// Licensed to the Apache Software Foundation (ASF) under one // or more contributor license agreements. See the NOTICE file // distributed with this work for additional information // regarding copyright ownership. The ASF licenses this file // to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package com.cloud.user; import java.net.InetAddress; import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Arrays; import com.cloud.server.auth.UserAuthenticator; import com.cloud.utils.Pair; import org.junit.Assert; import org.junit.Test; import org.mockito.Mock; import org.mockito.Mockito; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import com.cloud.vm.snapshot.VMSnapshotVO; import com.cloud.domain.Domain; import com.cloud.domain.DomainVO; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.user.Account.State; import com.cloud.vm.UserVmManagerImpl; import com.cloud.vm.UserVmVO; import com.cloud.vm.VMInstanceVO; public class AccountManagerImplTest extends AccountManagetImplTestBase { @Mock UserVmManagerImpl _vmMgr; @Test public void disableAccountNotexisting() throws ConcurrentOperationException, ResourceUnavailableException { Mockito.when(_accountDao.findById(42l)).thenReturn(null); Assert.assertTrue(accountManager.disableAccount(42)); } @Test public void disableAccountDisabled() throws ConcurrentOperationException, ResourceUnavailableException { AccountVO disabledAccount = new AccountVO(); disabledAccount.setState(State.disabled); Mockito.when(_accountDao.findById(42l)).thenReturn(disabledAccount); Assert.assertTrue(accountManager.disableAccount(42)); } @Test public void disableAccount() throws ConcurrentOperationException, ResourceUnavailableException { AccountVO account = new AccountVO(); account.setState(State.enabled); Mockito.when(_accountDao.findById(42l)).thenReturn(account); Mockito.when(_accountDao.createForUpdate()).thenReturn(new AccountVO()); Mockito.when( _accountDao.update(Mockito.eq(42l), Mockito.any(AccountVO.class))).thenReturn(true); Mockito.when(_vmDao.listByAccountId(42l)).thenReturn( Arrays.asList(Mockito.mock(VMInstanceVO.class))); Assert.assertTrue(accountManager.disableAccount(42)); Mockito.verify(_accountDao, Mockito.atLeastOnce()).update( Mockito.eq(42l), Mockito.any(AccountVO.class)); } @Test public void deleteUserAccount() { AccountVO account = new AccountVO(); account.setId(42l); DomainVO domain = new DomainVO(); Mockito.when(_accountDao.findById(42l)).thenReturn(account); Mockito.when( securityChecker.checkAccess(Mockito.any(Account.class), Mockito.any(ControlledEntity.class), Mockito.any(AccessType.class), Mockito.anyString())) .thenReturn(true); Mockito.when(_accountDao.remove(42l)).thenReturn(true); Mockito.when(_configMgr.releaseAccountSpecificVirtualRanges(42l)) .thenReturn(true); Mockito.when(_domainMgr.getDomain(Mockito.anyLong())).thenReturn(domain); Mockito.when( securityChecker.checkAccess(Mockito.any(Account.class), Mockito.any(Domain.class))) .thenReturn(true); Mockito.when(_vmSnapshotDao.listByAccountId(Mockito.anyLong())).thenReturn(new ArrayList<VMSnapshotVO>()); Assert.assertTrue(accountManager.deleteUserAccount(42)); // assert that this was a clean delete Mockito.verify(_accountDao, Mockito.never()).markForCleanup( Mockito.eq(42l)); } @Test public void deleteUserAccountCleanup() { AccountVO account = new AccountVO(); account.setId(42l); DomainVO domain = new DomainVO(); Mockito.when(_accountDao.findById(42l)).thenReturn(account); Mockito.when( securityChecker.checkAccess(Mockito.any(Account.class), Mockito.any(ControlledEntity.class), Mockito.any(AccessType.class), Mockito.anyString())) .thenReturn(true); Mockito.when(_accountDao.remove(42l)).thenReturn(true); Mockito.when(_configMgr.releaseAccountSpecificVirtualRanges(42l)) .thenReturn(true); Mockito.when(_userVmDao.listByAccountId(42l)).thenReturn( Arrays.asList(Mockito.mock(UserVmVO.class))); Mockito.when( _vmMgr.expunge(Mockito.any(UserVmVO.class), Mockito.anyLong(), Mockito.any(Account.class))).thenReturn(false); Mockito.when(_domainMgr.getDomain(Mockito.anyLong())).thenReturn(domain); Mockito.when( securityChecker.checkAccess(Mockito.any(Account.class), Mockito.any(Domain.class))) .thenReturn(true); Assert.assertTrue(accountManager.deleteUserAccount(42)); // assert that this was NOT a clean delete Mockito.verify(_accountDao, Mockito.atLeastOnce()).markForCleanup( Mockito.eq(42l)); } @Test public void testAuthenticateUser() throws UnknownHostException { Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> successAuthenticationPair = new Pair<>(true, null); Pair<Boolean, UserAuthenticator.ActionOnFailedAuthentication> failureAuthenticationPair = new Pair<>(false, UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); UserAccountVO userAccountVO = new UserAccountVO(); userAccountVO.setSource(User.Source.UNKNOWN); userAccountVO.setState(Account.State.disabled.toString()); Mockito.when(_userAccountDao.getUserAccount("test", 1L)).thenReturn(userAccountVO); Mockito.when(userAuthenticator.authenticate("test", "fail", 1L, null)).thenReturn(failureAuthenticationPair); Mockito.when(userAuthenticator.authenticate("test", null, 1L, null)).thenReturn(successAuthenticationPair); Mockito.when(userAuthenticator.authenticate("test", "", 1L, null)).thenReturn(successAuthenticationPair); //Test for incorrect password. authentication should fail UserAccount userAccount = accountManager.authenticateUser("test", "fail", 1L, InetAddress.getByName("127.0.0.1"), null); Assert.assertNull(userAccount); //Test for null password. authentication should fail userAccount = accountManager.authenticateUser("test", null, 1L, InetAddress.getByName("127.0.0.1"), null); Assert.assertNull(userAccount); //Test for empty password. authentication should fail userAccount = accountManager.authenticateUser("test", "", 1L, InetAddress.getByName("127.0.0.1"), null); Assert.assertNull(userAccount); //Verifying that the authentication method is only called when password is specified Mockito.verify(userAuthenticator, Mockito.times(1)).authenticate("test", "fail", 1L, null); Mockito.verify(userAuthenticator, Mockito.never()).authenticate("test", null, 1L, null); Mockito.verify(userAuthenticator, Mockito.never()).authenticate("test", "", 1L, null); } }