[Yanel-dev] Problem with yanel user resource and the security api
Paloma Gomez
paloma.gomez at wyona.com
Fri Mar 2 14:12:39 CET 2007
Hi all,
Before adding more functionalities to the yanel user resource (e.g
managing the groups a user belongs to) I decided to write some tests for
the current implementation.
I have tested the password change functionality and it works. However,
some of my tests don't agree and I can't understand why, because they
seem to prove contradictory statements.
#TEST 1: testSuccessfulPasswordUpdate1()
This test tries to change alice's password from "alicia" to "foo" using
the form. To verify the updating took place it tests if the "Password
updated successfully" message is received after clicking on the submit
button. I wanted to check the file directly, so that I don't have to
rely on the UI messages, so I used the new security api to test it.
(This test is the source of all my confusion... :-()
code:
--------------------------------------------------------------------------------
[...]
click(button1);
assertPageContainsText("Password updated successfully");
User user = realm.getIdentityManager().getUserManager().getUser("alice");
[...]
assertTrue(user.authenticate("alicia"));
---------------------------------------------------------------------------------
This test succeeds, but it shouldn't since the password should have been
updated. If one goes to the alice ui after running the test can verify
the password is actually "foo" as it should be. If one checks the
alice.xml file before and after running the test, one can verify thet is
has been actually updated:
#Alice
Before: <password>e94ef563867e9c9df3fcc999bdb045f5</password> => alicia
After: <password>acbd18db4cc2f85cedef654fccc4a4d8</password> => foo
This made me think there must be a bug either in the authenticate method
or the ui so I wrote three extra tests:
#TEST 2: testMyTest()
This test tries to change lenya's password using the new security api.
code:
-------------------------------------------------------------------------------
assertTrue(user.authenticate("levi"));
user.setPassword("foo");
assertTrue(user.authenticate("foo"));
user.setPassword("levi");
assertTrue(user.authenticate("levi"));
--------------------------------------------------------------------------------
I think it should fail if there is a bug in the authenticate method,
however it succeeds.
#TEST 3: testSuccessfulPasswordUpdate2()
This test tries to change the password twice using the ui. My idea was
that if there is a bug in the ui change password functionality, two
consecutive attempts of changing the password should fail: eg: If I
change the password from "paloma" to "foo" and then from "foo" to
"paloma" the second change should fail if the password was not actually
updated in the first attempt. However it succeeds.
#TEST 4: testMyTest2()
This test checks if the authentication method always returns true. It
occurred to me that the first test might succeed because of this. Well,
this test fails as it should.
I can't understand why the first test succeeds if the password has been
actually updated. And it has been updated, since I have checked all user
files before and after running the tests:
#Alice
Before: <password>e94ef563867e9c9df3fcc999bdb045f5</password> => alicia
After: <password>acbd18db4cc2f85cedef654fccc4a4d8</password> => foo
#Lenya
Before: <password>8e07dafd13495561db9063ebe4db4b27</password> => levi
After: <password>8e07dafd13495561db9063ebe4db4b27</password>
#Joe
Before: <password>8ff32489f92f33416694be8fdc2d4c22</password> => joe
After: <password>8ff32489f92f33416694be8fdc2d4c22</password>
#Paloma
Before: <password>a20df7f02202e665e6a7b674bbfb1fcc</password> => paloma
After: <password>a20df7f02202e665e6a7b674bbfb1fcc</password>
I think I'm missing something really obvious here but I can't figure out
what it is. Any hints would be very much appreciated.
Thanks,
Paloma
More information about the Yanel-development
mailing list