I have designed my FW and I have exactly placed runner and step files in the package. But I am not able to run the TC, it saying Test pending though steps are defined.
PFA my project structure.
enter image description here
My step file:
package com.reThink.steps;
import net.thucydides.core.annotations.Steps;
import com.reThink.helper.LoginHelper;
import com.reThink.util.CBTestProperties;
import com.reThink.util.Constants;
import com.reThink.util.Log;
import cucumber.api.java.en.Given;
import cucumber.api.java.en.Then;
import cucumber.api.java.en.When;
public class LoginSteps {
#Steps
LoginHelper loginHelper;
private String username = null;
private String password = null;
/**
* Method to navigate to login page
*
* #param
* #return
*/
#Given("^I am on the reThink Login page$")
public void givenIamonthehomepage() throws Exception {
loginHelper.openLoginPage();
}
/**
* Method to login as a Admin user
*
* #param
* #return
*/
#When("^I login as an Admin user$")
public void loginWithAdminUser() throws Exception {
loginHelper.openLoginPage();
username = CBTestProperties.Instance
.getTestProperty(Constants.ADMINUSERNAME);
password = CBTestProperties.Instance
.getTestProperty(Constants.ADMINPASSWORD);
loginHelper.loginToRethink(username, password);
}
/**
* I should be login successfully
*
* #param
* #return
*/
#Then("^I should be logged in successfully$")
public void thenItShouldBeLoggedIn() throws Exception {
// assertThat(homePageHelper.isLoginSuccessful(username));
Log.info("Successfully logged in");
}
}
Feature file
#Logon_Admin_User
Scenario: Login to reThink with Admin User credentials
Given I am on the reThink Login page
When I login as an Admin user
Then I should be logged in successfully
You are missing glue path in cucumber options of runner class. Please try with followings.
#RunWith(CucumberWithSerenity.class)
#CucumberOptions(features="src/test/resources/features",tags="#Logon_Admin_user",glue = { "com.reThink.steps" })
public class TestRunnerSuite{}
Related
So I'm trying to create a bot to add roles to a targeted user with the command "r.accept insert username here" but I don't know how to get the bot to target the user in question. So where do I place it?
package com.kotadajedi.reina.listeners;
import net.dv8tion.jda.api.entities.Role;
import net.dv8tion.jda.api.events.message.MessageReceivedEvent;
import net.dv8tion.jda.api.hooks.ListenerAdapter;
public class EventListener extends ListenerAdapter {
public void onMessageReceived(MessageReceivedEvent event) {
String message = event.getMessage().getContentRaw();
if(message.contains("r.accept")) {
event.getGuild().addRoleToMember(event.getMember(), (Role) event.getJDA().getRolesByName("new role", true));
}
}
}
I currently setup the role based and content authorization. However i got problem when I try the to access the route of super admin still accessible. I used this instruction https://medium.com/justlaravel/how-to-use-middleware-for-content-restriction-based-on-user-role-in-laravel-2d0d8f8e94c6 - but still no working well.
to understand well, I will share to you what suppose to be the output and my sample coding on my middleware and api.php
I have Middleware of CheckRoleRouter.php
I create a unauthorized.blade.php file for new response if the user role access wrong route.
I already set the middleware to the kernel.php
Role: I have Super Admin = 0 and Admin = 1
Middleware:
<?php
namespace App\Http\Middleware;
use Closure;
use Auth;
class CheckRoleRouter
{
/**
* Handle an incoming request.
*
* #param \Illuminate\Http\Request $request
* #param \Closure $next
* #return mixed
*/
public function handle($request, Closure $next)
{
//Role of users
//Super Admin = 0
//Admin = 1
// how to make a middleware to prevent accessing other router based on their role.
if ($request->user() && $request->user()->role != 0)
{
return new Response(view('unauthorized')->with('role', 'SUPERADMIN'));
}
return $next($request);
}
}
Api:
Route::group(['middleware' => 'App\Http\Middleware\CheckRoleRouter'], function()
{
Route::get('list_offers','Api\BusinessOffersController#list_offers');
});
Kernel:
'checker' => \App\Http\Middleware\CheckRoleRouter::class,
Session: - it means i used the admin role so the logic is the router of super_admin is not accessible anymore because i used the admin.
Page:
i manage my users with the Firebase Admin SDK.
On signup i send email,password and username to my endpoint.
i createUserWithEmailAndPassword and create a doc in my firestore
This way i can check if a document already exists and return an error that the username/handle is already taken.
Firestore
- users
- handle
* email
* userId (from createUserWithAndPassword Response)
* createdAt
After the user signInWithEmailandPassword i only have the token, email and userId.. but i need the handle to get the right user details.
what i get from the docs is that there is a default displayName property but i dont know how to set it on signup.
or should i create a custom Token and store the handle inside of it..
im not sure how to go from here
thanks for your help
This is a simple method for what you want:
mAuth.createUserWithEmailAndPassword(email, password).addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
if(task.isSuccessful()){
// Sign in success
FirebaseUser user = mAuth.getCurrentUser();
UserProfileChangeRequest profileUpdates = new UserProfileChangeRequest.Builder()
.setDisplayName(mName).build();
user.updateProfile(profileUpdates).addOnCompleteListener(new OnCompleteListener<Void>() {
#Override
public void onComplete(#NonNull Task<Void> task) {
if (task.isSuccessful()) {
Log.d(TAG, "User profile updated.");
}
}
});
}
});
Then, to retrieve it, use this wherever required:
FirebaseUser user = FirebaseAuth.getInstance().getCurrentUser();
if (user != null) {
// Name, email address etc
String name = user.getDisplayName();
String email = user.getEmail();
}
There are multiple ways, but I recommend to use this one :)
I'm using grails along with spring security and angularjs. When a user session has expired and the user clicks an ajax action on the page, rather than respond with a 401, the application attempts to redirect to the login page which no response from the original ajax action.
I'm still using a traditional login page and some my application still has some traditional page links, so when a session has expired and a user clicks a page link, I would like to redirect to the login page.
If a user clicks on an ajax request, I would like to get a 401 response rather than the redirected html response so that I can do a redirect in my javascript.
I have the following config setting.
grails.plugin.springsecurity.providerNames = ['hriLoginClientAuthenticationProvider']
grails.plugin.springsecurity.useSecurityEventListener = true
grails.plugin.springsecurity.failureHandler.defaultFailureUrl = '/login?error=1'
grails.plugin.springsecurity.auth.loginFormUrl = '/login'
grails.plugin.springsecurity.logout.postOnly = false
What do I need to do to get ajax request to not redirect to the login page?
I've run into a similar issue and have implemented a filter in the filter chain to detect AJAX requests and respond with a customized HTTP status (you can change it to 401 if you like).
Basically there are three parts to this. The first, is the filter. It's a servlet filter and examines the request as well as the state of the authentication in the session. Second, defining the filter as a bean within the application context in Resources.groovy. Finally, inserting it into the Spring Security filter chain, which I've done in Bootstrap.groovy.
I'll walk you through this now.
First the servlet filter (under src/java)
package com.xyz.security;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.util.ThrowableAnalyzer;
import org.springframework.security.web.util.ThrowableCauseExtractor;
import org.springframework.web.filter.GenericFilterBean;
public class AjaxTimeoutRedirectFilter extends GenericFilterBean {
// private static final Logger logger =
// LoggerFactory.getLogger(AjaxTimeoutRedirectFilter.class);
private ThrowableAnalyzer throwableAnalyzer = new DefaultThrowableAnalyzer();
private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();
private int customSessionExpiredErrorCode = 901;
#Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
try {
chain.doFilter(request, response);
// logger.debug("Chain processed normally");
} catch (IOException ex) {
throw ex;
} catch (Exception ex) {
Throwable[] causeChain = throwableAnalyzer.determineCauseChain(ex);
RuntimeException ase = (AuthenticationException) throwableAnalyzer
.getFirstThrowableOfType(AuthenticationException.class,
causeChain);
if (ase == null) {
ase = (AccessDeniedException) throwableAnalyzer
.getFirstThrowableOfType(AccessDeniedException.class,
causeChain);
}
if (ase != null) {
if (ase instanceof AuthenticationException) {
throw ase;
} else if (ase instanceof AccessDeniedException) {
if (authenticationTrustResolver
.isAnonymous(SecurityContextHolder.getContext()
.getAuthentication())) {
// logger.info("User session expired or not logged in yet");
String ajaxHeader = ((HttpServletRequest) request)
.getHeader("X-Requested-With");
if ("XMLHttpRequest".equals(ajaxHeader)) {
// logger.info("Ajax call detected, send {} error code",
// this.customSessionExpiredErrorCode);
HttpServletResponse resp = (HttpServletResponse) response;
resp.sendError(this.customSessionExpiredErrorCode);
} else {
// logger.info("Redirect to login page");
throw ase;
}
} else {
throw ase;
}
}
}
}
}
private static final class DefaultThrowableAnalyzer extends
ThrowableAnalyzer {
/**
* #see org.springframework.security.web.util.ThrowableAnalyzer#initExtractorMap()
*/
protected void initExtractorMap() {
super.initExtractorMap();
registerExtractor(ServletException.class,
new ThrowableCauseExtractor() {
public Throwable extractCause(Throwable throwable) {
ThrowableAnalyzer.verifyThrowableHierarchy(
throwable, ServletException.class);
return ((ServletException) throwable)
.getRootCause();
}
});
}
}
public void setCustomSessionExpiredErrorCode(
int customSessionExpiredErrorCode) {
this.customSessionExpiredErrorCode = customSessionExpiredErrorCode;
}
}
Second, defining the filter as a bean in the application context in Resources.groovy
beans = {
ajaxTimeoutRedirectFilter(com.xyz.security.AjaxTimeoutRedirectFilter)
}
And finally, getting the filter into the Spring Security filter chain (I used BootStrap.groovy for this)
import grails.plugin.springsecurity.SecurityFilterPosition
import grails.plugin.springsecurity.SpringSecurityUtils
class BootStrap {
def init = { servletContext ->
SpringSecurityUtils.clientRegisterFilter('ajaxTimeoutRedirectFilter', SecurityFilterPosition.EXCEPTION_TRANSLATION_FILTER.order + 10)
}
def destroy = {
}
}
Did you consider "locking a screen" when the user is idle on a client-side? Of course you should handle end of a session on server-side but in fact it seems even cleaner and more secure solution than waiting for an action from client side (especially if user has left and left on a screen some sensitive data).
Check out this ng-idle directive.
I just begin to use fosuserbundle, today I activate the confirmation register link.
It works great, but if the user click a second time on the confirmation link in the email, he get that error :
The user with confirmation token "3hiqollkisg0s4ck4w8g0gw4soc0wwoo8ko084o4ww4sss8o4" does not exist
404 Not Found - NotFoundHttpException
I think this error should be handle by the bundle, no ?
Thanks
Here's the code for overriding the action. Basically just copied part of the actual FOS action and modded.
Create a RegistrationController.php file in your user bundle's controller folder and put the overriding RegistrationController class in there.
Assuming your user bundle is Acme\UserBundle:
<?php
// Acme\UserBundle\RegistrationController.php
namespace Acme\UserBundle\Controller;
use Symfony\Component\HttpFoundation\RedirectResponse;
use FOS\UserBundle\Controller\RegistrationController as BaseController;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
class RegistrationController extends BaseController
{
/**
* Receive the confirmation token from user email provider, login the user
*/
public function confirmAction(Request $request, $token)
{
$userManager = $this->container->get('fos_user.user_manager');
$user = $userManager->findUserByConfirmationToken($token);
if (null === $user) {
/* ************************************
*
* User with token not found. Do whatever you want here
*
* e.g. redirect to login:
*
* return new RedirectResponse($this->container->get('router')->generate('fos_user_security_login'));
*
**************************************/
}
else{
// Token found. Letting the FOSUserBundle's action handle the confirmation
return parent::confirmAction($request, $token);
}
}
}