package blog.security;
import javax.servlet.http.*;
import org.junit.*;
import static org.junit.Assert.*;
import blog.common.*;
import blog.user.*;
public final class AuthenticatorTest
{
@TestData UserTestData userData;
@ObjectUnderTest Authenticator authenticator;
// The following are the same dependencies that get injected into the authenticator;
// these fields provide access to them so they can be verified.
@Dependency HttpSession httpSession;
@Dependency Identity identity;
@Test
public void loginWithNoUsername()
{
boolean login = authenticator.login();
assertFalse(login);
assertFalse(identity.isLoggedIn());
}
@Test
public void loginWithWrongPassword()
{
String username = "username";
User user = userData.withUsername(username).buildAndSave();
authenticator.setUsername(username);
authenticator.setPassword("any");
boolean login = authenticator.login();
assertFalse(login);
assertFalse(identity.isLoggedIn());
assertNotSame(user, identity.getUser());
}
@Test
public void loginSuccess()
{
String username = "username";
User user = userData.withUsername(username).buildAndSave();
authenticator.setUsername(username);
String password = "secret";
authenticator.setPassword(password);
boolean login = authenticator.login();
assertTrue(login);
assertTrue(identity.isLoggedIn());
assertSame(user, identity.getUser());
assertEquals(username, authenticator.getUsername());
assertEquals(password, authenticator.getPassword());
}
@Test
public void logout()
{
authenticator.logout();
try {
httpSession.invalidate();
fail("HTTP session was still valid");
}
catch (IllegalStateException invalidatedSession) {
// ok
}
}
}