You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2020/08/29 17:21:40 UTC
[archiva-redback-core] 02/02: REST V2 changes
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit a4b273cf3397a0d0b76e73bd77076631d8fa51ae
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sat Aug 29 19:21:24 2020 +0200
REST V2 changes
---
.../model/v2/{MeUser.java => SelfUserData.java} | 2 +-
.../redback/rest/api/services/v2/UserService.java | 42 ++++---
.../rest/services/v2/DefaultUserService.java | 14 +--
.../rest/services/v2/NativeUserServiceTest.java | 138 ++++++++++++++++++++-
.../redback/rest/services/v2/UserServiceTest.java | 24 ++--
5 files changed, 184 insertions(+), 36 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java
similarity index 98%
rename from redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
rename to redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java
index e307618..03d2aba 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/SelfUserData.java
@@ -26,7 +26,7 @@ import javax.xml.bind.annotation.XmlRootElement;
* Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal.
*/
@XmlRootElement( name = "user" )
-public class MeUser
+public class SelfUserData
{
private String email;
private String fullName;
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index 0ea3091..acfe4ed 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -28,7 +28,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants
import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.v2.MeUser;
+import org.apache.archiva.redback.rest.api.model.v2.SelfUserData;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -89,7 +89,7 @@ public interface UserService
@Header( name="Location", description = "The URL of the created mapping")
}
),
- @ApiResponse( responseCode = "405", description = "Invalid input" ),
+ @ApiResponse( responseCode = "422", description = "Invalid input" ),
@ApiResponse( responseCode = "303", description = "The user exists already",
headers = {
@Header( name="Location", description = "The URL of existing user")
@@ -117,7 +117,7 @@ public interface UserService
@Header( name="Location", description = "The URL of the created mapping")
}
),
- @ApiResponse( responseCode = "405", description = "Invalid input" ),
+ @ApiResponse( responseCode = "422", description = "Invalid input" ),
@ApiResponse( responseCode = "303", description = "The user exists already",
headers = {
@Header( name="Location", description = "The URL of the existing admin user")
@@ -145,7 +145,8 @@ public interface UserService
@ApiResponse( responseCode = "200",
description = "If user deletion was successful"
),
- @ApiResponse( responseCode = "404", description = "User does not exist" )
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for deletion." )
}
)
void deleteUser( @PathParam( "userId" ) String userId )
@@ -155,13 +156,14 @@ public interface UserService
@PUT
@Produces( {MediaType.APPLICATION_JSON} )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ @io.swagger.v3.oas.annotations.Operation( summary = "Updates an existing user",
responses = {
@ApiResponse( responseCode = "200",
description = "If update was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
- @ApiResponse( responseCode = "422", description = "Update data was not valid. E.g. password violations." )
+ @ApiResponse( responseCode = "422", description = "Update data was not valid. E.g. password violations." ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for update." )
}
)
User updateUser( @PathParam( "userId" ) String userId, User user )
@@ -179,6 +181,7 @@ public interface UserService
description = "If locking was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for locking." )
}
)
void lockUser( @PathParam( "userId" ) String userId )
@@ -196,6 +199,7 @@ public interface UserService
description = "If unlocking was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for unlock." )
}
)
void unlockUser( @PathParam( "userId" ) String userId )
@@ -214,6 +218,8 @@ public interface UserService
description = "If password change require flag was set"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for editing." )
+
}
)
void setRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
@@ -231,6 +237,8 @@ public interface UserService
description = "If password change require flag was unset"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the permission for editing." )
+
}
)
void clearRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
@@ -251,12 +259,11 @@ public interface UserService
@ApiResponse( responseCode = "200",
description = "If user data has been updated"
),
- @ApiResponse( responseCode = "403", description = "Logged in user does not match the provided userid" ),
@ApiResponse( responseCode = "401", description = "User is not logged in" ),
@ApiResponse( responseCode = "400", description = "Provided data is not valid" )
}
)
- User updateMe( MeUser user )
+ User updateMe( SelfUserData user )
throws RedbackServiceException;
@Path( "me" )
@@ -269,7 +276,6 @@ public interface UserService
description = "If user data is returned"
),
@ApiResponse( responseCode = "401", description = "User is not logged in" ),
- @ApiResponse( responseCode = "400", description = "Provided data is not valid" )
}
)
User getLoggedInUser( ) throws RedbackServiceException;
@@ -284,28 +290,36 @@ public interface UserService
@Path( "{userId}/cache/clear" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
- @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
+ @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION,
+ resource = "{userId}")
@io.swagger.v3.oas.annotations.Operation( summary = "Clears the cache for the user",
responses = {
@ApiResponse( responseCode = "200",
description = "If the cache was cleared properly"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "403", description = "The authenticated user has not the required permission." )
}
)
ActionStatus removeFromCache( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
/**
- *
- *
* @return
*/
@Path( "{userId}/register" )
@POST
- @Produces( { MediaType.APPLICATION_JSON } )
+ @Produces( {MediaType.APPLICATION_JSON} )
@RedbackAuthorization( noRestriction = true, noPermission = true )
- RegistrationKey registerUser( @PathParam( "userId" ) String userId, UserRegistrationRequest userRegistrationRequest )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Registers a new user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If the registration was successful, a registration key is returned"
+ ),
+ @ApiResponse( responseCode = "400", description = "If the registration request has invalid data" ),
+ }
+ )
+ RegistrationKey registerUser( @PathParam( "userId" ) String userId, UserRegistrationRequest userRegistrationRequest )
throws RedbackServiceException;
/**
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 5cde4ca..39df291 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -48,7 +48,7 @@ import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.Permission;
-import org.apache.archiva.redback.rest.api.model.v2.MeUser;
+import org.apache.archiva.redback.rest.api.model.v2.SelfUserData;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
import org.apache.archiva.redback.rest.api.model.Resource;
@@ -191,7 +191,7 @@ public class DefaultUserService
User result;
if ( Arrays.binarySearch( INVALID_CREATE_USER_NAMES, user.getUserId( ) ) >=0 )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 422 );
}
try
@@ -217,17 +217,17 @@ public class DefaultUserService
// data validation
if ( StringUtils.isEmpty( user.getUserId() ) )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_EMPTY ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_EMPTY ), 422 );
}
if ( StringUtils.isEmpty( user.getFullName() ) )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_FULL_NAME_EMPTY ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_FULL_NAME_EMPTY ), 422 );
}
if ( StringUtils.isEmpty( user.getEmail() ) )
{
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_EMAIL_EMPTY ), 405 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_EMAIL_EMPTY ), 422 );
}
try
@@ -363,7 +363,7 @@ public class DefaultUserService
}
@Override
- public User updateMe( MeUser user )
+ public User updateMe( SelfUserData user )
throws RedbackServiceException
{
RedbackPrincipal principal = getPrincipal( );
@@ -539,7 +539,7 @@ public class DefaultUserService
log.debug("Creating admin admin user '{}'", adminUser.getUserId());
if (!RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME.equals(adminUser.getUserId())) {
log.error("Wrong admin user name {}", adminUser.getUserId());
- throw new RedbackServiceException(ErrorMessage.of(Constants.ERR_USER_ADMIN_BAD_NAME ), 405);
+ throw new RedbackServiceException(ErrorMessage.of(Constants.ERR_USER_ADMIN_BAD_NAME ), 422);
}
try
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index c05fa36..6d2ff68 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -150,7 +150,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.body( jsonAsMap )
.when( )
.post( )
- .then( ).statusCode( 405 );
+ .then( ).statusCode( 422 );
}
@@ -167,7 +167,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.body( jsonAsMap )
.when( )
.post( )
- .then( ).statusCode( 405 );
+ .then( ).statusCode( 422 );
}
@@ -678,4 +678,138 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 200 );
}
}
+
+ @Test
+ void getLoggedInUser( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rD" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .when( )
+ .get( "me" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertEquals( "aragorn", response.getBody( ).jsonPath( ).getString( "user_id" ) );
+ assertEquals( "Aragorn King of Gondor", response.getBody( ).jsonPath( ).getString( "fullName" ) );
+ assertEquals( "aragorn@lordoftherings.org", response.getBody( ).jsonPath( ).getString( "email" ) );
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "validated" ) );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void getNotLoggedInUser( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ given( ).spec( getRequestSpec() ).contentType( JSON )
+ .when( )
+ .get( "me" )
+ .then( ).statusCode( 401 );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void clearCache( )
+ {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ Response response = given( ).spec( getRequestSpec(adminToken) ).contentType( JSON )
+ .when( )
+ .post( "aragorn/cache/clear" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "success" ) );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void clearCacheNoPermission( )
+ {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String token = getUserToken( "aragorn", "pAssw0rD" );
+ given( ).spec( getRequestSpec(token) ).contentType( JSON )
+ .when( )
+ .post( "admin/cache/clear" )
+ .then( ).statusCode( 403 );
+
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index 2fc8431..1f74c1c 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -21,7 +21,7 @@ package org.apache.archiva.redback.rest.services.v2;
import org.apache.archiva.redback.rest.api.model.GrantType;
import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.v2.MeUser;
+import org.apache.archiva.redback.rest.api.model.v2.SelfUserData;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -505,22 +505,22 @@ public class UserServiceTest
u.setValidated( true );
getUserService( getAdminAuthzHeader( ) ).createUser( u );
- MeUser meUser = new MeUser( );
- meUser.setFullName( "the toto123" );
- meUser.setEmail( "toto@titi.fr" );
- meUser.setPassword( "toto1234" );
- meUser.setCurrentPassword( "toto123" );
- getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser );
+ SelfUserData selfUserData = new SelfUserData( );
+ selfUserData.setFullName( "the toto123" );
+ selfUserData.setEmail( "toto@titi.fr" );
+ selfUserData.setPassword( "toto1234" );
+ selfUserData.setCurrentPassword( "toto123" );
+ getUserService( getUserAuthzHeader( "toto" ) ).updateMe( selfUserData );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto123", u.getFullName( ) );
assertEquals( "toto@titi.fr", u.getEmail( ) );
- meUser.setFullName( "the toto1234" );
- meUser.setEmail( "toto@tititi.fr" );
- meUser.setPassword( "toto12345" );
- meUser.setCurrentPassword( "toto1234" );
- getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser );
+ selfUserData.setFullName( "the toto1234" );
+ selfUserData.setEmail( "toto@tititi.fr" );
+ selfUserData.setPassword( "toto12345" );
+ selfUserData.setCurrentPassword( "toto1234" );
+ getUserService( getUserAuthzHeader( "toto" )) .updateMe( selfUserData );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto1234", u.getFullName( ) );