From cf21e544d43f64c8106a43e33d06665a03a297f5 Mon Sep 17 00:00:00 2001
From: Dean Del Ponte <dean.delponte@gmail.com>
Date: Thu, 11 Apr 2019 10:43:20 -0500
Subject: [PATCH 1/2] Issue 108: Verifying a new user account does not unlock
 that account - added a test to verify the verify registration functionality
 is working as expected

---
 .gitignore                                    |  1 +
 examples/extended/build.gradle                |  1 +
 .../groovy/spec/VerifyRegistrationSpec.groovy | 56 +++++++++++++++++++
 examples/simple/build.gradle                  |  1 +
 .../groovy/spec/VerifyRegistrationSpec.groovy | 55 ++++++++++++++++++
 5 files changed, 114 insertions(+)
 create mode 100644 examples/extended/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy
 create mode 100644 examples/simple/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy

diff --git a/.gitignore b/.gitignore
index 30149a0e..c53df9b0 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,3 +12,4 @@ classes
 cobertura.ser
 kindlegen
 /plugin/src/main/templates/views
+.java-version
diff --git a/examples/extended/build.gradle b/examples/extended/build.gradle
index a14368d9..c40793b9 100644
--- a/examples/extended/build.gradle
+++ b/examples/extended/build.gradle
@@ -67,6 +67,7 @@ dependencies {
     testCompile("io.github.bonigarcia:webdrivermanager:2.2.4") {
         exclude group: 'org.seleniumhq.selenium'
     }
+    testCompile "org.grails:grails-datastore-rest-client:6.1.10.RELEASE"
 
     compile 'dumbster:dumbster:1.6', { transitive = false }
     compile "org.grails.plugins:mail:$mailVesion"
diff --git a/examples/extended/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy b/examples/extended/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy
new file mode 100644
index 00000000..f33ba2f4
--- /dev/null
+++ b/examples/extended/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy
@@ -0,0 +1,56 @@
+package spec
+
+import grails.plugin.springsecurity.ui.RegistrationCode
+import grails.plugins.rest.client.RestBuilder
+import grails.plugins.rest.client.RestResponse
+import grails.testing.mixin.integration.Integration
+import spock.lang.Shared
+import spock.lang.Specification
+import test.User
+
+
+@Integration
+class VerifyRegistrationSpec extends Specification {
+
+    @Shared RestBuilder rest = new RestBuilder()
+
+    void "verify a call to the register/verifyRegistration endpoint properly updates the verified"() {
+        given: "a username"
+        String username = "username"
+
+        when: "a user account is created and given a registration code"
+        User user
+        RegistrationCode registrationCode
+
+        User.withNewTransaction {
+            user = new User(username: username, password: "password", accountLocked: true).save()
+            registrationCode = new RegistrationCode(username: username).save()
+        }
+
+
+        then: 'registration code token is populated'
+        registrationCode.token
+        user.accountLocked == true
+        user.accountExpired == false
+        user.enabled == true
+        user.username == username
+
+        when: "that user engages the verify registration action with their registration code's token"
+        RestResponse resp = rest.get("http://localhost:${serverPort}/register/verifyRegistration?t=${registrationCode.token}")
+
+        then: "that user account should be unlocked, not expired, and enabled"
+        resp.status == 200
+
+        when:
+        User updatedUser = User.withNewTransaction(readOnly: true) {
+            User.findByUsername(username)
+        }
+
+        then:
+        updatedUser.username == username
+        updatedUser.accountExpired == false
+        updatedUser.enabled == true
+        updatedUser.accountLocked == false
+
+    }
+}
diff --git a/examples/simple/build.gradle b/examples/simple/build.gradle
index 08c864b1..7a5b7306 100644
--- a/examples/simple/build.gradle
+++ b/examples/simple/build.gradle
@@ -68,6 +68,7 @@ dependencies {
     testCompile "org.seleniumhq.selenium:selenium-chrome-driver:3.6.0"
     testCompile "org.seleniumhq.selenium:selenium-remote-driver:3.6.0"
     testCompile "org.seleniumhq.selenium:selenium-api:3.6.0"
+    testCompile "org.grails:grails-datastore-rest-client:6.1.10.RELEASE"
 
     compile 'dumbster:dumbster:1.6', { transitive = false }
     compile "org.grails.plugins:mail:$mailVesion"
diff --git a/examples/simple/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy b/examples/simple/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy
new file mode 100644
index 00000000..dacb8401
--- /dev/null
+++ b/examples/simple/src/integration-test/groovy/spec/VerifyRegistrationSpec.groovy
@@ -0,0 +1,55 @@
+package spec
+
+import grails.plugin.springsecurity.ui.RegistrationCode
+import grails.plugins.rest.client.RestBuilder
+import grails.plugins.rest.client.RestResponse
+import grails.testing.mixin.integration.Integration
+import spock.lang.Shared
+import spock.lang.Specification
+import test.User
+
+@Integration
+class VerifyRegistrationSpec extends Specification {
+
+    @Shared RestBuilder rest = new RestBuilder()
+
+    void "verify a call to the register/verifyRegistration endpoint properly updates the verified"() {
+        given: "a username"
+        String username = "username"
+
+        when: "a user account is created and given a registration code"
+        User user
+        RegistrationCode registrationCode
+
+        User.withNewTransaction {
+            user = new User(username: username, password: "password", accountLocked: true).save()
+            registrationCode = new RegistrationCode(username: username).save()
+        }
+
+
+        then: 'registration code token is populated'
+        registrationCode.token
+        user.accountLocked == true
+        user.accountExpired == false
+        user.enabled == true
+        user.username == username
+
+        when: "that user engages the verify registration action with their registration code's token"
+        RestResponse resp = rest.get("http://localhost:${serverPort}/register/verifyRegistration?t=${registrationCode.token}")
+
+        then: "that user account should be unlocked, not expired, and enabled"
+        resp.status == 200
+
+        when:
+        User updatedUser = User.withNewTransaction(readOnly: true) {
+            User.findByUsername(username)
+        }
+
+        then:
+        updatedUser.username == username
+        updatedUser.accountExpired == false
+        updatedUser.enabled == true
+        updatedUser.accountLocked == false
+
+    }
+}

From b8a0294870b5062219f1999a4c7f288b58ecc806 Mon Sep 17 00:00:00 2001
From: Dean Del Ponte <dean.delponte@gmail.com>
Date: Fri, 12 Apr 2019 09:42:18 -0500
Subject: [PATCH 2/2] Issue 108: Verifying a new user account does not unlock
 that account - modified the `SpringSecurityUiService.save` to flush on save. 
 I've verified this fixes the failing test that was reported.

---
 .../plugin/springsecurity/ui/SpringSecurityUiService.groovy     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugin/grails-app/services/grails/plugin/springsecurity/ui/SpringSecurityUiService.groovy b/plugin/grails-app/services/grails/plugin/springsecurity/ui/SpringSecurityUiService.groovy
index 3e408d83..1e45f319 100644
--- a/plugin/grails-app/services/grails/plugin/springsecurity/ui/SpringSecurityUiService.groovy
+++ b/plugin/grails-app/services/grails/plugin/springsecurity/ui/SpringSecurityUiService.groovy
@@ -728,7 +728,7 @@ class SpringSecurityUiService implements AclStrategy, ErrorsStrategy, Persistent
 				callback instance
 			}
 
-			instance.save()
+			instance.save(flush: true)
 			if (instance.hasErrors()) {
 				uiErrorsStrategy.handleValidationErrors instance, this, methodName, transactionStatus
 			}