From 8ebd1ad815335efc1a329360e23ef477e771c8cf Mon Sep 17 00:00:00 2001 From: Martin Stockhammer Date: Thu, 27 Aug 2020 16:54:40 +0200 Subject: [PATCH] Minor REST V2 changes for userservice --- .../redback/rest/api/model/v2/MeUser.java | 75 +++++++++++++++++++ .../rest/api/services/v2/UserService.java | 9 ++- .../rest/services/v2/DefaultUserService.java | 10 +-- .../services/v2/NativeUserServiceTest.java | 55 +------------- .../rest/services/v2/UserServiceTest.java | 22 +++--- 5 files changed, 99 insertions(+), 72 deletions(-) create mode 100644 redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java new file mode 100644 index 00000000..e307618c --- /dev/null +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java @@ -0,0 +1,75 @@ +package org.apache.archiva.redback.rest.api.model.v2; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.xml.bind.annotation.XmlRootElement; + +/** + * JSON object for updating own user data. + * Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal. + */ +@XmlRootElement( name = "user" ) +public class MeUser +{ + private String email; + private String fullName; + private String password; + private String currentPassword; + + public String getEmail( ) + { + return email; + } + + public void setEmail( String email ) + { + this.email = email; + } + + public String getFullName( ) + { + return fullName; + } + + public void setFullName( String fullName ) + { + this.fullName = fullName; + } + + public String getPassword( ) + { + return password; + } + + public void setPassword( String password ) + { + this.password = password; + } + + public String getCurrentPassword( ) + { + return currentPassword; + } + + public void setCurrentPassword( String currentPassword ) + { + this.currentPassword = currentPassword; + } +} diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java index ba739e06..0ea30917 100644 --- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java @@ -28,6 +28,7 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus; import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus; import org.apache.archiva.redback.rest.api.model.Operation; +import org.apache.archiva.redback.rest.api.model.v2.MeUser; import org.apache.archiva.redback.rest.api.model.v2.PagedResult; import org.apache.archiva.redback.rest.api.model.Permission; import org.apache.archiva.redback.rest.api.model.v2.PingResult; @@ -168,7 +169,7 @@ User updateUser( @PathParam( "userId" ) String userId, User user ) /** */ - @Path( "{userId}/lock" ) + @Path( "{userId}/lock/set" ) @POST @Produces( { MediaType.APPLICATION_JSON } ) @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) @@ -185,11 +186,11 @@ void lockUser( @PathParam( "userId" ) String userId ) /** */ - @Path( "{userId}/unlock" ) + @Path( "{userId}/lock/clear" ) @POST @Produces( { MediaType.APPLICATION_JSON } ) @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) - @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user", + @io.swagger.v3.oas.annotations.Operation( summary = "Unlocks a user", responses = { @ApiResponse( responseCode = "200", description = "If unlocking was successful" @@ -255,7 +256,7 @@ void clearRequirePasswordChangeFlag( @PathParam( "userId" ) String userId ) @ApiResponse( responseCode = "400", description = "Provided data is not valid" ) } ) - User updateMe( User user ) + User updateMe( MeUser user ) throws RedbackServiceException; @Path( "me" ) diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java index 2273d00f..5cde4ca3 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java @@ -48,6 +48,7 @@ import org.apache.archiva.redback.rest.api.model.ErrorMessage; import org.apache.archiva.redback.rest.api.model.Operation; import org.apache.archiva.redback.rest.api.model.Permission; +import org.apache.archiva.redback.rest.api.model.v2.MeUser; import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey; import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest; import org.apache.archiva.redback.rest.api.model.Resource; @@ -362,28 +363,25 @@ public PagedResult getUsers(Integer offset, } @Override - public User updateMe( User user ) + public User updateMe( MeUser user ) throws RedbackServiceException { RedbackPrincipal principal = getPrincipal( ); if (principal==null) { throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 ); } - if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) { - throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() ); - } // check oldPassword with the current one // only 3 fields to update // ui can limit to not update password - org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> { + org.apache.archiva.redback.users.User foundUser = updateUser( principal.getName(), realUser -> { try { // current password is only needed, if password change is requested if ( StringUtils.isNotBlank( user.getPassword( ) ) ) { String previousEncodedPassword = - securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( ); + securitySystem.getUserManager( ).findUser( principal.getName(), false ).getEncodedPassword( ); // check oldPassword with the current one diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java index e8fd540e..c05fa36b 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java @@ -454,7 +454,7 @@ void lockUser( ) try { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .post( "aragorn/lock" ) + .post( "aragorn/lock/set" ) .then( ).statusCode( 200 ); Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .get( "aragorn" ) @@ -474,7 +474,7 @@ void lockUnknownUser( ) { String token = getAdminToken( ); given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .post( "aragorn/lock" ) + .post( "aragorn/lock/set" ) .then( ).statusCode( 404 ); } @@ -500,7 +500,7 @@ void unlockUser( ) try { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .post( "aragorn/unlock" ) + .post( "aragorn/lock/clear" ) .then( ).statusCode( 200 ); response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .get( "aragorn" ) @@ -617,7 +617,6 @@ void updateMe( ) String userToken = getUserToken( "aragorn", "pAssw0rD" ); Map updateMap = new HashMap<>( ); - updateMap.put( "user_id", "aragorn" ); updateMap.put( "email", "aragorn-swiss@lordoftherings.org" ); updateMap.put( "fullName", "Aragorn King of Switzerland" ); Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) @@ -636,54 +635,6 @@ void updateMe( ) } } - @Test - void updateMeInvalidUser( ) - { - String token = getAdminToken( ); - Map jsonAsMap = new HashMap<>( ); - jsonAsMap.put( "user_id", "aragorn" ); - jsonAsMap.put( "email", "aragorn@lordoftherings.org" ); - jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); - jsonAsMap.put( "validated", true ); - jsonAsMap.put( "password", "pAssw0rDA" ); - given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .body( jsonAsMap ) - .when( ) - .post( ) - .then( ).statusCode( 201 ); - - jsonAsMap.put( "user_id", "elrond" ); - jsonAsMap.put( "email", "elrond@lordoftherings.org" ); - jsonAsMap.put( "fullName", "Elrond King of Elves" ); - jsonAsMap.put( "validated", true ); - jsonAsMap.put( "password", "pAssw0rDE" ); - given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .body( jsonAsMap ) - .when( ) - .post( ) - .then( ).statusCode( 201 ); - try - { - - String userToken = getUserToken( "aragorn", "pAssw0rDA" ); - Map updateMap = new HashMap<>( ); - updateMap.put( "user_id", "elrond" ); - updateMap.put( "email", "elrond-swiss@lordoftherings.org" ); - updateMap.put( "fullName", "Elrond King of Switzerland" ); - Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) - .body( updateMap ) - .when( ) - .put( "me" ) - .then( ).statusCode( 403 ).extract( ).response( ); - } - finally - { - given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .delete( "aragorn" ) - .then( ).statusCode( 200 ); - } - } - @Test void updateMeWithPassword( ) { diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java index 02684521..2fc84310 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java @@ -21,6 +21,7 @@ import org.apache.archiva.redback.rest.api.model.GrantType; import org.apache.archiva.redback.rest.api.model.Operation; +import org.apache.archiva.redback.rest.api.model.v2.MeUser; import org.apache.archiva.redback.rest.api.model.v2.PagedResult; import org.apache.archiva.redback.rest.api.model.Permission; import org.apache.archiva.redback.rest.api.model.v2.PingResult; @@ -504,21 +505,22 @@ public void updateMe( ) u.setValidated( true ); getUserService( getAdminAuthzHeader( ) ).createUser( u ); - u.setFullName( "the toto123" ); - u.setEmail( "toto@titi.fr" ); - u.setPassword( "toto1234" ); - u.setCurrentPassword( "toto123" ); - getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u ); + MeUser meUser = new MeUser( ); + meUser.setFullName( "the toto123" ); + meUser.setEmail( "toto@titi.fr" ); + meUser.setPassword( "toto1234" ); + meUser.setCurrentPassword( "toto123" ); + getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); assertEquals( "the toto123", u.getFullName( ) ); assertEquals( "toto@titi.fr", u.getEmail( ) ); - u.setFullName( "the toto1234" ); - u.setEmail( "toto@tititi.fr" ); - u.setPassword( "toto12345" ); - u.setCurrentPassword( "toto1234" ); - getUserService( getUserAuthzHeader( "toto" )) .updateMe( u ); + meUser.setFullName( "the toto1234" ); + meUser.setEmail( "toto@tititi.fr" ); + meUser.setPassword( "toto12345" ); + meUser.setCurrentPassword( "toto1234" ); + getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); assertEquals( "the toto1234", u.getFullName( ) );