feat: add login with password verification and audit logging
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas.auth;
|
||||
|
||||
import net.siegeln.cameleer.saas.audit.AuditAction;
|
||||
import net.siegeln.cameleer.saas.audit.AuditService;
|
||||
import net.siegeln.cameleer.saas.auth.dto.LoginRequest;
|
||||
import net.siegeln.cameleer.saas.auth.dto.RegisterRequest;
|
||||
import org.junit.jupiter.api.BeforeEach;
|
||||
import org.junit.jupiter.api.Test;
|
||||
@@ -12,6 +13,7 @@ import org.mockito.junit.jupiter.MockitoExtension;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
|
||||
import java.util.Optional;
|
||||
import java.util.UUID;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
@@ -95,4 +97,75 @@ class AuthServiceTest {
|
||||
verify(userRepository, never()).save(any());
|
||||
verify(auditService, never()).log(any(), any(), any(), any(), any(), any(), any(), any(), any());
|
||||
}
|
||||
|
||||
@Test
|
||||
void login_returnsTokenForValidCredentials() {
|
||||
var request = new LoginRequest("user@example.com", "password123");
|
||||
var user = createUserWithId("user@example.com", "encoded-password");
|
||||
|
||||
when(userRepository.findByEmail("user@example.com")).thenReturn(Optional.of(user));
|
||||
when(passwordEncoder.matches("password123", "encoded-password")).thenReturn(true);
|
||||
when(jwtService.generateToken(user)).thenReturn("login-jwt-token");
|
||||
|
||||
var response = authService.login(request, "192.168.1.1");
|
||||
|
||||
assertNotNull(response);
|
||||
assertEquals("login-jwt-token", response.token());
|
||||
assertEquals("user@example.com", response.email());
|
||||
|
||||
verify(auditService).log(
|
||||
any(), eq("user@example.com"), eq(null),
|
||||
eq(AuditAction.AUTH_LOGIN), eq(null),
|
||||
eq(null), eq("192.168.1.1"),
|
||||
eq("SUCCESS"), eq(null)
|
||||
);
|
||||
}
|
||||
|
||||
@Test
|
||||
void login_rejectsInvalidPassword() {
|
||||
var request = new LoginRequest("user@example.com", "wrong-password");
|
||||
var user = createUserWithId("user@example.com", "encoded-password");
|
||||
|
||||
when(userRepository.findByEmail("user@example.com")).thenReturn(Optional.of(user));
|
||||
when(passwordEncoder.matches("wrong-password", "encoded-password")).thenReturn(false);
|
||||
|
||||
assertThrows(IllegalArgumentException.class,
|
||||
() -> authService.login(request, "192.168.1.1"));
|
||||
|
||||
// Verify AUTH_LOGIN_FAILED audit was logged
|
||||
verify(auditService).log(
|
||||
any(), eq("user@example.com"), eq(null),
|
||||
eq(AuditAction.AUTH_LOGIN_FAILED), eq(null),
|
||||
eq(null), eq("192.168.1.1"),
|
||||
eq("FAILURE"), eq(null)
|
||||
);
|
||||
}
|
||||
|
||||
@Test
|
||||
void login_rejectsUnknownEmail() {
|
||||
var request = new LoginRequest("unknown@example.com", "password123");
|
||||
|
||||
when(userRepository.findByEmail("unknown@example.com")).thenReturn(Optional.empty());
|
||||
|
||||
var exception = assertThrows(IllegalArgumentException.class,
|
||||
() -> authService.login(request, "192.168.1.1"));
|
||||
|
||||
assertEquals("Invalid credentials", exception.getMessage());
|
||||
verify(auditService, never()).log(any(), any(), any(), any(), any(), any(), any(), any(), any());
|
||||
}
|
||||
|
||||
private UserEntity createUserWithId(String email, String password) {
|
||||
var user = new UserEntity();
|
||||
user.setEmail(email);
|
||||
user.setName("Test User");
|
||||
user.setPassword(password);
|
||||
try {
|
||||
var idField = UserEntity.class.getDeclaredField("id");
|
||||
idField.setAccessible(true);
|
||||
idField.set(user, UUID.randomUUID());
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
return user;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user