Minor REST V2 changes for userservice
This commit is contained in:
Martin Stockhammer
parent
8d5027db24
commit
8ebd1ad815
|
|
@ -0,0 +1,75 @@
|
|||
package org.apache.archiva.redback.rest.api.model.v2;
|
||||
|
||||
/*
|
||||
* Licensed to the Apache Software Foundation (ASF) under one
|
||||
* or more contributor license agreements. See the NOTICE file
|
||||
* distributed with this work for additional information
|
||||
* regarding copyright ownership. The ASF licenses this file
|
||||
* to you under the Apache License, Version 2.0 (the
|
||||
* "License"); you may not use this file except in compliance
|
||||
* with the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
/**
|
||||
* JSON object for updating own user data.
|
||||
* Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal.
|
||||
*/
|
||||
@XmlRootElement( name = "user" )
|
||||
public class MeUser
|
||||
{
|
||||
private String email;
|
||||
private String fullName;
|
||||
private String password;
|
||||
private String currentPassword;
|
||||
|
||||
public String getEmail( )
|
||||
{
|
||||
return email;
|
||||
}
|
||||
|
||||
public void setEmail( String email )
|
||||
{
|
||||
this.email = email;
|
||||
}
|
||||
|
||||
public String getFullName( )
|
||||
{
|
||||
return fullName;
|
||||
}
|
||||
|
||||
public void setFullName( String fullName )
|
||||
{
|
||||
this.fullName = fullName;
|
||||
}
|
||||
|
||||
public String getPassword( )
|
||||
{
|
||||
return password;
|
||||
}
|
||||
|
||||
public void setPassword( String password )
|
||||
{
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
public String getCurrentPassword( )
|
||||
{
|
||||
return currentPassword;
|
||||
}
|
||||
|
||||
public void setCurrentPassword( String currentPassword )
|
||||
{
|
||||
this.currentPassword = currentPassword;
|
||||
}
|
||||
}
|
||||
|
|
@ -28,6 +28,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants
|
|||
import org.apache.archiva.redback.rest.api.model.ActionStatus;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
|
||||
import org.apache.archiva.redback.rest.api.model.Operation;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.MeUser;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
|
||||
import org.apache.archiva.redback.rest.api.model.Permission;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
|
||||
|
|
@ -168,7 +169,7 @@ public interface UserService
|
|||
|
||||
/**
|
||||
*/
|
||||
@Path( "{userId}/lock" )
|
||||
@Path( "{userId}/lock/set" )
|
||||
@POST
|
||||
@Produces( { MediaType.APPLICATION_JSON } )
|
||||
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
|
||||
|
|
@ -185,11 +186,11 @@ public interface UserService
|
|||
|
||||
/**
|
||||
*/
|
||||
@Path( "{userId}/unlock" )
|
||||
@Path( "{userId}/lock/clear" )
|
||||
@POST
|
||||
@Produces( { MediaType.APPLICATION_JSON } )
|
||||
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
|
||||
@io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
|
||||
@io.swagger.v3.oas.annotations.Operation( summary = "Unlocks a user",
|
||||
responses = {
|
||||
@ApiResponse( responseCode = "200",
|
||||
description = "If unlocking was successful"
|
||||
|
|
@ -255,7 +256,7 @@ public interface UserService
|
|||
@ApiResponse( responseCode = "400", description = "Provided data is not valid" )
|
||||
}
|
||||
)
|
||||
User updateMe( User user )
|
||||
User updateMe( MeUser user )
|
||||
throws RedbackServiceException;
|
||||
|
||||
@Path( "me" )
|
||||
|
|
|
|||
|
|
@ -48,6 +48,7 @@ import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
|
|||
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
|
||||
import org.apache.archiva.redback.rest.api.model.Operation;
|
||||
import org.apache.archiva.redback.rest.api.model.Permission;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.MeUser;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
|
||||
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
|
||||
import org.apache.archiva.redback.rest.api.model.Resource;
|
||||
|
|
@ -362,28 +363,25 @@ public class DefaultUserService
|
|||
}
|
||||
|
||||
@Override
|
||||
public User updateMe( User user )
|
||||
public User updateMe( MeUser user )
|
||||
throws RedbackServiceException
|
||||
{
|
||||
RedbackPrincipal principal = getPrincipal( );
|
||||
if (principal==null) {
|
||||
throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 );
|
||||
}
|
||||
if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) {
|
||||
throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() );
|
||||
}
|
||||
|
||||
// check oldPassword with the current one
|
||||
// only 3 fields to update
|
||||
// ui can limit to not update password
|
||||
org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
|
||||
org.apache.archiva.redback.users.User foundUser = updateUser( principal.getName(), realUser -> {
|
||||
try
|
||||
{
|
||||
// current password is only needed, if password change is requested
|
||||
if ( StringUtils.isNotBlank( user.getPassword( ) ) )
|
||||
{
|
||||
String previousEncodedPassword =
|
||||
securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
|
||||
securitySystem.getUserManager( ).findUser( principal.getName(), false ).getEncodedPassword( );
|
||||
|
||||
// check oldPassword with the current one
|
||||
|
||||
|
|
|
|||
|
|
@ -454,7 +454,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
|
|||
try
|
||||
{
|
||||
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.post( "aragorn/lock" )
|
||||
.post( "aragorn/lock/set" )
|
||||
.then( ).statusCode( 200 );
|
||||
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.get( "aragorn" )
|
||||
|
|
@ -474,7 +474,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
|
|||
{
|
||||
String token = getAdminToken( );
|
||||
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.post( "aragorn/lock" )
|
||||
.post( "aragorn/lock/set" )
|
||||
.then( ).statusCode( 404 );
|
||||
}
|
||||
|
||||
|
|
@ -500,7 +500,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
|
|||
try
|
||||
{
|
||||
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.post( "aragorn/unlock" )
|
||||
.post( "aragorn/lock/clear" )
|
||||
.then( ).statusCode( 200 );
|
||||
response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.get( "aragorn" )
|
||||
|
|
@ -617,7 +617,6 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
|
|||
|
||||
String userToken = getUserToken( "aragorn", "pAssw0rD" );
|
||||
Map<String, Object> updateMap = new HashMap<>( );
|
||||
updateMap.put( "user_id", "aragorn" );
|
||||
updateMap.put( "email", "aragorn-swiss@lordoftherings.org" );
|
||||
updateMap.put( "fullName", "Aragorn King of Switzerland" );
|
||||
Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
|
||||
|
|
@ -636,54 +635,6 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
|
|||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void updateMeInvalidUser( )
|
||||
{
|
||||
String token = getAdminToken( );
|
||||
Map<String, Object> jsonAsMap = new HashMap<>( );
|
||||
jsonAsMap.put( "user_id", "aragorn" );
|
||||
jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
|
||||
jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
|
||||
jsonAsMap.put( "validated", true );
|
||||
jsonAsMap.put( "password", "pAssw0rDA" );
|
||||
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.body( jsonAsMap )
|
||||
.when( )
|
||||
.post( )
|
||||
.then( ).statusCode( 201 );
|
||||
|
||||
jsonAsMap.put( "user_id", "elrond" );
|
||||
jsonAsMap.put( "email", "elrond@lordoftherings.org" );
|
||||
jsonAsMap.put( "fullName", "Elrond King of Elves" );
|
||||
jsonAsMap.put( "validated", true );
|
||||
jsonAsMap.put( "password", "pAssw0rDE" );
|
||||
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.body( jsonAsMap )
|
||||
.when( )
|
||||
.post( )
|
||||
.then( ).statusCode( 201 );
|
||||
try
|
||||
{
|
||||
|
||||
String userToken = getUserToken( "aragorn", "pAssw0rDA" );
|
||||
Map<String, Object> updateMap = new HashMap<>( );
|
||||
updateMap.put( "user_id", "elrond" );
|
||||
updateMap.put( "email", "elrond-swiss@lordoftherings.org" );
|
||||
updateMap.put( "fullName", "Elrond King of Switzerland" );
|
||||
Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
|
||||
.body( updateMap )
|
||||
.when( )
|
||||
.put( "me" )
|
||||
.then( ).statusCode( 403 ).extract( ).response( );
|
||||
}
|
||||
finally
|
||||
{
|
||||
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
|
||||
.delete( "aragorn" )
|
||||
.then( ).statusCode( 200 );
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
void updateMeWithPassword( )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ package org.apache.archiva.redback.rest.services.v2;
|
|||
|
||||
import org.apache.archiva.redback.rest.api.model.GrantType;
|
||||
import org.apache.archiva.redback.rest.api.model.Operation;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.MeUser;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
|
||||
import org.apache.archiva.redback.rest.api.model.Permission;
|
||||
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
|
||||
|
|
@ -504,21 +505,22 @@ public class UserServiceTest
|
|||
u.setValidated( true );
|
||||
getUserService( getAdminAuthzHeader( ) ).createUser( u );
|
||||
|
||||
u.setFullName( "the toto123" );
|
||||
u.setEmail( "toto@titi.fr" );
|
||||
u.setPassword( "toto1234" );
|
||||
u.setCurrentPassword( "toto123" );
|
||||
getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u );
|
||||
MeUser meUser = new MeUser( );
|
||||
meUser.setFullName( "the toto123" );
|
||||
meUser.setEmail( "toto@titi.fr" );
|
||||
meUser.setPassword( "toto1234" );
|
||||
meUser.setCurrentPassword( "toto123" );
|
||||
getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser );
|
||||
|
||||
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
|
||||
assertEquals( "the toto123", u.getFullName( ) );
|
||||
assertEquals( "toto@titi.fr", u.getEmail( ) );
|
||||
|
||||
u.setFullName( "the toto1234" );
|
||||
u.setEmail( "toto@tititi.fr" );
|
||||
u.setPassword( "toto12345" );
|
||||
u.setCurrentPassword( "toto1234" );
|
||||
getUserService( getUserAuthzHeader( "toto" )) .updateMe( u );
|
||||
meUser.setFullName( "the toto1234" );
|
||||
meUser.setEmail( "toto@tititi.fr" );
|
||||
meUser.setPassword( "toto12345" );
|
||||
meUser.setCurrentPassword( "toto1234" );
|
||||
getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser );
|
||||
|
||||
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
|
||||
assertEquals( "the toto1234", u.getFullName( ) );
|
||||
|
|
|
|||
Loading…
Reference in New Issue