This is an automated email from the ASF dual-hosted git repository. btellier pushed a commit to branch 3.9.x in repository https://gitbox.apache.org/repos/asf/james-project.git
commit c21e04c02711e846b297c247235b9eb235351b6b Author: Benoit TELLIER <[email protected]> AuthorDate: Wed Nov 5 07:53:45 2025 +0100 JAMES-3885 Forbid using the same user as source and target of user rename (#2847) --- .../apache/james/webadmin/routes/UsernameChangeRoutes.java | 1 + .../james/webadmin/routes/UsernameChangeRoutesTest.java | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/server/protocols/webadmin/webadmin-data/src/main/java/org/apache/james/webadmin/routes/UsernameChangeRoutes.java b/server/protocols/webadmin/webadmin-data/src/main/java/org/apache/james/webadmin/routes/UsernameChangeRoutes.java index 129f123a1b..2fc05819ba 100644 --- a/server/protocols/webadmin/webadmin-data/src/main/java/org/apache/james/webadmin/routes/UsernameChangeRoutes.java +++ b/server/protocols/webadmin/webadmin-data/src/main/java/org/apache/james/webadmin/routes/UsernameChangeRoutes.java @@ -76,6 +76,7 @@ public class UsernameChangeRoutes implements Routes { Preconditions.checkArgument(request.queryParams(FORCE_PARAM) != null || usersRepository.contains(oldUser), "'oldUser' parameter should be an existing user"); Preconditions.checkArgument(usersRepository.contains(newUser), "'newUser' parameter should be an existing user"); + Preconditions.checkArgument(!oldUser.equals(newUser), "'newUser' should be distinct from 'oldUser'"); Optional<StepName> fromStep = Optional.ofNullable(request.queryParams("fromStep")).map(StepName::new); diff --git a/server/protocols/webadmin/webadmin-data/src/test/java/org/apache/james/webadmin/routes/UsernameChangeRoutesTest.java b/server/protocols/webadmin/webadmin-data/src/test/java/org/apache/james/webadmin/routes/UsernameChangeRoutesTest.java index 26ce5ea18f..2377fe423a 100644 --- a/server/protocols/webadmin/webadmin-data/src/test/java/org/apache/james/webadmin/routes/UsernameChangeRoutesTest.java +++ b/server/protocols/webadmin/webadmin-data/src/test/java/org/apache/james/webadmin/routes/UsernameChangeRoutesTest.java @@ -176,6 +176,20 @@ class UsernameChangeRoutesTest { .body("details", Matchers.is("'newUser' parameter should be an existing user")); } + @Test + void shouldRejectSameUser() { + given() + .queryParam("action", "rename") + .when() + .post("/users/" + OLD_USER.asString() + "/rename/" + OLD_USER.asString()) + .then() + .statusCode(HttpStatus.BAD_REQUEST_400) + .body("statusCode", Matchers.is(400)) + .body("type", Matchers.is(ErrorResponder.ErrorType.INVALID_ARGUMENT.getType())) + .body("message", Matchers.is("Invalid arguments supplied in the user request")) + .body("details", Matchers.is("'newUser' should be distinct from 'oldUser'")); + } + @Test void shouldRejectUnknownSourceUser() { given() --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
