You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2020/08/22 20:32:01 UTC
[archiva-redback-core] 06/06: Adding me services for REST V2
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit aae69ef8d0beac1e44edb3f96b5c0ab778b741ab
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sat Aug 22 20:27:05 2020 +0200
Adding me services for REST V2
---
.../apache/archiva/redback/rest/api/Constants.java | 2 +
.../archiva/redback/rest/api/model/v2/User.java | 13 +-
.../redback/rest/api/services/v2/UserService.java | 52 ++--
.../rest/services/v2/DefaultUserService.java | 119 ++++-----
.../rest/services/v2/NativeUserServiceTest.java | 287 ++++++++++++++++-----
.../redback/rest/services/v2/UserServiceTest.java | 17 +-
6 files changed, 322 insertions(+), 168 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
index 7c2b406..415e49c 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
@@ -56,6 +56,8 @@ public interface Constants
String ERR_AUTH_INVALID_TOKEN = "redback:auth.invalid_token";
String ERR_AUTH_UNAUTHORIZED_REQUEST = "redback:auth.unauthorized_request";
+ String ERR_USER_BAD_PASSWORD = "redback:user.bad.password";
+
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java
index 4a3367d..de3c1b2 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java
@@ -65,9 +65,8 @@ public class User
/**
* for password change only
*
- * @since 1.4
*/
- private String previousPassword;
+ private String currentPassword;
/**
* for roles update only <b>not return on user read</b>
@@ -279,14 +278,14 @@ public class User
this.timestampLastPasswordChange = OffsetDateTime.ofInstant( timestampLastPasswordChange, ZoneId.systemDefault() );
}
- public String getPreviousPassword()
+ public String getCurrentPassword()
{
- return previousPassword;
+ return currentPassword;
}
- public void setPreviousPassword( String previousPassword )
+ public void setCurrentPassword( String currentPassword )
{
- this.previousPassword = previousPassword;
+ this.currentPassword = currentPassword;
}
public List<String> getAssignedRoles()
@@ -353,7 +352,7 @@ public class User
", timestampAccountCreation='" + timestampAccountCreation + '\'' +
", timestampLastLogin='" + timestampLastLogin + '\'' +
", timestampLastPasswordChange='" + timestampLastPasswordChange + '\'' +
- ", previousPassword='" + previousPassword + '\'' +
+ ", previousPassword='" + currentPassword + '\'' +
", assignedRoles=" + assignedRoles +
", readOnly=" + readOnly +
", userManagerId='" + userManagerId + '\'' +
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index bb81317..ba739e0 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -237,7 +237,7 @@ public interface UserService
/**
- * update only the current logged in user and this fields: fullname, email, password.
+ * Update only the current logged in user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
* @return
*/
@@ -245,9 +245,34 @@ public interface UserService
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Updates information of the current logged in user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If user data has been updated"
+ ),
+ @ApiResponse( responseCode = "403", description = "Logged in user does not match the provided userid" ),
+ @ApiResponse( responseCode = "401", description = "User is not logged in" ),
+ @ApiResponse( responseCode = "400", description = "Provided data is not valid" )
+ }
+ )
User updateMe( User user )
throws RedbackServiceException;
+ @Path( "me" )
+ @GET
+ @Produces( { MediaType.APPLICATION_JSON } )
+ @RedbackAuthorization( noPermission = true )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Gets information of the current logged in user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If user data is returned"
+ ),
+ @ApiResponse( responseCode = "401", description = "User is not logged in" ),
+ @ApiResponse( responseCode = "400", description = "Provided data is not valid" )
+ }
+ )
+ User getLoggedInUser( ) throws RedbackServiceException;
+
@Path( "___ping___" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
@@ -259,27 +284,22 @@ public interface UserService
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Clears the cache for the user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If the cache was cleared properly"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ }
+ )
ActionStatus removeFromCache( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
- @Path( "guest" )
- @GET
- @Produces( { MediaType.APPLICATION_JSON } )
- @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- User getGuestUser()
- throws RedbackServiceException;
-
- @Path( "guest" )
- @POST
- @Produces( { MediaType.APPLICATION_JSON } )
- @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- User createGuestUser()
- throws RedbackServiceException;
-
/**
*
*
- * @return*/
+ * @return
+ */
@Path( "{userId}/register" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 5462b1b..2273d00 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -104,7 +104,7 @@ public class DefaultUserService
private final Logger log = LoggerFactory.getLogger( getClass() );
private static final String VALID_USERNAME_CHARS = "[a-zA-Z_0-9\\-.@]*";
- private static final String[] INVALID_USER_NAMES = { "me" };
+ private static final String[] INVALID_CREATE_USER_NAMES = { "admin", "guest", "me" };
private UserManager userManager;
@@ -188,7 +188,7 @@ public class DefaultUserService
throws RedbackServiceException
{
User result;
- if ( Arrays.binarySearch( INVALID_USER_NAMES, user.getUserId( ) ) >=0 )
+ if ( Arrays.binarySearch( INVALID_CREATE_USER_NAMES, user.getUserId( ) ) >=0 )
{
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 405 );
}
@@ -318,6 +318,9 @@ public class DefaultUserService
{
try
{
+ if ("guest".equals(userId)) {
+ return getRestUser( userManager.getGuestUser( ) );
+ }
org.apache.archiva.redback.users.User user = userManager.findUser( userId );
return getRestUser( user );
}
@@ -362,11 +365,12 @@ public class DefaultUserService
public User updateMe( User user )
throws RedbackServiceException
{
- // check username == one in the session
-
RedbackPrincipal principal = getPrincipal( );
if (principal==null) {
- throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 403 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 );
+ }
+ if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() );
}
// check oldPassword with the current one
@@ -375,23 +379,27 @@ public class DefaultUserService
org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
try
{
- String previousEncodedPassword =
- securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
+ // current password is only needed, if password change is requested
+ if ( StringUtils.isNotBlank( user.getPassword( ) ) )
+ {
+ String previousEncodedPassword =
+ securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
- // check oldPassword with the current one
+ // check oldPassword with the current one
- PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( );
+ PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( );
- if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword( ) ) )
- {
+ if ( !encoder.isPasswordValid( previousEncodedPassword, user.getCurrentPassword( ) ) )
+ {
- return new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
- Response.Status.BAD_REQUEST.getStatusCode( ) );
+ return new RedbackServiceException( ErrorMessage.of( ERR_USER_BAD_PASSWORD ),
+ Response.Status.BAD_REQUEST.getStatusCode( ) );
+ }
}
}
catch ( UserNotFoundException e )
{
- return new RedbackServiceException( new ErrorMessage( "user not found" ),
+ return new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ),
Response.Status.BAD_REQUEST.getStatusCode( ) );
}
catch ( UserManagerException e )
@@ -399,8 +407,14 @@ public class DefaultUserService
return new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
}
// only 3 fields to update
- realUser.setFullName( user.getFullName( ) );
- realUser.setEmail( user.getEmail( ) );
+ if (StringUtils.isNotBlank( user.getFullName() ))
+ {
+ realUser.setFullName( user.getFullName( ) );
+ }
+ if (StringUtils.isNotBlank( user.getEmail() ))
+ {
+ realUser.setEmail( user.getEmail( ) );
+ }
// ui can limit to not update password
if ( StringUtils.isNotBlank( user.getPassword( ) ) )
{
@@ -413,6 +427,26 @@ public class DefaultUserService
}
@Override
+ public User getLoggedInUser( )
+ throws RedbackServiceException
+ {
+ RedbackPrincipal principal = getPrincipal( );
+ if (principal==null) {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 );
+ }
+
+ try
+ {
+ org.apache.archiva.redback.users.User foundUser = userManager.findUser( principal.getUser().getUsername(), false );
+ return getRestUser( foundUser );
+ }
+ catch ( UserManagerException e )
+ {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ), 400 );
+ }
+ }
+
+ @Override
public User updateUser( String userId, User user )
throws RedbackServiceException
{
@@ -478,59 +512,6 @@ public class DefaultUserService
}
@Override
- public User getGuestUser()
- throws RedbackServiceException
- {
- try
- {
- org.apache.archiva.redback.users.User user = userManager.getGuestUser();
- return getRestUser( user );
- }
- catch ( Exception e )
- {
- return null;
- }
- }
-
- @Override
- public User createGuestUser()
- throws RedbackServiceException
- {
- User u = getGuestUser();
- if ( u != null )
- {
- return u;
- }
- // temporary disable policy during guest creation as no password !
- try
- {
- securitySystem.getPolicy().setEnabled( false );
- org.apache.archiva.redback.users.User user = userManager.createGuestUser();
- user.setPasswordChangeRequired( false );
- user = userManager.updateUser( user, false );
- roleManager.assignRole( config.getString( UserConfigurationKeys.DEFAULT_GUEST ), user.getUsername() );
- return getRestUser( user );
- }
- catch ( RoleManagerException | UserNotFoundException e )
- {
- log.error( e.getMessage(), e );
- throw new RedbackServiceException( e.getMessage() );
- }
- catch ( UserManagerException e )
- {
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
- }
- finally
- {
-
- if ( !securitySystem.getPolicy().isEnabled() )
- {
- securitySystem.getPolicy().setEnabled( true );
- }
- }
- }
-
- @Override
public PingResult ping()
throws RedbackServiceException
{
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index e03233c..e8fd540 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -31,13 +31,11 @@ import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static io.restassured.RestAssured.given;
-import static io.restassured.RestAssured.replaceFiltersWith;
import static io.restassured.http.ContentType.JSON;
import static org.junit.jupiter.api.Assertions.*;
@@ -48,7 +46,7 @@ import static org.junit.jupiter.api.Assertions.*;
@ContextConfiguration(
locations = {"classpath:/ldap-spring-test.xml"} )
@TestInstance( TestInstance.Lifecycle.PER_CLASS )
-@Tag("rest-native")
+@Tag( "rest-native" )
@TestMethodOrder( MethodOrderer.Random.class )
public class NativeUserServiceTest extends AbstractNativeRestServices
{
@@ -59,19 +57,20 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@BeforeAll
- void setup() throws Exception
+ void setup( ) throws Exception
{
- super.setupNative();
+ super.setupNative( );
}
@AfterAll
- void destroy() throws Exception
+ void destroy( ) throws Exception
{
- super.shutdownNative();
+ super.shutdownNative( );
}
@Test
- void getUsers() {
+ void getUsers( )
+ {
String token = getAdminToken( );
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( ).get( ).then( ).statusCode( 200 ).extract( ).response( );
@@ -85,13 +84,15 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void getUsersWithoutLogin() {
- given( ).spec( getRequestSpec( ) ).contentType( JSON )
+ void getUsersWithoutLogin( )
+ {
+ given( ).spec( getRequestSpec( ) ).contentType( JSON )
.when( ).get( ).then( ).statusCode( 403 );
}
@Test
- void getUser() {
+ void getUser( )
+ {
String token = getAdminToken( );
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( ).get( "admin" ).then( ).statusCode( 200 ).extract( ).response( );
@@ -102,14 +103,16 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void getUserWithoutLogin() {
- given( ).spec( getRequestSpec( ) ).contentType( JSON )
+ void getUserWithoutLogin( )
+ {
+ given( ).spec( getRequestSpec( ) ).contentType( JSON )
.when( ).get( "admin" ).then( ).statusCode( 403 );
}
@Test
- void createUser() {
+ void createUser( )
+ {
String token = getAdminToken( );
try
{
@@ -125,16 +128,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 201 ).extract( ).response( );
assertTrue( response.getHeader( "Location" ).endsWith( "/aragorn" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .when( ).delete( "aragorn").then( ).statusCode( 200 );
+ .when( ).delete( "aragorn" ).then( ).statusCode( 200 );
}
}
@Test
- void createInvalidUser() {
+ void createInvalidUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "" );
@@ -150,7 +155,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void createInvalidMeUser() {
+ void createInvalidMeUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "me" );
@@ -167,7 +173,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
@Test
- void createUserAndPermissionFail() {
+ void createUserAndPermissionFail( )
+ {
String token = getAdminToken( );
try
{
@@ -198,16 +205,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 403 );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .when( ).delete( "aragorn").then( ).statusCode( 200 );
+ .when( ).delete( "aragorn" ).then( ).statusCode( 200 );
}
}
@Test
- void createUserExistsAlready() {
+ void createUserExistsAlready( )
+ {
String token = getAdminToken( );
try
{
@@ -234,22 +243,24 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
- .redirects().follow( false ) // Rest assured default is following the 303 redirect
+ .redirects( ).follow( false ) // Rest assured default is following the 303 redirect
.post( )
- .prettyPeek()
- .peek()
- .then( ).statusCode( 303 ).extract().response();
+ .prettyPeek( )
+ .peek( )
+ .then( ).statusCode( 303 ).extract( ).response( );
assertTrue( response.getHeader( "Location" ).endsWith( "/aragorn" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .when( ).delete( "aragorn").then( ).statusCode( 200 );
+ .when( ).delete( "aragorn" ).then( ).statusCode( 200 );
}
}
@Test
- void createExistingAdminUser() {
+ void createExistingAdminUser( )
+ {
String token = null;
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "admin" );
@@ -259,25 +270,27 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
- .redirects().follow( false )
+ .redirects( ).follow( false )
.post( "admin" )
.then( ).statusCode( 303 ).extract( ).response( );
assertTrue( response.getHeader( "Location" ).endsWith( "/users/admin" ) );
}
@Test
- void checkAdminStatus() {
+ void checkAdminStatus( )
+ {
String token = null;
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.get( "admin/status" )
.then( ).statusCode( 200 ).extract( ).response( );
assertNotNull( response );
- assertTrue( response.body( ).jsonPath( ).getBoolean("exists" ) );
+ assertTrue( response.body( ).jsonPath( ).getBoolean( "exists" ) );
assertNotNull( response.body( ).jsonPath( ).get( "since" ) );
}
@Test
- void deleteUser() {
+ void deleteUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -296,7 +309,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void deleteNonexistingUser() {
+ void deleteNonexistingUser( )
+ {
String token = getAdminToken( );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "galadriel" )
@@ -304,7 +318,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void deleteUserPermissionDenied() {
+ void deleteUserPermissionDenied( )
+ {
String adminToken = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -322,7 +337,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
.then( ).statusCode( 401 ).extract( ).response( );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
.delete( "aragorn" )
@@ -331,7 +347,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void updateUser() {
+ void updateUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -357,7 +374,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 200 ).extract( ).response( );
assertNotNull( response );
assertEquals( "aragorn2@lordoftherings.org", response.body( ).jsonPath( ).getString( "email" ) );
- }finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -366,21 +384,23 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void updateNonExistingUser() {
+ void updateNonExistingUser( )
+ {
String token = getAdminToken( );
HashMap<Object, Object> jsonAsMap = new HashMap<>( );
- jsonAsMap.put( "email", "aragorn2@lordoftherings.org" );
- jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" );
- jsonAsMap.put( "password", "pAssw0rDXX" );
- given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .body( jsonAsMap )
- .when( )
- .put( "aragorn" )
- .then( ).statusCode( 404 );
+ jsonAsMap.put( "email", "aragorn2@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" );
+ jsonAsMap.put( "password", "pAssw0rDXX" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .put( "aragorn" )
+ .then( ).statusCode( 404 );
}
@Test
- void updateUserWithPasswordViolation() {
+ void updateUserWithPasswordViolation( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -403,11 +423,12 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.body( jsonAsMap )
.when( )
.put( "aragorn" )
- .prettyPeek()
+ .prettyPeek( )
.then( ).statusCode( 422 ).extract( ).response( );
assertNotNull( response );
assertEquals( "user.password.violation.reuse", response.body( ).jsonPath( ).get( "errorMessages[0].errorKey" ) );
- }finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -416,7 +437,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void lockUser() {
+ void lockUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -438,7 +460,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertTrue( response.getBody( ).jsonPath( ).getBoolean( "locked" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -447,15 +470,17 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void lockUnknownUser() {
+ void lockUnknownUser( )
+ {
String token = getAdminToken( );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .post( "aragorn/lock" )
- .then( ).statusCode( 404 );
+ .post( "aragorn/lock" )
+ .then( ).statusCode( 404 );
}
@Test
- void unlockUser() {
+ void unlockUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -481,7 +506,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertFalse( response.getBody( ).jsonPath( ).getBoolean( "locked" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -491,7 +517,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void unlockUnknownUser() {
+ void unlockUnknownUser( )
+ {
String token = getAdminToken( );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.post( "aragorn/unlock" )
@@ -499,7 +526,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void setPasswordChangeRequire() {
+ void setPasswordChangeRequire( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -521,7 +549,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertTrue( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -530,7 +559,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void setNoPasswordChangeRequire() {
+ void setNoPasswordChangeRequire( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -557,7 +587,140 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertFalse( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
- } finally
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+
+ @Test
+ void updateMe( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rD" );
+ Map<String, Object> updateMap = new HashMap<>( );
+ updateMap.put( "user_id", "aragorn" );
+ updateMap.put( "email", "aragorn-swiss@lordoftherings.org" );
+ updateMap.put( "fullName", "Aragorn King of Switzerland" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .body( updateMap )
+ .when( )
+ .put( "me" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertEquals( "Aragorn King of Switzerland", response.getBody( ).jsonPath( ).getString( "fullName" ) );
+ assertEquals( "aragorn-swiss@lordoftherings.org", response.getBody( ).jsonPath( ).getString( "email" ) );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void updateMeInvalidUser( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rDA" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+
+ jsonAsMap.put( "user_id", "elrond" );
+ jsonAsMap.put( "email", "elrond@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Elrond King of Elves" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rDE" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rDA" );
+ Map<String, Object> updateMap = new HashMap<>( );
+ updateMap.put( "user_id", "elrond" );
+ updateMap.put( "email", "elrond-swiss@lordoftherings.org" );
+ updateMap.put( "fullName", "Elrond King of Switzerland" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .body( updateMap )
+ .when( )
+ .put( "me" )
+ .then( ).statusCode( 403 ).extract( ).response( );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void updateMeWithPassword( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rD" );
+ Map<String, Object> updateMap = new HashMap<>( );
+ updateMap.put( "user_id", "aragorn" );
+ updateMap.put( "email", "aragorn-sweden@lordoftherings.org" );
+ updateMap.put( "fullName", "Aragorn King of Sweden" );
+ updateMap.put( "currentPassword", "pAssw0rD" );
+ updateMap.put( "password", "x1y2z3a4b5c6d8##" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .body( updateMap )
+ .when( )
+ .put( "me" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertEquals( "Aragorn King of Sweden", response.getBody( ).jsonPath( ).getString( "fullName" ) );
+ assertEquals( "aragorn-sweden@lordoftherings.org", response.getBody( ).jsonPath( ).getString( "email" ) );
+ userToken = getUserToken( "aragorn", "x1y2z3a4b5c6d8##" );
+ given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ).get( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index 05ddf4a..0268452 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -507,7 +507,7 @@ public class UserServiceTest
u.setFullName( "the toto123" );
u.setEmail( "toto@titi.fr" );
u.setPassword( "toto1234" );
- u.setPreviousPassword( "toto123" );
+ u.setCurrentPassword( "toto123" );
getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
@@ -517,7 +517,7 @@ public class UserServiceTest
u.setFullName( "the toto1234" );
u.setEmail( "toto@tititi.fr" );
u.setPassword( "toto12345" );
- u.setPreviousPassword( "toto1234" );
+ u.setCurrentPassword( "toto1234" );
getUserService( getUserAuthzHeader( "toto" )) .updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
@@ -567,23 +567,12 @@ public class UserServiceTest
}
}
- public void guestUserCreate( )
- throws Exception
- {
- UserService userService = getUserService( getAdminAuthzHeader( ) );
- assertNull( userService.getGuestUser( ) );
- assertNull( userService.createGuestUser( ) );
- }
protected void createGuestIfNeeded( )
throws Exception
{
- UserService userService = getUserService( getAdminAuthzHeader( ) );
- if ( userService.getGuestUser( ) == null )
- {
- userService.createGuestUser( );
- }
+
}
}