diff --git a/src/main/java/model/service/login/Authenticator.java b/src/main/java/model/service/login/Authenticator.java index 3c522ca..23fb1fa 100644 --- a/src/main/java/model/service/login/Authenticator.java +++ b/src/main/java/model/service/login/Authenticator.java @@ -8,7 +8,21 @@ import java.security.SecureRandom; public class Authenticator implements LoginInterface { - DAOUser db = new DAOUser(); + DAOUser db; + Encryption encryption; + + public Authenticator() { + this.db = new DAOUser(); + this.encryption = new Encryption(); + } + + public Authenticator(DAOUser db) { + this.db = db; + } + + public void setEncryption(Encryption encryption) { + this.encryption = encryption; + } @Override public String sendPin(String email) { if(email.equals("test@email.com")) { @@ -26,15 +40,12 @@ public String sendPin(String email) { } public boolean resetPassword(String email, String plainTextPassword){ - Encryption encryption = new Encryption(); - System.out.println("password in chiaro: " + plainTextPassword); String hashed = encryption.encryptPassword(plainTextPassword); boolean Result = db.resetPassword(email,hashed); - System.out.println("cambiato password, esito:" + Result); return Result; } - private String generatePin() { + String generatePin() { SecureRandom random = new SecureRandom(); String digits = "0123456789"; String pin = ""; @@ -49,7 +60,6 @@ private String generatePin() { @Override public int authenticate(String email, String password) { User toCheck = db.getUserByIdOrEmail(email); - Encryption encryption = new Encryption(); if(!(toCheck == null)) { if (encryption.verifyPassword(password, toCheck.getPassword())) { return toCheck.getId(); diff --git a/src/test/java/model/service/login/AuthenticatorTest.java b/src/test/java/model/service/login/AuthenticatorTest.java new file mode 100644 index 0000000..4699f6c --- /dev/null +++ b/src/test/java/model/service/login/AuthenticatorTest.java @@ -0,0 +1,108 @@ +package model.service.login; + +import model.DAO.DAOUser; +import model.entity.User; +import model.service.email.EmailManager; +import model.service.encryption.Encryption; +import org.junit.jupiter.api.*; +import org.mindrot.jbcrypt.BCrypt; +import org.mockito.Mockito; + +import java.security.SecureRandom; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; +import static org.mockito.Mockito.*; + +@TestInstance(TestInstance.Lifecycle.PER_CLASS) +public class AuthenticatorTest { + private final DAOUser daoUser = mock(DAOUser.class); + private final EmailManager emailManagerMock = mock(EmailManager.class); + private final Encryption encryption = mock(Encryption.class); + private final User user = mock(User.class); + Authenticator authenticator; + + @BeforeEach + void setUp() { + authenticator = new Authenticator(daoUser); + authenticator.setEncryption(encryption); + } + + @Test + void itShouldAuthenticateWhenEmailAndPasswordAreCorrect() { + String hashedPassword = BCrypt.hashpw("plainTextPassword", BCrypt.gensalt()); + when(daoUser.getUserByIdOrEmail("test@email.com")).thenReturn(user); + when(user.getPassword()).thenReturn(hashedPassword); + when(encryption.verifyPassword("plainTextPassword", user.getPassword())).thenReturn(true); + when(user.getId()).thenReturn(1); + + int response = authenticator.authenticate("test@email.com", "plainTextPassword"); + assertEquals(1, response); + } + + @Test + void itShouldNotAuthenticateWhenPasswordIsIncorrect() { + String hashedPassword = BCrypt.hashpw("wrongPassword", BCrypt.gensalt()); + when(daoUser.getUserByIdOrEmail("test@email.com")).thenReturn(user); + when(user.getPassword()).thenReturn(hashedPassword); + when(encryption.verifyPassword("plainTextPassword", user.getPassword())).thenReturn(false); + + int response = authenticator.authenticate("test@email.com", "plainTextPassword"); + assertEquals(-2, response); + } + + @Test + void itShouldNotAuthenticateWhenUserDoesNotExist() { + when(daoUser.getUserByIdOrEmail("test@email.com")).thenReturn(null); + + int response = authenticator.authenticate("test@email.com", "plainTextPassword"); + assertEquals(-1, response); + } + + @Test + void testSendPin() { + // Using spy to be able to mock the private method `generatePin`. + Authenticator spyAuthenticator = Mockito.spy(authenticator); + + // Mock the generatePin() method + doReturn("12345678").when(spyAuthenticator).generatePin(); + + // Use anyString() so that we match any value of email, + // except the "test@email.com" since it has a different behavior. + String pin = spyAuthenticator.sendPin(anyString()); + + // The value of pin should equal the value we stubbed above. + assertEquals("12345678", pin); + + // Ensure that our spy's generatePin() method was called once. + verify(spyAuthenticator, times(1)).generatePin(); + } + + @Test + void testSendPinSpecialEmail() { + // Explicitly test the email value that generates the pre-defined PIN. + String pin = authenticator.sendPin("test@email.com"); + + // The value of pin should be the pre-defined value "12345678". + assertEquals("12345678", pin); + } + + @Test + void testResetPassword() { + // Mock encryptPassword() return value. + when(encryption.encryptPassword(anyString())).thenReturn("hashed_password"); + + // Mock resetPassword() return value. + when(daoUser.resetPassword(anyString(), anyString())).thenReturn(true); + + // Run our authenticator's resetPassword() method. + boolean result = authenticator.resetPassword("test@email.com", "password"); + + // Ensure that the result is true, as we mocked in daoUserMock. + assertTrue(result); + + // Ensure that our mocked methods were called once. + verify(encryption, times(1)).encryptPassword("password"); + verify(daoUser, times(1)).resetPassword("test@email.com", "hashed_password"); + } +} \ No newline at end of file