Add tests for failed login and lastLoginTs

2024-09-30 12:53:19 +03:00 · 2024-09-30 12:53:19 +03:00 · 20aca9466f
commit 20aca9466f
parent 2448a9cdea
1 changed files with 58 additions and 24 deletions
--- a/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/AuthControllerTest.java
@ -27,6 +27,7 @@ import org.thingsboard.common.util.JacksonUtil;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.UserActivationLink;
+import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
 import org.thingsboard.server.common.data.security.model.SecuritySettings;
@ -67,31 +68,30 @@ public class AuthControllerTest extends AbstractControllerTest {
                .andExpect(status().isUnauthorized());

        loginSysAdmin();
-        doGet("/api/auth/user")
-                .andExpect(status().isOk())
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
+        User user = getCurrentUser();
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);

        loginTenantAdmin();
-        doGet("/api/auth/user")
-                .andExpect(status().isOk())
-                .andExpect(jsonPath("$.authority", is(Authority.TENANT_ADMIN.name())))
-                .andExpect(jsonPath("$.email", is(TENANT_ADMIN_EMAIL)));
+        user = getCurrentUser();
+        assertThat(user.getAuthority()).isEqualTo(Authority.TENANT_ADMIN);
+        assertThat(user.getEmail()).isEqualTo(TENANT_ADMIN_EMAIL);

        loginCustomerUser();
-        doGet("/api/auth/user")
-                .andExpect(status().isOk())
-                .andExpect(jsonPath("$.authority", is(Authority.CUSTOMER_USER.name())))
-                .andExpect(jsonPath("$.email", is(CUSTOMER_USER_EMAIL)));
+        user = getCurrentUser();
+        assertThat(user.getAuthority()).isEqualTo(Authority.CUSTOMER_USER);
+        assertThat(user.getEmail()).isEqualTo(CUSTOMER_USER_EMAIL);
+        assertThat(user.getAdditionalInfo().get("userCredentialsEnabled").asBoolean()).isTrue();
+        user = getUser(customerUserId);
+        assertThat(user.getAdditionalInfo().get("lastLoginTs").asLong()).isCloseTo(System.currentTimeMillis(), within(10000L));
    }

    @Test
    public void testLoginLogout() throws Exception {
        loginSysAdmin();
-        doGet("/api/auth/user")
-                .andExpect(status().isOk())
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
+        User user = getCurrentUser();
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);

        TimeUnit.SECONDS.sleep(1); //We need to make sure that event for invalidating token was successfully processed

@ -102,19 +102,45 @@ public class AuthControllerTest extends AbstractControllerTest {
        resetTokens();
    }

+    @Test
+    public void testFailedLogin() throws Exception {
+        int maxFailedLoginAttempts = 3;
+        loginSysAdmin();
+        updateSecuritySettings(securitySettings -> {
+            securitySettings.setMaxFailedLoginAttempts(maxFailedLoginAttempts);
+        });
+        loginTenantAdmin();
+
+        for (int i = 0; i < maxFailedLoginAttempts; i++) {
+            String error = getErrorMessage(doPost("/api/auth/login",
+                    new LoginRequest(CUSTOMER_USER_EMAIL, "IncorrectPassword"))
+                    .andExpect(status().isUnauthorized()));
+            assertThat(error).containsIgnoringCase("invalid username or password");
+        }
+
+        User user = getUser(customerUserId);
+        assertThat(user.getAdditionalInfo().get("userCredentialsEnabled").asBoolean()).isTrue();
+
+        String error = getErrorMessage(doPost("/api/auth/login",
+                new LoginRequest(CUSTOMER_USER_EMAIL, "IncorrectPassword4"))
+                .andExpect(status().isUnauthorized()));
+        assertThat(error).containsIgnoringCase("account is locked");
+
+        user = getUser(customerUserId);
+        assertThat(user.getAdditionalInfo().get("userCredentialsEnabled").asBoolean()).isFalse();
+    }
+
    @Test
    public void testRefreshToken() throws Exception {
        loginSysAdmin();
-        doGet("/api/auth/user")
-                .andExpect(status().isOk())
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
+        User user = getCurrentUser();
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);

        refreshToken();
-        doGet("/api/auth/user")
-                .andExpect(status().isOk())
-                .andExpect(jsonPath("$.authority", is(Authority.SYS_ADMIN.name())))
-                .andExpect(jsonPath("$.email", is(SYS_ADMIN_EMAIL)));
+        user = getCurrentUser();
+        assertThat(user.getAuthority()).isEqualTo(Authority.SYS_ADMIN);
+        assertThat(user.getEmail()).isEqualTo(SYS_ADMIN_EMAIL);
    }

    @Test
@ -277,6 +303,14 @@ public class AuthControllerTest extends AbstractControllerTest {
        doPost("/api/admin/securitySettings", securitySettings).andExpect(status().isOk());
    }

+    private User getCurrentUser() throws Exception {
+        return doGet("/api/auth/user", User.class);
+    }
+
+    private User getUser(UserId id) throws Exception {
+        return doGet("/api/user/" + id, User.class);
+    }
+
    private String getActivationLink(User user) throws Exception {
        return doGet("/api/user/" + user.getId() + "/activationLink", String.class);
    }