From 9ddbda377d1c12a65324b131c1eb7ed5ebd2cb85 Mon Sep 17 00:00:00 2001 From: rrajoria Date: Wed, 22 Mar 2023 12:56:45 +0530 Subject: [PATCH] Test Case for Client Workspace and changes for Review comments --- .../ResetPasswordServiceImpl.java | 24 ++--- .../ResetPasswordServiceImplTest.java | 90 +++++++++++++++++++ 2 files changed, 103 insertions(+), 11 deletions(-) diff --git a/repository/src/main/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImpl.java b/repository/src/main/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImpl.java index 5ec0fa2d0c..800c1cb1d4 100644 --- a/repository/src/main/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImpl.java +++ b/repository/src/main/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImpl.java @@ -540,22 +540,24 @@ public class ResetPasswordServiceImpl implements ResetPasswordService if(!StringUtils.isEmpty(clientApp.getProperty("workspaceUrl"))) { - String workspaceUrlPlaceholder = clientApp.getProperty("workspaceUrlPlaceholder"); + String workspaceUrlPlaceholder = clientApp.getProperty("workspaceUrl"); String workSpaceUrl = getRepoBaseUrl(workspaceUrlPlaceholder,""); sb.append(UrlUtil.replaceWorkSpaceUrlPlaceholder(pageUrl,workSpaceUrl)); LOGGER.warn("Client Name is " + clientApp.getName() + " The url used is " + sb.toString()); - sb.append("?key=").append(key) - .append("&id=").append(BPMEngineRegistry.createGlobalId(ActivitiConstants.ENGINE_ID, id)); - } - else if(StringUtils.isEmpty(pageUrl)) { - sb.append(UrlUtil.getShareUrl(sysAdminParams)); - LOGGER.warn("'resetPasswordPageUrl' property is not set for the client [" + clientApp.getName() + } + else if(StringUtils.isEmpty(pageUrl)) + { + sb.append(UrlUtil.getShareUrl(sysAdminParams)); + + LOGGER.warn("'resetPasswordPageUrl' property is not set for the client [" + clientApp.getName() + "]. The default base url of Share will be used [" + sb.toString() + "]"); - } else { - // We pass an empty string as we know that the pageUrl is not null - sb.append(getUrl(pageUrl, "")); - } + } + else + { + // We pass an empty string as we know that the pageUrl is not null + sb.append(getUrl(pageUrl, "")); + } sb.append("?key=").append(key) .append("&id=").append(BPMEngineRegistry.createGlobalId(ActivitiConstants.ENGINE_ID, id)); diff --git a/repository/src/test/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImplTest.java b/repository/src/test/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImplTest.java index a4b4e94c54..899241b449 100644 --- a/repository/src/test/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImplTest.java +++ b/repository/src/test/java/org/alfresco/repo/security/authentication/ResetPasswordServiceImplTest.java @@ -91,6 +91,7 @@ public class ResetPasswordServiceImplTest private static TestPerson testPerson; private static EmailUtil emailUtil; + private static TestPerson testPersonForWorkspace; @BeforeClass public static void initStaticData() throws Exception @@ -114,9 +115,18 @@ public class ResetPasswordServiceImplTest .setPassword("password") .setEmail(userName + "@example.com"); + String userNameForWorkspace = "shane.doe" + System.currentTimeMillis(); + testPersonForWorkspace = new TestPerson() + .setUserName(userNameForWorkspace) + .setFirstName("Shane") + .setLastName("doe") + .setPassword("password") + .setEmail(userNameForWorkspace + "@example.com"); + transactionHelper.doInTransaction((RetryingTransactionCallback) () -> { createUser(testPerson); + createUser(testPersonForWorkspace); return null; }); @@ -494,4 +504,84 @@ public class ResetPasswordServiceImplTest } } + @Test + public void testResetPasswordForClientWorkspace() throws Exception + { + // Try the credential before change of password + authenticateUser(testPersonForWorkspace.userName, testPersonForWorkspace.password); + + // Make sure to run as system + AuthenticationUtil.clearCurrentSecurityContext(); + AuthenticationUtil.setRunAsUserSystem(); + + // Request password reset + resetPasswordService.requestReset(testPersonForWorkspace.userName, "workspace"); + assertEquals("A reset password email should have been sent.", 1, emailUtil.getSentCount()); + // Check the email + MimeMessage msg = emailUtil.getLastEmail(); + assertNotNull("There should be an email.", msg); + assertEquals("Should've been only one email recipient.", 1, msg.getAllRecipients().length); + // Check the recipient is the person who requested the reset password + assertEquals(testPersonForWorkspace.email, msg.getAllRecipients()[0].toString()); + //Check the sender is what we set as default + assertEquals(DEFAULT_SENDER, msg.getFrom()[0].toString()); + // There should be a subject + assertNotNull("There should be a subject.", msg.getSubject()); + // Check the default email subject - (check that we are sending the right email) + String emailSubjectKey = getDeclaredField(SendResetPasswordEmailDelegate.class, "EMAIL_SUBJECT_KEY"); + assertNotNull(emailSubjectKey); + assertEquals(msg.getSubject(), I18NUtil.getMessage(emailSubjectKey)); + + // Check the reset password url. + String resetPasswordUrl = (String) emailUtil.getLastEmailTemplateModelValue("reset_password_url"); + assertNotNull("Wrong email is sent.", resetPasswordUrl); + // Get the workflow id and key + Pair pair = getWorkflowIdAndKeyFromUrl(resetPasswordUrl); + assertNotNull("Workflow Id can't be null.", pair.getFirst()); + assertNotNull("Workflow Key can't be null.", pair.getSecond()); + + emailUtil.reset(); + // Now that we have got the email, try to reset the password + ResetPasswordDetails passwordDetails = new ResetPasswordDetails() + .setUserId(testPersonForWorkspace.userName) + .setPassword("newPassword") + .setWorkflowId(pair.getFirst()) + .setWorkflowKey(pair.getSecond()); + + resetPasswordService.initiateResetPassword(passwordDetails); + assertEquals("A reset password confirmation email should have been sent.", 1, emailUtil.getSentCount()); + // Check the email + msg = emailUtil.getLastEmail(); + assertNotNull("There should be an email.", msg); + assertEquals("Should've been only one email recipient.", 1, msg.getAllRecipients().length); + // Check the recipient is the person who requested the reset password + assertEquals(testPersonForWorkspace.email, msg.getAllRecipients()[0].toString()); + // Check the sender is what we set as default + assertEquals(DEFAULT_SENDER, msg.getFrom()[0].toString()); + // There should be a subject + assertNotNull("There should be a subject.", msg.getSubject()); + // Check the default email subject - (check that we are sending the right email) + emailSubjectKey = getDeclaredField(SendResetPasswordConfirmationEmailDelegate.class, "EMAIL_SUBJECT_KEY"); + assertNotNull(emailSubjectKey); + assertEquals(msg.getSubject(), I18NUtil.getMessage(emailSubjectKey)); + + // Try the old credential + TestHelper.assertThrows(() -> authenticateUser(testPersonForWorkspace.userName, testPersonForWorkspace.password), + AuthenticationException.class, + "As the user changed her password, the authentication should have failed."); + + // Try the new credential + authenticateUser(testPersonForWorkspace.userName, "newPassword"); + + // Make sure to run as system + AuthenticationUtil.clearCurrentSecurityContext(); + AuthenticationUtil.setRunAsUserSystem(); + emailUtil.reset(); + // Try reset again with the used workflow + TestHelper.assertThrows(() -> resetPasswordService.initiateResetPassword(passwordDetails), + InvalidResetPasswordWorkflowException.class, + "The workflow instance is not active (it has already been used)."); + assertEquals("No email should have been sent.", 0, emailUtil.getSentCount()); + } + }