Changing user REST interface V2

This commit is contained in:
Martin Stockhammer 2020-08-22 15:08:38 +02:00
parent 2c0876f7b4
commit d9fe4b0b8c
4 changed files with 63 additions and 63 deletions

View File

@ -239,12 +239,13 @@ public interface UserService
/**
* update only the current logged in user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
* @return
*/
@Path( "me" )
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
ActionStatus updateMe( User user )
User updateMe( User user )
throws RedbackServiceException;
@Path( "___ping___" )

View File

@ -220,6 +220,8 @@ public class BearerAuthInterceptor extends AbstractInterceptor
// message.put( AuthenticationResult.class, authenticationResult );
requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );
requestContext.setProperty( SECURITY_SESSION, securitySession );
RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );
requestContext.setSecurityContext( securityContext );
return;
}
catch ( AuthenticationException e )

View File

@ -83,8 +83,6 @@ public class DefaultAuthenticationService
@Context
private SecurityContext securityContext;
private RedbackPrincipal redbackPrincipal;
@Context
private ContainerRequestContext requestContext;

View File

@ -47,7 +47,6 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.v2.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@ -61,6 +60,7 @@ import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import org.apache.archiva.redback.rest.api.services.v2.UserService;
import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;
import org.apache.archiva.redback.rest.services.RedbackRequestInformation;
import org.apache.archiva.redback.rest.services.interceptors.RedbackPrincipal;
import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.role.RoleManagerException;
@ -82,7 +82,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@ -160,6 +162,9 @@ public class DefaultUserService
@Context
private UriInfo uriInfo;
@Context
private SecurityContext securityContext;
@Inject
public DefaultUserService( @Named( value = "userManager#default" ) UserManager userManager,
SecuritySystem securitySystem )
@ -168,6 +173,15 @@ public class DefaultUserService
this.securitySystem = securitySystem;
}
RedbackPrincipal getPrincipal() {
if (this.securityContext!=null) {
Principal pri = this.securityContext.getUserPrincipal( );
if (pri!=null && pri instanceof RedbackPrincipal) {
return (RedbackPrincipal) pri;
}
}
return null;
}
@Override
public User createUser( User user )
@ -345,35 +359,20 @@ public class DefaultUserService
}
@Override
public ActionStatus updateMe( User user )
public User updateMe( User user )
throws RedbackServiceException
{
// check username == one in the session
RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
if ( redbackRequestInformation == null || redbackRequestInformation.getUser() == null )
{
log.warn( "RedbackRequestInformation from ThreadLocal is null" );
throw new RedbackServiceException( new ErrorMessage( "you must be logged to update your profile" ),
Response.Status.FORBIDDEN.getStatusCode() );
}
if ( user == null )
{
throw new RedbackServiceException( new ErrorMessage( "user parameter is mandatory" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
if ( !StringUtils.equals( redbackRequestInformation.getUser().getUsername(), user.getUserId() ) )
{
throw new RedbackServiceException( new ErrorMessage( "you can update only your profile" ),
Response.Status.FORBIDDEN.getStatusCode() );
RedbackPrincipal principal = getPrincipal( );
if (principal==null) {
throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 403 );
}
if ( StringUtils.isEmpty( user.getPreviousPassword() ) )
{
throw new RedbackServiceException( new ErrorMessage( "previous password is empty" ),
Response.Status.BAD_REQUEST.getStatusCode() );
}
User realUser = getUser( user.getUserId() );
// check oldPassword with the current one
// only 3 fields to update
// ui can limit to not update password
org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
try
{
String previousEncodedPassword =
@ -386,18 +385,18 @@ public class DefaultUserService
if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword( ) ) )
{
throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
return new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
Response.Status.BAD_REQUEST.getStatusCode( ) );
}
}
catch ( UserNotFoundException e )
{
throw new RedbackServiceException( new ErrorMessage( "user not found" ),
return new RedbackServiceException( new ErrorMessage( "user not found" ),
Response.Status.BAD_REQUEST.getStatusCode( ) );
}
catch ( UserManagerException e )
{
throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
return new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
}
// only 3 fields to update
realUser.setFullName( user.getFullName( ) );
@ -405,14 +404,12 @@ public class DefaultUserService
// ui can limit to not update password
if ( StringUtils.isNotBlank( user.getPassword( ) ) )
{
passwordValidator.validatePassword( user.getPassword(), user.getUserId() );
realUser.setPassword( user.getPassword( ) );
}
return null;
} );
updateUser( realUser.getUserId(), realUser );
return ActionStatus.SUCCESS;
return getRestUser( foundUser );
}
@Override
@ -1036,8 +1033,9 @@ public class DefaultUserService
}
private void updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
private org.apache.archiva.redback.users.User updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
{
try
{
org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
@ -1051,6 +1049,7 @@ public class DefaultUserService
} else {
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
}
return rawUser;
}
catch ( UserNotFoundException e )
{