/*******************************************************************************
* Copyright (c) 2011-2014 EclipseSource Muenchen GmbH and others.
*
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* Edgar Mueller - initial API and implementation
******************************************************************************/
package org.eclipse.emf.emfstore.server.accesscontrol.test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.fail;
import org.eclipse.emf.emfstore.client.test.common.dsl.Roles;
import org.eclipse.emf.emfstore.client.test.common.util.ProjectUtil;
import org.eclipse.emf.emfstore.client.test.common.util.ServerUtil;
import org.eclipse.emf.emfstore.internal.client.model.ProjectSpace;
import org.eclipse.emf.emfstore.internal.client.model.impl.api.ESUsersessionImpl;
import org.eclipse.emf.emfstore.internal.server.exceptions.AccessControlException;
import org.eclipse.emf.emfstore.internal.server.model.ProjectId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACOrgUnitId;
import org.eclipse.emf.emfstore.internal.server.model.accesscontrol.ACUser;
import org.eclipse.emf.emfstore.internal.server.model.impl.api.ESGlobalProjectIdImpl;
import org.eclipse.emf.emfstore.server.auth.ESProjectAdminPrivileges;
import org.eclipse.emf.emfstore.server.exceptions.ESException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
/**
* Test the {@link ESProjectAdminPrivileges#CreateUser} and {@link ESProjectAdminPrivileges#ChangeUserPassword}
* privileges of a
* {@link org.eclipse.emf.emfstore.internal.server.model.accesscontrol.roles.ProjectAdminRole ProjectAdminRole} in a
* more complex scenarios.
*
* @author emueller
*
*/
public class ChangePasswordTests extends ProjectAdminTest {
private static final String NEW_USER_PASSWORD = "foo"; //$NON-NLS-1$
@BeforeClass
public static void beforeClass() {
startEMFStoreWithPAProperties(
ESProjectAdminPrivileges.ShareProject,
ESProjectAdminPrivileges.AssignRoleToOrgUnit,
ESProjectAdminPrivileges.ChangeUserPassword,
ESProjectAdminPrivileges.ChangeAssignmentsOfOrgUnits);
}
@AfterClass
public static void afterClass() {
stopEMFStore();
}
@Override
@After
public void after() {
try {
ServerUtil.deleteGroup(getSuperUsersession(), getNewGroupName());
ServerUtil.deleteGroup(getSuperUsersession(), getNewOtherGroupName());
} catch (final ESException ex) {
fail(ex.getMessage());
}
super.after();
}
@Override
@Before
public void before() {
super.before();
}
@Test
public void changePasswordOfUser() throws ESException {
makeUserPA();
final ACOrgUnitId createUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), createUser, Roles.writer());
ServerUtil.changePassword(getUsersession(), createUser, getNewUsername(), NEW_USER_PASSWORD);
final ACUser user = ServerUtil.getUser(getSuperUsersession(), createUser);
assertEquals(NEW_USER_PASSWORD, user.getPassword());
}
@Test
public void letUserChangeHisPassword() throws ESException {
makeUserPA();
ProjectUtil.share(getUsersession(), getLocalProject());
ServerUtil.changePassword(getUsersession(),
ESUsersessionImpl.class.cast(getUsersession()).toInternalAPI().getACUser().getId(),
getUser(), "new-password"); //$NON-NLS-1$
final ACUser user = ServerUtil.getUser(getSuperUsersession(), getUser());
assertEquals("new-password", user.getPassword()); //$NON-NLS-1$
}
@Test(expected = AccessControlException.class)
public void letUserNotChangePasswordOfOtherUser() throws ESException {
final ACOrgUnitId createdUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
ProjectUtil.share(getUsersession(), getLocalProject());
ServerUtil.changePassword(getUsersession(),
createdUser,
getUser(), "new-password"); //$NON-NLS-1$
}
@Test(expected = AccessControlException.class)
public void changePasswordOfOtherPASameProject() throws ESException {
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
ProjectUtil.share(getUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.projectAdmin());
// try to change the password of the other project admin
ServerUtil.changePassword(getUsersession(), newUser, getNewUsername(), NEW_USER_PASSWORD);
final ACUser user = ServerUtil.getUser(getSuperUsersession(), newUser);
assertEquals(NEW_USER_PASSWORD, user.getPassword());
}
@Test(expected = AccessControlException.class)
public void changePasswordOfOtherPADifferentProjects() throws ESException {
makeUserPA();
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
ProjectUtil.share(getUsersession(), getLocalProject());
// share a second project
final ProjectId projectId = ESGlobalProjectIdImpl.class.cast(
ProjectUtil.share(getSuperUsersession(), getLocalProject())).toInternalAPI();
getAdminBroker().changeRole(
projectId,
newUser,
Roles.projectAdmin());
// try to change the password of the other project admin
ServerUtil.changePassword(getUsersession(), newUser, getNewUsername(), NEW_USER_PASSWORD);
final ACUser user = ServerUtil.getUser(getSuperUsersession(), newUser);
assertEquals(NEW_USER_PASSWORD, user.getPassword());
}
@Test(expected = AccessControlException.class)
public void changePasswordUserHasNoProject() throws ESException {
makeUserPA();
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
// shared with super user, project does not belong to project admin
ProjectUtil.share(getSuperUsersession(), getLocalProject());
getAdminBroker().changeRole(getProjectSpace().getProjectId(), newUser, Roles.writer());
ServerUtil.changePassword(getUsersession(), newUser, getNewUsername(), NEW_USER_PASSWORD);
}
@Test(expected = AccessControlException.class)
public void changePasswordGroupOfGroupHasNoProject() throws ESException {
makeUserPA();
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
final ACOrgUnitId group = ServerUtil.createGroup(getSuperUsersession(), getNewGroupName());
final ACOrgUnitId otherGroup = ServerUtil.createGroup(getSuperUsersession(), getNewOtherGroupName());
getAdminBroker().addMember(group, otherGroup);
getAdminBroker().addMember(otherGroup, newUser);
ProjectUtil.share(getSuperUsersession(), getLocalProject());
getSuperAdminBroker().changeRole(getProjectSpace().getProjectId(), group, Roles.writer());
getAdminBroker().changeUser(newUser, getNewUsername(), NEW_USER_PASSWORD);
}
@Test(expected = AccessControlException.class)
public void changePasswordGroupOfGroupHasMissingProject() throws ESException {
makeUserPA();
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
final ACOrgUnitId group = ServerUtil.createGroup(getSuperUsersession(), getNewGroupName());
final ACOrgUnitId otherGroup = ServerUtil.createGroup(getSuperUsersession(), getNewOtherGroupName());
getAdminBroker().addMember(group, otherGroup);
getAdminBroker().addMember(otherGroup, newUser);
ProjectUtil.share(getUsersession(), getLocalProject());
final ProjectSpace clonedProjectSpace = cloneProjectSpace(getProjectSpace());
ProjectUtil.share(getSuperUsersession(), clonedProjectSpace.toAPI());
getSuperAdminBroker().changeRole(clonedProjectSpace.getProjectId(), group, Roles.writer());
getAdminBroker().changeUser(newUser, getNewUsername(), NEW_USER_PASSWORD);
}
@Test
public void changePasswordUserIsPartOfGroupOfGroup() throws ESException {
makeUserPA();
final ACOrgUnitId newUser = ServerUtil.createUser(getSuperUsersession(), getNewUsername());
final ACOrgUnitId group = ServerUtil.createGroup(getSuperUsersession(), getNewGroupName());
final ACOrgUnitId otherGroup = ServerUtil.createGroup(getSuperUsersession(), getNewOtherGroupName());
getAdminBroker().addMember(group, otherGroup);
getAdminBroker().addMember(otherGroup, newUser);
ProjectUtil.share(getUsersession(), getLocalProject());
getSuperAdminBroker().changeRole(getProjectSpace().getProjectId(), group, Roles.writer());
getAdminBroker().changeUser(newUser, getNewUsername(), NEW_USER_PASSWORD);
final ACUser user = ServerUtil.getUser(getSuperUsersession(), newUser);
assertEquals(NEW_USER_PASSWORD, user.getPassword());
}
}