Changing user REST interface V2

redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java

@@ -239,12 +239,13 @@ public interface UserService
     /**
      * update only the current logged in user and this fields: fullname, email, password.
      * The service verifies the current logged user with the one passed in the method
+     * @return
      */
     @Path( "me" )
     @PUT
     @Produces( { MediaType.APPLICATION_JSON } )
     @RedbackAuthorization( noPermission = true )
-    ActionStatus updateMe( User user )
+    User updateMe( User user )
         throws RedbackServiceException;
 
     @Path( "___ping___" )

redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java

@@ -220,6 +220,8 @@ public class BearerAuthInterceptor extends AbstractInterceptor
                 // message.put( AuthenticationResult.class, authenticationResult );
                 requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );
                 requestContext.setProperty( SECURITY_SESSION, securitySession );
+                RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );
+                requestContext.setSecurityContext( securityContext );
                 return;
             }
             catch ( AuthenticationException e )

redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java

@@ -83,8 +83,6 @@ public class DefaultAuthenticationService
     @Context
     private SecurityContext securityContext;
 
-    private RedbackPrincipal redbackPrincipal;
-
     @Context
     private ContainerRequestContext requestContext;
 

redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java

@@ -47,7 +47,6 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus;
 import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
 import org.apache.archiva.redback.rest.api.model.ErrorMessage;
 import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.v2.PasswordStatus;
 import org.apache.archiva.redback.rest.api.model.Permission;
 import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
 import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@@ -61,6 +60,7 @@ import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
 import org.apache.archiva.redback.rest.api.services.v2.UserService;
 import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;
 import org.apache.archiva.redback.rest.services.RedbackRequestInformation;
+import org.apache.archiva.redback.rest.services.interceptors.RedbackPrincipal;
 import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
 import org.apache.archiva.redback.role.RoleManager;
 import org.apache.archiva.redback.role.RoleManagerException;
@@ -82,7 +82,9 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
 import javax.ws.rs.core.UriInfo;
+import java.security.Principal;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -160,6 +162,9 @@ public class DefaultUserService
     @Context
     private UriInfo uriInfo;
 
+    @Context
+    private SecurityContext securityContext;
+
     @Inject
     public DefaultUserService( @Named( value = "userManager#default" ) UserManager userManager,
                                SecuritySystem securitySystem )
@@ -168,6 +173,15 @@ public class DefaultUserService
         this.securitySystem = securitySystem;
     }
 
+    RedbackPrincipal getPrincipal() {
+        if (this.securityContext!=null) {
+            Principal pri = this.securityContext.getUserPrincipal( );
+            if (pri!=null && pri instanceof RedbackPrincipal) {
+                return (RedbackPrincipal) pri;
+            }
+        }
+        return null;
+    }
 
     @Override
     public User createUser( User user )
@@ -345,35 +359,20 @@ public class DefaultUserService
     }
 
     @Override
-    public ActionStatus updateMe( User user )
+    public User updateMe( User user )
         throws RedbackServiceException
     {
         // check username == one in the session
-        RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
+
-        if ( redbackRequestInformation == null || redbackRequestInformation.getUser() == null )
+        RedbackPrincipal principal = getPrincipal( );
-        {
+        if (principal==null) {
-            log.warn( "RedbackRequestInformation from ThreadLocal is null" );
+            throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 403 );
-            throw new RedbackServiceException( new ErrorMessage( "you must be logged to update your profile" ),
-                                               Response.Status.FORBIDDEN.getStatusCode() );
-        }
-        if ( user == null )
-        {
-            throw new RedbackServiceException( new ErrorMessage( "user parameter is mandatory" ),
-                                               Response.Status.BAD_REQUEST.getStatusCode() );
-        }
-        if ( !StringUtils.equals( redbackRequestInformation.getUser().getUsername(), user.getUserId() ) )
-        {
-            throw new RedbackServiceException( new ErrorMessage( "you can update only your profile" ),
-                                               Response.Status.FORBIDDEN.getStatusCode() );
         }
 
-        if ( StringUtils.isEmpty( user.getPreviousPassword() ) )
+        // check oldPassword with the current one
-        {
+        // only 3 fields to update
-            throw new RedbackServiceException( new ErrorMessage( "previous password is empty" ),
+        // ui can limit to not update password
-                                               Response.Status.BAD_REQUEST.getStatusCode() );
+        org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
-        }
-
-        User realUser = getUser( user.getUserId() );
             try
             {
                 String previousEncodedPassword =
@@ -386,18 +385,18 @@ public class DefaultUserService
                 if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword( ) ) )
                 {
 
-                throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
+                    return new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
                         Response.Status.BAD_REQUEST.getStatusCode( ) );
                 }
             }
             catch ( UserNotFoundException e )
             {
-            throw new RedbackServiceException( new ErrorMessage( "user not found" ),
+                return new RedbackServiceException( new ErrorMessage( "user not found" ),
                     Response.Status.BAD_REQUEST.getStatusCode( ) );
             }
             catch ( UserManagerException e )
             {
-            throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
+                return new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
             }
             // only 3 fields to update
             realUser.setFullName( user.getFullName( ) );
@@ -405,14 +404,12 @@ public class DefaultUserService
             // ui can limit to not update password
             if ( StringUtils.isNotBlank( user.getPassword( ) ) )
             {
-            passwordValidator.validatePassword( user.getPassword(), user.getUserId() );
-
                 realUser.setPassword( user.getPassword( ) );
             }
+            return null;
+        } );
 
-        updateUser( realUser.getUserId(), realUser );
+        return getRestUser( foundUser );
-
-        return ActionStatus.SUCCESS;
     }
 
     @Override
@@ -1036,8 +1033,9 @@ public class DefaultUserService
     }
 
 
-    private void updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
+    private org.apache.archiva.redback.users.User updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
     {
+
         try
         {
             org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
@@ -1051,6 +1049,7 @@ public class DefaultUserService
             } else {
                 throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
             }
+            return rawUser;
         }
         catch ( UserNotFoundException e )
         {