Add tests for failed login and lastLoginTs

application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java

@@ -27,6 +27,7 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.UserActivationLink;
+import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
@@ -67,31 +68,30 @@ public class AuthControllerTest extends AbstractControllerTest {
                 .andExpect(status().isUnauthorized());
 
         loginSysAdmin();
-        doGet("/api/auth/user")
+        User user = getCurrentUser();
-                .andExpect(status().isOk())
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
 
         loginTenantAdmin();
-        doGet("/api/auth/user")
+        user = getCurrentUser();
-                .andExpect(status().isOk())
+        assertThat(user.getAuthority()).isEqualTo(Authority.TENANT_ADMIN);
-                .andExpect(jsonPath("$.authority", is(Authority.TENANT_ADMIN.name())))
+        assertThat(user.getEmail()).isEqualTo(TENANT_ADMIN_EMAIL);
-                .andExpect(jsonPath("$.email", is(TENANT_ADMIN_EMAIL)));
 
         loginCustomerUser();
-        doGet("/api/auth/user")
+        user = getCurrentUser();
-                .andExpect(status().isOk())
+        assertThat(user.getAuthority()).isEqualTo(Authority.CUSTOMER_USER);
-                .andExpect(jsonPath("$.authority", is(Authority.CUSTOMER_USER.name())))
+        assertThat(user.getEmail()).isEqualTo(CUSTOMER_USER_EMAIL);
-                .andExpect(jsonPath("$.email", is(CUSTOMER_USER_EMAIL)));
+        assertThat(user.getAdditionalInfo().get("userCredentialsEnabled").asBoolean()).isTrue();
+        user = getUser(customerUserId);
+        assertThat(user.getAdditionalInfo().get("lastLoginTs").asLong()).isCloseTo(System.currentTimeMillis(), within(10000L));
     }
 
     @Test
     public void testLoginLogout() throws Exception {
         loginSysAdmin();
-        doGet("/api/auth/user")
+        User user = getCurrentUser();
-                .andExpect(status().isOk())
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
 
         TimeUnit.SECONDS.sleep(1); //We need to make sure that event for invalidating token was successfully processed
 
@@ -102,19 +102,45 @@ public class AuthControllerTest extends AbstractControllerTest {
         resetTokens();
     }
 
+    @Test
+    public void testFailedLogin() throws Exception {
+        int maxFailedLoginAttempts = 3;
+        loginSysAdmin();
+        updateSecuritySettings(securitySettings -> {
+            securitySettings.setMaxFailedLoginAttempts(maxFailedLoginAttempts);
+        });
+        loginTenantAdmin();
+
+        for (int i = 0; i < maxFailedLoginAttempts; i++) {
+            String error = getErrorMessage(doPost("/api/auth/login",
+                    new LoginRequest(CUSTOMER_USER_EMAIL, "IncorrectPassword"))
+                    .andExpect(status().isUnauthorized()));
+            assertThat(error).containsIgnoringCase("invalid username or password");
+        }
+
+        User user = getUser(customerUserId);
+        assertThat(user.getAdditionalInfo().get("userCredentialsEnabled").asBoolean()).isTrue();
+
+        String error = getErrorMessage(doPost("/api/auth/login",
+                new LoginRequest(CUSTOMER_USER_EMAIL, "IncorrectPassword4"))
+                .andExpect(status().isUnauthorized()));
+        assertThat(error).containsIgnoringCase("account is locked");
+
+        user = getUser(customerUserId);
+        assertThat(user.getAdditionalInfo().get("userCredentialsEnabled").asBoolean()).isFalse();
+    }
+
     @Test
     public void testRefreshToken() throws Exception {
         loginSysAdmin();
-        doGet("/api/auth/user")
+        User user = getCurrentUser();
-                .andExpect(status().isOk())
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
 
         refreshToken();
-        doGet("/api/auth/user")
+        user = getCurrentUser();
-                .andExpect(status().isOk())
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
     }
 
     @Test
@@ -277,6 +303,14 @@ public class AuthControllerTest extends AbstractControllerTest {
         doPost("/api/admin/securitySettings", securitySettings).andExpect(status().isOk());
     }
 
+    private User getCurrentUser() throws Exception {
+        return doGet("/api/auth/user", User.class);
+    }
+
+    private User getUser(UserId id) throws Exception {
+        return doGet("/api/user/" + id, User.class);
+    }
+
     private String getActivationLink(User user) throws Exception {
         return doGet("/api/user/" + user.getId() + "/activationLink", String.class);
     }