// Licensed to the Apache Software Foundation (ASF) under one // or more contributor license agreements. See the NOTICE file // distributed with this work for additional information // regarding copyright ownership. The ASF licenses this file // to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package com.cloud.user; import static org.mockito.ArgumentMatchers.nullable; import java.net.InetAddress; import java.net.UnknownHostException; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import org.apache.cloudstack.acl.ControlledEntity; import org.apache.cloudstack.acl.Role; import org.apache.cloudstack.acl.RoleService; import org.apache.cloudstack.acl.RoleType; import org.apache.cloudstack.acl.SecurityChecker.AccessType; import org.apache.cloudstack.api.command.admin.account.UpdateAccountCmd; import org.apache.cloudstack.api.command.admin.user.DeleteUserCmd; import org.apache.cloudstack.api.command.admin.user.GetUserKeysCmd; import org.apache.cloudstack.api.command.admin.user.UpdateUserCmd; import org.apache.cloudstack.api.response.UserTwoFactorAuthenticationSetupResponse; import org.apache.cloudstack.auth.UserAuthenticator; import org.apache.cloudstack.auth.UserAuthenticator.ActionOnFailedAuthentication; import org.apache.cloudstack.auth.UserTwoFactorAuthenticator; import org.apache.cloudstack.context.CallContext; import org.apache.cloudstack.framework.config.ConfigKey; import org.apache.cloudstack.resourcedetail.UserDetailVO; import org.apache.cloudstack.webhook.WebhookHelper; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.ArgumentCaptor; import org.mockito.InOrder; import org.mockito.Mock; import org.mockito.MockedStatic; import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; import org.springframework.beans.factory.NoSuchBeanDefinitionException; import com.cloud.acl.DomainChecker; import com.cloud.api.auth.SetupUserTwoFactorAuthenticationCmd; import com.cloud.domain.Domain; import com.cloud.domain.DomainVO; import com.cloud.event.ActionEventUtils; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.projects.Project; import com.cloud.projects.ProjectAccountVO; import com.cloud.user.Account.State; import com.cloud.utils.Pair; import com.cloud.utils.component.ComponentContext; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.UserVmManagerImpl; import com.cloud.vm.UserVmVO; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.snapshot.VMSnapshotVO; @RunWith(MockitoJUnitRunner.class) public class AccountManagerImplTest extends AccountManagetImplTestBase { @Mock private UserVmManagerImpl _vmMgr; @Mock private AccountVO callingAccount; @Mock private DomainChecker domainChecker; @Mock private AccountService accountService; @Mock private GetUserKeysCmd _listkeyscmd; @Mock private User _user; @Mock private UserAccountVO userAccountVO; @Mock private UpdateUserCmd UpdateUserCmdMock; @Mock private UpdateAccountCmd UpdateAccountCmdMock; private long userVoIdMock = 111l; @Mock private UserVO userVoMock; private long accountMockId = 100l; @Mock private Account accountMock; @Mock private DomainVO domainVoMock; @Mock private AccountVO accountVoMock; @Mock private AccountVO _systemAccount; @Mock private ProjectAccountVO projectAccountVO; @Mock private Project project; @Mock PasswordPolicyImpl passwordPolicyMock; @Mock ConfigKey enableUserTwoFactorAuthenticationMock; @Mock RoleService roleService; @Before public void setUp() throws Exception { enableUserTwoFactorAuthenticationMock = Mockito.mock(ConfigKey.class); accountManagerImpl.enableUserTwoFactorAuthentication = enableUserTwoFactorAuthenticationMock; } @Before public void beforeTest() { Mockito.doReturn(accountMockId).when(accountMock).getId(); Mockito.doReturn(accountMock).when(accountManagerImpl).getCurrentCallingAccount(); Mockito.doReturn(accountMockId).when(userVoMock).getAccountId(); Mockito.doReturn(userVoIdMock).when(userVoMock).getId(); } @Test public void disableAccountNotexisting() throws ConcurrentOperationException, ResourceUnavailableException { Mockito.when(_accountDao.findById(42l)).thenReturn(null); Assert.assertTrue(accountManagerImpl.disableAccount(42)); } @Test public void disableAccountDisabled() throws ConcurrentOperationException, ResourceUnavailableException { AccountVO disabledAccount = new AccountVO(); disabledAccount.setState(State.DISABLED); Mockito.when(_accountDao.findById(42l)).thenReturn(disabledAccount); Assert.assertTrue(accountManagerImpl.disableAccount(42)); } @Test public void disableAccount() throws ConcurrentOperationException, ResourceUnavailableException { AccountVO account = new AccountVO(); account.setState(State.ENABLED); Mockito.when(_accountDao.findById(42l)).thenReturn(account); Mockito.when(_accountDao.createForUpdate()).thenReturn(new AccountVO()); Mockito.when(_accountDao.update(Mockito.eq(42l), Mockito.any(AccountVO.class))).thenReturn(true); Mockito.when(_vmDao.listByAccountId(42l)).thenReturn(Arrays.asList(Mockito.mock(VMInstanceVO.class))); Assert.assertTrue(accountManagerImpl.disableAccount(42)); Mockito.verify(_accountDao, Mockito.atLeastOnce()).update(Mockito.eq(42l), Mockito.any(AccountVO.class)); } @Test public void deleteUserAccount() { AccountVO account = new AccountVO(); account.setId(42l); DomainVO domain = new DomainVO(); Mockito.when(_accountDao.findById(42l)).thenReturn(account); Mockito.doNothing().when(accountManagerImpl).checkAccess(Mockito.any(Account.class), Mockito.isNull(), Mockito.anyBoolean(), Mockito.any(Account.class)); Mockito.when(_accountDao.remove(42l)).thenReturn(true); Mockito.when(_configMgr.releaseAccountSpecificVirtualRanges(account)).thenReturn(true); Mockito.lenient().when(_domainMgr.getDomain(Mockito.anyLong())).thenReturn(domain); Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class), Mockito.any(Domain.class))).thenReturn(true); Mockito.when(_vmSnapshotDao.listByAccountId(Mockito.anyLong())).thenReturn(new ArrayList()); Mockito.when(_autoscaleMgr.deleteAutoScaleVmGroupsByAccount(account)).thenReturn(true); List sshkeyList = new ArrayList(); SSHKeyPairVO sshkey = new SSHKeyPairVO(); sshkey.setId(1l); sshkeyList.add(sshkey); Mockito.when(_sshKeyPairDao.listKeyPairs(Mockito.anyLong(), Mockito.anyLong())).thenReturn(sshkeyList); Mockito.when(_sshKeyPairDao.remove(Mockito.anyLong())).thenReturn(true); Mockito.when(userDataDao.removeByAccountId(Mockito.anyLong())).thenReturn(222); Mockito.doNothing().when(accountManagerImpl).deleteWebhooksForAccount(Mockito.anyLong()); Assert.assertTrue(accountManagerImpl.deleteUserAccount(42l)); // assert that this was a clean delete Mockito.verify(_accountDao, Mockito.never()).markForCleanup(Mockito.eq(42l)); } @Test public void deleteUserAccountCleanup() { AccountVO account = new AccountVO(); account.setId(42l); DomainVO domain = new DomainVO(); Mockito.when(_accountDao.findById(42l)).thenReturn(account); Mockito.doNothing().when(accountManagerImpl).checkAccess(Mockito.any(Account.class), Mockito.isNull(), Mockito.anyBoolean(), Mockito.any(Account.class)); Mockito.when(_accountDao.remove(42l)).thenReturn(true); Mockito.when(_configMgr.releaseAccountSpecificVirtualRanges(account)).thenReturn(true); Mockito.when(_userVmDao.listByAccountId(42l)).thenReturn(Arrays.asList(Mockito.mock(UserVmVO.class))); Mockito.when(_vmMgr.expunge(Mockito.any(UserVmVO.class))).thenReturn(false); Mockito.lenient().when(_domainMgr.getDomain(Mockito.anyLong())).thenReturn(domain); Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class), Mockito.any(Domain.class))).thenReturn(true); Mockito.doNothing().when(accountManagerImpl).deleteWebhooksForAccount(Mockito.anyLong()); Assert.assertTrue(accountManagerImpl.deleteUserAccount(42l)); // assert that this was NOT a clean delete Mockito.verify(_accountDao, Mockito.atLeastOnce()).markForCleanup(Mockito.eq(42l)); } @Test (expected = InvalidParameterValueException.class) public void deleteUserAccountTestIfAccountIdIsEqualToCallerIdShouldThrowException() { try (MockedStatic callContextMocked = Mockito.mockStatic(CallContext.class)) { CallContext callContextMock = Mockito.mock(CallContext.class); callContextMocked.when(CallContext::current).thenReturn(callContextMock); long accountId = 1L; Mockito.doReturn(accountVoMock).when(callContextMock).getCallingAccount(); Mockito.doReturn(accountVoMock).when(_accountDao).findById(Mockito.anyLong()); Mockito.doReturn(domainVoMock).when(_domainDao).findById(Mockito.anyLong()); Mockito.doReturn(1L).when(accountVoMock).getId(); accountManagerImpl.deleteUserAccount(accountId); } } @Test public void deleteUserAccountTestIfAccountIdIsNotEqualToCallerAccountIdShouldNotThrowException() { try (MockedStatic callContextMocked = Mockito.mockStatic(CallContext.class)) { CallContext callContextMock = Mockito.mock(CallContext.class); callContextMocked.when(CallContext::current).thenReturn(callContextMock); long accountId = 1L; Mockito.doReturn(accountVoMock).when(callContextMock).getCallingAccount(); Mockito.doReturn(accountVoMock).when(_accountDao).findById(Mockito.anyLong()); Mockito.doReturn(2L).when(accountVoMock).getId(); Mockito.doReturn(true).when(accountManagerImpl).isDeleteNeeded(Mockito.any(), Mockito.anyLong(), Mockito.any()); Mockito.doReturn(new ArrayList()).when(_projectAccountDao).listAdministratedProjectIds(Mockito.anyLong()); accountManagerImpl.deleteUserAccount(accountId); } } @Test (expected = InvalidParameterValueException.class) public void deleteUserTestIfUserIdIsEqualToCallerIdShouldThrowException() { try (MockedStatic callContextMocked = Mockito.mockStatic(CallContext.class)) { DeleteUserCmd cmd = Mockito.mock(DeleteUserCmd.class); CallContext callContextMock = Mockito.mock(CallContext.class); callContextMocked.when(CallContext::current).thenReturn(callContextMock); Mockito.doReturn(userVoMock).when(callContextMock).getCallingUser(); Mockito.doReturn(1L).when(cmd).getId(); Mockito.doReturn(userVoMock).when(accountManagerImpl).getValidUserVO(Mockito.anyLong()); Mockito.doReturn(accountVoMock).when(_accountDao).findById(Mockito.anyLong()); Mockito.doReturn(domainVoMock).when(_domainDao).findById(Mockito.anyLong()); Mockito.doReturn(1L).when(userVoMock).getId(); accountManagerImpl.deleteUser(cmd); } } @Test public void deleteUserTestIfUserIdIsNotEqualToCallerIdShouldNotThrowException() { try (MockedStatic callContextMocked = Mockito.mockStatic(CallContext.class)) { DeleteUserCmd cmd = Mockito.mock(DeleteUserCmd.class); CallContext callContextMock = Mockito.mock(CallContext.class); callContextMocked.when(CallContext::current).thenReturn(callContextMock); Mockito.doReturn(userVoMock).when(callContextMock).getCallingUser(); Mockito.doReturn(1L).when(cmd).getId(); Mockito.doReturn(userVoMock).when(accountManagerImpl).getValidUserVO(Mockito.anyLong()); Mockito.doReturn(accountVoMock).when(_accountDao).findById(Mockito.anyLong()); Mockito.doReturn(2L).when(userVoMock).getId(); Mockito.doNothing().when(accountManagerImpl).checkAccountAndAccess(Mockito.any(), Mockito.any()); accountManagerImpl.deleteUser(cmd); } } @Test public void testAuthenticateUser() throws UnknownHostException { Pair successAuthenticationPair = new Pair<>(true, null); Pair failureAuthenticationPair = new Pair<>(false, UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); UserAccountVO userAccountVO = new UserAccountVO(); userAccountVO.setSource(User.Source.UNKNOWN); userAccountVO.setState(Account.State.DISABLED.toString()); Mockito.when(userAccountDaoMock.getUserAccount("test", 1L)).thenReturn(userAccountVO); Mockito.when(userAuthenticator.authenticate("test", "fail", 1L, new HashMap<>())).thenReturn(failureAuthenticationPair); Mockito.lenient().when(userAuthenticator.authenticate("test", null, 1L, new HashMap<>())).thenReturn(successAuthenticationPair); Mockito.lenient().when(userAuthenticator.authenticate("test", "", 1L, new HashMap<>())).thenReturn(successAuthenticationPair); Mockito.when(userAuthenticator.getName()).thenReturn("test"); //Test for incorrect password. authentication should fail UserAccount userAccount = accountManagerImpl.authenticateUser("test", "fail", 1L, InetAddress.getByName("127.0.0.1"), new HashMap<>()); Assert.assertNull(userAccount); //Test for null password. authentication should fail userAccount = accountManagerImpl.authenticateUser("test", null, 1L, InetAddress.getByName("127.0.0.1"), new HashMap<>()); Assert.assertNull(userAccount); //Test for empty password. authentication should fail userAccount = accountManagerImpl.authenticateUser("test", "", 1L, InetAddress.getByName("127.0.0.1"), new HashMap<>()); Assert.assertNull(userAccount); //Verifying that the authentication method is only called when password is specified Mockito.verify(userAuthenticator, Mockito.times(1)).authenticate("test", "fail", 1L, new HashMap<>()); Mockito.verify(userAuthenticator, Mockito.never()).authenticate("test", null, 1L, null); Mockito.verify(userAuthenticator, Mockito.never()).authenticate("test", "", 1L, null); } @Test(expected = PermissionDeniedException.class) public void testgetUserCmd() { CallContext.register(callingUser, callingAccount); // Calling account is user account i.e normal account Mockito.when(_listkeyscmd.getID()).thenReturn(1L); Mockito.when(accountManagerImpl.getActiveUser(1L)).thenReturn(userVoMock); Mockito.when(userAccountDaoMock.findById(1L)).thenReturn(userAccountVO); Mockito.when(userAccountVO.getAccountId()).thenReturn(1L); Mockito.lenient().when(accountManagerImpl.getAccount(Mockito.anyLong())).thenReturn(accountMock); // Queried account - admin account Mockito.lenient().when(callingUser.getAccountId()).thenReturn(1L); Mockito.lenient().when(_accountDao.findById(1L)).thenReturn(callingAccount); Mockito.lenient().when(accountService.isNormalUser(Mockito.anyLong())).thenReturn(Boolean.TRUE); Mockito.lenient().when(accountMock.getAccountId()).thenReturn(2L); accountManagerImpl.getKeys(_listkeyscmd); } @Test(expected = PermissionDeniedException.class) public void testGetUserKeysCmdDomainAdminRootAdminUser() { CallContext.register(callingUser, callingAccount); Mockito.when(_listkeyscmd.getID()).thenReturn(2L); Mockito.when(accountManagerImpl.getActiveUser(2L)).thenReturn(userVoMock); Mockito.when(userAccountDaoMock.findById(2L)).thenReturn(userAccountVO); Mockito.when(userAccountVO.getAccountId()).thenReturn(2L); Mockito.when(userDetailsDaoMock.listDetailsKeyPairs(Mockito.anyLong())).thenReturn(null); // Queried account - admin account AccountVO adminAccountMock = Mockito.mock(AccountVO.class); Mockito.when(adminAccountMock.getAccountId()).thenReturn(2L); Mockito.when(_accountDao.findByIdIncludingRemoved(2L)).thenReturn(adminAccountMock); Mockito.lenient().when(accountService.isRootAdmin(2L)).thenReturn(true); Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class), Mockito.nullable(ControlledEntity.class), Mockito.nullable(AccessType.class), Mockito.anyString())).thenReturn(true); // Calling account is domain admin of the ROOT domain Mockito.lenient().when(callingAccount.getType()).thenReturn(Account.Type.DOMAIN_ADMIN); Mockito.lenient().when(callingAccount.getDomainId()).thenReturn(Domain.ROOT_DOMAIN); Mockito.lenient().when(callingUser.getAccountId()).thenReturn(2L); Mockito.lenient().when(_accountDao.findById(2L)).thenReturn(callingAccount); Mockito.lenient().when(accountService.isDomainAdmin(Mockito.anyLong())).thenReturn(Boolean.TRUE); Mockito.lenient().when(accountMock.getAccountId()).thenReturn(2L); accountManagerImpl.getKeys(_listkeyscmd); } @Test public void testPreventRootDomainAdminAccessToRootAdminKeysNormalUser() { User user = Mockito.mock(User.class); ControlledEntity entity = Mockito.mock(ControlledEntity.class); Mockito.when(user.getAccountId()).thenReturn(1L); AccountVO account = Mockito.mock(AccountVO.class); Mockito.when(account.getType()).thenReturn(Account.Type.NORMAL); Mockito.when(_accountDao.findById(1L)).thenReturn(account); accountManagerImpl.preventRootDomainAdminAccessToRootAdminKeys(user, entity); Mockito.verify(accountManagerImpl, Mockito.never()).isRootAdmin(Mockito.anyLong()); } @Test(expected = PermissionDeniedException.class) public void testPreventRootDomainAdminAccessToRootAdminKeysRootDomainAdminUser() { User user = Mockito.mock(User.class); ControlledEntity entity = Mockito.mock(ControlledEntity.class); Mockito.when(user.getAccountId()).thenReturn(1L); AccountVO account = Mockito.mock(AccountVO.class); Mockito.when(account.getType()).thenReturn(Account.Type.DOMAIN_ADMIN); Mockito.when(account.getDomainId()).thenReturn(Domain.ROOT_DOMAIN); Mockito.when(_accountDao.findById(1L)).thenReturn(account); Mockito.when(entity.getAccountId()).thenReturn(1L); Mockito.lenient().when(securityChecker.checkAccess(Mockito.any(Account.class), Mockito.nullable(ControlledEntity.class), Mockito.nullable(AccessType.class), Mockito.anyString())).thenReturn(true); accountManagerImpl.preventRootDomainAdminAccessToRootAdminKeys(user, entity); } @Test public void updateUserTestTimeZoneAndEmailNull() { prepareMockAndExecuteUpdateUserTest(0); } @Test public void updateUserTestTimeZoneAndEmailNotNull() { Mockito.when(UpdateUserCmdMock.getEmail()).thenReturn("email"); Mockito.when(UpdateUserCmdMock.getTimezone()).thenReturn("timezone"); prepareMockAndExecuteUpdateUserTest(1); } private void prepareMockAndExecuteUpdateUserTest(int numberOfExpectedCallsForSetEmailAndSetTimeZone) { Mockito.doReturn("password").when(UpdateUserCmdMock).getPassword(); Mockito.doReturn("newpassword").when(UpdateUserCmdMock).getCurrentPassword(); Mockito.doReturn(userVoMock).when(accountManagerImpl).retrieveAndValidateUser(UpdateUserCmdMock); Mockito.doNothing().when(accountManagerImpl).validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.doReturn(accountMock).when(accountManagerImpl).retrieveAndValidateAccount(userVoMock); Mockito.doNothing().when(accountManagerImpl).validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.doNothing().when(accountManagerImpl).validateAndUpdateLastNameIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.doNothing().when(accountManagerImpl).validateAndUpdateUsernameIfNeeded(UpdateUserCmdMock, userVoMock, accountMock); Mockito.doNothing().when(accountManagerImpl).validateUserPasswordAndUpdateIfNeeded(Mockito.anyString(), Mockito.eq(userVoMock), Mockito.anyString(), Mockito.eq(false)); Mockito.doReturn(true).when(userDaoMock).update(Mockito.anyLong(), Mockito.eq(userVoMock)); Mockito.doReturn(Mockito.mock(UserAccountVO.class)).when(userAccountDaoMock).findById(Mockito.anyLong()); accountManagerImpl.updateUser(UpdateUserCmdMock); InOrder inOrder = Mockito.inOrder(userVoMock, accountManagerImpl, userDaoMock, userAccountDaoMock); inOrder.verify(accountManagerImpl).retrieveAndValidateUser(UpdateUserCmdMock); inOrder.verify(accountManagerImpl).validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock); inOrder.verify(accountManagerImpl).retrieveAndValidateAccount(userVoMock); inOrder.verify(accountManagerImpl).validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock); inOrder.verify(accountManagerImpl).validateAndUpdateLastNameIfNeeded(UpdateUserCmdMock, userVoMock); inOrder.verify(accountManagerImpl).validateAndUpdateUsernameIfNeeded(UpdateUserCmdMock, userVoMock, accountMock); inOrder.verify(accountManagerImpl).validateUserPasswordAndUpdateIfNeeded(UpdateUserCmdMock.getPassword(), userVoMock, UpdateUserCmdMock.getCurrentPassword(), false); inOrder.verify(userVoMock, Mockito.times(numberOfExpectedCallsForSetEmailAndSetTimeZone)).setEmail(Mockito.anyString()); inOrder.verify(userVoMock, Mockito.times(numberOfExpectedCallsForSetEmailAndSetTimeZone)).setTimezone(Mockito.anyString()); inOrder.verify(userDaoMock).update(Mockito.anyLong(), Mockito.eq(userVoMock)); inOrder.verify(userAccountDaoMock).findById(Mockito.anyLong()); } @Test(expected = InvalidParameterValueException.class) public void retrieveAndValidateUserTestNoUserFound() { Mockito.doReturn(null).when(userDaoMock).getUser(Mockito.anyLong()); accountManagerImpl.retrieveAndValidateUser(UpdateUserCmdMock); } @Test public void retrieveAndValidateUserTestUserIsFound() { Mockito.doReturn(userVoMock).when(userDaoMock).getUser(Mockito.anyLong()); UserVO receivedUser = accountManagerImpl.retrieveAndValidateUser(UpdateUserCmdMock); Assert.assertEquals(userVoMock, receivedUser); } @Test public void validateAndUpdatApiAndSecretKeyIfNeededTestNoKeys() { accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.verify(_accountDao, Mockito.times(0)).findUserAccountByApiKey(Mockito.anyString()); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdatApiAndSecretKeyIfNeededTestOnlyApiKeyInformed() { Mockito.doReturn("apiKey").when(UpdateUserCmdMock).getApiKey(); accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdatApiAndSecretKeyIfNeededTestOnlySecretKeyInformed() { Mockito.doReturn("secretKey").when(UpdateUserCmdMock).getSecretKey(); accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdatApiAndSecretKeyIfNeededTestApiKeyAlreadyUsedBySomeoneElse() { String apiKey = "apiKey"; Mockito.doReturn(apiKey).when(UpdateUserCmdMock).getApiKey(); Mockito.doReturn("secretKey").when(UpdateUserCmdMock).getSecretKey(); Mockito.doReturn(1L).when(userVoMock).getId(); User otherUserMock = Mockito.mock(User.class); Mockito.doReturn(2L).when(otherUserMock).getId(); Pair pairUserAccountMock = new Pair(otherUserMock, Mockito.mock(Account.class)); Mockito.doReturn(pairUserAccountMock).when(_accountDao).findUserAccountByApiKey(apiKey); accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock); } @Test public void validateAndUpdatApiAndSecretKeyIfNeededTest() { String apiKey = "apiKey"; Mockito.doReturn(apiKey).when(UpdateUserCmdMock).getApiKey(); String secretKey = "secretKey"; Mockito.doReturn(secretKey).when(UpdateUserCmdMock).getSecretKey(); Mockito.doReturn(1L).when(userVoMock).getId(); User otherUserMock = Mockito.mock(User.class); Mockito.doReturn(1L).when(otherUserMock).getId(); Pair pairUserAccountMock = new Pair(otherUserMock, Mockito.mock(Account.class)); Mockito.doReturn(pairUserAccountMock).when(_accountDao).findUserAccountByApiKey(apiKey); accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.verify(_accountDao).findUserAccountByApiKey(apiKey); Mockito.verify(userVoMock).setApiKey(apiKey); Mockito.verify(userVoMock).setSecretKey(secretKey); } @Test public void validateAndUpdatUserApiKeyAccess() { Mockito.doReturn("Enabled").when(UpdateUserCmdMock).getApiKeyAccess(); try (MockedStatic eventUtils = Mockito.mockStatic(ActionEventUtils.class)) { Mockito.when(ActionEventUtils.onActionEvent(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong(), Mockito.anyString(), Mockito.anyString(), Mockito.anyLong(), Mockito.anyString())).thenReturn(1L); accountManagerImpl.validateAndUpdateUserApiKeyAccess(UpdateUserCmdMock, userVoMock); } Mockito.verify(userVoMock).setApiKeyAccess(true); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdatUserApiKeyAccessInvalidParameter() { Mockito.doReturn("False").when(UpdateUserCmdMock).getApiKeyAccess(); accountManagerImpl.validateAndUpdateUserApiKeyAccess(UpdateUserCmdMock, userVoMock); } @Test public void validateAndUpdatAccountApiKeyAccess() { Mockito.doReturn("Inherit").when(UpdateAccountCmdMock).getApiKeyAccess(); try (MockedStatic eventUtils = Mockito.mockStatic(ActionEventUtils.class)) { Mockito.when(ActionEventUtils.onActionEvent(Mockito.anyLong(), Mockito.anyLong(), Mockito.anyLong(), Mockito.anyString(), Mockito.anyString(), Mockito.anyLong(), Mockito.anyString())).thenReturn(1L); accountManagerImpl.validateAndUpdateAccountApiKeyAccess(UpdateAccountCmdMock, accountVoMock); } Mockito.verify(accountVoMock).setApiKeyAccess(null); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdatAccountApiKeyAccessInvalidParameter() { Mockito.doReturn("False").when(UpdateAccountCmdMock).getApiKeyAccess(); accountManagerImpl.validateAndUpdateAccountApiKeyAccess(UpdateAccountCmdMock, accountVoMock); } @Test(expected = CloudRuntimeException.class) public void retrieveAndValidateAccountTestAccountNotFound() { Mockito.doReturn(accountMockId).when(userVoMock).getAccountId(); Mockito.doReturn(null).when(_accountDao).findById(accountMockId); accountManagerImpl.retrieveAndValidateAccount(userVoMock); } @Test public void retrieveAndValidateAccountTestAccountTypeEqualsProjectType() { Mockito.doReturn(accountMockId).when(userVoMock).getAccountId(); Mockito.lenient().doReturn(Account.Type.PROJECT).when(accountMock).getType(); Mockito.doReturn(callingAccount).when(_accountDao).findById(accountMockId); Mockito.doNothing().when(accountManagerImpl).checkAccess(Mockito.any(Account.class), Mockito.any(AccessType.class), Mockito.anyBoolean(), Mockito.any(Account.class)); accountManagerImpl.retrieveAndValidateAccount(userVoMock); } @Test public void retrieveAndValidateAccountTestAccountTypeEqualsSystemType() { Mockito.doReturn(Account.ACCOUNT_ID_SYSTEM).when(userVoMock).getAccountId(); Mockito.doReturn(Account.ACCOUNT_ID_SYSTEM).when(accountMock).getId(); Mockito.doReturn(callingAccount).when(_accountDao).findById(Account.ACCOUNT_ID_SYSTEM); accountManagerImpl.retrieveAndValidateAccount(userVoMock); } @Test public void retrieveAndValidateAccountTest() { Mockito.doReturn(accountMockId).when(userVoMock).getAccountId(); Mockito.doReturn(callingAccount).when(_accountDao).findById(accountMockId); Mockito.doNothing().when(accountManagerImpl).checkAccess(Mockito.eq(accountMock), Mockito.eq(AccessType.OperateEntry), Mockito.anyBoolean(), Mockito.any(Account.class)); accountManagerImpl.retrieveAndValidateAccount(userVoMock); Mockito.verify(accountManagerImpl).getCurrentCallingAccount(); Mockito.verify(accountManagerImpl).checkAccess(Mockito.eq(accountMock), Mockito.eq(AccessType.OperateEntry), Mockito.anyBoolean(), Mockito.any(Account.class)); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdateFirstNameIfNeededTestFirstNameBlank() { Mockito.doReturn(" ").when(UpdateUserCmdMock).getFirstname(); accountManagerImpl.validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock); } @Test public void validateAndUpdateFirstNameIfNeededTestFirstNameNull() { Mockito.doReturn(null).when(UpdateUserCmdMock).getFirstname(); accountManagerImpl.validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.verify(userVoMock, Mockito.times(0)).setFirstname(Mockito.anyString()); } @Test public void validateAndUpdateFirstNameIfNeededTest() { String firstname = "firstName"; Mockito.doReturn(firstname).when(UpdateUserCmdMock).getFirstname(); accountManagerImpl.validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.verify(userVoMock).setFirstname(firstname); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdateLastNameIfNeededTestLastNameBlank() { Mockito.doReturn(" ").when(UpdateUserCmdMock).getLastname(); accountManagerImpl.validateAndUpdateLastNameIfNeeded(UpdateUserCmdMock, userVoMock); } @Test public void validateAndUpdateLastNameIfNeededTestLastNameNull() { Mockito.doReturn(null).when(UpdateUserCmdMock).getLastname(); accountManagerImpl.validateAndUpdateLastNameIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.verify(userVoMock, Mockito.times(0)).setLastname(Mockito.anyString()); } @Test public void validateAndUpdateLastNameIfNeededTest() { String lastName = "lastName"; Mockito.doReturn(lastName).when(UpdateUserCmdMock).getLastname(); accountManagerImpl.validateAndUpdateLastNameIfNeeded(UpdateUserCmdMock, userVoMock); Mockito.verify(userVoMock).setLastname(lastName); } @Test public void validateAndUpdateUsernameIfNeededTestNullUsername() { Mockito.doReturn(null).when(UpdateUserCmdMock).getUsername(); accountManagerImpl.validateAndUpdateUsernameIfNeeded(UpdateUserCmdMock, userVoMock, accountMock); Mockito.verify(userVoMock, Mockito.times(0)).setUsername(Mockito.anyString()); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdateUsernameIfNeededTestBlankUsername() { Mockito.doReturn(" ").when(UpdateUserCmdMock).getUsername(); accountManagerImpl.validateAndUpdateUsernameIfNeeded(UpdateUserCmdMock, userVoMock, accountMock); } @Test(expected = InvalidParameterValueException.class) public void validateAndUpdateUsernameIfNeededTestDuplicatedUserSameDomainThisUser() { long domanIdCurrentUser = 22l; String userName = "username"; Mockito.doReturn(userName).when(UpdateUserCmdMock).getUsername(); Mockito.lenient().doReturn(userName).when(userVoMock).getUsername(); Mockito.doReturn(domanIdCurrentUser).when(accountMock).getDomainId(); long userVoDuplicatedMockId = 67l; UserVO userVoDuplicatedMock = Mockito.mock(UserVO.class); Mockito.doReturn(userVoDuplicatedMockId).when(userVoDuplicatedMock).getId(); long accountIdUserDuplicated = 98l; Mockito.doReturn(accountIdUserDuplicated).when(userVoDuplicatedMock).getAccountId(); Account accountUserDuplicatedMock = Mockito.mock(AccountVO.class); Mockito.lenient().doReturn(accountIdUserDuplicated).when(accountUserDuplicatedMock).getId(); Mockito.doReturn(domanIdCurrentUser).when(accountUserDuplicatedMock).getDomainId(); List usersWithSameUserName = new ArrayList<>(); usersWithSameUserName.add(userVoMock); usersWithSameUserName.add(userVoDuplicatedMock); Mockito.doReturn(usersWithSameUserName).when(userDaoMock).findUsersByName(userName); Mockito.lenient().doReturn(accountMock).when(_accountDao).findById(accountMockId); Mockito.doReturn(accountUserDuplicatedMock).when(_accountDao).findById(accountIdUserDuplicated); Mockito.doReturn(Mockito.mock(DomainVO.class)).when(_domainDao).findById(Mockito.anyLong()); accountManagerImpl.validateAndUpdateUsernameIfNeeded(UpdateUserCmdMock, userVoMock, accountMock); } @Test public void validateAndUpdateUsernameIfNeededTestDuplicatedUserButInDifferentDomains() { long domanIdCurrentUser = 22l; String userName = "username"; Mockito.doReturn(userName).when(UpdateUserCmdMock).getUsername(); Mockito.lenient().doReturn(userName).when(userVoMock).getUsername(); Mockito.doReturn(domanIdCurrentUser).when(accountMock).getDomainId(); long userVoDuplicatedMockId = 67l; UserVO userVoDuplicatedMock = Mockito.mock(UserVO.class); Mockito.lenient().doReturn(userName).when(userVoDuplicatedMock).getUsername(); Mockito.doReturn(userVoDuplicatedMockId).when(userVoDuplicatedMock).getId(); long accountIdUserDuplicated = 98l; Mockito.doReturn(accountIdUserDuplicated).when(userVoDuplicatedMock).getAccountId(); Account accountUserDuplicatedMock = Mockito.mock(AccountVO.class); Mockito.lenient().doReturn(accountIdUserDuplicated).when(accountUserDuplicatedMock).getId(); Mockito.doReturn(45l).when(accountUserDuplicatedMock).getDomainId(); List usersWithSameUserName = new ArrayList<>(); usersWithSameUserName.add(userVoMock); usersWithSameUserName.add(userVoDuplicatedMock); Mockito.doReturn(usersWithSameUserName).when(userDaoMock).findUsersByName(userName); Mockito.lenient().doReturn(accountMock).when(_accountDao).findById(accountMockId); Mockito.doReturn(accountUserDuplicatedMock).when(_accountDao).findById(accountIdUserDuplicated); accountManagerImpl.validateAndUpdateUsernameIfNeeded(UpdateUserCmdMock, userVoMock, accountMock); Mockito.verify(userVoMock).setUsername(userName); } @Test public void validateAndUpdateUsernameIfNeededTestNoDuplicatedUserNames() { long domanIdCurrentUser = 22l; String userName = "username"; Mockito.doReturn(userName).when(UpdateUserCmdMock).getUsername(); Mockito.lenient().doReturn(userName).when(userVoMock).getUsername(); Mockito.lenient().doReturn(domanIdCurrentUser).when(accountMock).getDomainId(); List usersWithSameUserName = new ArrayList<>(); Mockito.doReturn(usersWithSameUserName).when(userDaoMock).findUsersByName(userName); Mockito.lenient().doReturn(accountMock).when(_accountDao).findById(accountMockId); accountManagerImpl.validateAndUpdateUsernameIfNeeded(UpdateUserCmdMock, userVoMock, accountMock); Mockito.verify(userVoMock).setUsername(userName); } @Test public void valiateUserPasswordAndUpdateIfNeededTestPasswordNull() { accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(null, userVoMock, null, false); Mockito.verify(userVoMock, Mockito.times(0)).setPassword(Mockito.anyString()); } @Test(expected = InvalidParameterValueException.class) public void valiateUserPasswordAndUpdateIfNeededTestBlankPassword() { accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(" ", userVoMock, null, false); } @Test(expected = InvalidParameterValueException.class) public void valiateUserPasswordAndUpdateIfNeededTestNoAdminAndNoCurrentPasswordProvided() { Mockito.doReturn(accountMock).when(accountManagerImpl).getCurrentCallingAccount(); Mockito.doReturn(false).when(accountManagerImpl).isRootAdmin(accountMockId); Mockito.doReturn(false).when(accountManagerImpl).isDomainAdmin(accountMockId); Mockito.lenient().doReturn(true).when(accountManagerImpl).isResourceDomainAdmin(accountMockId); Mockito.doReturn(accountMock).when(accountManagerImpl).getAccount(Mockito.anyLong()); Mockito.lenient().doNothing().when(passwordPolicyMock).verifyIfPasswordCompliesWithPasswordPolicies(Mockito.anyString(), Mockito.anyString(), Mockito.anyLong()); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded("newPassword", userVoMock, " ", false); } @Test(expected = CloudRuntimeException.class) public void valiateUserPasswordAndUpdateIfNeededTestNoUserAuthenticatorsConfigured() { Mockito.doReturn(accountMock).when(accountManagerImpl).getCurrentCallingAccount(); Mockito.doReturn(true).when(accountManagerImpl).isRootAdmin(accountMockId); Mockito.doReturn(false).when(accountManagerImpl).isDomainAdmin(accountMockId); Mockito.lenient().doNothing().when(accountManagerImpl).validateCurrentPassword(Mockito.eq(userVoMock), Mockito.anyString()); Mockito.doReturn(accountMock).when(accountManagerImpl).getAccount(Mockito.anyLong()); Mockito.lenient().doNothing().when(passwordPolicyMock).verifyIfPasswordCompliesWithPasswordPolicies(Mockito.anyString(), Mockito.anyString(), Mockito.anyLong()); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded("newPassword", userVoMock, null, false); } @Test public void validateUserPasswordAndUpdateIfNeededTestRootAdminUpdatingUserPassword() { Mockito.doReturn(accountMock).when(accountManagerImpl).getCurrentCallingAccount(); Mockito.doReturn(true).when(accountManagerImpl).isRootAdmin(accountMockId); Mockito.doReturn(false).when(accountManagerImpl).isDomainAdmin(accountMockId); String newPassword = "newPassword"; String expectedUserPasswordAfterEncoded = configureUserMockAuthenticators(newPassword); Mockito.lenient().doNothing().when(accountManagerImpl).validateCurrentPassword(Mockito.eq(userVoMock), Mockito.anyString()); Mockito.doReturn(accountMock).when(accountManagerImpl).getAccount(Mockito.anyLong()); Mockito.lenient().doNothing().when(passwordPolicyMock).verifyIfPasswordCompliesWithPasswordPolicies(Mockito.anyString(), Mockito.anyString(), Mockito.anyLong()); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(newPassword, userVoMock, null, false); Mockito.verify(accountManagerImpl, Mockito.times(0)).validateCurrentPassword(Mockito.eq(userVoMock), Mockito.anyString()); Mockito.verify(userVoMock, Mockito.times(1)).setPassword(expectedUserPasswordAfterEncoded); } @Test public void validateUserPasswordAndUpdateIfNeededTestDomainAdminUpdatingUserPassword() { Mockito.doReturn(accountMock).when(accountManagerImpl).getCurrentCallingAccount(); Mockito.doReturn(false).when(accountManagerImpl).isRootAdmin(accountMockId); Mockito.doReturn(true).when(accountManagerImpl).isDomainAdmin(accountMockId); String newPassword = "newPassword"; String expectedUserPasswordAfterEncoded = configureUserMockAuthenticators(newPassword); Mockito.lenient().doNothing().when(accountManagerImpl).validateCurrentPassword(Mockito.eq(userVoMock), Mockito.anyString()); Mockito.doReturn(accountMock).when(accountManagerImpl).getAccount(Mockito.anyLong()); Mockito.lenient().doNothing().when(passwordPolicyMock).verifyIfPasswordCompliesWithPasswordPolicies(Mockito.anyString(), Mockito.anyString(), Mockito.anyLong()); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(newPassword, userVoMock, null, false); Mockito.verify(accountManagerImpl, Mockito.times(0)).validateCurrentPassword(Mockito.eq(userVoMock), Mockito.anyString()); Mockito.verify(userVoMock, Mockito.times(1)).setPassword(expectedUserPasswordAfterEncoded); } @Test public void validateUserPasswordAndUpdateIfNeededTestUserUpdatingHisPassword() { Mockito.doReturn(accountMock).when(accountManagerImpl).getCurrentCallingAccount(); Mockito.doReturn(false).when(accountManagerImpl).isRootAdmin(accountMockId); Mockito.doReturn(false).when(accountManagerImpl).isDomainAdmin(accountMockId); String newPassword = "newPassword"; String expectedUserPasswordAfterEncoded = configureUserMockAuthenticators(newPassword); Mockito.doNothing().when(accountManagerImpl).validateCurrentPassword(Mockito.eq(userVoMock), Mockito.anyString()); String currentPassword = "theCurrentPassword"; Mockito.doReturn(accountMock).when(accountManagerImpl).getAccount(Mockito.anyLong()); Mockito.lenient().doNothing().when(passwordPolicyMock).verifyIfPasswordCompliesWithPasswordPolicies(Mockito.anyString(), Mockito.anyString(), Mockito.anyLong()); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(newPassword, userVoMock, currentPassword, false); Mockito.verify(accountManagerImpl, Mockito.times(1)).validateCurrentPassword(userVoMock, currentPassword); Mockito.verify(userVoMock, Mockito.times(1)).setPassword(expectedUserPasswordAfterEncoded); } @Test (expected = InvalidParameterValueException.class) public void validateUserPasswordAndUpdateIfNeededTestIfVerifyIfPasswordCompliesWithPasswordPoliciesThrowsException() { String newPassword = "newPassword"; String currentPassword = "theCurrentPassword"; Mockito.doReturn(accountMock).when(accountManagerImpl).getAccount(Mockito.anyLong()); Mockito.doReturn("user").when(userVoMock).getUsername(); Mockito.doThrow(new InvalidParameterValueException("")).when(passwordPolicyMock).verifyIfPasswordCompliesWithPasswordPolicies(Mockito.anyString(), Mockito.anyString(), Mockito.anyLong()); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(newPassword, userVoMock, currentPassword, false); } @Test(expected = InvalidParameterValueException.class) public void validateUserPasswordAndUpdateIfNeededTestSaml2UserShouldNotBeAllowedToUpdateTheirPassword() { String newPassword = "newPassword"; String currentPassword = "theCurrentPassword"; Mockito.when(userVoMock.getSource()).thenReturn(User.Source.SAML2); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(newPassword, userVoMock, currentPassword, false); } @Test(expected = InvalidParameterValueException.class) public void validateUserPasswordAndUpdateIfNeededTestSaml2DisabledUserShouldNotBeAllowedToUpdateTheirPassword() { String newPassword = "newPassword"; String currentPassword = "theCurrentPassword"; Mockito.when(userVoMock.getSource()).thenReturn(User.Source.SAML2DISABLED); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(newPassword, userVoMock, currentPassword, false); } @Test(expected = InvalidParameterValueException.class) public void validateUserPasswordAndUpdateIfNeededTestLdapUserShouldNotBeAllowedToUpdateTheirPassword() { String newPassword = "newPassword"; String currentPassword = "theCurrentPassword"; Mockito.when(userVoMock.getSource()).thenReturn(User.Source.LDAP); accountManagerImpl.validateUserPasswordAndUpdateIfNeeded(newPassword, userVoMock, currentPassword, false); } private String configureUserMockAuthenticators(String newPassword) { accountManagerImpl._userPasswordEncoders = new ArrayList<>(); UserAuthenticator authenticatorMock1 = Mockito.mock(UserAuthenticator.class); String expectedUserPasswordAfterEncoded = "passwordEncodedByAuthenticator1"; Mockito.doReturn(expectedUserPasswordAfterEncoded).when(authenticatorMock1).encode(newPassword); UserAuthenticator authenticatorMock2 = Mockito.mock(UserAuthenticator.class); Mockito.lenient().doReturn("passwordEncodedByAuthenticator2").when(authenticatorMock2).encode(newPassword); accountManagerImpl._userPasswordEncoders.add(authenticatorMock1); accountManagerImpl._userPasswordEncoders.add(authenticatorMock2); return expectedUserPasswordAfterEncoded; } @Test(expected = InvalidParameterValueException.class) public void validateCurrentPasswordTestUserNotAuthenticatedWithProvidedCurrentPassword() { Mockito.doReturn(Mockito.mock(AccountVO.class)).when(_accountDao).findById(accountMockId); String newPassword = "newPassword"; configureUserMockAuthenticators(newPassword); accountManagerImpl.validateCurrentPassword(userVoMock, "currentPassword"); } @Test public void validateCurrentPasswordTestUserAuthenticatedWithProvidedCurrentPasswordViaFirstAuthenticator() { AccountVO accountVoMock = Mockito.mock(AccountVO.class); long domainId = 14l; Mockito.doReturn(domainId).when(accountVoMock).getDomainId(); Mockito.doReturn(accountVoMock).when(_accountDao).findById(accountMockId); String username = "username"; Mockito.doReturn(username).when(userVoMock).getUsername(); accountManagerImpl._userPasswordEncoders = new ArrayList<>(); UserAuthenticator authenticatorMock1 = Mockito.mock(UserAuthenticator.class); UserAuthenticator authenticatorMock2 = Mockito.mock(UserAuthenticator.class); accountManagerImpl._userPasswordEncoders.add(authenticatorMock1); accountManagerImpl._userPasswordEncoders.add(authenticatorMock2); Pair authenticationResult = new Pair(true, UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); String currentPassword = "currentPassword"; Mockito.doReturn(authenticationResult).when(authenticatorMock1).authenticate(username, currentPassword, domainId, null); accountManagerImpl.validateCurrentPassword(userVoMock, currentPassword); Mockito.verify(authenticatorMock1, Mockito.times(1)).authenticate(username, currentPassword, domainId, null); Mockito.verify(authenticatorMock2, Mockito.times(0)).authenticate(username, currentPassword, domainId, null); } @Test public void validateCurrentPasswordTestUserAuthenticatedWithProvidedCurrentPasswordViaSecondAuthenticator() { AccountVO accountVoMock = Mockito.mock(AccountVO.class); long domainId = 14l; Mockito.doReturn(domainId).when(accountVoMock).getDomainId(); Mockito.doReturn(accountVoMock).when(_accountDao).findById(accountMockId); String username = "username"; Mockito.doReturn(username).when(userVoMock).getUsername(); accountManagerImpl._userPasswordEncoders = new ArrayList<>(); UserAuthenticator authenticatorMock1 = Mockito.mock(UserAuthenticator.class); UserAuthenticator authenticatorMock2 = Mockito.mock(UserAuthenticator.class); accountManagerImpl._userPasswordEncoders.add(authenticatorMock1); accountManagerImpl._userPasswordEncoders.add(authenticatorMock2); Pair authenticationResult = new Pair(true, UserAuthenticator.ActionOnFailedAuthentication.INCREMENT_INCORRECT_LOGIN_ATTEMPT_COUNT); String currentPassword = "currentPassword"; Mockito.doReturn(authenticationResult).when(authenticatorMock2).authenticate(username, currentPassword, domainId, null); accountManagerImpl.validateCurrentPassword(userVoMock, currentPassword); Mockito.verify(authenticatorMock1, Mockito.times(1)).authenticate(username, currentPassword, domainId, null); Mockito.verify(authenticatorMock2, Mockito.times(1)).authenticate(username, currentPassword, domainId, null); } @Test public void testUpdateLoginAttemptsDisableMechanism() { accountManagerImpl.updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(userAccountVO, true, 0); Mockito.verify(accountManagerImpl, Mockito.never()).updateLoginAttempts(Mockito.anyLong(), Mockito.anyInt(), Mockito.anyBoolean()); } @Test public void testUpdateLoginAttemptsEnableMechanismAttemptsLeft() { int attempts = 2; int allowedAttempts = 5; Long accountId = 1L; Mockito.when(userAccountVO.getLoginAttempts()).thenReturn(attempts); Mockito.when(userAccountVO.getId()).thenReturn(accountId); accountManagerImpl.updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(userAccountVO, true, allowedAttempts); Mockito.verify(accountManagerImpl).updateLoginAttempts(Mockito.eq(accountId), Mockito.eq(attempts + 1), Mockito.eq(false)); } @Test public void testUpdateLoginAttemptsEnableMechanismNoAttemptsLeft() { int attempts = 5; int allowedAttempts = 5; Long accountId = 1L; Mockito.when(userAccountVO.getLoginAttempts()).thenReturn(attempts); Mockito.when(userAccountVO.getId()).thenReturn(accountId); accountManagerImpl.updateLoginAttemptsWhenIncorrectLoginAttemptsEnabled(userAccountVO, true, allowedAttempts); Mockito.verify(accountManagerImpl).updateLoginAttempts(Mockito.eq(accountId), Mockito.eq(allowedAttempts), Mockito.eq(true)); } @Test(expected = CloudRuntimeException.class) public void testEnableUserTwoFactorAuthenticationWhenDomainlevelSettingisDisabled() { Long userId = 1L; UserAccountVO userAccount = Mockito.mock(UserAccountVO.class); UserVO userVO = Mockito.mock(UserVO.class); Mockito.when(userAccountDaoMock.findById(userId)).thenReturn(userAccount); Mockito.when(userDaoMock.findById(userId)).thenReturn(userVO); Mockito.when(userAccount.getDomainId()).thenReturn(1L); ConfigKey enableUserTwoFactorAuthentication = Mockito.mock(ConfigKey.class); AccountManagerImpl.enableUserTwoFactorAuthentication = enableUserTwoFactorAuthentication; Mockito.when(enableUserTwoFactorAuthentication.valueIn(1L)).thenReturn(false); accountManagerImpl.enableTwoFactorAuthentication(userId, "totp"); } @Test public void testEnableUserTwoFactorAuthenticationWhenProviderNameIsNullExpectedDefaultProviderTOTP() { Long userId = 1L; UserAccountVO userAccount = Mockito.mock(UserAccountVO.class); UserVO userVO = Mockito.mock(UserVO.class); Mockito.when(userAccountDaoMock.findById(userId)).thenReturn(userAccount); Mockito.when(userDaoMock.findById(userId)).thenReturn(userVO); Mockito.when(userAccount.getDomainId()).thenReturn(1L); ConfigKey enableUserTwoFactorAuthentication = Mockito.mock(ConfigKey.class); AccountManagerImpl.enableUserTwoFactorAuthentication = enableUserTwoFactorAuthentication; Mockito.when(enableUserTwoFactorAuthentication.valueIn(1L)).thenReturn(true); UserTwoFactorAuthenticator totpProvider = Mockito.mock(UserTwoFactorAuthenticator.class); Map userTwoFactorAuthenticationProvidersMap = Mockito.mock(HashMap.class); Mockito.when(userTwoFactorAuthenticationProvidersMap.containsKey("totp")).thenReturn( true); Mockito.when(userTwoFactorAuthenticationProvidersMap.get("totp")).thenReturn(totpProvider); AccountManagerImpl.userTwoFactorAuthenticationProvidersMap = userTwoFactorAuthenticationProvidersMap; Mockito.when(totpProvider.setup2FAKey(userAccount)).thenReturn("EUJEAEDVOURFZTE6OGWVTJZMI54QGMIL"); Mockito.when(userDaoMock.createForUpdate()).thenReturn(userVoMock); Mockito.when(userDaoMock.update(userId, userVoMock)).thenReturn(true); UserTwoFactorAuthenticationSetupResponse response = accountManagerImpl.enableTwoFactorAuthentication(userId, null); Assert.assertEquals("EUJEAEDVOURFZTE6OGWVTJZMI54QGMIL", response.getSecretCode()); } @Test public void testEnableUserTwoFactorAuthentication() { Long userId = 1L; UserAccountVO userAccount = Mockito.mock(UserAccountVO.class); UserVO userVO = Mockito.mock(UserVO.class); Mockito.when(userAccountDaoMock.findById(userId)).thenReturn(userAccount); Mockito.when(userDaoMock.findById(userId)).thenReturn(userVO); Mockito.when(userAccount.getDomainId()).thenReturn(1L); ConfigKey enableUserTwoFactorAuthentication = Mockito.mock(ConfigKey.class); AccountManagerImpl.enableUserTwoFactorAuthentication = enableUserTwoFactorAuthentication; Mockito.when(enableUserTwoFactorAuthentication.valueIn(1L)).thenReturn(true); UserTwoFactorAuthenticator totpProvider = Mockito.mock(UserTwoFactorAuthenticator.class); Map userTwoFactorAuthenticationProvidersMap = Mockito.mock(HashMap.class); Mockito.when(userTwoFactorAuthenticationProvidersMap.containsKey("totp")).thenReturn( true); Mockito.when(userTwoFactorAuthenticationProvidersMap.get("totp")).thenReturn(totpProvider); AccountManagerImpl.userTwoFactorAuthenticationProvidersMap = userTwoFactorAuthenticationProvidersMap; Mockito.when(totpProvider.setup2FAKey(userAccount)).thenReturn("EUJEAEDVOURFZTE6OGWVTJZMI54QGMIL"); Mockito.when(userDaoMock.createForUpdate()).thenReturn(userVoMock); Mockito.when(userDaoMock.update(userId, userVoMock)).thenReturn(true); UserTwoFactorAuthenticationSetupResponse response = accountManagerImpl.enableTwoFactorAuthentication(userId, "totp"); Assert.assertEquals("EUJEAEDVOURFZTE6OGWVTJZMI54QGMIL", response.getSecretCode()); } @Test public void testDisableUserTwoFactorAuthentication() { Long userId = 1L; Long accountId = 2L; UserVO userVO = Mockito.mock(UserVO.class); Account caller = Mockito.mock(Account.class); Account owner = Mockito.mock(Account.class); Mockito.doNothing().when(accountManagerImpl).checkAccess(nullable(Account.class), Mockito.isNull(), nullable(Boolean.class), nullable(Account.class)); Mockito.when(userDaoMock.findById(userId)).thenReturn(userVO); Mockito.when(userVO.getAccountId()).thenReturn(accountId); Mockito.when(_accountService.getActiveAccountById(accountId)).thenReturn(owner); userVoMock.setKeyFor2fa("EUJEAEDVOURFZTE6OGWVTJZMI54QGMIL"); userVoMock.setUser2faProvider("totp"); userVoMock.setUser2faEnabled(true); Mockito.when(userDaoMock.createForUpdate()).thenReturn(userVoMock); UserTwoFactorAuthenticationSetupResponse response = accountManagerImpl.disableTwoFactorAuthentication(userId, caller, owner); Mockito.verify(accountManagerImpl).checkAccess(caller, null, true, owner); Assert.assertNull(response.getSecretCode()); Assert.assertNull(userVoMock.getKeyFor2fa()); Assert.assertNull(userVoMock.getUser2faProvider()); } @Test(expected = CloudRuntimeException.class) public void testVerify2FAcodeWhen2FAisNotEnabled() { AccountVO accountMock = Mockito.mock(AccountVO.class); Account caller = CallContext.current().getCallingAccount(); Mockito.when(caller.getId()).thenReturn(1L); Mockito.lenient().when(_accountService.getActiveAccountById(1L)).thenReturn(accountMock); Mockito.when(_accountService.getUserAccountById(1L)).thenReturn(userAccountVO); Mockito.when(userAccountVO.isUser2faEnabled()).thenReturn(false); accountManagerImpl.verifyUsingTwoFactorAuthenticationCode("352352", 1L, 1L); } @Test(expected = CloudRuntimeException.class) public void testVerify2FAcodeWhen2FAisNotSetup() { AccountVO accountMock = Mockito.mock(AccountVO.class); Account caller = CallContext.current().getCallingAccount(); Mockito.when(caller.getId()).thenReturn(1L); Mockito.lenient().when(_accountService.getActiveAccountById(1L)).thenReturn(accountMock); Mockito.when(_accountService.getUserAccountById(1L)).thenReturn(userAccountVO); Mockito.when(userAccountVO.isUser2faEnabled()).thenReturn(true); Mockito.when(userAccountVO.getUser2faProvider()).thenReturn(null); accountManagerImpl.verifyUsingTwoFactorAuthenticationCode("352352", 1L, 1L); } @Test public void testVerify2FAcode() { AccountVO accountMock = Mockito.mock(AccountVO.class); Account caller = CallContext.current().getCallingAccount(); Mockito.when(caller.getId()).thenReturn(1L); Mockito.lenient().when(_accountService.getActiveAccountById(1L)).thenReturn(accountMock); Mockito.when(_accountService.getUserAccountById(1L)).thenReturn(userAccountVO); Mockito.when(userAccountVO.isUser2faEnabled()).thenReturn(true); Mockito.when(userAccountVO.getUser2faProvider()).thenReturn("staticpin"); Mockito.when(userAccountVO.getKeyFor2fa()).thenReturn("352352"); UserTwoFactorAuthenticator staticpinProvider = Mockito.mock(UserTwoFactorAuthenticator.class); Map userTwoFactorAuthenticationProvidersMap = Mockito.mock(HashMap.class); Mockito.when(userTwoFactorAuthenticationProvidersMap.containsKey("staticpin")).thenReturn( true); Mockito.when(userTwoFactorAuthenticationProvidersMap.get("staticpin")).thenReturn(staticpinProvider); AccountManagerImpl.userTwoFactorAuthenticationProvidersMap = userTwoFactorAuthenticationProvidersMap; accountManagerImpl.verifyUsingTwoFactorAuthenticationCode("352352", 1L, 1L); } @Test public void testEnable2FAcode() { SetupUserTwoFactorAuthenticationCmd cmd = Mockito.mock(SetupUserTwoFactorAuthenticationCmd.class); Mockito.when(cmd.getProvider()).thenReturn("staticpin"); AccountVO accountMock = Mockito.mock(AccountVO.class); Mockito.when(callingAccount.getId()).thenReturn(1L); Mockito.when(callingUser.getId()).thenReturn(1L); CallContext.register(callingUser, callingAccount); // Calling account is user account i.e normal account Mockito.lenient().when(_accountService.getActiveAccountById(1L)).thenReturn(accountMock); Mockito.when(userAccountDaoMock.findById(1L)).thenReturn(userAccountVO); Mockito.when(userDaoMock.findById(1L)).thenReturn(userVoMock); Mockito.when(userAccountVO.getDomainId()).thenReturn(1L); Mockito.when(enableUserTwoFactorAuthenticationMock.valueIn(1L)).thenReturn(true); Mockito.when(cmd.getEnable()).thenReturn(true); UserTwoFactorAuthenticator staticpinProvider = Mockito.mock(UserTwoFactorAuthenticator.class); Map userTwoFactorAuthenticationProvidersMap = Mockito.mock(HashMap.class); Mockito.when(userTwoFactorAuthenticationProvidersMap.containsKey("staticpin")).thenReturn( true); Mockito.when(userTwoFactorAuthenticationProvidersMap.get("staticpin")).thenReturn(staticpinProvider); Mockito.when(staticpinProvider.setup2FAKey(userAccountVO)).thenReturn("345543"); Mockito.when(userDaoMock.createForUpdate()).thenReturn(userVoMock); AccountManagerImpl.userTwoFactorAuthenticationProvidersMap = userTwoFactorAuthenticationProvidersMap; UserTwoFactorAuthenticationSetupResponse response = accountManagerImpl.setupUserTwoFactorAuthentication(cmd); Assert.assertEquals("345543", response.getSecretCode()); } @Test public void testGetActiveUserAccountByEmail() { String email = "test@example.com"; Long domainId = 1L; List userAccountVOList = new ArrayList<>(); UserAccountVO userAccountVO = new UserAccountVO(); userAccountVOList.add(userAccountVO); Mockito.when(userAccountDaoMock.getUserAccountByEmail(email, domainId)).thenReturn(userAccountVOList); List userAccounts = accountManagerImpl.getActiveUserAccountByEmail(email, domainId); Assert.assertEquals(userAccountVOList.size(), userAccounts.size()); Assert.assertEquals(userAccountVOList.get(0), userAccounts.get(0)); } @Test public void testDeleteWebhooksForAccount() { try (MockedStatic mockedComponentContext = Mockito.mockStatic(ComponentContext.class)) { WebhookHelper webhookHelper = Mockito.mock(WebhookHelper.class); Mockito.doNothing().when(webhookHelper).deleteWebhooksForAccount(Mockito.anyLong()); mockedComponentContext.when(() -> ComponentContext.getDelegateComponentOfType(WebhookHelper.class)) .thenReturn(webhookHelper); accountManagerImpl.deleteWebhooksForAccount(1L); } } @Test public void testDeleteWebhooksForAccountNoBean() { try (MockedStatic mockedComponentContext = Mockito.mockStatic(ComponentContext.class)) { mockedComponentContext.when(() -> ComponentContext.getDelegateComponentOfType(WebhookHelper.class)) .thenThrow(NoSuchBeanDefinitionException.class); accountManagerImpl.deleteWebhooksForAccount(1L); } } @Test(expected = PermissionDeniedException.class) public void testValidateRoleChangeUnknownCaller() { Account account = Mockito.mock(Account.class); Mockito.when(account.getRoleId()).thenReturn(1L); Role role = Mockito.mock(Role.class); Mockito.when(role.getRoleType()).thenReturn(RoleType.Unknown); Account caller = Mockito.mock(Account.class); Mockito.when(caller.getRoleId()).thenReturn(2L); Mockito.when(roleService.findRole(2L)).thenReturn(role); accountManagerImpl.validateRoleChange(account, Mockito.mock(Role.class), caller); } @Test(expected = PermissionDeniedException.class) public void testValidateRoleChangeUnknownNewRole() { Account account = Mockito.mock(Account.class); Mockito.when(account.getRoleId()).thenReturn(1L); Role newRole = Mockito.mock(Role.class); Mockito.when(newRole.getRoleType()).thenReturn(RoleType.Unknown); Role callerRole = Mockito.mock(Role.class); Mockito.when(callerRole.getRoleType()).thenReturn(RoleType.DomainAdmin); Account caller = Mockito.mock(Account.class); Mockito.when(caller.getRoleId()).thenReturn(2L); Mockito.when(roleService.findRole(2L)).thenReturn(callerRole); accountManagerImpl.validateRoleChange(account, newRole, caller); } @Test public void testValidateRoleNewRoleSameCaller() { Account account = Mockito.mock(Account.class); Mockito.when(account.getRoleId()).thenReturn(1L); Role currentRole = Mockito.mock(Role.class); Mockito.when(currentRole.getRoleType()).thenReturn(RoleType.User); Mockito.when(roleService.findRole(1L)).thenReturn(currentRole); Role newRole = Mockito.mock(Role.class); Mockito.when(newRole.getRoleType()).thenReturn(RoleType.DomainAdmin); Role callerRole = Mockito.mock(Role.class); Mockito.when(callerRole.getRoleType()).thenReturn(RoleType.DomainAdmin); Account caller = Mockito.mock(Account.class); Mockito.when(caller.getRoleId()).thenReturn(2L); Mockito.when(roleService.findRole(2L)).thenReturn(callerRole); accountManagerImpl.validateRoleChange(account, newRole, caller); } @Test public void testValidateRoleCurrentRoleSameCaller() { Account account = Mockito.mock(Account.class); Mockito.when(account.getRoleId()).thenReturn(1L); Role accountRole = Mockito.mock(Role.class); Mockito.when(accountRole.getRoleType()).thenReturn(RoleType.DomainAdmin); Role newRole = Mockito.mock(Role.class); Mockito.when(newRole.getRoleType()).thenReturn(RoleType.User); Role callerRole = Mockito.mock(Role.class); Mockito.when(callerRole.getRoleType()).thenReturn(RoleType.DomainAdmin); Account caller = Mockito.mock(Account.class); Mockito.when(caller.getRoleId()).thenReturn(2L); Mockito.when(roleService.findRole(1L)).thenReturn(accountRole); Mockito.when(roleService.findRole(2L)).thenReturn(callerRole); accountManagerImpl.validateRoleChange(account, newRole, caller); } @Test(expected = PermissionDeniedException.class) public void testValidateRoleNewRoleHigherCaller() { Account account = Mockito.mock(Account.class); Mockito.when(account.getRoleId()).thenReturn(1L); Role newRole = Mockito.mock(Role.class); Mockito.when(newRole.getRoleType()).thenReturn(RoleType.Admin); Role callerRole = Mockito.mock(Role.class); Mockito.when(callerRole.getRoleType()).thenReturn(RoleType.DomainAdmin); Account caller = Mockito.mock(Account.class); Mockito.when(caller.getRoleId()).thenReturn(2L); Mockito.when(roleService.findRole(2L)).thenReturn(callerRole); accountManagerImpl.validateRoleChange(account, newRole, caller); } @Test public void testValidateRoleNewRoleLowerCaller() { Account account = Mockito.mock(Account.class); Mockito.when(account.getRoleId()).thenReturn(1L); Role newRole = Mockito.mock(Role.class); Mockito.when(newRole.getRoleType()).thenReturn(RoleType.User); Role accountRole = Mockito.mock(Role.class); Mockito.when(accountRole.getRoleType()).thenReturn(RoleType.User); Role callerRole = Mockito.mock(Role.class); Mockito.when(callerRole.getRoleType()).thenReturn(RoleType.DomainAdmin); Account caller = Mockito.mock(Account.class); Mockito.when(caller.getRoleId()).thenReturn(2L); Mockito.when(roleService.findRole(1L)).thenReturn(accountRole); Mockito.when(roleService.findRole(2L)).thenReturn(callerRole); accountManagerImpl.validateRoleChange(account, newRole, caller); } @Test(expected = PermissionDeniedException.class) public void testValidateRoleAdminCannotEscalateAdminFromNonRootDomain() { Account account = Mockito.mock(Account.class); Mockito.when(account.getRoleId()).thenReturn(1L); Mockito.when(account.getDomainId()).thenReturn(2L); Role newRole = Mockito.mock(Role.class); Mockito.when(newRole.getRoleType()).thenReturn(RoleType.Admin); Role accountRole = Mockito.mock(Role.class); Role callerRole = Mockito.mock(Role.class); Mockito.when(callerRole.getRoleType()).thenReturn(RoleType.Admin); Account caller = Mockito.mock(Account.class); Mockito.when(caller.getRoleId()).thenReturn(2L); Mockito.when(roleService.findRole(1L)).thenReturn(accountRole); Mockito.when(roleService.findRole(2L)).thenReturn(callerRole); accountManagerImpl.validateRoleChange(account, newRole, caller); } @Test public void checkIfAccountManagesProjectsTestNotThrowExceptionWhenTheAccountIsNotAProjectAdministrator() { long accountId = 1L; List managedProjectIds = new ArrayList<>(); Mockito.when(_projectAccountDao.listAdministratedProjectIds(accountId)).thenReturn(managedProjectIds); accountManagerImpl.checkIfAccountManagesProjects(accountId); } @Test(expected = InvalidParameterValueException.class) public void checkIfAccountManagesProjectsTestThrowExceptionWhenTheAccountIsAProjectAdministrator() { long accountId = 1L; List managedProjectIds = List.of(1L); Mockito.when(_projectAccountDao.listAdministratedProjectIds(accountId)).thenReturn(managedProjectIds); accountManagerImpl.checkIfAccountManagesProjects(accountId); } @Test public void testClearUser2FA_When2FADisabled_NoChanges() { UserAccount user = Mockito.mock(UserAccount.class); Mockito.when(user.isUser2faEnabled()).thenReturn(false); Mockito.when(user.getUser2faProvider()).thenReturn(null); UserAccount result = accountManagerImpl.clearUserTwoFactorAuthenticationInSetupStateOnLogin(user); Assert.assertSame(user, result); Mockito.verifyNoInteractions(userDetailsDaoMock, userAccountDaoMock); } @Test public void testClearUser2FA_When2FAInVerifiedState_NoChanges() { UserAccount user = Mockito.mock(UserAccount.class); Mockito.when(user.getId()).thenReturn(1L); Mockito.when(user.isUser2faEnabled()).thenReturn(true); UserDetailVO userDetail = new UserDetailVO(); userDetail.setValue(UserAccountVO.Setup2FAstatus.VERIFIED.name()); Mockito.when(userDetailsDaoMock.findDetail(1L, UserDetailVO.Setup2FADetail)).thenReturn(userDetail); UserAccount result = accountManagerImpl.clearUserTwoFactorAuthenticationInSetupStateOnLogin(user); Assert.assertSame(user, result); Mockito.verify(userDetailsDaoMock).findDetail(1L, UserDetailVO.Setup2FADetail); Mockito.verifyNoMoreInteractions(userDetailsDaoMock, userAccountDaoMock); } @Test public void testClearUser2FA_When2FAInSetupState_Disable2FA() { UserAccount user = Mockito.mock(UserAccount.class); Mockito.when(user.getId()).thenReturn(1L); Mockito.when(user.isUser2faEnabled()).thenReturn(true); UserDetailVO userDetail = new UserDetailVO(); userDetail.setValue(UserAccountVO.Setup2FAstatus.ENABLED.name()); UserAccountVO userAccountVO = new UserAccountVO(); userAccountVO.setId(1L); Mockito.when(userDetailsDaoMock.findDetail(1L, UserDetailVO.Setup2FADetail)).thenReturn(userDetail); Mockito.when(userAccountDaoMock.findById(1L)).thenReturn(userAccountVO); UserAccount result = accountManagerImpl.clearUserTwoFactorAuthenticationInSetupStateOnLogin(user); Assert.assertNotNull(result); Assert.assertFalse(result.isUser2faEnabled()); Assert.assertNull(result.getUser2faProvider()); Mockito.verify(userDetailsDaoMock).findDetail(1L, UserDetailVO.Setup2FADetail); Mockito.verify(userDetailsDaoMock).remove(Mockito.anyLong()); Mockito.verify(userAccountDaoMock).findById(1L); ArgumentCaptor captor = ArgumentCaptor.forClass(UserAccountVO.class); Mockito.verify(userAccountDaoMock).update(Mockito.eq(1L), captor.capture()); UserAccountVO updatedUser = captor.getValue(); Assert.assertFalse(updatedUser.isUser2faEnabled()); Assert.assertNull(updatedUser.getUser2faProvider()); Assert.assertNull(updatedUser.getKeyFor2fa()); } @Test(expected = InvalidParameterValueException.class) public void testAssertUserNotAlreadyInAccount_UserExistsInAccount() { User existingUser = new UserVO(); existingUser.setUsername("testuser"); existingUser.setAccountId(1L); Account newAccount = Mockito.mock(Account.class); Mockito.when(newAccount.getId()).thenReturn(1L); AccountVO existingAccount = Mockito.mock(AccountVO.class); Mockito.when(existingAccount.getUuid()).thenReturn("existing-account-uuid"); Mockito.when(existingAccount.getAccountName()).thenReturn("existing-account"); Mockito.when(_accountDao.findById(1L)).thenReturn(existingAccount); accountManagerImpl.assertUserNotAlreadyInAccount(existingUser, newAccount); } @Test public void testAssertUserNotAlreadyInAccount_UserExistsInDiffAccount() { User existingUser = new UserVO(); existingUser.setUsername("testuser"); existingUser.setAccountId(2L); Account newAccount = Mockito.mock(Account.class); Mockito.when(newAccount.getId()).thenReturn(1L); accountManagerImpl.assertUserNotAlreadyInAccount(existingUser, newAccount); } @Test(expected = InvalidParameterValueException.class) public void testAssertUserNotAlreadyInDomain_UserExistsInDomain() { User existingUser = new UserVO(); existingUser.setUsername("testuser"); existingUser.setAccountId(1L); Account originalAccount = Mockito.mock(Account.class); Mockito.when(originalAccount.getDomainId()).thenReturn(1L); AccountVO existingAccount = Mockito.mock(AccountVO.class); Mockito.when(existingAccount.getDomainId()).thenReturn(1L); Mockito.when(existingAccount.getUuid()).thenReturn("existing-account-uuid"); Mockito.when(existingAccount.getAccountName()).thenReturn("existing-account"); DomainVO existingDomain = Mockito.mock(DomainVO.class); Mockito.when(existingDomain.getUuid()).thenReturn("existing-domain-uuid"); Mockito.when(existingDomain.getName()).thenReturn("existing-domain"); Mockito.when(_accountDao.findById(1L)).thenReturn(existingAccount); Mockito.when(_domainDao.findById(1L)).thenReturn(existingDomain); accountManagerImpl.assertUserNotAlreadyInDomain(existingUser, originalAccount); } @Test public void testAssertUserNotAlreadyInDomain_UserExistsInDiffDomain() { User existingUser = new UserVO(); existingUser.setUsername("testuser"); existingUser.setAccountId(1L); Account originalAccount = Mockito.mock(Account.class); Mockito.when(originalAccount.getDomainId()).thenReturn(1L); AccountVO existingAccount = Mockito.mock(AccountVO.class); Mockito.when(existingAccount.getDomainId()).thenReturn(2L); Mockito.when(_accountDao.findById(1L)).thenReturn(existingAccount); accountManagerImpl.assertUserNotAlreadyInDomain(existingUser, originalAccount); } }