diff --git a/src/main/java/de/filefighter/rest/domain/user/data/persistance/UserEntity.java b/src/main/java/de/filefighter/rest/domain/user/data/persistance/UserEntity.java index 7d4dc21b..031e84f8 100644 --- a/src/main/java/de/filefighter/rest/domain/user/data/persistance/UserEntity.java +++ b/src/main/java/de/filefighter/rest/domain/user/data/persistance/UserEntity.java @@ -2,6 +2,7 @@ import lombok.Builder; import lombok.Getter; +import lombok.Setter; import lombok.ToString; import org.springframework.data.mongodb.core.mapping.Document; import org.springframework.data.mongodb.core.mapping.MongoId; @@ -10,15 +11,16 @@ @Getter @ToString @Builder +@Setter public class UserEntity { @MongoId private final String _id; - private final long userId; - private final String username; - private final String lowercaseUsername; // Redundancy for performance tradeoff. - private final String password; - private final String refreshToken; //TODO: add valid_until for refreshToken - private final long[] groupIds; + private long userId; + private String username; + private String lowercaseUsername; // Redundancy for performance tradeoff. + private String password; + private String refreshToken; //TODO: add valid_until for refreshToken + private long[] groupIds; } diff --git a/src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java b/src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java index 318c042b..df2a492a 100644 --- a/src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java +++ b/src/test/java/de/filefighter/rest/RestApplicationIntegrationTest.java @@ -16,6 +16,7 @@ import org.springframework.web.client.RestTemplate; import java.io.IOException; +import java.util.Arrays; import java.util.HashMap; import java.util.Map; @@ -108,4 +109,29 @@ public void handleError(@NotNull ClientHttpResponse response) throws IOException results = new ResponseResults(response); } } -} \ No newline at end of file + + protected static String serializeUser(String confirmationPassword,int[] groupIds, String password, String username){ + StringBuilder jsonString=new StringBuilder("{"); + + if (confirmationPassword != null){ + jsonString.append("\"confirmationPassword\": \"").append(confirmationPassword).append("\","); + } + if (groupIds!=null && groupIds.length>0){ + jsonString.append("\"groupIds\": ").append(Arrays.toString(groupIds)).append(","); + } + if (password != null){ + jsonString.append("\"password\": \"").append(password).append("\","); + } + if (username != null){ + jsonString.append("\"username\": \"").append(username).append("\","); + } + + jsonString.append("}"); + + return jsonString.toString(); + } + + + + +} diff --git a/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java b/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java index db4f297b..7ced79d0 100644 --- a/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java +++ b/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java @@ -166,4 +166,12 @@ public void responseContainsKeyAndValueOfAtLeast(String key, int value) throws J assertTrue(actualValue >= value); } + + @And("user with id {long} is in group with id {long}") + public void userWithIdIsInGroupWithId(long userId, long groupId) { + UserEntity userEntity=userRepository.findByUserId(userId); + + userEntity.setGroupIds(new long[]{groupId}); + userRepository.save(userEntity); + } } diff --git a/src/test/java/de/filefighter/rest/cucumber/UserEditInformationSteps.java b/src/test/java/de/filefighter/rest/cucumber/UserEditInformationSteps.java index b27dd37a..179db20b 100644 --- a/src/test/java/de/filefighter/rest/cucumber/UserEditInformationSteps.java +++ b/src/test/java/de/filefighter/rest/cucumber/UserEditInformationSteps.java @@ -21,12 +21,8 @@ public void userRequestsChangeOfUsernameWithValueAndAccessTokenAndId(String newU - String postBody="{" + - " \"groupIds\": [" + - " 0" + - " ]," + - " \"username\": \""+newUsername+"\"" + - "}"; + String postBody=serializeUser(null,null,null,newUsername); + executeRestApiCall(HttpMethod.PUT, url, authHeader,postBody); } @@ -40,13 +36,8 @@ public void userRequestsChangeOfPasswordWithValueAndAccessTokenAndId(String newP authHeader.put("Authorization", authHeaderString); - String postBody="{\n" + - " \"confirmationPassword\": \""+newPassword+"\"," + - " \"groupIds\": [" + - " 0" + - " ]," + - " \"password\": \""+newPassword+"\"," + - "}"; + String postBody=serializeUser(newPassword,null,newPassword,null); + executeRestApiCall(HttpMethod.GET, url, authHeader,postBody); } diff --git a/src/test/java/de/filefighter/rest/cucumber/UserRegistrationSteps.java b/src/test/java/de/filefighter/rest/cucumber/UserRegistrationSteps.java new file mode 100644 index 00000000..df5de343 --- /dev/null +++ b/src/test/java/de/filefighter/rest/cucumber/UserRegistrationSteps.java @@ -0,0 +1,31 @@ +package de.filefighter.rest.cucumber; + +import de.filefighter.rest.RestApplicationIntegrationTest; +import io.cucumber.java.en.When; +import org.springframework.http.HttpMethod; + +import java.util.HashMap; + +import static de.filefighter.rest.configuration.RestConfiguration.*; + +public class UserRegistrationSteps extends RestApplicationIntegrationTest { + @When("user requests registration with username {string}, password {string} and password confirmation {string} with accessToken {string}") + public void userRequestsRegistrationWithUsernamePasswordAndPasswordConfirmationWithAccessToken(String username, String password, String passwordConfirmation, String accessToken) { + + String authHeaderString = AUTHORIZATION_BEARER_PREFIX + accessToken; + String url = BASE_API_URI + USER_BASE_URI + "register"; + + + HashMap authHeader = new HashMap<>(); + authHeader.put("Authorization", authHeaderString); + + + + + String postBody=serializeUser(password,null,password,username); + + executeRestApiCall(HttpMethod.POST, url, authHeader,postBody); + + + } +} diff --git a/src/test/resources/UserRegistration.feature b/src/test/resources/UserRegistration.feature index a574bed5..0c9fc3f9 100644 --- a/src/test/resources/UserRegistration.feature +++ b/src/test/resources/UserRegistration.feature @@ -1,61 +1,61 @@ -#Feature: User Registration -# As a user (/admin) -# I want to be able to register (users) with username and password -# -# Background: -# Given database is empty -# And user with id 1234 exists and has username "user", password "secure_password" -# And accessToken with value "accessToken" exists for user 1234 -# And user with id 1234 is in group with id 1 -# -# Scenario: Successful registration with username, password and password confirmation. -# When user requests registration with username "kangaroo", password "pig-system" and password confirmation "pig-system" with accessToken "accessToken" -# Then response status code is 201 -# And response contains key "message" and value "User successfully created." -# And response contains key "status" and value "created" -# -# Scenario: Successful registration with username, password and password confirmation; password matches password of other users. -# When user requests registration with username "kangaroo", password "secure_password" and password confirmation "secure_password" with accessToken "accessToken" -# Then response status code is 201 -# And response contains key "message" and value "User successfully created." -# And response contains key "status" and value "created" -# -# Scenario: Failed registration with used username, arbitrary password and password confirmation. -# When user requests registration with username "user", password "pig-system" and password confirmation "pig-system" with accessToken "accessToken" -# Then response status code is 409 -# And response contains key "message" and value "User already exists." -# And response contains key "status" and value "conflict" -# -# Scenario: Failed registration with used username (other case), arbitrary password and password confirmation. -# When user requests registration with username "User", password "pig-system" and password confirmation "pig-system" with accessToken "accessToken" -# Then response status code is 409 -# And response contains key "message" and value "User already exists." -# And response contains key "status" and value "conflict" -# -# Scenario: Failed registration with username, password and deviating password confirmation. -# When user requests registration with username "kangaroo", password "pig-system" and password confirmation "i-love-capitalism" with accessToken "accessToken" -# Then response status code is 409 -# And response contains key "message" and value "Passwords do not match." -# And response contains key "status" and value "conflict" -# -# Scenario: Failed registration with username, password and password confirmation; username is part of password. -# When user requests registration with username "kangaroo", password "kangaroo-system" and password confirmation "kangaroo-system" with accessToken "accessToken" -# Then response status code is 409 -# And response contains key "message" and value "Username must not appear in password." -# And response contains key "status" and value "conflict" -# -# Scenario: Failed registration with username, password and password confirmation; password appears in list of top 10k passwords -# When user requests registration with username "kangaroo", password "vietnam" and password confirmation "vietnam" with accessToken "accessToken" -# Then response status code is 409 -# And response contains key "message" and value "Password must not appear in the top 10000 most common passwords." -# And response contains key "status" and value "conflict" -# #https://github.com/iryndin/10K-Most-Popular-Passwords/blob/master/passwords.txt -# -# Scenario: Failed registration with username, password and password confirmation; not in group ADMIN -# Given user with id 1236 exists -# And user with id 1236 is in group with id -1 -# And accessToken with value "wrongAccessToken" exists for user 1236 -# When user requests registration with username "kangaroo", password "pig-system" and password confirmation "pig-system" with accessToken "wrongAccessToken" -# Then response status code is 401 -# And response contains key "message" and value "User must not register new users." -# And response contains key "status" and value "unauthorized" \ No newline at end of file +Feature: User Registration + As a user (/admin) + I want to be able to register (users) with username and password + + Background: + Given database is empty + And user with id 1234 exists and has username "user", password "secure_password" + And accessToken with value "accessToken" exists for user 1234 + And user with id 1234 is in group with id 1 + + Scenario: Successful registration with username, password and password confirmation. + When user requests registration with username "kangaroo", password "pig-system" and password confirmation "pig-system" with accessToken "accessToken" + Then response status code is 201 + And response contains key "message" and value "User successfully created." + And response contains key "status" and value "created" + + Scenario: Successful registration with username, password and password confirmation; password matches password of other users. + When user requests registration with username "kangaroo", password "secure_password" and password confirmation "secure_password" with accessToken "accessToken" + Then response status code is 201 + And response contains key "message" and value "User successfully created." + And response contains key "status" and value "created" + + Scenario: Failed registration with used username, arbitrary password and password confirmation. + When user requests registration with username "user", password "pig-system" and password confirmation "pig-system" with accessToken "accessToken" + Then response status code is 409 + And response contains key "message" and value "User already exists." + And response contains key "status" and value "conflict" + + Scenario: Failed registration with used username (other case), arbitrary password and password confirmation. + When user requests registration with username "User", password "pig-system" and password confirmation "pig-system" with accessToken "accessToken" + Then response status code is 409 + And response contains key "message" and value "User already exists." + And response contains key "status" and value "conflict" + + Scenario: Failed registration with username, password and deviating password confirmation. + When user requests registration with username "kangaroo", password "pig-system" and password confirmation "i-love-capitalism" with accessToken "accessToken" + Then response status code is 409 + And response contains key "message" and value "Passwords do not match." + And response contains key "status" and value "conflict" + + Scenario: Failed registration with username, password and password confirmation; username is part of password. + When user requests registration with username "kangaroo", password "kangaroo-system" and password confirmation "kangaroo-system" with accessToken "accessToken" + Then response status code is 409 + And response contains key "message" and value "Username must not appear in password." + And response contains key "status" and value "conflict" + + Scenario: Failed registration with username, password and password confirmation; password appears in list of top 10k passwords + When user requests registration with username "kangaroo", password "vietnam" and password confirmation "vietnam" with accessToken "accessToken" + Then response status code is 409 + And response contains key "message" and value "Password must not appear in the top 10000 most common passwords." + And response contains key "status" and value "conflict" + #https://github.com/iryndin/10K-Most-Popular-Passwords/blob/master/passwords.txt + + Scenario: Failed registration with username, password and password confirmation; not in group ADMIN + Given user 1236 exists + And user with id 1236 is in group with id -1 + And accessToken with value "wrongAccessToken" exists for user 1236 + When user requests registration with username "kangaroo", password "pig-system" and password confirmation "pig-system" with accessToken "wrongAccessToken" + Then response status code is 401 + And response contains key "message" and value "User must not register new users." + And response contains key "status" and value "unauthorized" \ No newline at end of file