/*
* Copyright 2002-2012 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.springframework.security.web.authentication.rememberme;
import static org.assertj.core.api.Assertions.assertThat;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
import java.sql.Timestamp;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.datasource.SingleConnectionDataSource;
import org.springframework.test.util.ReflectionTestUtils;
/**
* @author Luke Taylor
*/
@RunWith(MockitoJUnitRunner.class)
public class JdbcTokenRepositoryImplTests {
@Mock
private Log logger;
private static SingleConnectionDataSource dataSource;
private JdbcTokenRepositoryImpl repo;
private JdbcTemplate template;
@BeforeClass
public static void createDataSource() {
dataSource = new SingleConnectionDataSource("jdbc:hsqldb:mem:tokenrepotest", "sa",
"", true);
dataSource.setDriverClassName("org.hsqldb.jdbc.JDBCDriver");
}
@AfterClass
public static void clearDataSource() throws Exception {
dataSource.destroy();
dataSource = null;
}
@Before
public void populateDatabase() {
repo = new JdbcTokenRepositoryImpl();
ReflectionTestUtils.setField(repo, "logger", logger);
repo.setDataSource(dataSource);
repo.initDao();
template = repo.getJdbcTemplate();
template.execute(
"create table persistent_logins (username varchar(100) not null, "
+ "series varchar(100) not null, token varchar(500) not null, last_used timestamp not null)");
}
@After
public void clearData() {
template.execute("drop table persistent_logins");
}
@Test
public void createNewTokenInsertsCorrectData() {
Timestamp currentDate = new Timestamp(Calendar.getInstance().getTimeInMillis());
PersistentRememberMeToken token = new PersistentRememberMeToken("joeuser",
"joesseries", "atoken", currentDate);
repo.createNewToken(token);
Map<String, Object> results = template.queryForMap(
"select * from persistent_logins");
assertThat(results.get("last_used")).isEqualTo(currentDate);
assertThat(results.get("username")).isEqualTo("joeuser");
assertThat(results.get("series")).isEqualTo("joesseries");
assertThat(results.get("token")).isEqualTo("atoken");
}
@Test
public void retrievingTokenReturnsCorrectData() {
template.execute(
"insert into persistent_logins (series, username, token, last_used) values "
+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
PersistentRememberMeToken token = repo.getTokenForSeries("joesseries");
assertThat(token.getUsername()).isEqualTo("joeuser");
assertThat(token.getSeries()).isEqualTo("joesseries");
assertThat(token.getTokenValue()).isEqualTo("atoken");
assertThat(token.getDate()).isEqualTo(
Timestamp.valueOf("2007-10-09 18:19:25.000000000"));
}
@Test
public void retrievingTokenWithDuplicateSeriesReturnsNull() {
template.execute(
"insert into persistent_logins (series, username, token, last_used) values "
+ "('joesseries', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
template.execute(
"insert into persistent_logins (series, username, token, last_used) values "
+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
// List results =
// template.queryForList("select * from persistent_logins where series =
// 'joesseries'");
assertThat(repo.getTokenForSeries("joesseries")).isNull();
}
// SEC-1964
@Test
public void retrievingTokenWithNoSeriesReturnsNull() {
when(logger.isDebugEnabled()).thenReturn(true);
assertThat(repo.getTokenForSeries("missingSeries")).isNull();
verify(logger).isDebugEnabled();
verify(logger).debug(
eq("Querying token for series 'missingSeries' returned no results."),
any(EmptyResultDataAccessException.class));
verifyNoMoreInteractions(logger);
}
@Test
public void removingUserTokensDeletesData() {
template.execute(
"insert into persistent_logins (series, username, token, last_used) values "
+ "('joesseries2', 'joeuser', 'atoken2', '2007-10-19 18:19:25.000000000')");
template.execute(
"insert into persistent_logins (series, username, token, last_used) values "
+ "('joesseries', 'joeuser', 'atoken', '2007-10-09 18:19:25.000000000')");
// List results =
// template.queryForList("select * from persistent_logins where series =
// 'joesseries'");
repo.removeUserTokens("joeuser");
List<Map<String, Object>> results = template.queryForList(
"select * from persistent_logins where username = 'joeuser'");
assertThat(results).isEmpty();
}
@Test
public void updatingTokenModifiesTokenValueAndLastUsed() {
Timestamp ts = new Timestamp(System.currentTimeMillis() - 1);
template.execute(
"insert into persistent_logins (series, username, token, last_used) values "
+ "('joesseries', 'joeuser', 'atoken', '" + ts.toString() + "')");
repo.updateToken("joesseries", "newtoken", new Date());
Map<String, Object> results = template.queryForMap(
"select * from persistent_logins where series = 'joesseries'");
assertThat(results.get("username")).isEqualTo("joeuser");
assertThat(results.get("series")).isEqualTo("joesseries");
assertThat(results.get("token")).isEqualTo("newtoken");
Date lastUsed = (Date) results.get("last_used");
assertThat(lastUsed.getTime() > ts.getTime()).isTrue();
}
@Test
public void createTableOnStartupCreatesCorrectTable() {
template.execute("drop table persistent_logins");
repo = new JdbcTokenRepositoryImpl();
repo.setDataSource(dataSource);
repo.setCreateTableOnStartup(true);
repo.initDao();
template.queryForList(
"select username,series,token,last_used from persistent_logins");
}
// SEC-2879
@Test
public void updateUsesLastUsed() {
JdbcTemplate template = mock(JdbcTemplate.class);
Date lastUsed = new Date(1424841314059L);
JdbcTokenRepositoryImpl repository = new JdbcTokenRepositoryImpl();
repository.setJdbcTemplate(template);
repository.updateToken("series", "token", lastUsed);
verify(template).update(anyString(), anyString(), eq(lastUsed), anyString());
}
}