[Yanel-dev] Problem with yanel user resource and the security api

Paloma Gomez paloma.gomez at wyona.com
Fri Mar 2 14:14:28 CET 2007 

Paloma Gomez escribió:
> Hi all,
>
> Before adding more functionalities to the yanel user resource (e.g 
> managing the groups a user belongs to) I decided to write some tests 
> for the current implementation.
>
> I have tested the password change functionality and it works. However, 
> some of my tests don't agree and I can't understand why, because they 
> seem to prove contradictory statements.
>
> #TEST 1: testSuccessfulPasswordUpdate1()
>
> This test tries to change alice's password from "alicia" to "foo" 
> using the form. To verify the updating took place it tests if the 
> "Password updated successfully" message is received after clicking on 
> the submit button. I wanted to check the file directly, so that I 
> don't have to rely on the UI messages, so I used the new security api  
> to test it. (This test is the source of all my confusion... :-()
>
> code:
> -------------------------------------------------------------------------------- 
>
> [...]
> click(button1);         assertPageContainsText("Password updated 
> successfully");
>                   User user = 
> realm.getIdentityManager().getUserManager().getUser("alice");
> [...]    
> assertTrue(user.authenticate("alicia"));
> --------------------------------------------------------------------------------- 
>
>
> This test succeeds, but it shouldn't since the password should have 
> been updated. If one goes to the alice ui after running the test can 
> verify the password is actually "foo" as it should be. If one checks 
> the alice.xml file before and after running the test, one can verify 
> thet is has been actually updated:
>
> #Alice
> Before: <password>e94ef563867e9c9df3fcc999bdb045f5</password> => alicia
> After:   <password>acbd18db4cc2f85cedef654fccc4a4d8</password> => foo
>
>
> This made me think there must be a bug either in the authenticate 
> method or the ui so I wrote three extra tests:
>
>
> #TEST 2: testMyTest()
>
> This test tries to change lenya's password using the new security api.
>
> code:
> ------------------------------------------------------------------------------- 
>
> assertTrue(user.authenticate("levi"));
>      user.setPassword("foo");
> assertTrue(user.authenticate("foo"));
>      user.setPassword("levi");
> assertTrue(user.authenticate("levi"));
> -------------------------------------------------------------------------------- 
>
>
> I think it should fail if there is a bug in the authenticate method, 
> however it succeeds.
>
> #TEST 3: testSuccessfulPasswordUpdate2()
>
> This test tries to change the password twice using the ui. My idea was 
> that if there is a bug in the ui change password functionality, two 
> consecutive attempts of changing the password should fail: eg: If I 
> change the password from "paloma" to "foo" and then from "foo" to 
> "paloma" the second change should fail if the password was not 
> actually updated in the first attempt. However it succeeds.
>
>
> #TEST 4: testMyTest2()
>
> This test checks if the authentication method always returns true. It 
> occurred to me that the first test might succeed because of this. 
> Well, this test fails as it should.
>
>
>
> I can't understand why the first test succeeds if the password has 
> been actually updated. And it has been updated, since I have checked 
> all user files before and after running the tests:
>
> #Alice
> Before: <password>e94ef563867e9c9df3fcc999bdb045f5</password> => alicia
> After:   <password>acbd18db4cc2f85cedef654fccc4a4d8</password> => foo
>
> #Lenya
> Before: <password>8e07dafd13495561db9063ebe4db4b27</password> => levi
> After:   <password>8e07dafd13495561db9063ebe4db4b27</password>
>
> #Joe
> Before: <password>8ff32489f92f33416694be8fdc2d4c22</password> => joe
> After:   <password>8ff32489f92f33416694be8fdc2d4c22</password>
>
> #Paloma
> Before: <password>a20df7f02202e665e6a7b674bbfb1fcc</password> => paloma
> After:   <password>a20df7f02202e665e6a7b674bbfb1fcc</password>
>
>
> I think I'm missing something really obvious here but I can't figure 
> out what it is. Any hints would be very much appreciated.
>
> Thanks,
> Paloma
>
> _______________________________________________
> Yanel-development mailing list
> Yanel-development at wyona.com
> http://wyona.com/cgi-bin/mailman/listinfo/yanel-development
>
>
I forgot to mention that the tests are available at 
http://bugzilla.wyona.com/cgi-bin/bugzilla/show_bug.cgi?id=5116

Thanks,
Paloma

More information about the Yanel-development mailing list