Apache
/
archiva-redback-core
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update and test password flag methods for V2 REST user service

This commit is contained in:
Martin Stockhammer 2020-08-04 19:11:26 +02:00
parent 1609b4eaeb
commit 2c0876f7b4
5 changed files with 146 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/PasswordStatus.java → redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/PasswordStatus.java
View File

@ -1,4 +1,4 @@
package org.apache.archiva.redback.rest.api.model;
package org.apache.archiva.redback.rest.api.model.v2;
/*
* Licensed to the Apache Software Foundation (ASF) under one
@ -18,18 +18,23 @@ package org.apache.archiva.redback.rest.api.model;
* under the License.
*/
import javax.xml.bind.annotation.XmlRootElement;
/**
* @author Martin Stockhammer <martin_s@apache.org>
*/
@XmlRootElement( name="passwordStatus" )
public class PasswordStatus
{
boolean changeRequired = false;
public PasswordStatus() {
public PasswordStatus( )
{
}
public PasswordStatus(boolean changeRequired) {
public PasswordStatus( boolean changeRequired )
{
this.changeRequired = changeRequired;
}

39
redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
View File

@ -29,7 +29,6 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@ -193,7 +192,7 @@ public interface UserService
@io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
responses = {
@ApiResponse( responseCode = "200",
description = "If locking was successful"
description = "If unlocking was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
}
@ -204,22 +203,48 @@ public interface UserService
/**
*/
@Path( "{userId}/password/status" )
@GET
@Path( "{userId}/password/require/set" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
PasswordStatus getPasswordStatus( @PathParam( "userId" ) String userId )
@io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
responses = {
@ApiResponse( responseCode = "200",
description = "If password change require flag was set"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
}
)
void setRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
/**
* update only the current user and this fields: fullname, email, password.
*/
@Path( "{userId}/password/require/clear" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
@io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
responses = {
@ApiResponse( responseCode = "200",
description = "If password change require flag was unset"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
}
)
void clearRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
/**
* update only the current logged in user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
*/
@Path( "me" )
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
ActionStatus updateMe( @PathParam( "userId" ) String userId, User user )
ActionStatus updateMe( User user )
throws RedbackServiceException;
@Path( "___ping___" )

72
redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
View File

@ -47,7 +47,7 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.v2.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@ -89,6 +89,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
import static org.apache.archiva.redback.rest.api.Constants.*;
@ -344,7 +345,7 @@ public class DefaultUserService
}
@Override
public ActionStatus updateMe( String userId, User user )
public ActionStatus updateMe( User user )
throws RedbackServiceException
{
// check username == one in the session
@ -1034,16 +1035,18 @@ public class DefaultUserService
return null;
}
@Override
public void unlockUser( String userId )
throws RedbackServiceException
private void updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
{
try
{
org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
if ( rawUser != null )
{
rawUser.setLocked( false );
RedbackServiceException result = updateFunction.apply( rawUser );
if (result!=null) {
throw result;
}
userManager.updateUser( rawUser, false );
} else {
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
@ -1057,6 +1060,16 @@ public class DefaultUserService
{
throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
}
}
@Override
public void unlockUser( String userId )
throws RedbackServiceException
{
updateUser( userId, user -> {
user.setLocked( false );
return null;
} );
httpServletResponse.setStatus( 200 );
}
@ -1064,40 +1077,33 @@ public class DefaultUserService
public void lockUser( String userId )
throws RedbackServiceException
{
try
{
org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
if ( rawUser != null )
{
rawUser.setLocked( true );
userManager.updateUser( rawUser, false );
} else {
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
}
}
catch ( UserNotFoundException e )
{
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ), 404 );
}
catch ( UserManagerException e )
{
throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
}
updateUser( userId, user -> {
user.setLocked( true );
return null;
} );
httpServletResponse.setStatus( 200 );
}
@Override
public PasswordStatus getPasswordStatus( String userId )
public void setRequirePasswordChangeFlag( String userId )
throws RedbackServiceException
{
User user = getUser( userId );
if ( user == null )
{
updateUser( userId, user -> {
user.setPasswordChangeRequired( true );
updateUser( user.getUserId(), user );
return new PasswordStatus( true );
}
return new PasswordStatus( false );
return null;
} );
httpServletResponse.setStatus( 200 );
}
@Override
public void clearRequirePasswordChangeFlag( String userId )
throws RedbackServiceException
{
updateUser( userId, user -> {
user.setPasswordChangeRequired( false );
return null;
} );
httpServletResponse.setStatus( 200 );
}
}

65
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
View File

@ -498,5 +498,70 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 404 );
}
@Test
void setPasswordChangeRequire() {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
jsonAsMap.put( "locked", false );
jsonAsMap.put( "password", "pAssw0rD" );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
.post( )
.then( ).statusCode( 201 );
try
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.post( "aragorn/password/require/set" )
.then( ).statusCode( 200 );
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertTrue( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
} finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
.then( ).statusCode( 200 );
}
}
@Test
void setNoPasswordChangeRequire() {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
jsonAsMap.put( "locked", false );
jsonAsMap.put( "passwordChangeRequired", true );
jsonAsMap.put( "password", "pAssw0rD" );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
.post( )
.then( ).statusCode( 201 );
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertTrue( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
try
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.post( "aragorn/password/require/clear" )
.then( ).statusCode( 200 );
response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertFalse( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
} finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
.then( ).statusCode( 200 );
}
}
}

4
redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
View File

@ -508,7 +508,7 @@ public class UserServiceTest
u.setEmail( "toto@titi.fr" );
u.setPassword( "toto1234" );
u.setPreviousPassword( "toto123" );
getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u. getUserId(), u );
getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto123", u.getFullName( ) );
@ -518,7 +518,7 @@ public class UserServiceTest
u.setEmail( "toto@tititi.fr" );
u.setPassword( "toto12345" );
u.setPreviousPassword( "toto1234" );
getUserService( getUserAuthzHeader( "toto" )) .updateMe(u.getUserId(), u );
getUserService( getUserAuthzHeader( "toto" )) .updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto1234", u.getFullName( ) );