", new UsernamePasswordAuthenticationToken("user", "pass"));
fail("invalid password");
} catch (BadCredentialsException ex) {
}
}
@Test
public void testLoadUserByUsername() {
when(userDao.findAll()).thenReturn(new ArrayList<User>());
User user = new User();
user.setPassword("pass");
user.setActive(true);
user.setUsername("user");
when(userDao.findByUsername((String) any())).thenReturn(user);
UserDetails userDetails = authenticationProvider.loadUserByUsername("user");
assertEquals(userDetails.getUsername(), "user");
assertEquals(userDetails.getPassword(), DigestUtils.md5DigestAsHex("pass".getBytes()));
assertTrue(userDetails.isAccountNonExpired());
assertTrue(userDetails.isAccountNonLocked());
assertTrue(userDetails.isCredentialsNonExpired());
assertTrue(userDetails.isEnabled());
}
@Test
public void testRetrieveUser() {
when(userDao.findAll()).thenReturn(new ArrayList<User>());
User user = new User();
user.setPassword("pass");
user.setActive(true);
user.setUsername("user");
when(userDao.findByUsername((String) any())).thenReturn(user);
UserDetails userDetails = authenticationProvider.retrieveUser("user", new UsernamePasswordAuthenticationToken("user", "pass"));
assertEquals(userDetails.getUsername(), "user");
assertEquals(userDetails.getPassword(), DigestUtils.md5DigestAsHex("pass".getBytes()));
assertTrue(userDetails.isAccountNonExpired());
assertTrue(userDetails.isAccountNonLocked());
assertTrue(userDetails.isCredentialsNonExpired());
assertTrue(userDetails.isEnabled());
}
}