From: Sanjay Dalal Date: Thu, 6 May 2010 21:39:47 +0000 (+0000) Subject: CSPACE-1575 can't login with inactive accounts. returns 403 with an error message. X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=7d9d1ca89627ce02989f17c57e28390b18294939;p=tmp%2Fjakarta-migration.git CSPACE-1575 can't login with inactive accounts. returns 403 with an error message. test: added test in security/client M authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java M account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java M security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java M common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java M common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java M JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CollectionSpaceJaxRsApplication.java --- diff --git a/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CollectionSpaceJaxRsApplication.java b/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CollectionSpaceJaxRsApplication.java index 562ed9250..3bf763ec3 100644 --- a/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CollectionSpaceJaxRsApplication.java +++ b/services/JaxRsServiceProvider/src/main/java/org/collectionspace/services/jaxrs/CollectionSpaceJaxRsApplication.java @@ -60,7 +60,7 @@ public class CollectionSpaceJaxRsApplication extends Application { private Set> empty = new HashSet>(); public CollectionSpaceJaxRsApplication() { -// singletons.add(new SecurityInterceptor()); + singletons.add(new SecurityInterceptor()); singletons.add(new AccountResource()); singletons.add(new RoleResource()); singletons.add(new PermissionResource()); diff --git a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java index e05d608b6..3d00c9e6d 100644 --- a/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java +++ b/services/account/client/src/test/java/org/collectionspace/services/account/client/test/AccountServiceTest.java @@ -150,7 +150,6 @@ public class AccountServiceTest extends AbstractServiceTestImpl { AccountClient client = new AccountClient(); ClientResponse res = client.create(account); int statusCode = res.getStatus(); - if (logger.isDebugEnabled()) { logger.debug(testName + ": status = " + statusCode); } diff --git a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java index bd89269b3..27801a2b4 100644 --- a/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java +++ b/services/authentication/service/src/main/java/org/collectionspace/authentication/spring/SpringAuthNContext.java @@ -20,32 +20,6 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. */ package org.collectionspace.authentication.spring; diff --git a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java index 8ab593d8d..c0ac26821 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java +++ b/services/common/src/main/java/org/collectionspace/services/common/security/SecurityInterceptor.java @@ -15,28 +15,6 @@ * https://source.collectionspace.org/collection-space/LICENSE.txt - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - *//** - * This document is a part of the source code and related artifacts - * for CollectionSpace, an open source collections management system - * for museums and related institutions: - - * http://www.collectionspace.org - * http://wiki.collectionspace.org - - * Copyright 2009 University of California at Berkeley - - * Licensed under the Educational Community License (ECL), Version 2.0. - * You may not use this file except in compliance with this License. - - * You may obtain a copy of the ECL 2.0 License at - - * https://source.collectionspace.org/collection-space/LICENSE.txt - * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -49,6 +27,7 @@ */ package org.collectionspace.services.common.security; +import java.util.HashMap; import org.jboss.resteasy.core.ResourceMethod; import org.jboss.resteasy.core.ServerResponse; import org.jboss.resteasy.spi.interception.PreProcessInterceptor; @@ -59,10 +38,11 @@ import org.jboss.resteasy.spi.HttpRequest; import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.Response; +import javax.ws.rs.ext.Provider; import org.collectionspace.authentication.AuthN; import org.collectionspace.services.authorization.AuthZ; -import org.collectionspace.services.authorization.CSpaceResource; -import org.collectionspace.services.authorization.URIResourceImpl; +import org.collectionspace.services.common.document.JaxbUtils; +import org.collectionspace.services.common.storage.jpa.JpaStorageUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -72,6 +52,7 @@ import org.slf4j.LoggerFactory; */ @SecurityPrecedence @ServerInterceptor +@Provider public class SecurityInterceptor implements PreProcessInterceptor { private static final Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class); @@ -84,6 +65,7 @@ public class SecurityInterceptor implements PreProcessInterceptor { if (logger.isDebugEnabled()) { logger.debug("received " + httpMethod + " on " + uriPath); } + checkActive(); AuthZ authZ = AuthZ.get(); // CSpaceResource res = new URIResourceImpl(uriPath, httpMethod); // if (!authZ.isAccessAllowed(res)) { @@ -99,4 +81,45 @@ public class SecurityInterceptor implements PreProcessInterceptor { // } return null; } + + /** + * checkActive check if account is active + * @throws WebApplicationException + */ + private void checkActive() throws WebApplicationException { + String userId = AuthN.get().getUserId(); + + try { + //can't use JAXB here as this runs from the common jar which cannot + //depend upon the account service + String whereClause = "where userId = :userId"; + HashMap params = new HashMap(); + params.put("userId", userId); + + Object account = JpaStorageUtils.getEntity( + "org.collectionspace.services.account.AccountsCommon", whereClause, params); + if (account == null) { + String msg = "User's account not found, userId=" + userId; + Response response = Response.status( + Response.Status.FORBIDDEN).entity(msg).type("text/plain").build(); + throw new WebApplicationException(response); + } + Object status = JaxbUtils.getValue(account, "getStatus"); + if (status != null) { + String value = (String)JaxbUtils.getValue(status, "value"); + if ("INACTIVE".equalsIgnoreCase(value)) { + String msg = "User's account is inactive, userId=" + userId; + Response response = Response.status( + Response.Status.FORBIDDEN).entity(msg).type("text/plain").build(); + throw new WebApplicationException(response); + } + } + + } catch (Exception e) { + String msg = "User's account is in invalid state, userId=" + userId; + Response response = Response.status( + Response.Status.FORBIDDEN).entity(msg).type("text/plain").build(); + throw new WebApplicationException(response); + } + } } diff --git a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java index 6ff56fc76..51572cb92 100644 --- a/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java +++ b/services/common/src/main/java/org/collectionspace/services/common/storage/jpa/JpaStorageUtils.java @@ -23,6 +23,7 @@ */ package org.collectionspace.services.common.storage.jpa; +import java.util.HashMap; import java.util.List; import javax.persistence.EntityManager; import javax.persistence.EntityManagerFactory; @@ -83,7 +84,7 @@ public class JpaStorageUtils { } /** - * getEntity using where clause from given docFilter + * getEntity using whereClause clause from given docFilter * @param entityName fully qualified entity name * @param id * @param docFilter @@ -133,6 +134,48 @@ public class JpaStorageUtils { return o; } + /** + * getEntity using given where clause with given param bindings + * @param entityName + * @param whereClause + * @param paramBindings + * @return + */ + public static Object getEntity(String entityName, + String whereClause, HashMap paramBindings) { + EntityManagerFactory emf = null; + EntityManager em = null; + Object o = null; + try { + StringBuilder queryStrBldr = new StringBuilder("SELECT a FROM "); + queryStrBldr.append(entityName); + queryStrBldr.append(" a"); + queryStrBldr.append(" " + whereClause); + + emf = getEntityManagerFactory(); + em = emf.createEntityManager(); + String queryStr = queryStrBldr.toString(); //for debugging + Query q = em.createQuery(queryStr); + for (String paramName : paramBindings.keySet()) { + q.setParameter(paramName, paramBindings.get(paramName)); + } + o = q.getSingleResult(); + } catch (NoResultException nre) { + if (em != null && em.getTransaction().isActive()) { + em.getTransaction().rollback(); + } + if (logger.isDebugEnabled()) { + logger.debug("could not find entity with where=" + whereClause); + } + //returns null + } finally { + if (em != null) { + releaseEntityManagerFactory(emf); + } + } + return o; + } + /** * Gets the entity manager factory. * diff --git a/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java b/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java index 7b12a2963..7a84785be 100644 --- a/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java +++ b/services/security/client/src/test/java/org/collectionspace/services/authentication/client/test/AuthenticationServiceTest.java @@ -22,7 +22,6 @@ */ package org.collectionspace.services.authentication.client.test; -import java.util.ArrayList; import java.util.List; import javax.ws.rs.core.MediaType; @@ -39,6 +38,8 @@ import org.testng.annotations.Test; import org.collectionspace.services.account.AccountTenant; import org.collectionspace.services.client.AccountClient; import org.collectionspace.services.account.AccountsCommon; +import org.collectionspace.services.account.Status; +import org.collectionspace.services.client.AccountFactory; import org.collectionspace.services.collectionobject.CollectionobjectsCommon; import org.collectionspace.services.client.CollectionObjectClient; import org.collectionspace.services.client.CollectionSpaceClient; @@ -60,8 +61,8 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { /** The known resource id. */ private String knownResourceId = null; - private String barneyAccountId = null; - + private String barneyAccountId = null; //active + private String georgeAccountId = null; //inactive /** The logger. */ final Logger logger = LoggerFactory.getLogger(AuthenticationServiceTest.class); @@ -80,41 +81,41 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override protected CollectionSpaceClient getClientInstance() { - return new AccountClient(); + return new AccountClient(); } - + /* (non-Javadoc) * @see org.collectionspace.services.client.test.BaseServiceTest#getAbstractCommonList(org.jboss.resteasy.client.ClientResponse) */ @Override - protected AbstractCommonList getAbstractCommonList( - ClientResponse response) { - throw new UnsupportedOperationException(); //Since this test does not support lists, this method is not needed. + protected AbstractCommonList getAbstractCommonList( + ClientResponse response) { + throw new UnsupportedOperationException(); //Since this test does not support lists, this method is not needed. } - - @Test(dataProvider = "testName") - @Override + + @Test(dataProvider = "testName") + @Override public void readPaginatedList(String testName) throws Exception { - // Test not supported. - } + // Test not supported. + } - @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class) - public void createAccounts(String testName) throws Exception { + @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class) + public void createActiveAccount(String testName) throws Exception { // Perform setup, such as initializing the type of service request // (e.g. CREATE, DELETE), its valid and expected status codes, and // its associated HTTP method name (e.g. POST, DELETE). setupCreate(testName); AccountClient accountClient = new AccountClient(); - accountClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, "true"); accountClient.setProperty(CollectionSpaceClient.USER_PROPERTY, "test"); accountClient.setProperty( CollectionSpaceClient.PASSWORD_PROPERTY, "test"); + // Submit the request to the service and store the response. AccountsCommon account = - createAccountInstance("barney", "barney08", "barney@dinoland.com", "1"); + createAccountInstance("barney", "barney08", "barney@dinoland.com", false); ClientResponse res = accountClient.create(account); int statusCode = res.getStatus(); @@ -132,17 +133,61 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { logger.debug(testName + ": barneyAccountId=" + barneyAccountId); } - account = createAccountInstance("babybop", "babybop09", "babybop@dinoland.com", "non-existent"); - res = accountClient.create(account); - statusCode = res.getStatus(); + } + + @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class) + public void createInactiveAccount(String testName) throws Exception { + // Perform setup, such as initializing the type of service request + // (e.g. CREATE, DELETE), its valid and expected status codes, and + // its associated HTTP method name (e.g. POST, DELETE). + setupCreate(testName); + AccountClient accountClient = new AccountClient(); + accountClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, + "true"); + accountClient.setProperty(CollectionSpaceClient.USER_PROPERTY, + "test"); + accountClient.setProperty( + CollectionSpaceClient.PASSWORD_PROPERTY, "test"); + + // Submit the request to the service and store the response. + AccountsCommon account = + createAccountInstance("george", "george08", "george@curiousland.com", false); + ClientResponse res = accountClient.create(account); + int statusCode = res.getStatus(); if (logger.isDebugEnabled()) { - logger.debug(testName + ": babybop status = " + statusCode); + logger.debug(testName + ": george status = " + statusCode); } Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); - Assert.assertEquals(statusCode, Response.Status.BAD_REQUEST.getStatusCode()); + Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); + + // Store the ID returned from this create operation + // for additional tests below. + georgeAccountId = extractId(res); + if (logger.isDebugEnabled()) { + logger.debug(testName + ": georgeAccountId=" + georgeAccountId); + } + + //deactivate + setupUpdate(testName); + account.setStatus(Status.INACTIVE); + if (logger.isDebugEnabled()) { + logger.debug(testName + ":updated object"); + logger.debug(objectAsXmlString(account, + AccountsCommon.class)); + } + // Submit the request to the service and store the response. + ClientResponse res1 = accountClient.update(georgeAccountId, account); + statusCode = res1.getStatus(); + // Check the status code of the response: does it match the expected response(s)? + if (logger.isDebugEnabled()) { + logger.debug(testName + ": status = " + statusCode); + } + Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), + invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); + Assert.assertEquals(statusCode, EXPECTED_STATUS_CODE); } @@ -150,7 +195,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { * @see org.collectionspace.services.client.test.AbstractServiceTest#create() */ @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class, - dependsOnMethods = {"createAccounts"}) + dependsOnMethods = {"createActiveAccount"}) @Override public void create(String testName) { setupCreate(testName); @@ -176,19 +221,51 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { if (logger.isDebugEnabled()) { logger.debug("create: status = " + res.getStatus()); } - Assert.assertEquals(res.getStatus(), Response.Status.CREATED.getStatusCode(), "expected " + Response.Status.CREATED.getStatusCode()); + Assert.assertEquals(res.getStatus(), + Response.Status.CREATED.getStatusCode(), "expected " + + Response.Status.CREATED.getStatusCode()); // Store the ID returned from this create operation for additional tests // below. knownResourceId = extractId(res); } + @Test(dataProvider = "testName", dependsOnMethods = {"createInactiveAccount"}) + public void createWithInactiveAccount(String testName) { + banner(testName); + CollectionObjectClient collectionObjectClient = new CollectionObjectClient(); + String identifier = BaseServiceTest.createIdentifier(); + MultipartOutput multipart = createCollectionObjectInstance( + collectionObjectClient.getCommonPartName(), identifier); + + collectionObjectClient.setProperty(CollectionSpaceClient.AUTH_PROPERTY, + "true"); + collectionObjectClient.setProperty(CollectionSpaceClient.USER_PROPERTY, + "george"); + collectionObjectClient.setProperty(CollectionSpaceClient.PASSWORD_PROPERTY, + "george08"); + try { + collectionObjectClient.setupHttpClient(); + collectionObjectClient.setProxy(); + } catch (Exception e) { + logger.error(testName + ": caught " + e.getMessage()); + return; + } + ClientResponse res = collectionObjectClient.create(multipart); + if (logger.isDebugEnabled()) { + logger.debug(testName + ": status = " + res.getStatus()); + } + Assert.assertEquals(res.getStatus(), + Response.Status.FORBIDDEN.getStatusCode(), "expected " + + Response.Status.FORBIDDEN.getStatusCode()); + } + /** * Creates the collection object instance without password. */ - @Test(dependsOnMethods = {"createAccounts"}) - public void createWithoutPassword() { - banner("createWithoutPassword"); + @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"}) + public void createWithoutPassword(String testName) { + banner(testName); CollectionObjectClient collectionObjectClient = new CollectionObjectClient(); String identifier = BaseServiceTest.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( @@ -203,12 +280,12 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { collectionObjectClient.setupHttpClient(); collectionObjectClient.setProxy(); } catch (Exception e) { - logger.error("createWithoutPassword: caught " + e.getMessage()); + logger.error(testName + ": caught " + e.getMessage()); return; } ClientResponse res = collectionObjectClient.create(multipart); if (logger.isDebugEnabled()) { - logger.debug("createWithoutPassword: status = " + res.getStatus()); + logger.debug(testName + ": status = " + res.getStatus()); } Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode()); } @@ -216,9 +293,9 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { /** * Creates the collection object with unknown user */ - @Test(dependsOnMethods = {"createAccounts"}) - public void createWithUnknownUser() { - banner("createWithUnknownUser"); + @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"}) + public void createWithUnknownUser(String testName) { + banner(testName); CollectionObjectClient collectionObjectClient = new CollectionObjectClient(); String identifier = BaseServiceTest.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( @@ -234,12 +311,12 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { collectionObjectClient.setupHttpClient(); collectionObjectClient.setProxy(); } catch (Exception e) { - logger.error("createWithUnknownUser: caught " + e.getMessage()); + logger.error(testName + ": caught " + e.getMessage()); return; } ClientResponse res = collectionObjectClient.create(multipart); if (logger.isDebugEnabled()) { - logger.debug("createWithUnknownUser: status = " + res.getStatus()); + logger.debug(testName + ": status = " + res.getStatus()); } Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode()); } @@ -247,9 +324,9 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { /** * Creates the collection object instance with incorrect password. */ - @Test(dependsOnMethods = {"createAccounts"}) - public void createWithIncorrectPassword() { - banner("createWithIncorrectPassword"); + @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"}) + public void createWithIncorrectPassword(String testName) { + banner(testName); CollectionObjectClient collectionObjectClient = new CollectionObjectClient(); String identifier = BaseServiceTest.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( @@ -265,12 +342,12 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { collectionObjectClient.setupHttpClient(); collectionObjectClient.setProxy(); } catch (Exception e) { - logger.error("createWithIncorrectPassword: caught " + e.getMessage()); + logger.error(testName + ": caught " + e.getMessage()); return; } ClientResponse res = collectionObjectClient.create(multipart); if (logger.isDebugEnabled()) { - logger.debug("createWithIncorrectPassword: status = " + res.getStatus()); + logger.debug(testName + ": status = " + res.getStatus()); } Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode()); } @@ -278,9 +355,9 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { /** * Creates the collection object instance with incorrect user password. */ - @Test(dependsOnMethods = {"createAccounts"}) - public void createWithIncorrectUserPassword() { - banner("createWithIncorrectUserPassword"); + @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"}) + public void createWithIncorrectUserPassword(String testName) { + banner(testName); CollectionObjectClient collectionObjectClient = new CollectionObjectClient(); String identifier = BaseServiceTest.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( @@ -296,12 +373,12 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { collectionObjectClient.setupHttpClient(); collectionObjectClient.setProxy(); } catch (Exception e) { - logger.error("createWithIncorrectUserPassword: caught " + e.getMessage()); + logger.error(testName + ": caught " + e.getMessage()); return; } ClientResponse res = collectionObjectClient.create(multipart); if (logger.isDebugEnabled()) { - logger.debug("createWithIncorrectUserPassword: status = " + logger.debug(testName + ": status = " + res.getStatus()); } Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode()); @@ -310,9 +387,9 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { /** * Creates the collection object instance with incorrect user password. */ - @Test(dependsOnMethods = {"createAccounts"}) - public void createWithoutTenant() { - banner("createWithoutTenant"); + @Test(dataProvider = "testName", dependsOnMethods = {"createActiveAccount"}) + public void createWithoutTenant(String testName) { + banner(testName); CollectionObjectClient collectionObjectClient = new CollectionObjectClient(); String identifier = BaseServiceTest.createIdentifier(); MultipartOutput multipart = createCollectionObjectInstance( @@ -328,12 +405,12 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { collectionObjectClient.setupHttpClient(); collectionObjectClient.setProxy(); } catch (Exception e) { - logger.error("createWithoutTenant: caught " + e.getMessage()); + logger.error(testName + ": caught " + e.getMessage()); return; } ClientResponse res = collectionObjectClient.create(multipart); if (logger.isDebugEnabled()) { - logger.debug("createWithoutTenant: status = " + logger.debug(testName + ": status = " + res.getStatus()); } Assert.assertEquals(res.getStatus(), Response.Status.UNAUTHORIZED.getStatusCode(), "expected " + Response.Status.UNAUTHORIZED.getStatusCode()); @@ -375,7 +452,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { } @Test(dataProvider = "testName", dataProviderClass = AbstractServiceTestImpl.class, - dependsOnMethods = {"delete"}) + dependsOnMethods = {"create", "createWithInactiveAccount"}) public void deleteAccounts(String testName) throws Exception { // Perform setup. @@ -396,6 +473,14 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { } Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); + + res = accountClient.delete(georgeAccountId); + statusCode = res.getStatus(); + if (logger.isDebugEnabled()) { + logger.debug(testName + ": george status = " + statusCode); + } + Assert.assertTrue(REQUEST_TYPE.isValidStatusCode(statusCode), + invalidStatusCodeMessage(REQUEST_TYPE, statusCode)); } // --------------------------------------------------------------- @@ -442,27 +527,21 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { } private AccountsCommon createAccountInstance(String screenName, - String passwd, String email, String tenantId) { - - AccountsCommon account = new AccountsCommon(); - account.setScreenName(screenName); - account.setUserId(screenName); - //jaxb would encode b64 - account.setPassword(passwd.getBytes()); - account.setEmail(email); - account.setPhone("1234567890"); - List atl = new ArrayList(); - - AccountTenant at = new AccountTenant(); - at.setTenantId(tenantId);//for testing purposes - atl.add(at); + String passwd, String email, boolean invalidTenant) { + + AccountsCommon account = AccountFactory.createAccountInstance(screenName, + screenName, passwd, email, + true, true, invalidTenant, true, true); + + List atl = account.getTenants(); + //disable 2nd tenant till tenant identification is in effect //on the service side for 1-n user-tenants // AccountsCommon.Tenant at2 = new AccountsCommon.Tenant(); // at2.setId(UUID.randomUUID().toString()); // at2.setName("collectionspace.org"); // atl.add(at2); - account.setTenants(atl); +// account.setTenants(atl); if (logger.isDebugEnabled()) { logger.debug("to be created, account common"); @@ -478,7 +557,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void createList(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -486,7 +565,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void createWithEmptyEntityBody(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -494,7 +573,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void createWithMalformedXml(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -502,7 +581,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void createWithWrongXmlSchema(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -510,7 +589,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void read(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -518,7 +597,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void readNonExistent(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -526,7 +605,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void readList(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -534,7 +613,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void update(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -542,7 +621,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void updateWithEmptyEntityBody(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -550,7 +629,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void updateWithMalformedXml(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -558,7 +637,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void updateWithWrongXmlSchema(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -566,7 +645,7 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void updateNonExistent(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } /* (non-Javadoc) @@ -574,6 +653,6 @@ public class AuthenticationServiceTest extends AbstractServiceTestImpl { */ @Override public void deleteNonExistent(String testName) throws Exception { - //FIXME: Should this test really be empty? If so, please comment accordingly. + //FIXME: Should this test really be empty? If so, please comment accordingly. } }