service/src/test/java/TestUsers.java - fineract-cn-identity - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *   http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */

 import org.apache.fineract.cn.anubis.api.v1.domain.AllowedOperation;
 import org.apache.fineract.cn.api.context.AutoUserContext;
 import org.apache.fineract.cn.identity.api.v1.PermittableGroupIds;
 import org.apache.fineract.cn.identity.api.v1.domain.*;
 import org.apache.fineract.cn.identity.api.v1.events.EventConstants;
 import org.apache.fineract.cn.test.env.TestEnvironment;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.MediaType;
 import org.springframework.restdocs.JUnitRestDocumentation;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.setup.MockMvcBuilders;
 import org.springframework.web.context.WebApplicationContext;

 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;

 import static org.apache.fineract.cn.identity.internal.util.IdentityConstants.SU_NAME;
 import static org.apache.fineract.cn.identity.internal.util.IdentityConstants.SU_ROLE;
 import static org.springframework.restdocs.mockmvc.MockMvcRestDocumentation.document;
 import static org.springframework.restdocs.mockmvc.MockMvcRestDocumentation.documentationConfiguration;
 import static org.springframework.restdocs.mockmvc.RestDocumentationRequestBuilders.post;
 import static org.springframework.restdocs.mockmvc.RestDocumentationRequestBuilders.put;
 import static org.springframework.restdocs.operation.preprocess.Preprocessors.preprocessRequest;
 import static org.springframework.restdocs.operation.preprocess.Preprocessors.preprocessResponse;
 import static org.springframework.restdocs.operation.preprocess.Preprocessors.prettyPrint;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

 /**
  * @author Myrle Krantz
  */
 public class TestUsers extends AbstractComponentTest {

   @Rule
   public final JUnitRestDocumentation restDocumentation = new JUnitRestDocumentation("src/doc/generated-snippets/test-users");

   @Autowired
   private WebApplicationContext context;

   private MockMvc mockMvc;

   final String path = "/identity/v1";

   @Before
   public void setUp(){

     this.mockMvc = MockMvcBuilders.webAppContextSetup(this.context)
             .apply(documentationConfiguration(this.restDocumentation))
             .alwaysDo(document("{method-name}", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint())))
             .build();
   }

   @Test
   public void testAddLogin() throws InterruptedException {

     final String username = createUserWithNonexpiredPassword(AHMES_PASSWORD, ADMIN_ROLE);

     try (final AutoUserContext ignore = loginAdmin()) {
       final User user = getTestSubject().getUser(username);
       Assert.assertNotNull(user);
       Assert.assertEquals("Correct user identifier?", username, user.getIdentifier());
       Assert.assertEquals("Correct role?", ADMIN_ROLE, user.getRole());
     }

     final Authentication userAuthentication =
             getTestSubject().login(username, TestEnvironment.encodePassword(AHMES_PASSWORD));

     Assert.assertNotNull(userAuthentication);

     try (final AutoUserContext ignored = new AutoUserContext(username, userAuthentication.getAccessToken())) {
       getTestSubject().createUser(new UserWithPassword("Ahmes_friend", "scribe",
               TestEnvironment.encodePassword(AHMES_FRIENDS_PASSWORD)));

       final boolean found = eventRecorder.wait(EventConstants.OPERATION_POST_USER, "Ahmes_friend");
       Assert.assertTrue(found);
     }

     try (final AutoUserContext ignore = loginAdmin()) {
       final List<User> users = getTestSubject().getUsers();
       Assert.assertTrue(Helpers.instancePresent(users, User::getIdentifier, username));
       Assert.assertTrue(Helpers.instancePresent(users, User::getIdentifier, "Ahmes_friend"));
     }

     try {
       this.mockMvc.perform(post(path + "/users/")
               .accept(MediaType.APPLICATION_JSON_VALUE)
               .contentType(MediaType.APPLICATION_JSON_VALUE))
               .andExpect(status().is4xxClientError());
     } catch (Exception e) {e.printStackTrace();}
   }

   @Test
   public void testChangeUserRole() throws InterruptedException {
     final String userIdentifier = createUserWithNonexpiredPassword(AHMES_PASSWORD, ADMIN_ROLE);

     final Authentication ahmesAuthentication =
             getTestSubject().login(userIdentifier, TestEnvironment.encodePassword(AHMES_PASSWORD));

     try (final AutoUserContext ignored = new AutoUserContext(userIdentifier, ahmesAuthentication.getAccessToken())) {
       List<User> users = getTestSubject().getUsers();
       Assert.assertEquals(2, users.size());

       getTestSubject().changeUserRole(userIdentifier, new RoleIdentifier("scribe"));

       final boolean found = eventRecorder.wait(EventConstants.OPERATION_PUT_USER_ROLEIDENTIFIER, userIdentifier);
       Assert.assertTrue(found);

       final User ahmes = getTestSubject().getUser(userIdentifier);
       Assert.assertEquals("scribe", ahmes.getRole());

       final Set<Permission> userPermittableGroups = getTestSubject().getUserPermissions(userIdentifier);
       Assert.assertTrue(userPermittableGroups.contains(new Permission(PermittableGroupIds.SELF_MANAGEMENT, AllowedOperation.ALL)));

       users = getTestSubject().getUsers();
       Assert.assertEquals(2, users.size());
     }

     try
     {
       this.mockMvc.perform(put(path + "/users/" + userIdentifier )
               .contentType(MediaType.APPLICATION_JSON))
               .andExpect(status().is4xxClientError());
     } catch (Exception E){ E.printStackTrace();}
   }

   @Test
   public void testChangeAntonyRoleFails() throws InterruptedException {
     final String userIdentifier = createUserWithNonexpiredPassword(AHMES_PASSWORD, ADMIN_ROLE);

     final Authentication ahmesAuthentication =
             getTestSubject().login(userIdentifier, TestEnvironment.encodePassword(AHMES_PASSWORD));

     try (final AutoUserContext ignored = new AutoUserContext(userIdentifier, ahmesAuthentication.getAccessToken())) {
       try {
         getTestSubject().changeUserRole(SU_NAME, new RoleIdentifier("scribe"));
         Assert.fail("Should not be able to change the role set for antony.");
       }
       catch (final IllegalArgumentException expected) {
         //noinspection EmptyCatchBlock
       }

       final User antony = getTestSubject().getUser(SU_NAME);
       Assert.assertEquals(SU_ROLE, antony.getRole());
     }
   }

   @Test
   public void testAdminProvisioning() throws InterruptedException {
     try (final AutoUserContext ignore = loginAdmin()) {
       final List<Role> roleIdentifiers = getTestSubject().getRoles();
       Assert.assertTrue(Helpers.instancePresent(roleIdentifiers, Role::getIdentifier, ADMIN_ROLE));

       final Role role = getTestSubject().getRole(ADMIN_ROLE);
       Assert.assertNotNull(role);
       Assert.assertTrue(role.getPermissions().contains(constructFullAccessPermission(PermittableGroupIds.IDENTITY_MANAGEMENT)));
       Assert.assertTrue(role.getPermissions().contains(constructFullAccessPermission(PermittableGroupIds.ROLE_MANAGEMENT)));

       final List<User> userIdentifiers = getTestSubject().getUsers();
       Assert.assertTrue(Helpers.instancePresent(userIdentifiers, User::getIdentifier, ADMIN_IDENTIFIER));

       final User user = getTestSubject().getUser(ADMIN_IDENTIFIER);
       Assert.assertNotNull(user);
       Assert.assertEquals(ADMIN_IDENTIFIER, user.getIdentifier());
       Assert.assertEquals(ADMIN_ROLE, user.getRole());

       final Set<Permission> adminPermittableGroups = getTestSubject().getUserPermissions(ADMIN_IDENTIFIER);
       Assert.assertTrue(adminPermittableGroups.contains(new Permission(PermittableGroupIds.SELF_MANAGEMENT, AllowedOperation.ALL)));
       Assert.assertTrue(adminPermittableGroups.contains(new Permission(PermittableGroupIds.IDENTITY_MANAGEMENT, AllowedOperation.ALL)));
       Assert.assertTrue(adminPermittableGroups.contains(new Permission(PermittableGroupIds.ROLE_MANAGEMENT, AllowedOperation.ALL)));
     }
   }

   private Permission constructFullAccessPermission(final String permittableGroupId) {
     final HashSet<AllowedOperation> allowedOperations = new HashSet<>();
     allowedOperations.add(AllowedOperation.CHANGE);
     allowedOperations.add(AllowedOperation.DELETE);
     allowedOperations.add(AllowedOperation.READ);
     return new Permission(permittableGroupId, allowedOperations);
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/

	import org.apache.fineract.cn.anubis.api.v1.domain.AllowedOperation;
	import org.apache.fineract.cn.api.context.AutoUserContext;
	import org.apache.fineract.cn.identity.api.v1.PermittableGroupIds;
	import org.apache.fineract.cn.identity.api.v1.domain.*;
	import org.apache.fineract.cn.identity.api.v1.events.EventConstants;
	import org.apache.fineract.cn.test.env.TestEnvironment;
	import org.junit.Assert;
	import org.junit.Before;
	import org.junit.Rule;
	import org.junit.Test;
	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.http.MediaType;
	import org.springframework.restdocs.JUnitRestDocumentation;
	import org.springframework.test.web.servlet.MockMvc;
	import org.springframework.test.web.servlet.setup.MockMvcBuilders;
	import org.springframework.web.context.WebApplicationContext;

	import java.util.HashSet;
	import java.util.List;
	import java.util.Set;

	import static org.apache.fineract.cn.identity.internal.util.IdentityConstants.SU_NAME;
	import static org.apache.fineract.cn.identity.internal.util.IdentityConstants.SU_ROLE;
	import static org.springframework.restdocs.mockmvc.MockMvcRestDocumentation.document;
	import static org.springframework.restdocs.mockmvc.MockMvcRestDocumentation.documentationConfiguration;
	import static org.springframework.restdocs.mockmvc.RestDocumentationRequestBuilders.post;
	import static org.springframework.restdocs.mockmvc.RestDocumentationRequestBuilders.put;
	import static org.springframework.restdocs.operation.preprocess.Preprocessors.preprocessRequest;
	import static org.springframework.restdocs.operation.preprocess.Preprocessors.preprocessResponse;
	import static org.springframework.restdocs.operation.preprocess.Preprocessors.prettyPrint;
	import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;

	/**
	* @author Myrle Krantz
	*/
	public class TestUsers extends AbstractComponentTest {

	@Rule
	public final JUnitRestDocumentation restDocumentation = new JUnitRestDocumentation("src/doc/generated-snippets/test-users");

	@Autowired
	private WebApplicationContext context;

	private MockMvc mockMvc;

	final String path = "/identity/v1";

	@Before
	public void setUp(){

	this.mockMvc = MockMvcBuilders.webAppContextSetup(this.context)
	.apply(documentationConfiguration(this.restDocumentation))
	.alwaysDo(document("{method-name}", preprocessRequest(prettyPrint()), preprocessResponse(prettyPrint())))
	.build();
	}

	@Test
	public void testAddLogin() throws InterruptedException {

	final String username = createUserWithNonexpiredPassword(AHMES_PASSWORD, ADMIN_ROLE);

	try (final AutoUserContext ignore = loginAdmin()) {
	final User user = getTestSubject().getUser(username);
	Assert.assertNotNull(user);
	Assert.assertEquals("Correct user identifier?", username, user.getIdentifier());
	Assert.assertEquals("Correct role?", ADMIN_ROLE, user.getRole());
	}

	final Authentication userAuthentication =
	getTestSubject().login(username, TestEnvironment.encodePassword(AHMES_PASSWORD));

	Assert.assertNotNull(userAuthentication);

	try (final AutoUserContext ignored = new AutoUserContext(username, userAuthentication.getAccessToken())) {
	getTestSubject().createUser(new UserWithPassword("Ahmes_friend", "scribe",
	TestEnvironment.encodePassword(AHMES_FRIENDS_PASSWORD)));

	final boolean found = eventRecorder.wait(EventConstants.OPERATION_POST_USER, "Ahmes_friend");
	Assert.assertTrue(found);
	}

	try (final AutoUserContext ignore = loginAdmin()) {
	final List<User> users = getTestSubject().getUsers();
	Assert.assertTrue(Helpers.instancePresent(users, User::getIdentifier, username));
	Assert.assertTrue(Helpers.instancePresent(users, User::getIdentifier, "Ahmes_friend"));
	}

	try {
	this.mockMvc.perform(post(path + "/users/")
	.accept(MediaType.APPLICATION_JSON_VALUE)
	.contentType(MediaType.APPLICATION_JSON_VALUE))
	.andExpect(status().is4xxClientError());
	} catch (Exception e) {e.printStackTrace();}
	}

	@Test
	public void testChangeUserRole() throws InterruptedException {
	final String userIdentifier = createUserWithNonexpiredPassword(AHMES_PASSWORD, ADMIN_ROLE);

	final Authentication ahmesAuthentication =
	getTestSubject().login(userIdentifier, TestEnvironment.encodePassword(AHMES_PASSWORD));

	try (final AutoUserContext ignored = new AutoUserContext(userIdentifier, ahmesAuthentication.getAccessToken())) {
	List<User> users = getTestSubject().getUsers();
	Assert.assertEquals(2, users.size());

	getTestSubject().changeUserRole(userIdentifier, new RoleIdentifier("scribe"));

	final boolean found = eventRecorder.wait(EventConstants.OPERATION_PUT_USER_ROLEIDENTIFIER, userIdentifier);
	Assert.assertTrue(found);

	final User ahmes = getTestSubject().getUser(userIdentifier);
	Assert.assertEquals("scribe", ahmes.getRole());

	final Set<Permission> userPermittableGroups = getTestSubject().getUserPermissions(userIdentifier);
	Assert.assertTrue(userPermittableGroups.contains(new Permission(PermittableGroupIds.SELF_MANAGEMENT, AllowedOperation.ALL)));

	users = getTestSubject().getUsers();
	Assert.assertEquals(2, users.size());
	}

	try
	{
	this.mockMvc.perform(put(path + "/users/" + userIdentifier )
	.contentType(MediaType.APPLICATION_JSON))
	.andExpect(status().is4xxClientError());
	} catch (Exception E){ E.printStackTrace();}
	}

	@Test
	public void testChangeAntonyRoleFails() throws InterruptedException {
	final String userIdentifier = createUserWithNonexpiredPassword(AHMES_PASSWORD, ADMIN_ROLE);

	final Authentication ahmesAuthentication =
	getTestSubject().login(userIdentifier, TestEnvironment.encodePassword(AHMES_PASSWORD));

	try (final AutoUserContext ignored = new AutoUserContext(userIdentifier, ahmesAuthentication.getAccessToken())) {
	try {
	getTestSubject().changeUserRole(SU_NAME, new RoleIdentifier("scribe"));
	Assert.fail("Should not be able to change the role set for antony.");
	}
	catch (final IllegalArgumentException expected) {
	//noinspection EmptyCatchBlock
	}

	final User antony = getTestSubject().getUser(SU_NAME);
	Assert.assertEquals(SU_ROLE, antony.getRole());
	}
	}

	@Test
	public void testAdminProvisioning() throws InterruptedException {
	try (final AutoUserContext ignore = loginAdmin()) {
	final List<Role> roleIdentifiers = getTestSubject().getRoles();
	Assert.assertTrue(Helpers.instancePresent(roleIdentifiers, Role::getIdentifier, ADMIN_ROLE));

	final Role role = getTestSubject().getRole(ADMIN_ROLE);
	Assert.assertNotNull(role);
	Assert.assertTrue(role.getPermissions().contains(constructFullAccessPermission(PermittableGroupIds.IDENTITY_MANAGEMENT)));
	Assert.assertTrue(role.getPermissions().contains(constructFullAccessPermission(PermittableGroupIds.ROLE_MANAGEMENT)));

	final List<User> userIdentifiers = getTestSubject().getUsers();
	Assert.assertTrue(Helpers.instancePresent(userIdentifiers, User::getIdentifier, ADMIN_IDENTIFIER));

	final User user = getTestSubject().getUser(ADMIN_IDENTIFIER);
	Assert.assertNotNull(user);
	Assert.assertEquals(ADMIN_IDENTIFIER, user.getIdentifier());
	Assert.assertEquals(ADMIN_ROLE, user.getRole());

	final Set<Permission> adminPermittableGroups = getTestSubject().getUserPermissions(ADMIN_IDENTIFIER);
	Assert.assertTrue(adminPermittableGroups.contains(new Permission(PermittableGroupIds.SELF_MANAGEMENT, AllowedOperation.ALL)));
	Assert.assertTrue(adminPermittableGroups.contains(new Permission(PermittableGroupIds.IDENTITY_MANAGEMENT, AllowedOperation.ALL)));
	Assert.assertTrue(adminPermittableGroups.contains(new Permission(PermittableGroupIds.ROLE_MANAGEMENT, AllowedOperation.ALL)));
	}
	}

	private Permission constructFullAccessPermission(final String permittableGroupId) {
	final HashSet<AllowedOperation> allowedOperations = new HashSet<>();
	allowedOperations.add(AllowedOperation.CHANGE);
	allowedOperations.add(AllowedOperation.DELETE);
	allowedOperations.add(AllowedOperation.READ);
	return new Permission(permittableGroupId, allowedOperations);
	}
	}