Package com.atlassian.crowd.acceptance.tests.rest.service

Class TokenResourceTest

java.lang.Object
junit.framework.Assert
junit.framework.TestCase
com.atlassian.crowd.acceptance.tests.rest.service.RestCrowdServiceAcceptanceTestCase
com.atlassian.crowd.acceptance.tests.rest.service.TokenResourceTest
All Implemented Interfaces:
junit.framework.Test
public class TokenResourceTest extends RestCrowdServiceAcceptanceTestCase

  • Constructor Details

    • TokenResourceTest

      public TokenResourceTest(String name)
      Constructs a test case with the given name.
      Parameters:
      name - the test name

    • TokenResourceTest

      public TokenResourceTest(String name, RestServer restServer)
      Constructs a test case with the given name, using the given RestServer.
      Parameters:
      name - the test name
      restServer - the RestServer

  • Method Details

    • setUp

      public void setUp() throws Exception
      Overrides:
      setUp in class RestCrowdServiceAcceptanceTestCase
      Throws:
      Exception

    • testUserAuthentication

      public void testUserAuthentication()
      Tests that a user can successfully authenticate with an application.

    • testUserAuthentication_WithoutPasswordValidation

      public void testUserAuthentication_WithoutPasswordValidation()
      Tests that a user can successfully authenticate with an application without password validation when the query parameter "validate-password" is false.

    • testUserAuthentication_InactiveUser

      public void testUserAuthentication_InactiveUser()
      Tests that an inactive user cannot create a session.

    • testUserAuthentication_BadPassword

      public void testUserAuthentication_BadPassword()
      Tests that if a bad user credential is given, an error response is returned.

    • testGetUserFromToken

      public void testGetUserFromToken()
      Tests that getUserFromToken returns the correct user.

    • testValidateToken

      public void testValidateToken()
      Tests that when the validation factors are correct, and the token is correct, no errors are thrown.

    • testShortLivedTokenExpiresImmediately

      public void testShortLivedTokenExpiresImmediately()

    • testMultipleShortLivedSessionsShouldNotDeadlock

      public void testMultipleShortLivedSessionsShouldNotDeadlock() throws Exception
      See CWD-3768. Requesting a new token should not deadlock if there is an expired token in database.
      Throws:
      Exception

    • testMultipleTokensWithDifferentPrivilegesDoNotInterfereWithEachOther

      public void testMultipleTokensWithDifferentPrivilegesDoNotInterfereWithEachOther()
      Tests the scenario in which different tokens are issued for the same user with different privileges.

    • testCreatedTokenUsesDirectoryCaseForUsername

      public void testCreatedTokenUsesDirectoryCaseForUsername()

    • testValidateToken_InvalidToken

      public void testValidateToken_InvalidToken()
      Tests that when the token is invalid, a 404 (Not Found) status is returned.

    • testValidateToken_InvalidValidationFactors

      public void testValidateToken_InvalidValidationFactors()
      Tests that when the validation factors are not correct, a 400 (Bad request) response is returned.

    • testInvalidateToken

      public void testInvalidateToken()
      Tests that the token really is invalidated.

    • testInvalidateAllTokens

      public void testInvalidateAllTokens()
      Tests that all tokens get invalidated when called

    • testTokenIsDeletedWhenUserIsRemoved

      public void testTokenIsDeletedWhenUserIsRemoved()
      Tests that the token is invalidated if the user is deleted

    • testTokenIsDeletedWhenUserChangesPassword

      public void testTokenIsDeletedWhenUserChangesPassword()
      Tests that the token is invalidated when the user changes their own password

    • testTokenIsDeletedWhenUserIsMadeInactive

      public void testTokenIsDeletedWhenUserIsMadeInactive()
      Test that the token is invalidated if the user is deactivated

    • testGetUserFromTokenEnforcesApplicationAuthenticationChecks

      public void testGetUserFromTokenEnforcesApplicationAuthenticationChecks()
      Tests that a token from a login against one application cannot be used with another application where that user has no permission.

    • testAllSessionsForUserAreInvalidatedByDeleteWithUsernameSpecified

      public void testAllSessionsForUserAreInvalidatedByDeleteWithUsernameSpecified()

    • testSpecifiedUserSessionIsExcludedFromDeletionByUsername

      public void testSpecifiedUserSessionIsExcludedFromDeletionByUsername()

    • testStatusNotFoundWhenDeletingTokensForNonexistentUser

      public void testStatusNotFoundWhenDeletingTokensForNonexistentUser()

    • testSessionCreatedWithUnaliasedApplicationShowsAliasedNameWhenRetrievedWithAliasingApplication

      public void testSessionCreatedWithUnaliasedApplicationShowsAliasedNameWhenRetrievedWithAliasingApplication()

    • testSessionCreatedWithUnaliasedApplicationShowsAliasedNameWhenValidatedWithAliasingApplication

      public void testSessionCreatedWithUnaliasedApplicationShowsAliasedNameWhenValidatedWithAliasingApplication()
      The other alias tests GET the session. Ensure that aliases are also resolved for a POST validation.

    • testSessionCreatedThroughAliasedApplicationShowsOriginalNameWhenRetrievedWithNonAliasingApplication

      public void testSessionCreatedThroughAliasedApplicationShowsOriginalNameWhenRetrievedWithNonAliasingApplication()

    • testSessionCreatedWithDifferentCaseReturnsCorrectCaseForUsername

      public void testSessionCreatedWithDifferentCaseReturnsCorrectCaseForUsername()

    • testSessionCreatedThroughAliasWithDifferentCaseReturnsCorrectCase

      public void testSessionCreatedThroughAliasWithDifferentCaseReturnsCorrectCase()

    • testSessionCannotBeCreatedWithAliasThroughUnaliasedApplication

      public void testSessionCannotBeCreatedWithAliasThroughUnaliasedApplication()

    • testAliasedApplicationAlsoAcceptsUnaliasedUsername

      public void testAliasedApplicationAlsoAcceptsUnaliasedUsername()
      Log in to an aliased application using the original username. This succeeds but, arguably, shouldn't: that user is aliased so the original username should be invisible.

    • setAliasForUsername

      protected void setAliasForUsername(String alias)

    • testAliasChangesAreReflectedInSessionUsername

      public void testAliasChangesAreReflectedInSessionUsername()

    • testSessionForAliasedApplicationIncludesUnaliasedUsernameAsAnExtraField

      public void testSessionForAliasedApplicationIncludesUnaliasedUsernameAsAnExtraField()