in component-test/src/main/java/TestPasswords.java [114:155]
public void testUserChangeOwnPasswordButNotAdminPassword() throws InterruptedException {
final String username = createUserWithNonexpiredPassword(AHMES_PASSWORD, "scribe");
try (final AutoUserContext ignored = loginUser(username, AHMES_PASSWORD))
{
final String newPassword = "new password";
{
getTestSubject().changeUserPassword(username, new Password(TestEnvironment.encodePassword(newPassword)));
boolean found = eventRecorder.wait(EventConstants.OPERATION_PUT_USER_PASSWORD, username);
Assert.assertTrue(found);
}
final TimeStampChecker passwordExpirationChecker = TimeStampChecker.inTheFutureWithWiggleRoom(Duration.ofDays(93), Duration.ofHours(24));
final Authentication userAuthenticationAfterPasswordChange = getTestSubject().login(username, TestEnvironment.encodePassword(newPassword));
final String passwordExpiration = userAuthenticationAfterPasswordChange.getPasswordExpiration();
passwordExpirationChecker.assertCorrect(passwordExpiration);
//noinspection EmptyCatchBlock
try {
getTestSubject().changeUserPassword(ADMIN_IDENTIFIER, new Password(TestEnvironment.encodePassword(newPassword)));
Assert.fail("trying to change the admins password should fail.");
}
catch (final NotFoundException ex) {
boolean found = eventRecorder.wait(EventConstants.OPERATION_PUT_USER_PASSWORD, ADMIN_IDENTIFIER);
Assert.assertFalse(found);
}
try {
getTestSubject().login(ADMIN_IDENTIFIER, TestEnvironment.encodePassword(newPassword));
Assert.fail("logging into admin with the new password should likewise fail.");
}
catch (final NotFoundException ex) {
//Not found is expected.
}
//noinspection EmptyTryBlock
try (final AutoUserContext ignored2 = loginAdmin()) { //logging into admin with the old password should *not* fail.
}
}
}