This is an automated email from the ASF dual-hosted git repository. martin_s pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit a4b273cf3397a0d0b76e73bd77076631d8fa51ae Author: Martin Stockhammer <[email protected]> AuthorDate: Sat Aug 29 19:21:24 2020 +0200 REST V2 changes --- .../model/v2/{MeUser.java => SelfUserData.java} | 2 +- .../redback/rest/api/services/v2/UserService.java | 42 ++++--- .../rest/services/v2/DefaultUserService.java | 14 +-- .../rest/services/v2/NativeUserServiceTest.java | 138 ++++++++++++++++++++- .../redback/rest/services/v2/UserServiceTest.java | 24 ++-- 5 files changed, 184 insertions(+), 36 deletions(-) diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java similarity index 98% rename from redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java rename to redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java index e307618..03d2aba 100644 --- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java @@ -26,7 +26,7 @@ import javax.xml.bind.annotation.XmlRootElement; * Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal. */ @XmlRootElement( name = "user" ) -public class MeUser +public class SelfUserData { private String email; private String fullName; diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java index 0ea3091..acfe4ed 100644 --- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java +++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java @@ -28,7 +28,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants import org.apache.archiva.redback.rest.api.model.ActionStatus; import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus; import org.apache.archiva.redback.rest.api.model.Operation; -import org.apache.archiva.redback.rest.api.model.v2.MeUser; +import org.apache.archiva.redback.rest.api.model.v2.SelfUserData; import org.apache.archiva.redback.rest.api.model.v2.PagedResult; import org.apache.archiva.redback.rest.api.model.Permission; import org.apache.archiva.redback.rest.api.model.v2.PingResult; @@ -89,7 +89,7 @@ public interface UserService @Header( name="Location", description = "The URL of the created mapping") } ), - @ApiResponse( responseCode = "405", description = "Invalid input" ), + @ApiResponse( responseCode = "422", description = "Invalid input" ), @ApiResponse( responseCode = "303", description = "The user exists already", headers = { @Header( name="Location", description = "The URL of existing user") @@ -117,7 +117,7 @@ public interface UserService @Header( name="Location", description = "The URL of the created mapping") } ), - @ApiResponse( responseCode = "405", description = "Invalid input" ), + @ApiResponse( responseCode = "422", description = "Invalid input" ), @ApiResponse( responseCode = "303", description = "The user exists already", headers = { @Header( name="Location", description = "The URL of the existing admin user") @@ -145,7 +145,8 @@ public interface UserService @ApiResponse( responseCode = "200", description = "If user deletion was successful" ), - @ApiResponse( responseCode = "404", description = "User does not exist" ) + @ApiResponse( responseCode = "404", description = "User does not exist" ), + @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for deletion." ) } ) void deleteUser( @PathParam( "userId" ) String userId ) @@ -155,13 +156,14 @@ public interface UserService @PUT @Produces( {MediaType.APPLICATION_JSON} ) @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) - @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user", + @io.swagger.v3.oas.annotations.Operation( summary = "Updates an existing user", responses = { @ApiResponse( responseCode = "200", description = "If update was successful" ), @ApiResponse( responseCode = "404", description = "User does not exist" ), - @ApiResponse( responseCode = "422", description = "Update data was not valid. E.g. password violations." ) + @ApiResponse( responseCode = "422", description = "Update data was not valid. E.g. password violations." ), + @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for update." ) } ) User updateUser( @PathParam( "userId" ) String userId, User user ) @@ -179,6 +181,7 @@ public interface UserService description = "If locking was successful" ), @ApiResponse( responseCode = "404", description = "User does not exist" ), + @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for locking." ) } ) void lockUser( @PathParam( "userId" ) String userId ) @@ -196,6 +199,7 @@ public interface UserService description = "If unlocking was successful" ), @ApiResponse( responseCode = "404", description = "User does not exist" ), + @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for unlock." ) } ) void unlockUser( @PathParam( "userId" ) String userId ) @@ -214,6 +218,8 @@ public interface UserService description = "If password change require flag was set" ), @ApiResponse( responseCode = "404", description = "User does not exist" ), + @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for editing." ) + } ) void setRequirePasswordChangeFlag( @PathParam( "userId" ) String userId ) @@ -231,6 +237,8 @@ public interface UserService description = "If password change require flag was unset" ), @ApiResponse( responseCode = "404", description = "User does not exist" ), + @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for editing." ) + } ) void clearRequirePasswordChangeFlag( @PathParam( "userId" ) String userId ) @@ -251,12 +259,11 @@ public interface UserService @ApiResponse( responseCode = "200", description = "If user data has been updated" ), - @ApiResponse( responseCode = "403", description = "Logged in user does not match the provided userid" ), @ApiResponse( responseCode = "401", description = "User is not logged in" ), @ApiResponse( responseCode = "400", description = "Provided data is not valid" ) } ) - User updateMe( MeUser user ) + User updateMe( SelfUserData user ) throws RedbackServiceException; @Path( "me" ) @@ -269,7 +276,6 @@ public interface UserService description = "If user data is returned" ), @ApiResponse( responseCode = "401", description = "User is not logged in" ), - @ApiResponse( responseCode = "400", description = "Provided data is not valid" ) } ) User getLoggedInUser( ) throws RedbackServiceException; @@ -284,28 +290,36 @@ public interface UserService @Path( "{userId}/cache/clear" ) @POST @Produces( { MediaType.APPLICATION_JSON } ) - @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION ) + @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION, + resource = "{userId}") @io.swagger.v3.oas.annotations.Operation( summary = "Clears the cache for the user", responses = { @ApiResponse( responseCode = "200", description = "If the cache was cleared properly" ), @ApiResponse( responseCode = "404", description = "User does not exist" ), + @ApiResponse( responseCode = "403", description = "The authenticated user has not the required permission." ) } ) ActionStatus removeFromCache( @PathParam( "userId" ) String userId ) throws RedbackServiceException; /** - * - * * @return */ @Path( "{userId}/register" ) @POST - @Produces( { MediaType.APPLICATION_JSON } ) + @Produces( {MediaType.APPLICATION_JSON} ) @RedbackAuthorization( noRestriction = true, noPermission = true ) - RegistrationKey registerUser( @PathParam( "userId" ) String userId, UserRegistrationRequest userRegistrationRequest ) + @io.swagger.v3.oas.annotations.Operation( summary = "Registers a new user", + responses = { + @ApiResponse( responseCode = "200", + description = "If the registration was successful, a registration key is returned" + ), + @ApiResponse( responseCode = "400", description = "If the registration request has invalid data" ), + } + ) + RegistrationKey registerUser( @PathParam( "userId" ) String userId, UserRegistrationRequest userRegistrationRequest ) throws RedbackServiceException; /** diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java index 5cde4ca..39df291 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java @@ -48,7 +48,7 @@ import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus; import org.apache.archiva.redback.rest.api.model.ErrorMessage; import org.apache.archiva.redback.rest.api.model.Operation; import org.apache.archiva.redback.rest.api.model.Permission; -import org.apache.archiva.redback.rest.api.model.v2.MeUser; +import org.apache.archiva.redback.rest.api.model.v2.SelfUserData; import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey; import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest; import org.apache.archiva.redback.rest.api.model.Resource; @@ -191,7 +191,7 @@ public class DefaultUserService User result; if ( Arrays.binarySearch( INVALID_CREATE_USER_NAMES, user.getUserId( ) ) >=0 ) { - throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 405 ); + throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 422 ); } try @@ -217,17 +217,17 @@ public class DefaultUserService // data validation if ( StringUtils.isEmpty( user.getUserId() ) ) { - throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_EMPTY ), 405 ); + throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_EMPTY ), 422 ); } if ( StringUtils.isEmpty( user.getFullName() ) ) { - throw new RedbackServiceException( ErrorMessage.of( ERR_USER_FULL_NAME_EMPTY ), 405 ); + throw new RedbackServiceException( ErrorMessage.of( ERR_USER_FULL_NAME_EMPTY ), 422 ); } if ( StringUtils.isEmpty( user.getEmail() ) ) { - throw new RedbackServiceException( ErrorMessage.of( ERR_USER_EMAIL_EMPTY ), 405 ); + throw new RedbackServiceException( ErrorMessage.of( ERR_USER_EMAIL_EMPTY ), 422 ); } try @@ -363,7 +363,7 @@ public class DefaultUserService } @Override - public User updateMe( MeUser user ) + public User updateMe( SelfUserData user ) throws RedbackServiceException { RedbackPrincipal principal = getPrincipal( ); @@ -539,7 +539,7 @@ public class DefaultUserService log.debug("Creating admin admin user '{}'", adminUser.getUserId()); if (!RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME.equals(adminUser.getUserId())) { log.error("Wrong admin user name {}", adminUser.getUserId()); - throw new RedbackServiceException(ErrorMessage.of(Constants.ERR_USER_ADMIN_BAD_NAME ), 405); + throw new RedbackServiceException(ErrorMessage.of(Constants.ERR_USER_ADMIN_BAD_NAME ), 422); } try diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java index c05fa36..6d2ff68 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java @@ -150,7 +150,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .body( jsonAsMap ) .when( ) .post( ) - .then( ).statusCode( 405 ); + .then( ).statusCode( 422 ); } @@ -167,7 +167,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .body( jsonAsMap ) .when( ) .post( ) - .then( ).statusCode( 405 ); + .then( ).statusCode( 422 ); } @@ -678,4 +678,138 @@ public class NativeUserServiceTest extends AbstractNativeRestServices .then( ).statusCode( 200 ); } } + + @Test + void getLoggedInUser( ) + { + String token = getAdminToken( ); + Map<String, Object> jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rD" ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + try + { + + String userToken = getUserToken( "aragorn", "pAssw0rD" ); + Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ) + .when( ) + .get( "me" ) + .then( ).statusCode( 200 ).extract( ).response( ); + assertEquals( "aragorn", response.getBody( ).jsonPath( ).getString( "user_id" ) ); + assertEquals( "Aragorn King of Gondor", response.getBody( ).jsonPath( ).getString( "fullName" ) ); + assertEquals( "[email protected]", response.getBody( ).jsonPath( ).getString( "email" ) ); + assertTrue( response.getBody( ).jsonPath( ).getBoolean( "validated" ) ); + } + finally + { + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .delete( "aragorn" ) + .then( ).statusCode( 200 ); + } + } + + @Test + void getNotLoggedInUser( ) + { + String token = getAdminToken( ); + Map<String, Object> jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rD" ); + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + try + { + + given( ).spec( getRequestSpec() ).contentType( JSON ) + .when( ) + .get( "me" ) + .then( ).statusCode( 401 ); + } + finally + { + given( ).spec( getRequestSpec( token ) ).contentType( JSON ) + .delete( "aragorn" ) + .then( ).statusCode( 200 ); + } + } + + @Test + void clearCache( ) + { + String adminToken = getAdminToken( ); + Map<String, Object> jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rD" ); + given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + try + { + + Response response = given( ).spec( getRequestSpec(adminToken) ).contentType( JSON ) + .when( ) + .post( "aragorn/cache/clear" ) + .then( ).statusCode( 200 ).extract( ).response( ); + + assertTrue( response.getBody( ).jsonPath( ).getBoolean( "success" ) ); + } + finally + { + given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON ) + .delete( "aragorn" ) + .then( ).statusCode( 200 ); + } + } + + @Test + void clearCacheNoPermission( ) + { + String adminToken = getAdminToken( ); + Map<String, Object> jsonAsMap = new HashMap<>( ); + jsonAsMap.put( "user_id", "aragorn" ); + jsonAsMap.put( "email", "[email protected]" ); + jsonAsMap.put( "fullName", "Aragorn King of Gondor" ); + jsonAsMap.put( "validated", true ); + jsonAsMap.put( "password", "pAssw0rD" ); + given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON ) + .body( jsonAsMap ) + .when( ) + .post( ) + .then( ).statusCode( 201 ); + try + { + + String token = getUserToken( "aragorn", "pAssw0rD" ); + given( ).spec( getRequestSpec(token) ).contentType( JSON ) + .when( ) + .post( "admin/cache/clear" ) + .then( ).statusCode( 403 ); + + } + finally + { + given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON ) + .delete( "aragorn" ) + .then( ).statusCode( 200 ); + } + } + } diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java index 2fc8431..1f74c1c 100644 --- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java +++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java @@ -21,7 +21,7 @@ package org.apache.archiva.redback.rest.services.v2; import org.apache.archiva.redback.rest.api.model.GrantType; import org.apache.archiva.redback.rest.api.model.Operation; -import org.apache.archiva.redback.rest.api.model.v2.MeUser; +import org.apache.archiva.redback.rest.api.model.v2.SelfUserData; import org.apache.archiva.redback.rest.api.model.v2.PagedResult; import org.apache.archiva.redback.rest.api.model.Permission; import org.apache.archiva.redback.rest.api.model.v2.PingResult; @@ -505,22 +505,22 @@ public class UserServiceTest u.setValidated( true ); getUserService( getAdminAuthzHeader( ) ).createUser( u ); - MeUser meUser = new MeUser( ); - meUser.setFullName( "the toto123" ); - meUser.setEmail( "[email protected]" ); - meUser.setPassword( "toto1234" ); - meUser.setCurrentPassword( "toto123" ); - getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser ); + SelfUserData selfUserData = new SelfUserData( ); + selfUserData.setFullName( "the toto123" ); + selfUserData.setEmail( "[email protected]" ); + selfUserData.setPassword( "toto1234" ); + selfUserData.setCurrentPassword( "toto123" ); + getUserService( getUserAuthzHeader( "toto" ) ).updateMe( selfUserData ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); assertEquals( "the toto123", u.getFullName( ) ); assertEquals( "[email protected]", u.getEmail( ) ); - meUser.setFullName( "the toto1234" ); - meUser.setEmail( "[email protected]" ); - meUser.setPassword( "toto12345" ); - meUser.setCurrentPassword( "toto1234" ); - getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser ); + selfUserData.setFullName( "the toto1234" ); + selfUserData.setEmail( "[email protected]" ); + selfUserData.setPassword( "toto12345" ); + selfUserData.setCurrentPassword( "toto1234" ); + getUserService( getUserAuthzHeader( "toto" )) .updateMe( selfUserData ); u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" ); assertEquals( "the toto1234", u.getFullName( ) );
