You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2020/08/29 17:21:38 UTC
[archiva-redback-core] branch master updated (8d5027d -> a4b273c)
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git.
from 8d5027d Reverted REST V1 changes
new 8ebd1ad Minor REST V2 changes for userservice
new a4b273c REST V2 changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../{LoginRequest.java => v2/SelfUserData.java} | 54 ++++---
.../redback/rest/api/services/v2/UserService.java | 47 +++---
.../rest/services/v2/DefaultUserService.java | 20 ++-
.../rest/services/v2/NativeUserServiceTest.java | 157 ++++++++++++++++-----
.../redback/rest/services/v2/UserServiceTest.java | 22 +--
5 files changed, 199 insertions(+), 101 deletions(-)
copy redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/{LoginRequest.java => v2/SelfUserData.java} (52%)
[archiva-redback-core] 02/02: REST V2 changes
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit a4b273cf3397a0d0b76e73bd77076631d8fa51ae
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sat Aug 29 19:21:24 2020 +0200
REST V2 changes
---
.../model/v2/{MeUser.java => SelfUserData.java} | 2 +-
.../redback/rest/api/services/v2/UserService.java | 42 ++++---
.../rest/services/v2/DefaultUserService.java | 14 +--
.../rest/services/v2/NativeUserServiceTest.java | 138 ++++++++++++++++++++-
.../redback/rest/services/v2/UserServiceTest.java | 24 ++--
5 files changed, 184 insertions(+), 36 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java
similarity index 98%
rename from redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
rename to redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java
index e307618..03d2aba 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java
@@ -26,7 +26,7 @@ import javax.xml.bind.annotation.XmlRootElement;
* Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal.
*/
@XmlRootElement( name = "user" )
-public class MeUser
+public class SelfUserData
{
private String email;
private String fullName;
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index 0ea3091..acfe4ed 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -28,7 +28,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants
import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.v2.MeUser;
+import org.apache.archiva.redback.rest.api.model.v2.SelfUserData;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -89,7 +89,7 @@ public interface UserService
@Header( name="Location", description = "The URL of the created mapping")
}
),
- @ApiResponse( responseCode = "405", description = "Invalid input" ),
+ @ApiResponse( responseCode = "422", description = "Invalid input" ),
@ApiResponse( responseCode = "303", description = "The user exists already",
headers = {
@Header( name="Location", description = "The URL of existing user")
@@ -117,7 +117,7 @@ public interface UserService
@Header( name="Location", description = "The URL of the created mapping")
}
),
- @ApiResponse( responseCode = "405", description = "Invalid input" ),
+ @ApiResponse( responseCode = "422", description = "Invalid input" ),
@ApiResponse( responseCode = "303", description = "The user exists already",
headers = {
@Header( name="Location", description = "The URL of the existing admin user")
@@ -145,7 +145,8 @@ public interface UserService
@ApiResponse( responseCode = "200",
description = "If user deletion was successful"
),
- @ApiResponse( responseCode = "404", description = "User does not exist" )
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for deletion." )
}
)
void deleteUser( @PathParam( "userId" ) String userId )
@@ -155,13 +156,14 @@ public interface UserService
@PUT
@Produces( {MediaType.APPLICATION_JSON} )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ @io.swagger.v3.oas.annotations.Operation( summary = "Updates an existing user",
responses = {
@ApiResponse( responseCode = "200",
description = "If update was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
- @ApiResponse( responseCode = "422", description = "Update data was not valid. E.g. password violations." )
+ @ApiResponse( responseCode = "422", description = "Update data was not valid. E.g. password violations." ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for update." )
}
)
User updateUser( @PathParam( "userId" ) String userId, User user )
@@ -179,6 +181,7 @@ public interface UserService
description = "If locking was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for locking." )
}
)
void lockUser( @PathParam( "userId" ) String userId )
@@ -196,6 +199,7 @@ public interface UserService
description = "If unlocking was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for unlock." )
}
)
void unlockUser( @PathParam( "userId" ) String userId )
@@ -214,6 +218,8 @@ public interface UserService
description = "If password change require flag was set"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for editing." )
+
}
)
void setRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
@@ -231,6 +237,8 @@ public interface UserService
description = "If password change require flag was unset"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for editing." )
+
}
)
void clearRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
@@ -251,12 +259,11 @@ public interface UserService
@ApiResponse( responseCode = "200",
description = "If user data has been updated"
),
- @ApiResponse( responseCode = "403", description = "Logged in user does not match the provided userid" ),
@ApiResponse( responseCode = "401", description = "User is not logged in" ),
@ApiResponse( responseCode = "400", description = "Provided data is not valid" )
}
)
- User updateMe( MeUser user )
+ User updateMe( SelfUserData user )
throws RedbackServiceException;
@Path( "me" )
@@ -269,7 +276,6 @@ public interface UserService
description = "If user data is returned"
),
@ApiResponse( responseCode = "401", description = "User is not logged in" ),
- @ApiResponse( responseCode = "400", description = "Provided data is not valid" )
}
)
User getLoggedInUser( ) throws RedbackServiceException;
@@ -284,28 +290,36 @@ public interface UserService
@Path( "{userId}/cache/clear" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
- @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
+ @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION,
+ resource = "{userId}")
@io.swagger.v3.oas.annotations.Operation( summary = "Clears the cache for the user",
responses = {
@ApiResponse( responseCode = "200",
description = "If the cache was cleared properly"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the required permission." )
}
)
ActionStatus removeFromCache( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
/**
- *
- *
* @return
*/
@Path( "{userId}/register" )
@POST
- @Produces( { MediaType.APPLICATION_JSON } )
+ @Produces( {MediaType.APPLICATION_JSON} )
@RedbackAuthorization( noRestriction = true, noPermission = true )
- RegistrationKey registerUser( @PathParam( "userId" ) String userId, UserRegistrationRequest userRegistrationRequest )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Registers a new user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If the registration was successful, a registration key is returned"
+ ),
+ @ApiResponse( responseCode = "400", description = "If the registration request has invalid data" ),
+ }
+ )
+ RegistrationKey registerUser( @PathParam( "userId" ) String userId, UserRegistrationRequest userRegistrationRequest )
throws RedbackServiceException;
/**
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 5cde4ca..39df291 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -48,7 +48,7 @@ import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.Permission;
-import org.apache.archiva.redback.rest.api.model.v2.MeUser;
+import org.apache.archiva.redback.rest.api.model.v2.SelfUserData;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
import org.apache.archiva.redback.rest.api.model.Resource;
@@ -191,7 +191,7 @@ public class DefaultUserService
User result;
if ( Arrays.binarySearch( INVALID_CREATE_USER_NAMES, user.getUserId( ) ) >=0 )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 422 );
}
try
@@ -217,17 +217,17 @@ public class DefaultUserService
// data validation
if ( StringUtils.isEmpty( user.getUserId() ) )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_EMPTY ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_EMPTY ), 422 );
}
if ( StringUtils.isEmpty( user.getFullName() ) )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_FULL_NAME_EMPTY ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_FULL_NAME_EMPTY ), 422 );
}
if ( StringUtils.isEmpty( user.getEmail() ) )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_EMAIL_EMPTY ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_EMAIL_EMPTY ), 422 );
}
try
@@ -363,7 +363,7 @@ public class DefaultUserService
}
@Override
- public User updateMe( MeUser user )
+ public User updateMe( SelfUserData user )
throws RedbackServiceException
{
RedbackPrincipal principal = getPrincipal( );
@@ -539,7 +539,7 @@ public class DefaultUserService
log.debug("Creating admin admin user '{}'", adminUser.getUserId());
if (!RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME.equals(adminUser.getUserId())) {
log.error("Wrong admin user name {}", adminUser.getUserId());
- throw new RedbackServiceException(ErrorMessage.of(Constants.ERR_USER_ADMIN_BAD_NAME ), 405);
+ throw new RedbackServiceException(ErrorMessage.of(Constants.ERR_USER_ADMIN_BAD_NAME ), 422);
}
try
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index c05fa36..6d2ff68 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -150,7 +150,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.body( jsonAsMap )
.when( )
.post( )
- .then( ).statusCode( 405 );
+ .then( ).statusCode( 422 );
}
@@ -167,7 +167,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.body( jsonAsMap )
.when( )
.post( )
- .then( ).statusCode( 405 );
+ .then( ).statusCode( 422 );
}
@@ -678,4 +678,138 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 200 );
}
}
+
+ @Test
+ void getLoggedInUser( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rD" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .when( )
+ .get( "me" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertEquals( "aragorn", response.getBody( ).jsonPath( ).getString( "user_id" ) );
+ assertEquals( "Aragorn King of Gondor", response.getBody( ).jsonPath( ).getString( "fullName" ) );
+ assertEquals( "aragorn@lordoftherings.org", response.getBody( ).jsonPath( ).getString( "email" ) );
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "validated" ) );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void getNotLoggedInUser( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ given( ).spec( getRequestSpec() ).contentType( JSON )
+ .when( )
+ .get( "me" )
+ .then( ).statusCode( 401 );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void clearCache( )
+ {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ Response response = given( ).spec( getRequestSpec(adminToken) ).contentType( JSON )
+ .when( )
+ .post( "aragorn/cache/clear" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "success" ) );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void clearCacheNoPermission( )
+ {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String token = getUserToken( "aragorn", "pAssw0rD" );
+ given( ).spec( getRequestSpec(token) ).contentType( JSON )
+ .when( )
+ .post( "admin/cache/clear" )
+ .then( ).statusCode( 403 );
+
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index 2fc8431..1f74c1c 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -21,7 +21,7 @@ package org.apache.archiva.redback.rest.services.v2;
import org.apache.archiva.redback.rest.api.model.GrantType;
import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.v2.MeUser;
+import org.apache.archiva.redback.rest.api.model.v2.SelfUserData;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -505,22 +505,22 @@ public class UserServiceTest
u.setValidated( true );
getUserService( getAdminAuthzHeader( ) ).createUser( u );
- MeUser meUser = new MeUser( );
- meUser.setFullName( "the toto123" );
- meUser.setEmail( "toto@titi.fr" );
- meUser.setPassword( "toto1234" );
- meUser.setCurrentPassword( "toto123" );
- getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser );
+ SelfUserData selfUserData = new SelfUserData( );
+ selfUserData.setFullName( "the toto123" );
+ selfUserData.setEmail( "toto@titi.fr" );
+ selfUserData.setPassword( "toto1234" );
+ selfUserData.setCurrentPassword( "toto123" );
+ getUserService( getUserAuthzHeader( "toto" ) ).updateMe( selfUserData );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto123", u.getFullName( ) );
assertEquals( "toto@titi.fr", u.getEmail( ) );
- meUser.setFullName( "the toto1234" );
- meUser.setEmail( "toto@tititi.fr" );
- meUser.setPassword( "toto12345" );
- meUser.setCurrentPassword( "toto1234" );
- getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser );
+ selfUserData.setFullName( "the toto1234" );
+ selfUserData.setEmail( "toto@tititi.fr" );
+ selfUserData.setPassword( "toto12345" );
+ selfUserData.setCurrentPassword( "toto1234" );
+ getUserService( getUserAuthzHeader( "toto" )) .updateMe( selfUserData );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto1234", u.getFullName( ) );
[archiva-redback-core] 01/02: Minor REST V2 changes for userservice
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit 8ebd1ad815335efc1a329360e23ef477e771c8cf
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Thu Aug 27 16:54:40 2020 +0200
Minor REST V2 changes for userservice
---
.../archiva/redback/rest/api/model/v2/MeUser.java | 75 ++++++++++++++++++++++
.../redback/rest/api/services/v2/UserService.java | 9 +--
.../rest/services/v2/DefaultUserService.java | 10 ++-
.../rest/services/v2/NativeUserServiceTest.java | 55 +---------------
.../redback/rest/services/v2/UserServiceTest.java | 22 ++++---
5 files changed, 99 insertions(+), 72 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
new file mode 100644
index 0000000..e307618
--- /dev/null
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
@@ -0,0 +1,75 @@
+package org.apache.archiva.redback.rest.api.model.v2;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * JSON object for updating own user data.
+ * Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal.
+ */
+@XmlRootElement( name = "user" )
+public class MeUser
+{
+ private String email;
+ private String fullName;
+ private String password;
+ private String currentPassword;
+
+ public String getEmail( )
+ {
+ return email;
+ }
+
+ public void setEmail( String email )
+ {
+ this.email = email;
+ }
+
+ public String getFullName( )
+ {
+ return fullName;
+ }
+
+ public void setFullName( String fullName )
+ {
+ this.fullName = fullName;
+ }
+
+ public String getPassword( )
+ {
+ return password;
+ }
+
+ public void setPassword( String password )
+ {
+ this.password = password;
+ }
+
+ public String getCurrentPassword( )
+ {
+ return currentPassword;
+ }
+
+ public void setCurrentPassword( String currentPassword )
+ {
+ this.currentPassword = currentPassword;
+ }
+}
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index ba739e0..0ea3091 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -28,6 +28,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants
import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Operation;
+import org.apache.archiva.redback.rest.api.model.v2.MeUser;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -168,7 +169,7 @@ public interface UserService
/**
*/
- @Path( "{userId}/lock" )
+ @Path( "{userId}/lock/set" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
@@ -185,11 +186,11 @@ public interface UserService
/**
*/
- @Path( "{userId}/unlock" )
+ @Path( "{userId}/lock/clear" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ @io.swagger.v3.oas.annotations.Operation( summary = "Unlocks a user",
responses = {
@ApiResponse( responseCode = "200",
description = "If unlocking was successful"
@@ -255,7 +256,7 @@ public interface UserService
@ApiResponse( responseCode = "400", description = "Provided data is not valid" )
}
)
- User updateMe( User user )
+ User updateMe( MeUser user )
throws RedbackServiceException;
@Path( "me" )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 2273d00..5cde4ca 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -48,6 +48,7 @@ import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.Permission;
+import org.apache.archiva.redback.rest.api.model.v2.MeUser;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
import org.apache.archiva.redback.rest.api.model.Resource;
@@ -362,28 +363,25 @@ public class DefaultUserService
}
@Override
- public User updateMe( User user )
+ public User updateMe( MeUser user )
throws RedbackServiceException
{
RedbackPrincipal principal = getPrincipal( );
if (principal==null) {
throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 );
}
- if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) {
- throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() );
- }
// check oldPassword with the current one
// only 3 fields to update
// ui can limit to not update password
- org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
+ org.apache.archiva.redback.users.User foundUser = updateUser( principal.getName(), realUser -> {
try
{
// current password is only needed, if password change is requested
if ( StringUtils.isNotBlank( user.getPassword( ) ) )
{
String previousEncodedPassword =
- securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
+ securitySystem.getUserManager( ).findUser( principal.getName(), false ).getEncodedPassword( );
// check oldPassword with the current one
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index e8fd540..c05fa36 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -454,7 +454,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
try
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .post( "aragorn/lock" )
+ .post( "aragorn/lock/set" )
.then( ).statusCode( 200 );
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.get( "aragorn" )
@@ -474,7 +474,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
{
String token = getAdminToken( );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .post( "aragorn/lock" )
+ .post( "aragorn/lock/set" )
.then( ).statusCode( 404 );
}
@@ -500,7 +500,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
try
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .post( "aragorn/unlock" )
+ .post( "aragorn/lock/clear" )
.then( ).statusCode( 200 );
response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.get( "aragorn" )
@@ -617,7 +617,6 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
String userToken = getUserToken( "aragorn", "pAssw0rD" );
Map<String, Object> updateMap = new HashMap<>( );
- updateMap.put( "user_id", "aragorn" );
updateMap.put( "email", "aragorn-swiss@lordoftherings.org" );
updateMap.put( "fullName", "Aragorn King of Switzerland" );
Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
@@ -637,54 +636,6 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void updateMeInvalidUser( )
- {
- String token = getAdminToken( );
- Map<String, Object> jsonAsMap = new HashMap<>( );
- jsonAsMap.put( "user_id", "aragorn" );
- jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
- jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
- jsonAsMap.put( "validated", true );
- jsonAsMap.put( "password", "pAssw0rDA" );
- given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .body( jsonAsMap )
- .when( )
- .post( )
- .then( ).statusCode( 201 );
-
- jsonAsMap.put( "user_id", "elrond" );
- jsonAsMap.put( "email", "elrond@lordoftherings.org" );
- jsonAsMap.put( "fullName", "Elrond King of Elves" );
- jsonAsMap.put( "validated", true );
- jsonAsMap.put( "password", "pAssw0rDE" );
- given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .body( jsonAsMap )
- .when( )
- .post( )
- .then( ).statusCode( 201 );
- try
- {
-
- String userToken = getUserToken( "aragorn", "pAssw0rDA" );
- Map<String, Object> updateMap = new HashMap<>( );
- updateMap.put( "user_id", "elrond" );
- updateMap.put( "email", "elrond-swiss@lordoftherings.org" );
- updateMap.put( "fullName", "Elrond King of Switzerland" );
- Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
- .body( updateMap )
- .when( )
- .put( "me" )
- .then( ).statusCode( 403 ).extract( ).response( );
- }
- finally
- {
- given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .delete( "aragorn" )
- .then( ).statusCode( 200 );
- }
- }
-
- @Test
void updateMeWithPassword( )
{
String token = getAdminToken( );
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index 0268452..2fc8431 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -21,6 +21,7 @@ package org.apache.archiva.redback.rest.services.v2;
import org.apache.archiva.redback.rest.api.model.GrantType;
import org.apache.archiva.redback.rest.api.model.Operation;
+import org.apache.archiva.redback.rest.api.model.v2.MeUser;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -504,21 +505,22 @@ public class UserServiceTest
u.setValidated( true );
getUserService( getAdminAuthzHeader( ) ).createUser( u );
- u.setFullName( "the toto123" );
- u.setEmail( "toto@titi.fr" );
- u.setPassword( "toto1234" );
- u.setCurrentPassword( "toto123" );
- getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u );
+ MeUser meUser = new MeUser( );
+ meUser.setFullName( "the toto123" );
+ meUser.setEmail( "toto@titi.fr" );
+ meUser.setPassword( "toto1234" );
+ meUser.setCurrentPassword( "toto123" );
+ getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto123", u.getFullName( ) );
assertEquals( "toto@titi.fr", u.getEmail( ) );
- u.setFullName( "the toto1234" );
- u.setEmail( "toto@tititi.fr" );
- u.setPassword( "toto12345" );
- u.setCurrentPassword( "toto1234" );
- getUserService( getUserAuthzHeader( "toto" )) .updateMe( u );
+ meUser.setFullName( "the toto1234" );
+ meUser.setEmail( "toto@tititi.fr" );
+ meUser.setPassword( "toto12345" );
+ meUser.setCurrentPassword( "toto1234" );
+ getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto1234", u.getFullName( ) );