add api test

2015-04-05 08:20:50 +02:00 · 2015-04-05 08:20:50 +02:00 · 1e43e61a7a
parent 7b347e9455
commit 1e43e61a7a
5 changed files with 151 additions and 10 deletions
--- a/spring-security-login-and-registration/pom.xml
+++ b/spring-security-login-and-registration/pom.xml
@ -54,17 +54,17 @@
        </dependency>
        
        <dependency>
-			<groupId>org.springframework</groupId>
-			<artifactId>spring-test</artifactId>
-			<scope>test</scope>
-		</dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
+            <scope>test</scope>
+        </dependency>

        <!-- Password Validation -->
        <dependency>
-		    <groupId>org.passay</groupId>
-		    <artifactId>passay</artifactId>
-		    <version>1.0</version>
-		</dependency>
+            <groupId>org.passay</groupId>
+            <artifactId>passay</artifactId>
+            <version>1.0</version>
+        </dependency>
        
        
        <!-- Spring Data JPA dependencies -->
@ -137,6 +137,19 @@
            <scope>test</scope>
        </dependency>

+        <dependency>
+            <groupId>com.jayway.restassured</groupId>
+            <artifactId>rest-assured</artifactId>
+            <version>2.4.0</version>
+            <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <artifactId>commons-logging</artifactId>
+                    <groupId>commons-logging</groupId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+
    </dependencies>

    <build>
@ -189,4 +202,4 @@
        <guava.version>18.0</guava.version>

    </properties>
-</project>
+</project>
--- a/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java
+++ b/spring-security-login-and-registration/src/main/java/org/baeldung/web/controller/RegistrationController.java
@ -171,6 +171,7 @@ public class RegistrationController {
    // change user password

    @RequestMapping(value = "/user/updatePassword", method = RequestMethod.POST)
+    @PreAuthorize("hasRole('READ_PRIVILEGE')")
    @ResponseBody
    public GenericResponse changeUserPassword(final Locale locale, @RequestParam("password") final String password, @RequestParam("oldpassword") final String oldPassword) {
        final User user = userService.findUserByEmail(SecurityContextHolder.getContext().getAuthentication().getName());
--- a/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/changePassword.jsp
+++ b/spring-security-login-and-registration/src/main/webapp/WEB-INF/view/changePassword.jsp
@ -13,6 +13,7 @@
 <title><spring:message code="message.changePassword"></spring:message></title>
 </head>
 <body>
+<sec:authorize access="hasRole('READ_PRIVILEGE')">
 <nav class="navbar navbar-default">
  <div class="container-fluid">
    <div class="navbar-header">
@ -66,7 +67,8 @@ function savePass(){
    	$("#errormsg").show().html(data.responseJSON.message);
    });
 }
-</script>    
+</script>  
+</sec:authorize>  
 </body>

 </html>
--- a/spring-security-login-and-registration/src/test/java/org/baeldung/spring/ConfigTest.java
+++ b/spring-security-login-and-registration/src/test/java/org/baeldung/spring/ConfigTest.java
@ -0,0 +1,23 @@
+package org.baeldung.spring;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+@Configuration
+// @ComponentScan("org.baeldung.test")
+public class ConfigTest extends WebMvcConfigurerAdapter {
+
+    public ConfigTest() {
+        super();
+    }
+
+    // API
+    @Bean
+    public PasswordEncoder encoder() {
+        return new BCryptPasswordEncoder(11);
+    }
+
+}
--- a/spring-security-login-and-registration/src/test/java/org/baeldung/test/RegistrationAPIChangePasswordTest.java
+++ b/spring-security-login-and-registration/src/test/java/org/baeldung/test/RegistrationAPIChangePasswordTest.java
@ -0,0 +1,102 @@
+package org.baeldung.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.baeldung.persistence.dao.UserRepository;
+import org.baeldung.persistence.model.User;
+import org.baeldung.spring.ConfigTest;
+import org.baeldung.spring.PersistenceJPAConfig;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.support.AnnotationConfigContextLoader;
+
+import com.jayway.restassured.RestAssured;
+import com.jayway.restassured.authentication.FormAuthConfig;
+import com.jayway.restassured.response.Response;
+import com.jayway.restassured.specification.RequestSpecification;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(classes = { ConfigTest.class, PersistenceJPAConfig.class }, loader = AnnotationConfigContextLoader.class)
+@ActiveProfiles("test")
+public class RegistrationAPIChangePasswordTest {
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Autowired
+    private PasswordEncoder passwordEncoder;
+
+    private final String URL_PREFIX = "http://localhost:8080/spring-security-login-and-registration";
+
+    private final String URL = URL_PREFIX + "/user/updatePassword";
+
+    FormAuthConfig formConfig = new FormAuthConfig(URL_PREFIX + "/j_spring_security_check", "j_username", "j_password");
+
+    @Before
+    public void init() {
+        User user = userRepository.findByEmail("test@test.com");
+        if (user == null) {
+            user = new User();
+            user.setFirstName("Test");
+            user.setLastName("Test");
+            user.setPassword(passwordEncoder.encode("test"));
+            user.setEmail("test@test.com");
+            user.setEnabled(true);
+            userRepository.save(user);
+        } else {
+            user.setPassword(passwordEncoder.encode("test"));
+            userRepository.save(user);
+        }
+    }
+
+    @Test
+    public void givenLoggedInUser_whenChangingPassword_thenCorrect() {
+        final RequestSpecification request = RestAssured.given().auth().form("test@test.com", "test", formConfig);
+
+        final Map<String, String> params = new HashMap<String, String>();
+        params.put("oldpassword", "test");
+        params.put("password", "newtest");
+
+        final Response response = request.with().params(params).post(URL);
+
+        assertEquals(200, response.statusCode());
+        assertTrue(response.body().asString().contains("Password updated successfully"));
+    }
+
+    @Test
+    public void givenWrongOldPassword_whenChangingPassword_thenBadRequest() {
+        final RequestSpecification request = RestAssured.given().auth().form("test@test.com", "test", formConfig);
+
+        final Map<String, String> params = new HashMap<String, String>();
+        params.put("oldpassword", "abc");
+        params.put("password", "newtest");
+
+        final Response response = request.with().params(params).post(URL);
+
+        assertEquals(400, response.statusCode());
+        assertTrue(response.body().asString().contains("Invalid Old Password"));
+    }
+
+    @Test
+    public void givenNotAuthenticatedUser_whenChangingPassword_thenRedirect() {
+        final Map<String, String> params = new HashMap<String, String>();
+        params.put("oldpassword", "abc");
+        params.put("password", "xyz");
+
+        final Response response = RestAssured.with().params(params).post(URL);
+
+        assertEquals(302, response.statusCode());
+        assertFalse(response.body().asString().contains("Password updated successfully"));
+    }
+}