This is an automated email from the ASF dual-hosted git repository. martin_s pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit aae69ef8d0beac1e44edb3f96b5c0ab778b741ab Author: Martin Stockhammer <[email protected]> AuthorDate: Sat Aug 22 20:27:05 2020 +0200 Adding me services for REST V2 --- .../apache/archiva/redback/rest/api/Constants.java | 2 + .../archiva/redback/rest/api/model/v2/User.java | 13 +- .../redback/rest/api/services/v2/UserService.java | 52 ++-- .../rest/services/v2/DefaultUserService.java | 119 ++++----- .../rest/services/v2/NativeUserServiceTest.java | 287 ++++++++++++++++----- .../redback/rest/services/v2/UserServiceTest.java | 17 +- 6 files changed, 322 insertions(+), 168 deletions(-) diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java index 7c2b406..415e49c 100644 --- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java @@ -56,6 +56,8 @@ public interface Constants String ERR_AUTH_INVALID_TOKEN = "redback:auth.invalid_token"; String ERR_AUTH_UNAUTHORIZED_REQUEST = "redback:auth.unauthorized_request"; + String ERR_USER_BAD_PASSWORD = "redback:user.bad.password"; + diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java index 4a3367d..de3c1b2 100644 --- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java @@ -65,9 +65,8 @@ public class User /** * for password change only * - * @since 1.4 */ - private String previousPassword; + private String currentPassword; /** * for roles update only <b>not return on user read</b> @@ -279,14 +278,14 @@ public class User this.timestampLastPasswordChange = OffsetDateTime.ofInstant( timestampLastPasswordChange, ZoneId.systemDefault() ); } - public String getPreviousPassword() + public String getCurrentPassword() { - return previousPassword; + return currentPassword; } - public void setPreviousPassword( String previousPassword ) + public void setCurrentPassword( String currentPassword ) { - this.previousPassword = previousPassword; + this.currentPassword = currentPassword; } public List<String> getAssignedRoles() @@ -353,7 +352,7 @@ public class User ", timestampAccountCreation='" + timestampAccountCreation + '\'' + ", timestampLastLogin='" + timestampLastLogin + '\'' + ", timestampLastPasswordChange='" + timestampLastPasswordChange + '\'' + - ", previousPassword='" + previousPassword + '\'' + + ", previousPassword='" + currentPassword + '\'' + ", assignedRoles=" + assignedRoles + ", readOnly=" + readOnly + ", userManagerId='" + userManagerId + '\'' + diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java index bb81317..ba739e0 100644 --- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java @@ -237,7 +237,7 @@ public interface UserService /** - * update only the current logged in user and this fields: fullname, email, password. + * Update only the current logged in user and this fields: fullname, email, password. * The service verifies the current logged user with the one passed in the method * @return */ @@ -245,9 +245,34 @@ public interface UserService @PUT @Produces( { MediaType.APPLICATION_JSON } ) @RedbackAuthorization( noPermission = true ) + @io.swagger.v3.oas.annotations.Operation( summary = "Updates information of the current logged in user", + responses = { + @ApiResponse( responseCode = "200", + description = "If user data has been updated" + ), + @ApiResponse( responseCode = "403", description = "Logged in user does not match the provided userid" ), + @ApiResponse( responseCode = "401", description = "User is not logged in" ), + @ApiResponse( responseCode = "400", description = "Provided data is not valid" ) + } + ) User updateMe( User user ) throws RedbackServiceException; + @Path( "me" ) + @GET + @Produces( { MediaType.APPLICATION_JSON } ) + @RedbackAuthorization( noPermission = true ) + @io.swagger.v3.oas.annotations.Operation( summary = "Gets information of the current logged in user", + responses = { + @ApiResponse( responseCode = "200", + description = "If user data is returned" + ), + @ApiResponse( responseCode = "401", description = "User is not logged in" ), + @ApiResponse( responseCode = "400", description = "Provided data is not valid" ) + } + ) + User getLoggedInUser( ) throws RedbackServiceException; + @Path( "___ping___" ) @GET @Produces( { MediaType.APPLICATION_JSON } ) @@ -259,27 +284,22 @@ public interface UserService @POST @Produces( { MediaType.APPLICATION_JSON } ) @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) + @io.swagger.v3.oas.annotations.Operation( summary = "Clears the cache for the user", + responses = { + @ApiResponse( responseCode = "200", + description = "If the cache was cleared properly" + ), + @ApiResponse( responseCode = "404", description = "User does not exist" ), + } + ) ActionStatus removeFromCache( @PathParam( "userId" ) String userId ) throws RedbackServiceException; - @Path( "guest" ) - @GET - @Produces( { MediaType.APPLICATION_JSON } ) - @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) - User getGuestUser() - throws RedbackServiceException; - - @Path( "guest" ) - @POST - @Produces( { MediaType.APPLICATION_JSON } ) - @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) - User createGuestUser() - throws RedbackServiceException; - /** * * - * @return*/ + * @return + */ @Path( "{userId}/register" ) @POST @Produces( { MediaType.APPLICATION_JSON } ) diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java index 5462b1b..2273d00 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java @@ -104,7 +104,7 @@ public class DefaultUserService private final Logger log = LoggerFactory.getLogger( getClass() ); private static final String VALID_USERNAME_CHARS = "[a-zA-Z_0-9\\-.@]*"; - private static final String[] INVALID_USER_NAMES = { "me" }; + private static final String[] INVALID_CREATE_USER_NAMES = { "admin", "guest", "me" }; private UserManager userManager; @@ -188,7 +188,7 @@ public class DefaultUserService throws RedbackServiceException { User result; - if ( Arrays.binarySearch( INVALID_USER_NAMES, user.getUserId( ) ) >=0 ) + if ( Arrays.binarySearch( INVALID_CREATE_USER_NAMES, user.getUserId( ) ) >=0 ) { throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 405 ); } @@ -318,6 +318,9 @@ public class DefaultUserService { try { + if ("guest".equals(userId)) { + return getRestUser( userManager.getGuestUser( ) ); + } org.apache.archiva.redback.users.User user = userManager.findUser( userId ); return getRestUser( user ); } @@ -362,11 +365,12 @@ public class DefaultUserService public User updateMe( User user ) throws RedbackServiceException { - // check username == one in the session - RedbackPrincipal principal = getPrincipal( ); if (principal==null) { - throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 403 ); + throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 ); + } + if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) { + throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() ); } // check oldPassword with the current one @@ -375,23 +379,27 @@ public class DefaultUserService org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> { try { - String previousEncodedPassword = - securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( ); + // current password is only needed, if password change is requested + if ( StringUtils.isNotBlank( user.getPassword( ) ) ) + { + String previousEncodedPassword = + securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( ); - // check oldPassword with the current one + // check oldPassword with the current one - PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( ); + PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( ); - if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword( ) ) ) - { + if ( !encoder.isPasswordValid( previousEncodedPassword, user.getCurrentPassword( ) ) ) + { - return new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ), - Response.Status.BAD_REQUEST.getStatusCode( ) ); + return new RedbackServiceException( ErrorMessage.of( ERR_USER_BAD_PASSWORD ), + Response.Status.BAD_REQUEST.getStatusCode( ) ); + } } } catch ( UserNotFoundException e ) { - return new RedbackServiceException( new ErrorMessage( "user not found" ), + return new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ), Response.Status.BAD_REQUEST.getStatusCode( ) ); } catch ( UserManagerException e ) @@ -399,8 +407,14 @@ public class DefaultUserService return new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) ); } // only 3 fields to update - realUser.setFullName( user.getFullName( ) ); - realUser.setEmail( user.getEmail( ) ); + if (StringUtils.isNotBlank( user.getFullName() )) + { + realUser.setFullName( user.getFullName( ) ); + } + if (StringUtils.isNotBlank( user.getEmail() )) + { + realUser.setEmail( user.getEmail( ) ); + } // ui can limit to not update password if ( StringUtils.isNotBlank( user.getPassword( ) ) ) { @@ -413,6 +427,26 @@ public class DefaultUserService } @Override + public User getLoggedInUser( ) + throws RedbackServiceException + { + RedbackPrincipal principal = getPrincipal( ); + if (principal==null) { + throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 ); + } + + try + { + org.apache.archiva.redback.users.User foundUser = userManager.findUser( principal.getUser().getUsername(), false ); + return getRestUser( foundUser ); + } + catch ( UserManagerException e ) + { + throw new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ), 400 ); + } + } + + @Override public User updateUser( String userId, User user ) throws RedbackServiceException { @@ -478,59 +512,6 @@ public class DefaultUserService } @Override - public User getGuestUser() - throws RedbackServiceException - { - try - { - org.apache.archiva.redback.users.User user = userManager.getGuestUser(); - return getRestUser( user ); - } - catch ( Exception e ) - { - return null; - } - } - - @Override - public User createGuestUser() - throws RedbackServiceException - { - User u = getGuestUser(); - if ( u != null ) - { - return u; - } - // temporary disable policy during guest creation as no password ! - try - { - securitySystem.getPolicy().setEnabled( false ); - org.apache.archiva.redback.users.User user = userManager.createGuestUser(); - user.setPasswordChangeRequired( false ); - user = userManager.updateUser( user, false ); - roleManager.assignRole( config.getString( UserConfigurationKeys.DEFAULT_GUEST ), user.getUsername() ); - return getRestUser( user ); - } - catch ( RoleManagerException | UserNotFoundException e ) - { - log.error( e.getMessage(), e ); - throw new RedbackServiceException( e.getMessage() ); - } - catch ( UserManagerException e ) - { - throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) ); - } - finally - { - - if ( !securitySystem.getPolicy().isEnabled() ) - { - securitySystem.getPolicy().setEnabled( true ); - } - } - } - - @Override public PingResult ping() throws RedbackServiceException { diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java index e03233c..e8fd540 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java @@ -31,13 +31,11 @@ import org.junit.jupiter.api.extension.ExtendWith; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit.jupiter.SpringExtension; -import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.Map; import static io.restassured.RestAssured.given; -import static io.restassured.RestAssured.replaceFiltersWith; import static io.restassured.http.ContentType.JSON; import static org.junit.jupiter.api.Assertions.*; @@ -48,7 +46,7 @@ import static org.junit.jupiter.api.Assertions.*; @ContextConfiguration( locations = {"classpath:/ldap-spring-test.xml"} ) @TestInstance( TestInstance.Lifecycle.PER_CLASS ) -@Tag("rest-native") +@Tag( "rest-native" ) @TestMethodOrder( MethodOrderer.Random.class ) public class NativeUserServiceTest extends AbstractNativeRestServices { @@ -59,19 +57,20 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @BeforeAll - void setup() throws Exception + void setup( ) throws Exception { - super.setupNative(); + super.setupNative( ); } @AfterAll - void destroy() throws Exception + void destroy( ) throws Exception { - super.shutdownNative(); + super.shutdownNative( ); } @Test - void getUsers() { + void getUsers( ) + { String token = getAdminToken( ); Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .when( ).get( ).then( ).statusCode( 200 ).extract( ).response( ); @@ -85,13 +84,15 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void getUsersWithoutLogin() { - given( ).spec( getRequestSpec( ) ).contentType( JSON ) + void getUsersWithoutLogin( ) + { + given( ).spec( getRequestSpec( ) ).contentType( JSON ) .when( ).get( ).then( ).statusCode( 403 ); } @Test - void getUser() { + void getUser( ) + { String token = getAdminToken( ); Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .when( ).get( "admin" ).then( ).statusCode( 200 ).extract( ).response( ); @@ -102,14 +103,16 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void getUserWithoutLogin() { - given( ).spec( getRequestSpec( ) ).contentType( JSON ) + void getUserWithoutLogin( ) + { + given( ).spec( getRequestSpec( ) ).contentType( JSON ) .when( ).get( "admin" ).then( ).statusCode( 403 ); } @Test - void createUser() { + void createUser( ) + { String token = getAdminToken( ); try { @@ -125,16 +128,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .then( ).statusCode( 201 ).extract( ).response( ); assertTrue( response.getHeader( "Location" ).endsWith( "/aragorn" ) ); - } finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .when( ).delete( "aragorn").then( ).statusCode( 200 ); + .when( ).delete( "aragorn" ).then( ).statusCode( 200 ); } } @Test - void createInvalidUser() { + void createInvalidUser( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "" ); @@ -150,7 +155,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void createInvalidMeUser() { + void createInvalidMeUser( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "me" ); @@ -167,7 +173,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices @Test - void createUserAndPermissionFail() { + void createUserAndPermissionFail( ) + { String token = getAdminToken( ); try { @@ -198,16 +205,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .then( ).statusCode( 403 ); - } finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .when( ).delete( "aragorn").then( ).statusCode( 200 ); + .when( ).delete( "aragorn" ).then( ).statusCode( 200 ); } } @Test - void createUserExistsAlready() { + void createUserExistsAlready( ) + { String token = getAdminToken( ); try { @@ -234,22 +243,24 @@ public class NativeUserServiceTest extends AbstractNativeRestServices response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .body( jsonAsMap ) .when( ) - .redirects().follow( false ) // Rest assured default is following the 303 redirect + .redirects( ).follow( false ) // Rest assured default is following the 303 redirect .post( ) - .prettyPeek() - .peek() - .then( ).statusCode( 303 ).extract().response(); + .prettyPeek( ) + .peek( ) + .then( ).statusCode( 303 ).extract( ).response( ); assertTrue( response.getHeader( "Location" ).endsWith( "/aragorn" ) ); - } finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .when( ).delete( "aragorn").then( ).statusCode( 200 ); + .when( ).delete( "aragorn" ).then( ).statusCode( 200 ); } } @Test - void createExistingAdminUser() { + void createExistingAdminUser( ) + { String token = null; Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "admin" ); @@ -259,25 +270,27 @@ public class NativeUserServiceTest extends AbstractNativeRestServices Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .body( jsonAsMap ) .when( ) - .redirects().follow( false ) + .redirects( ).follow( false ) .post( "admin" ) .then( ).statusCode( 303 ).extract( ).response( ); assertTrue( response.getHeader( "Location" ).endsWith( "/users/admin" ) ); } @Test - void checkAdminStatus() { + void checkAdminStatus( ) + { String token = null; Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .get( "admin/status" ) .then( ).statusCode( 200 ).extract( ).response( ); assertNotNull( response ); - assertTrue( response.body( ).jsonPath( ).getBoolean("exists" ) ); + assertTrue( response.body( ).jsonPath( ).getBoolean( "exists" ) ); assertNotNull( response.body( ).jsonPath( ).get( "since" ) ); } @Test - void deleteUser() { + void deleteUser( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -296,7 +309,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void deleteNonexistingUser() { + void deleteNonexistingUser( ) + { String token = getAdminToken( ); given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "galadriel" ) @@ -304,7 +318,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void deleteUserPermissionDenied() { + void deleteUserPermissionDenied( ) + { String adminToken = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -322,7 +337,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "aragorn" ) .then( ).statusCode( 401 ).extract( ).response( ); - } finally + } + finally { given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON ) .delete( "aragorn" ) @@ -331,7 +347,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void updateUser() { + void updateUser( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -357,7 +374,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .then( ).statusCode( 200 ).extract( ).response( ); assertNotNull( response ); assertEquals( "[email protected]", response.body( ).jsonPath( ).getString( "email" ) ); - }finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "aragorn" ) @@ -366,21 +384,23 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void updateNonExistingUser() { + void updateNonExistingUser( ) + { String token = getAdminToken( ); HashMap<Object, Object> jsonAsMap = new HashMap<>( ); - jsonAsMap.put( "email", "[email protected]" ); - jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" ); - jsonAsMap.put( "password", "pAssw0rDXX" ); - given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .body( jsonAsMap ) - .when( ) - .put( "aragorn" ) - .then( ).statusCode( 404 ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" ); + jsonAsMap.put( "password", "pAssw0rDXX" ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .put( "aragorn" ) + .then( ).statusCode( 404 ); } @Test - void updateUserWithPasswordViolation() { + void updateUserWithPasswordViolation( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -403,11 +423,12 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .body( jsonAsMap ) .when( ) .put( "aragorn" ) - .prettyPeek() + .prettyPeek( ) .then( ).statusCode( 422 ).extract( ).response( ); assertNotNull( response ); assertEquals( "user.password.violation.reuse", response.body( ).jsonPath( ).get( "errorMessages[0].errorKey" ) ); - }finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "aragorn" ) @@ -416,7 +437,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void lockUser() { + void lockUser( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -438,7 +460,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .get( "aragorn" ) .then( ).statusCode( 200 ).extract( ).response( ); assertTrue( response.getBody( ).jsonPath( ).getBoolean( "locked" ) ); - } finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "aragorn" ) @@ -447,15 +470,17 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void lockUnknownUser() { + void lockUnknownUser( ) + { String token = getAdminToken( ); given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .post( "aragorn/lock" ) - .then( ).statusCode( 404 ); + .post( "aragorn/lock" ) + .then( ).statusCode( 404 ); } @Test - void unlockUser() { + void unlockUser( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -481,7 +506,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .get( "aragorn" ) .then( ).statusCode( 200 ).extract( ).response( ); assertFalse( response.getBody( ).jsonPath( ).getBoolean( "locked" ) ); - } finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "aragorn" ) @@ -491,7 +517,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void unlockUnknownUser() { + void unlockUnknownUser( ) + { String token = getAdminToken( ); given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .post( "aragorn/unlock" ) @@ -499,7 +526,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void setPasswordChangeRequire() { + void setPasswordChangeRequire( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -521,7 +549,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .get( "aragorn" ) .then( ).statusCode( 200 ).extract( ).response( ); assertTrue( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) ); - } finally + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "aragorn" ) @@ -530,7 +559,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void setNoPasswordChangeRequire() { + void setNoPasswordChangeRequire( ) + { String token = getAdminToken( ); Map<String, Object> jsonAsMap = new HashMap<>( ); jsonAsMap.put( "user_id", "aragorn" ); @@ -557,7 +587,140 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .get( "aragorn" ) .then( ).statusCode( 200 ).extract( ).response( ); assertFalse( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) ); - } finally + } + finally + { + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .delete( "aragorn" ) + .then( ).statusCode( 200 ); + } + } + + + @Test + void updateMe( ) + { + String token = getAdminToken( ); + Map<String, Object> jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rD" ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + try + { + + String userToken = getUserToken( "aragorn", "pAssw0rD" ); + Map<String, Object> updateMap = new HashMap<>( ); + updateMap.put( "user_id", "aragorn" ); + updateMap.put( "email", "[email protected]" ); + updateMap.put( "fullName", "Aragorn King of Switzerland" ); + Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) + .body( updateMap ) + .when( ) + .put( "me" ) + .then( ).statusCode( 200 ).extract( ).response( ); + assertEquals( "Aragorn King of Switzerland", response.getBody( ).jsonPath( ).getString( "fullName" ) ); + assertEquals( "[email protected]", response.getBody( ).jsonPath( ).getString( "email" ) ); + } + finally + { + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .delete( "aragorn" ) + .then( ).statusCode( 200 ); + } + } + + @Test + void updateMeInvalidUser( ) + { + String token = getAdminToken( ); + Map<String, Object> jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rDA" ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + + jsonAsMap.put( "user_id", "elrond" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Elrond King of Elves" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rDE" ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + try + { + + String userToken = getUserToken( "aragorn", "pAssw0rDA" ); + Map<String, Object> updateMap = new HashMap<>( ); + updateMap.put( "user_id", "elrond" ); + updateMap.put( "email", "[email protected]" ); + updateMap.put( "fullName", "Elrond King of Switzerland" ); + Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) + .body( updateMap ) + .when( ) + .put( "me" ) + .then( ).statusCode( 403 ).extract( ).response( ); + } + finally + { + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .delete( "aragorn" ) + .then( ).statusCode( 200 ); + } + } + + @Test + void updateMeWithPassword( ) + { + String token = getAdminToken( ); + Map<String, Object> jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rD" ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + try + { + + String userToken = getUserToken( "aragorn", "pAssw0rD" ); + Map<String, Object> updateMap = new HashMap<>( ); + updateMap.put( "user_id", "aragorn" ); + updateMap.put( "email", "[email protected]" ); + updateMap.put( "fullName", "Aragorn King of Sweden" ); + updateMap.put( "currentPassword", "pAssw0rD" ); + updateMap.put( "password", "x1y2z3a4b5c6d8##" ); + Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) + .body( updateMap ) + .when( ) + .put( "me" ) + .then( ).statusCode( 200 ).extract( ).response( ); + assertEquals( "Aragorn King of Sweden", response.getBody( ).jsonPath( ).getString( "fullName" ) ); + assertEquals( "[email protected]", response.getBody( ).jsonPath( ).getString( "email" ) ); + userToken = getUserToken( "aragorn", "x1y2z3a4b5c6d8##" ); + given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ).get( "aragorn" ) + .then( ).statusCode( 200 ); + } + finally { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .delete( "aragorn" ) diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java index 05ddf4a..0268452 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java @@ -507,7 +507,7 @@ public class UserServiceTest u.setFullName( "the toto123" ); u.setEmail( "[email protected]" ); u.setPassword( "toto1234" ); - u.setPreviousPassword( "toto123" ); + u.setCurrentPassword( "toto123" ); getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); @@ -517,7 +517,7 @@ public class UserServiceTest u.setFullName( "the toto1234" ); u.setEmail( "[email protected]" ); u.setPassword( "toto12345" ); - u.setPreviousPassword( "toto1234" ); + u.setCurrentPassword( "toto1234" ); getUserService( getUserAuthzHeader( "toto" )) .updateMe( u ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); @@ -567,23 +567,12 @@ public class UserServiceTest } } - public void guestUserCreate( ) - throws Exception - { - UserService userService = getUserService( getAdminAuthzHeader( ) ); - assertNull( userService.getGuestUser( ) ); - assertNull( userService.createGuestUser( ) ); - } protected void createGuestIfNeeded( ) throws Exception { - UserService userService = getUserService( getAdminAuthzHeader( ) ); - if ( userService.getGuestUser( ) == null ) - { - userService.createGuestUser( ); - } + } }
