This is an automated email from the ASF dual-hosted git repository. martin_s pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit 8ebd1ad815335efc1a329360e23ef477e771c8cf Author: Martin Stockhammer <[email protected]> AuthorDate: Thu Aug 27 16:54:40 2020 +0200 Minor REST V2 changes for userservice --- .../archiva/redback/rest/api/model/v2/MeUser.java | 75 ++++++++++++++++++++++ .../redback/rest/api/services/v2/UserService.java | 9 +-- .../rest/services/v2/DefaultUserService.java | 10 ++- .../rest/services/v2/NativeUserServiceTest.java | 55 +--------------- .../redback/rest/services/v2/UserServiceTest.java | 22 ++++--- 5 files changed, 99 insertions(+), 72 deletions(-) diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java new file mode 100644 index 0000000..e307618 --- /dev/null +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java @@ -0,0 +1,75 @@ +package org.apache.archiva.redback.rest.api.model.v2; + +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +import javax.xml.bind.annotation.XmlRootElement; + +/** + * JSON object for updating own user data. + * Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal. + */ +@XmlRootElement( name = "user" ) +public class MeUser +{ + private String email; + private String fullName; + private String password; + private String currentPassword; + + public String getEmail( ) + { + return email; + } + + public void setEmail( String email ) + { + this.email = email; + } + + public String getFullName( ) + { + return fullName; + } + + public void setFullName( String fullName ) + { + this.fullName = fullName; + } + + public String getPassword( ) + { + return password; + } + + public void setPassword( String password ) + { + this.password = password; + } + + public String getCurrentPassword( ) + { + return currentPassword; + } + + public void setCurrentPassword( String currentPassword ) + { + this.currentPassword = currentPassword; + } +} diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java index ba739e0..0ea3091 100644 --- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java @@ -28,6 +28,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants import org.apache.archiva.redback.rest.api.model.ActionStatus; import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus; import org.apache.archiva.redback.rest.api.model.Operation; +import org.apache.archiva.redback.rest.api.model.v2.MeUser; import org.apache.archiva.redback.rest.api.model.v2.PagedResult; import org.apache.archiva.redback.rest.api.model.Permission; import org.apache.archiva.redback.rest.api.model.v2.PingResult; @@ -168,7 +169,7 @@ public interface UserService /** */ - @Path( "{userId}/lock" ) + @Path( "{userId}/lock/set" ) @POST @Produces( { MediaType.APPLICATION_JSON } ) @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) @@ -185,11 +186,11 @@ public interface UserService /** */ - @Path( "{userId}/unlock" ) + @Path( "{userId}/lock/clear" ) @POST @Produces( { MediaType.APPLICATION_JSON } ) @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) - @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user", + @io.swagger.v3.oas.annotations.Operation( summary = "Unlocks a user", responses = { @ApiResponse( responseCode = "200", description = "If unlocking was successful" @@ -255,7 +256,7 @@ public interface UserService @ApiResponse( responseCode = "400", description = "Provided data is not valid" ) } ) - User updateMe( User user ) + User updateMe( MeUser user ) throws RedbackServiceException; @Path( "me" ) diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java index 2273d00..5cde4ca 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java @@ -48,6 +48,7 @@ import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus; import org.apache.archiva.redback.rest.api.model.ErrorMessage; import org.apache.archiva.redback.rest.api.model.Operation; import org.apache.archiva.redback.rest.api.model.Permission; +import org.apache.archiva.redback.rest.api.model.v2.MeUser; import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey; import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest; import org.apache.archiva.redback.rest.api.model.Resource; @@ -362,28 +363,25 @@ public class DefaultUserService } @Override - public User updateMe( User user ) + public User updateMe( MeUser user ) throws RedbackServiceException { RedbackPrincipal principal = getPrincipal( ); if (principal==null) { throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 ); } - if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) { - throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() ); - } // check oldPassword with the current one // only 3 fields to update // ui can limit to not update password - org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> { + org.apache.archiva.redback.users.User foundUser = updateUser( principal.getName(), realUser -> { try { // current password is only needed, if password change is requested if ( StringUtils.isNotBlank( user.getPassword( ) ) ) { String previousEncodedPassword = - securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( ); + securitySystem.getUserManager( ).findUser( principal.getName(), false ).getEncodedPassword( ); // check oldPassword with the current one diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java index e8fd540..c05fa36 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java @@ -454,7 +454,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices try { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .post( "aragorn/lock" ) + .post( "aragorn/lock/set" ) .then( ).statusCode( 200 ); Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .get( "aragorn" ) @@ -474,7 +474,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices { String token = getAdminToken( ); given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .post( "aragorn/lock" ) + .post( "aragorn/lock/set" ) .then( ).statusCode( 404 ); } @@ -500,7 +500,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices try { given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .post( "aragorn/unlock" ) + .post( "aragorn/lock/clear" ) .then( ).statusCode( 200 ); response = given( ).spec( getRequestSpec( token ) ).contentType( JSON ) .get( "aragorn" ) @@ -617,7 +617,6 @@ public class NativeUserServiceTest extends AbstractNativeRestServices String userToken = getUserToken( "aragorn", "pAssw0rD" ); Map<String, Object> updateMap = new HashMap<>( ); - updateMap.put( "user_id", "aragorn" ); updateMap.put( "email", "[email protected]" ); updateMap.put( "fullName", "Aragorn King of Switzerland" ); Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) @@ -637,54 +636,6 @@ public class NativeUserServiceTest extends AbstractNativeRestServices } @Test - void updateMeInvalidUser( ) - { - String token = getAdminToken( ); - Map<String, Object> jsonAsMap = new HashMap<>( ); - jsonAsMap.put( "user_id", "aragorn" ); - jsonAsMap.put( "email", "[email protected]" ); - jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); - jsonAsMap.put( "validated", true ); - jsonAsMap.put( "password", "pAssw0rDA" ); - given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .body( jsonAsMap ) - .when( ) - .post( ) - .then( ).statusCode( 201 ); - - jsonAsMap.put( "user_id", "elrond" ); - jsonAsMap.put( "email", "[email protected]" ); - jsonAsMap.put( "fullName", "Elrond King of Elves" ); - jsonAsMap.put( "validated", true ); - jsonAsMap.put( "password", "pAssw0rDE" ); - given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .body( jsonAsMap ) - .when( ) - .post( ) - .then( ).statusCode( 201 ); - try - { - - String userToken = getUserToken( "aragorn", "pAssw0rDA" ); - Map<String, Object> updateMap = new HashMap<>( ); - updateMap.put( "user_id", "elrond" ); - updateMap.put( "email", "[email protected]" ); - updateMap.put( "fullName", "Elrond King of Switzerland" ); - Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) - .body( updateMap ) - .when( ) - .put( "me" ) - .then( ).statusCode( 403 ).extract( ).response( ); - } - finally - { - given( ).spec( getRequestSpec( token ) ).contentType( JSON ) - .delete( "aragorn" ) - .then( ).statusCode( 200 ); - } - } - - @Test void updateMeWithPassword( ) { String token = getAdminToken( ); diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java index 0268452..2fc8431 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java @@ -21,6 +21,7 @@ package org.apache.archiva.redback.rest.services.v2; import org.apache.archiva.redback.rest.api.model.GrantType; import org.apache.archiva.redback.rest.api.model.Operation; +import org.apache.archiva.redback.rest.api.model.v2.MeUser; import org.apache.archiva.redback.rest.api.model.v2.PagedResult; import org.apache.archiva.redback.rest.api.model.Permission; import org.apache.archiva.redback.rest.api.model.v2.PingResult; @@ -504,21 +505,22 @@ public class UserServiceTest u.setValidated( true ); getUserService( getAdminAuthzHeader( ) ).createUser( u ); - u.setFullName( "the toto123" ); - u.setEmail( "[email protected]" ); - u.setPassword( "toto1234" ); - u.setCurrentPassword( "toto123" ); - getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u ); + MeUser meUser = new MeUser( ); + meUser.setFullName( "the toto123" ); + meUser.setEmail( "[email protected]" ); + meUser.setPassword( "toto1234" ); + meUser.setCurrentPassword( "toto123" ); + getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); assertEquals( "the toto123", u.getFullName( ) ); assertEquals( "[email protected]", u.getEmail( ) ); - u.setFullName( "the toto1234" ); - u.setEmail( "[email protected]" ); - u.setPassword( "toto12345" ); - u.setCurrentPassword( "toto1234" ); - getUserService( getUserAuthzHeader( "toto" )) .updateMe( u ); + meUser.setFullName( "the toto1234" ); + meUser.setEmail( "[email protected]" ); + meUser.setPassword( "toto12345" ); + meUser.setCurrentPassword( "toto1234" ); + getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); assertEquals( "the toto1234", u.getFullName( ) );
