/*
* This program is part of the OpenLMIS logistics management information system platform software.
* Copyright © 2013 VillageReach
*
* This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.
* You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses. For additional information contact info@OpenLMIS.org.
*/
package org.openlmis.web.authentication;
import org.junit.Before;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.openlmis.authentication.domain.UserToken;
import org.openlmis.authentication.service.UserAuthenticationService;
import org.openlmis.authentication.web.UserAuthenticationProvider;
import org.openlmis.core.domain.User;
import org.openlmis.db.categories.UnitTests;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import static org.hamcrest.CoreMatchers.*;
import static org.hamcrest.MatcherAssert.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@Category(UnitTests.class)
public class UserAuthenticationProviderTest {
private UserAuthenticationService userService;
private UserAuthenticationProvider userAuthenticationProvider;
@Before
public void setup() {
userService = mock(UserAuthenticationService.class);
userAuthenticationProvider = new UserAuthenticationProvider(userService);
}
@Test
public void shouldAuthenticateValidUser() {
String validUser = "validUser";
String password = "password";
User user = new User();
user.setUserName(validUser);
user.setPassword(password);
when(userService.authenticateUser(user)).thenReturn(new UserToken(validUser, 1L, true));
Authentication authentication = new TestingAuthenticationToken(validUser, password);
Authentication authenticate = userAuthenticationProvider.authenticate(authentication);
assertThat(authenticate, instanceOf(UsernamePasswordAuthenticationToken.class));
assertThat((Long) authenticate.getPrincipal(), is(equalTo(1L)));
assertThat(authenticate.getCredentials(), is(equalTo(null)));
assertThat(authenticate.isAuthenticated(), is(true));
}
@Test
public void shouldNotAuthenticateInvalidUser() {
String invalidUser = "invalidUser";
String password = "password";
User user = new User();
user.setUserName(invalidUser);
user.setPassword(password);
when(userService.authenticateUser(user)).thenReturn(new UserToken(invalidUser, null, false));
Authentication authentication = new TestingAuthenticationToken(invalidUser, password);
Authentication authenticate = userAuthenticationProvider.authenticate(authentication);
assertThat(authenticate, is(equalTo(null)));
}
}