You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@archiva.apache.org by ma...@apache.org on 2020/08/22 20:31:55 UTC
[archiva-redback-core] branch master updated (8242f07 -> aae69ef)
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git.
from 8242f07 Improving V2 REST services
new f246950 Additional updates for REST V2
new bcdc1f2 Changing return to void for delete action
new 1609b4e Updating and testing lock methods V2 REST user service
new 2c0876f Update and test password flag methods for V2 REST user service
new d9fe4b0 Changing user REST interface V2
new aae69ef Adding me services for REST V2
The 6 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../apache/archiva/redback/rest/api/Constants.java | 15 +-
.../api/model/{ => v2}/AvailabilityStatus.java | 29 +-
.../rest/api/model/{ => v2}/PasswordStatus.java | 11 +-
.../rest/api/model/{ => v2}/RegistrationKey.java | 18 +-
.../archiva/redback/rest/api/model/v2/User.java | 13 +-
.../rest/api/services/RoleManagementService.java | 2 +-
.../redback/rest/api/services/UserService.java | 1 -
.../redback/rest/api/services/v2/GroupService.java | 2 +-
.../api/services/v2/RoleManagementService.java | 2 +-
.../redback/rest/api/services/v2/UserService.java | 165 ++++--
.../services/DefaultRoleManagementService.java | 2 +-
.../interceptors/BearerAuthInterceptor.java | 2 +
.../services/v2/DefaultAuthenticationService.java | 4 +-
.../rest/services/v2/DefaultGroupService.java | 4 +-
.../rest/services/v2/DefaultUserService.java | 359 ++++++++------
.../rest/services/RoleManagementServiceTest.java | 2 +
.../rest/services/v2/NativeGroupServiceTest.java | 1 -
.../rest/services/v2/NativeUserServiceTest.java | 552 +++++++++++++++++++--
.../redback/rest/services/v2/UserServiceTest.java | 26 +-
19 files changed, 931 insertions(+), 279 deletions(-)
rename redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/{ => v2}/AvailabilityStatus.java (60%)
rename redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/{ => v2}/PasswordStatus.java (83%)
copy redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/{ => v2}/RegistrationKey.java (71%)
[archiva-redback-core] 03/06: Updating and testing lock methods V2
REST user service
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit 1609b4eaebef5864a372d5b6b22bd3a0a9ba12c3
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Tue Aug 4 18:42:58 2020 +0200
Updating and testing lock methods V2 REST user service
---
.../redback/rest/api/services/v2/UserService.java | 22 +++++-
.../rest/services/v2/DefaultUserService.java | 52 +++++++++----
.../rest/services/v2/NativeUserServiceTest.java | 86 +++++++++++++++++++++-
3 files changed, 142 insertions(+), 18 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index 0af6919..87c2665 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -173,16 +173,32 @@ public interface UserService
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- ActionStatus lockUser( @PathParam( "userId" ) String userId )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If locking was successful"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ }
+ )
+ void lockUser( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
/**
*/
@Path( "{userId}/unlock" )
- @GET
+ @POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- ActionStatus unlockUser( @PathParam( "userId" ) String userId )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If locking was successful"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ }
+ )
+ void unlockUser( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 8b90071..c3da00f 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -1035,31 +1035,55 @@ public class DefaultUserService
}
@Override
- public ActionStatus unlockUser( String userId )
+ public void unlockUser( String userId )
throws RedbackServiceException
{
- User user = getUser( userId );
- if ( user != null )
+ try
{
- user.setLocked( false );
- updateUser( user.getUserId(), user );
- return ActionStatus.SUCCESS;
+ org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
+ if ( rawUser != null )
+ {
+ rawUser.setLocked( false );
+ userManager.updateUser( rawUser, false );
+ } else {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
+ }
+ }
+ catch ( UserNotFoundException e )
+ {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ), 404 );
+ }
+ catch ( UserManagerException e )
+ {
+ throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
}
- return ActionStatus.FAIL;
+ httpServletResponse.setStatus( 200 );
}
@Override
- public ActionStatus lockUser( String userId )
+ public void lockUser( String userId )
throws RedbackServiceException
{
- User user = getUser( userId );
- if ( user != null )
+ try
+ {
+ org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
+ if ( rawUser != null )
+ {
+ rawUser.setLocked( true );
+ userManager.updateUser( rawUser, false );
+ } else {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
+ }
+ }
+ catch ( UserNotFoundException e )
+ {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ), 404 );
+ }
+ catch ( UserManagerException e )
{
- user.setLocked( true );
- updateUser( user.getUserId(), user );
- return ActionStatus.SUCCESS;
+ throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
}
- return ActionStatus.FAIL;
+ httpServletResponse.setStatus( 200 );
}
@Override
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index e2870c4..9289d3e 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -380,7 +380,7 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void updateUserPasswordViolation() {
+ void updateUserWithPasswordViolation() {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -415,4 +415,88 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
}
+ @Test
+ void lockUser() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "locked", false );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .post( "aragorn/lock" )
+ .then( ).statusCode( 200 );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .get( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "locked" ) );
+ } finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void lockUnknownUser() {
+ String token = getAdminToken( );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .post( "aragorn/lock" )
+ .then( ).statusCode( 404 );
+ }
+
+ @Test
+ void unlockUser() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "locked", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .get( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "locked" ) );
+ try
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .post( "aragorn/unlock" )
+ .then( ).statusCode( 200 );
+ response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .get( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertFalse( response.getBody( ).jsonPath( ).getBoolean( "locked" ) );
+ } finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+
+ }
+
+ @Test
+ void unlockUnknownUser() {
+ String token = getAdminToken( );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .post( "aragorn/unlock" )
+ .then( ).statusCode( 404 );
+ }
+
+
}
[archiva-redback-core] 04/06: Update and test password flag methods
for V2 REST user service
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit 2c0876f7b4daad751017392ed8132997d1327bab
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Tue Aug 4 19:11:26 2020 +0200
Update and test password flag methods for V2 REST user service
---
.../rest/api/model/{ => v2}/PasswordStatus.java | 11 +++-
.../redback/rest/api/services/v2/UserService.java | 39 +++++++++---
.../rest/services/v2/DefaultUserService.java | 72 ++++++++++++----------
.../rest/services/v2/NativeUserServiceTest.java | 65 +++++++++++++++++++
.../redback/rest/services/v2/UserServiceTest.java | 4 +-
5 files changed, 146 insertions(+), 45 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/PasswordStatus.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/PasswordStatus.java
similarity index 83%
rename from redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/PasswordStatus.java
rename to redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/PasswordStatus.java
index 7a20e36..be26e8c 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/PasswordStatus.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/PasswordStatus.java
@@ -1,4 +1,4 @@
-package org.apache.archiva.redback.rest.api.model;
+package org.apache.archiva.redback.rest.api.model.v2;
/*
* Licensed to the Apache Software Foundation (ASF) under one
@@ -18,18 +18,23 @@ package org.apache.archiva.redback.rest.api.model;
* under the License.
*/
+import javax.xml.bind.annotation.XmlRootElement;
+
/**
* @author Martin Stockhammer <ma...@apache.org>
*/
+@XmlRootElement( name="passwordStatus" )
public class PasswordStatus
{
boolean changeRequired = false;
- public PasswordStatus() {
+ public PasswordStatus( )
+ {
}
- public PasswordStatus(boolean changeRequired) {
+ public PasswordStatus( boolean changeRequired )
+ {
this.changeRequired = changeRequired;
}
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index 87c2665..f1a9899 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -29,7 +29,6 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
-import org.apache.archiva.redback.rest.api.model.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@@ -193,7 +192,7 @@ public interface UserService
@io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
responses = {
@ApiResponse( responseCode = "200",
- description = "If locking was successful"
+ description = "If unlocking was successful"
),
@ApiResponse( responseCode = "404", description = "User does not exist" ),
}
@@ -204,22 +203,48 @@ public interface UserService
/**
*/
- @Path( "{userId}/password/status" )
- @GET
+ @Path( "{userId}/password/require/set" )
+ @POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- PasswordStatus getPasswordStatus( @PathParam( "userId" ) String userId )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If password change require flag was set"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ }
+ )
+ void setRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
/**
- * update only the current user and this fields: fullname, email, password.
+ */
+ @Path( "{userId}/password/require/clear" )
+ @POST
+ @Produces( { MediaType.APPLICATION_JSON } )
+ @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If password change require flag was unset"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ }
+ )
+ void clearRequirePasswordChangeFlag( @PathParam( "userId" ) String userId )
+ throws RedbackServiceException;
+
+
+ /**
+ * update only the current logged in user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
*/
@Path( "me" )
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
- ActionStatus updateMe( @PathParam( "userId" ) String userId, User user )
+ ActionStatus updateMe( User user )
throws RedbackServiceException;
@Path( "___ping___" )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index c3da00f..9f29c04 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -47,7 +47,7 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.PasswordStatus;
+import org.apache.archiva.redback.rest.api.model.v2.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@@ -89,6 +89,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
+import java.util.function.Function;
import java.util.stream.Collectors;
import static org.apache.archiva.redback.rest.api.Constants.*;
@@ -344,7 +345,7 @@ public class DefaultUserService
}
@Override
- public ActionStatus updateMe( String userId, User user )
+ public ActionStatus updateMe( User user )
throws RedbackServiceException
{
// check username == one in the session
@@ -1034,16 +1035,18 @@ public class DefaultUserService
return null;
}
- @Override
- public void unlockUser( String userId )
- throws RedbackServiceException
+
+ private void updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
{
try
{
org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
if ( rawUser != null )
{
- rawUser.setLocked( false );
+ RedbackServiceException result = updateFunction.apply( rawUser );
+ if (result!=null) {
+ throw result;
+ }
userManager.updateUser( rawUser, false );
} else {
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
@@ -1057,6 +1060,16 @@ public class DefaultUserService
{
throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
}
+ }
+
+ @Override
+ public void unlockUser( String userId )
+ throws RedbackServiceException
+ {
+ updateUser( userId, user -> {
+ user.setLocked( false );
+ return null;
+ } );
httpServletResponse.setStatus( 200 );
}
@@ -1064,40 +1077,33 @@ public class DefaultUserService
public void lockUser( String userId )
throws RedbackServiceException
{
- try
- {
- org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
- if ( rawUser != null )
- {
- rawUser.setLocked( true );
- userManager.updateUser( rawUser, false );
- } else {
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
- }
- }
- catch ( UserNotFoundException e )
- {
- throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ), 404 );
- }
- catch ( UserManagerException e )
- {
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
- }
+ updateUser( userId, user -> {
+ user.setLocked( true );
+ return null;
+ } );
httpServletResponse.setStatus( 200 );
}
@Override
- public PasswordStatus getPasswordStatus( String userId )
+ public void setRequirePasswordChangeFlag( String userId )
throws RedbackServiceException
{
- User user = getUser( userId );
- if ( user == null )
- {
+ updateUser( userId, user -> {
user.setPasswordChangeRequired( true );
- updateUser( user.getUserId(), user );
- return new PasswordStatus( true );
- }
- return new PasswordStatus( false );
+ return null;
+ } );
+ httpServletResponse.setStatus( 200 );
+ }
+
+ @Override
+ public void clearRequirePasswordChangeFlag( String userId )
+ throws RedbackServiceException
+ {
+ updateUser( userId, user -> {
+ user.setPasswordChangeRequired( false );
+ return null;
+ } );
+ httpServletResponse.setStatus( 200 );
}
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index 9289d3e..e03233c 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -498,5 +498,70 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 404 );
}
+ @Test
+ void setPasswordChangeRequire() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "locked", false );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .post( "aragorn/password/require/set" )
+ .then( ).statusCode( 200 );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .get( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
+ } finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+ @Test
+ void setNoPasswordChangeRequire() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "locked", false );
+ jsonAsMap.put( "passwordChangeRequired", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .get( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertTrue( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
+ try
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .post( "aragorn/password/require/clear" )
+ .then( ).statusCode( 200 );
+ response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .get( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertFalse( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
+ } finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index b11bda9..05ddf4a 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -508,7 +508,7 @@ public class UserServiceTest
u.setEmail( "toto@titi.fr" );
u.setPassword( "toto1234" );
u.setPreviousPassword( "toto123" );
- getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u. getUserId(), u );
+ getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto123", u.getFullName( ) );
@@ -518,7 +518,7 @@ public class UserServiceTest
u.setEmail( "toto@tititi.fr" );
u.setPassword( "toto12345" );
u.setPreviousPassword( "toto1234" );
- getUserService( getUserAuthzHeader( "toto" )) .updateMe(u.getUserId(), u );
+ getUserService( getUserAuthzHeader( "toto" )) .updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
assertEquals( "the toto1234", u.getFullName( ) );
[archiva-redback-core] 01/06: Additional updates for REST V2
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit f24695020bdb8657856bfc1a09fb6f56ed4b0291
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sat Aug 1 22:50:33 2020 +0200
Additional updates for REST V2
---
.../apache/archiva/redback/rest/api/Constants.java | 13 +-
.../api/model/{ => v2}/AvailabilityStatus.java | 29 +++-
.../redback/rest/api/model/v2/RegistrationKey.java | 65 +++++++
.../rest/api/services/RoleManagementService.java | 2 +-
.../redback/rest/api/services/UserService.java | 1 -
.../api/services/v2/RoleManagementService.java | 2 +-
.../redback/rest/api/services/v2/UserService.java | 63 ++++---
.../services/DefaultRoleManagementService.java | 2 +-
.../services/v2/DefaultAuthenticationService.java | 2 +-
.../rest/services/v2/DefaultUserService.java | 93 ++++++----
.../rest/services/RoleManagementServiceTest.java | 2 +
.../rest/services/v2/NativeUserServiceTest.java | 188 ++++++++++++++++++++-
.../redback/rest/services/v2/UserServiceTest.java | 5 +-
13 files changed, 397 insertions(+), 70 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
index cc20152..7c2b406 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
@@ -26,12 +26,22 @@ public interface Constants
String DEFAULT_PAGE_LIMIT = "1000";
String ERR_UNKNOWN = "redback:unknown_error";
+ String ERR_USERMANAGER_FAIL = "redback:usermanager_error";
+ String ERR_ROLEMANAGER_FAIL = "redback:rolemanager_error";
+ String ERR_RBACMANAGER_FAIL = "redback:rbacmanager_error";
+
String ERR_USER_EXISTS = "redback:user.exists";
String ERR_USER_ID_EMPTY = "redback:user.id.empty";
+ String ERR_USER_ID_INVALID = "redback:user.id.invalid";
String ERR_USER_FULL_NAME_EMPTY = "redback:user.fullname.empty";
String ERR_USER_EMAIL_EMPTY = "redback:user.email.empty";
String ERR_USER_ASSIGN_ROLE = "redback:user.role.assign.failure";
String ERR_USER_NOT_VALIDATED = "redback:user.not_validated";
+ String ERR_USER_ADMIN_EXISTS = "redback:user.admin.exists";
+ String ERR_USER_ADMIN_BAD_NAME = "redback:user.admin.badname";
+ String ERR_USER_NOT_FOUND = "redback:user.not_found";
+
+ String ERR_PASSWORD_VIOLATION = "redback:user.password_violation";
String ERR_LDAP_GENERIC = "redback:ldap.error";
String ERR_ROLE_MAPPING = "redback:role.mapping.error";
@@ -42,10 +52,11 @@ public interface Constants
String ERR_AUTH_FAIL_MSG = "redback:auth.fail";
String ERR_AUTH_ACCOUNT_LOCKED = "redback:auth.account_locked";
String ERR_AUTH_PASSWORD_CHANGE_REQUIRED = "redback:auth.password_change_required";
- String ERR_AUTH_USERMANAGER_FAIL = "redback:auth.usermanager_error";
String ERR_AUTH_UNSUPPORTED_GRANT_TYPE = "redback:auth.unsupported_grant";
String ERR_AUTH_INVALID_TOKEN = "redback:auth.invalid_token";
String ERR_AUTH_UNAUTHORIZED_REQUEST = "redback:auth.unauthorized_request";
+
+
}
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/AvailabilityStatus.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/AvailabilityStatus.java
similarity index 60%
rename from redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/AvailabilityStatus.java
rename to redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/AvailabilityStatus.java
index da54317..5d544bc 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/AvailabilityStatus.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/AvailabilityStatus.java
@@ -1,4 +1,4 @@
-package org.apache.archiva.redback.rest.api.model;
+package org.apache.archiva.redback.rest.api.model.v2;
/*
* Licensed to the Apache Software Foundation (ASF) under one
@@ -19,6 +19,9 @@ package org.apache.archiva.redback.rest.api.model;
*/
import javax.xml.bind.annotation.XmlRootElement;
+import java.time.Instant;
+import java.time.OffsetDateTime;
+import java.time.ZoneId;
/**
* @author Martin Stockhammer <ma...@apache.org>
@@ -27,13 +30,21 @@ import javax.xml.bind.annotation.XmlRootElement;
public class AvailabilityStatus
{
boolean exists = false;
+ OffsetDateTime since;
- public AvailabilityStatus() {
+ public AvailabilityStatus(boolean exists, OffsetDateTime since) {
+ this.exists = exists;
+ this.since = since;
+ }
+ public AvailabilityStatus(boolean exists, Instant since) {
+ this.exists = exists;
+ setSinceByInstant( since );
}
public AvailabilityStatus(boolean exists) {
this.exists = exists;
+ this.since = OffsetDateTime.ofInstant( Instant.EPOCH, ZoneId.systemDefault() );
}
public boolean isExists( )
@@ -45,4 +56,18 @@ public class AvailabilityStatus
{
this.exists = exists;
}
+
+ public OffsetDateTime getSince( )
+ {
+ return since;
+ }
+
+ public void setSince( OffsetDateTime since )
+ {
+ this.since = since;
+ }
+
+ public void setSinceByInstant( Instant since ) {
+ this.since = OffsetDateTime.ofInstant( since, ZoneId.systemDefault( ) );
+ }
}
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/RegistrationKey.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/RegistrationKey.java
new file mode 100644
index 0000000..0d3467b
--- /dev/null
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/RegistrationKey.java
@@ -0,0 +1,65 @@
+package org.apache.archiva.redback.rest.api.model.v2;
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.xml.bind.annotation.XmlRootElement;
+import java.io.Serializable;
+
+/**
+ * @author Olivier Lamy
+ * @author Martin Stockhammer
+ */
+@XmlRootElement( name = "registrationKey" )
+public class RegistrationKey
+ implements Serializable
+{
+ private String key;
+ boolean emailValidationRequired=true;
+
+ public RegistrationKey()
+ {
+ // nope
+ }
+
+ public RegistrationKey( String key, boolean emailValidationRequired )
+ {
+ this.key = key;
+ this.emailValidationRequired = emailValidationRequired;
+ }
+
+ public String getKey()
+ {
+ return key;
+ }
+
+ public void setKey( String key )
+ {
+ this.key = key;
+ }
+
+ public boolean isEmailValidationRequired( )
+ {
+ return emailValidationRequired;
+ }
+
+ public void setEmailValidationRequired( boolean emailValidationRequired )
+ {
+ this.emailValidationRequired = emailValidationRequired;
+ }
+}
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/RoleManagementService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/RoleManagementService.java
index 761e334..b6cb992 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/RoleManagementService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/RoleManagementService.java
@@ -23,7 +23,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants
import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.Application;
import org.apache.archiva.redback.rest.api.model.ApplicationRoles;
-import org.apache.archiva.redback.rest.api.model.AvailabilityStatus;
+import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Role;
import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.model.VerificationStatus;
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/UserService.java
index 3dde14e..fcd05ec 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/UserService.java
@@ -21,7 +21,6 @@ package org.apache.archiva.redback.rest.api.services;
import org.apache.archiva.redback.authorization.RedbackAuthorization;
import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
-import org.apache.archiva.redback.rest.api.model.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.RegistrationKey;
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/RoleManagementService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/RoleManagementService.java
index 5aafa08..c9d2e2d 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/RoleManagementService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/RoleManagementService.java
@@ -23,7 +23,7 @@ import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants
import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.Application;
import org.apache.archiva.redback.rest.api.model.ApplicationRoles;
-import org.apache.archiva.redback.rest.api.model.AvailabilityStatus;
+import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Role;
import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.model.VerificationStatus;
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index 4ecf1e7..0af6919 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -26,14 +26,14 @@ import io.swagger.v3.oas.annotations.tags.Tag;
import org.apache.archiva.redback.authorization.RedbackAuthorization;
import org.apache.archiva.redback.integration.security.role.RedbackRoleConstants;
import org.apache.archiva.redback.rest.api.model.ActionStatus;
-import org.apache.archiva.redback.rest.api.model.AvailabilityStatus;
+import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
import org.apache.archiva.redback.rest.api.model.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.PingResult;
-import org.apache.archiva.redback.rest.api.model.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
+import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.v2.User;
import org.apache.archiva.redback.rest.api.model.v2.UserRegistrationRequest;
import org.apache.archiva.redback.rest.api.model.VerificationStatus;
@@ -97,7 +97,7 @@ public interface UserService
)
}
)
- ActionStatus createUser( User user )
+ User createUser( User user )
throws RedbackServiceException;
@@ -125,14 +125,14 @@ public interface UserService
)
}
)
- ActionStatus createAdminUser( User user )
+ User createAdminUser( User user )
throws RedbackServiceException;
- @Path( "admin/exists" )
+ @Path( "admin/status" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noRestriction = true )
- AvailabilityStatus isAdminUserExists()
+ AvailabilityStatus getAdminStatus()
throws RedbackServiceException;
@@ -140,14 +140,31 @@ public interface UserService
@DELETE
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_DELETE_OPERATION )
- ActionStatus deleteUser( @PathParam( "userId" ) String userId )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If user deletion was successful"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" )
+ }
+ )
+ void deleteUser( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
@Path( "{userId}" )
@PUT
- @Produces( { MediaType.APPLICATION_JSON } )
+ @Produces( {MediaType.APPLICATION_JSON} )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- ActionStatus updateUser( @PathParam( "userId" ) String userId, User user )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If update was successful"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ @ApiResponse( responseCode = "422", description = "Update data was not valid. E.g. password violations." )
+ }
+ )
+ User updateUser( @PathParam( "userId" ) String userId, User user )
throws RedbackServiceException;
/**
@@ -171,18 +188,18 @@ public interface UserService
/**
*/
- @Path( "{userId}/passwordStatus" )
+ @Path( "{userId}/password/status" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- PasswordStatus passwordChangeRequired( @PathParam( "userId" ) String userId )
+ PasswordStatus getPasswordStatus( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
/**
* update only the current user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
*/
- @Path( "{userId}" )
+ @Path( "me" )
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
@@ -196,7 +213,7 @@ public interface UserService
PingResult ping()
throws RedbackServiceException;
- @Path( "{userId}/clearCache" )
+ @Path( "{userId}/cache/clear" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
@@ -218,9 +235,9 @@ public interface UserService
throws RedbackServiceException;
/**
- * if redback is not configured for email validation is required, -1 is returned as key
- * @since 1.4
- */
+ *
+ *
+ * @return*/
@Path( "{userId}/register" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@@ -231,9 +248,8 @@ public interface UserService
/**
*
* @param resetPasswordRequest contains username for send a password reset email
- * @since 1.4
*/
- @Path( "{userId}/resetPassword" )
+ @Path( "{userId}/password/reset" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@Consumes( { MediaType.APPLICATION_JSON } )
@@ -242,7 +258,6 @@ public interface UserService
throws RedbackServiceException;
/**
- * @since 1.4
*/
@Path( "{userId}/permissions" )
@GET
@@ -265,26 +280,26 @@ public interface UserService
* @return the current logged user permissions, if no logged user guest permissions are returned
* @since 1.4
*/
- @Path( "{userId}/self/permissions" )
+ @Path( "me/permissions" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noRestriction = true, noPermission = true )
- Collection<Permission> getCurrentUserPermissions(@PathParam( "userId" ) String userId)
+ Collection<Permission> getCurrentUserPermissions( )
throws RedbackServiceException;
/**
* @return the current logged user operations, if no logged user guest operations are returned
* @since 1.4
*/
- @Path( "{userId}/self/operations" )
+ @Path( "me/operations" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noRestriction = true, noPermission = true )
- Collection<Operation> getCurrentUserOperations(@PathParam( "userId" ) String userId)
+ Collection<Operation> getCurrentUserOperations( )
throws RedbackServiceException;
- @Path( "{userId}/registration/{key}/validate" )
+ @Path( "{userId}/register/{key}/validate" )
@GET
@Produces( {MediaType.APPLICATION_JSON} )
@RedbackAuthorization( noRestriction = true, noPermission = true )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java
index a3a451c..5217132 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultRoleManagementService.java
@@ -29,7 +29,7 @@ import org.apache.archiva.redback.rbac.UserAssignment;
import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.Application;
import org.apache.archiva.redback.rest.api.model.ApplicationRoles;
-import org.apache.archiva.redback.rest.api.model.AvailabilityStatus;
+import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Role;
import org.apache.archiva.redback.rest.api.model.RoleTemplate;
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
index 1272b97..9be5b98 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
@@ -199,7 +199,7 @@ public class DefaultAuthenticationService
catch ( UserManagerException e )
{
log.warn( "UserManagerException: {}", e.getMessage() );
- throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_USERMANAGER_FAIL, e.getMessage( ) ) );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
}
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index b69db52..8b90071 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -37,17 +37,19 @@ import org.apache.archiva.redback.keys.KeyNotFoundException;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.policy.PasswordEncoder;
+import org.apache.archiva.redback.policy.PasswordRuleViolationException;
import org.apache.archiva.redback.policy.UserSecurityPolicy;
import org.apache.archiva.redback.rbac.RBACManager;
import org.apache.archiva.redback.rbac.RbacManagerException;
import org.apache.archiva.redback.rbac.UserAssignment;
+import org.apache.archiva.redback.rest.api.Constants;
import org.apache.archiva.redback.rest.api.model.ActionStatus;
-import org.apache.archiva.redback.rest.api.model.AvailabilityStatus;
+import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
import org.apache.archiva.redback.rest.api.model.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
-import org.apache.archiva.redback.rest.api.model.RegistrationKey;
+import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
import org.apache.archiva.redback.rest.api.model.Resource;
import org.apache.archiva.redback.rest.api.model.VerificationStatus;
@@ -87,6 +89,7 @@ import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Set;
+import java.util.stream.Collectors;
import static org.apache.archiva.redback.rest.api.Constants.*;
@@ -98,6 +101,7 @@ public class DefaultUserService
private final Logger log = LoggerFactory.getLogger( getClass() );
private static final String VALID_USERNAME_CHARS = "[a-zA-Z_0-9\\-.@]*";
+ private static final String[] INVALID_USER_NAMES = { "me" };
private UserManager userManager;
@@ -165,9 +169,14 @@ public class DefaultUserService
@Override
- public ActionStatus createUser( User user )
+ public User createUser( User user )
throws RedbackServiceException
{
+ User result;
+ if ( Arrays.binarySearch( INVALID_USER_NAMES, user.getUserId( ) ) >=0 )
+ {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 405 );
+ }
try
{
@@ -231,6 +240,7 @@ public class DefaultUserService
}
roleManager.assignRole( RedbackRoleConstants.REGISTERED_USER_ROLE_ID, u.getUsername() );
+ result = getRestUser( u );
httpServletResponse.setStatus( 201 );
httpServletResponse.setHeader( "Location", uriInfo.getAbsolutePathBuilder().path( user.getUserId() ).build( ).toString() );
}
@@ -243,11 +253,11 @@ public class DefaultUserService
{
throw new RedbackServiceException( ErrorMessage.of(ERR_UNKNOWN, e.getMessage() ) );
}
- return ActionStatus.SUCCESS;
+ return result;
}
@Override
- public ActionStatus deleteUser( String userId )
+ public void deleteUser( String userId )
throws RedbackServiceException
{
@@ -264,26 +274,26 @@ public class DefaultUserService
catch ( RbacManagerException e )
{
log.error( e.getMessage(), e );
- throw new RedbackServiceException( e.getMessage() );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_RBACMANAGER_FAIL, e.getMessage( ) ) );
}
try
{
userManager.deleteUser( userId );
- return ActionStatus.SUCCESS;
}
catch ( UserNotFoundException e )
{
log.error( e.getMessage(), e );
- throw new RedbackServiceException( e.getMessage() );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ), 404 );
}
catch ( UserManagerException e )
{
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
}
finally
{
removeFromCache( userId );
}
+ httpServletResponse.setStatus( 200 );
}
@@ -405,26 +415,33 @@ public class DefaultUserService
}
@Override
- public ActionStatus updateUser( String userId, User user )
+ public User updateUser( String userId, User user )
throws RedbackServiceException
{
try
{
- org.apache.archiva.redback.users.User rawUser = userManager.findUser( user.getUserId(), false );
- rawUser.setFullName( user.getFullName() );
- rawUser.setEmail( user.getEmail() );
+ org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
+ if (user.getFullName()!=null)
+ rawUser.setFullName( user.getFullName() );
+ if (user.getEmail()!=null)
+ rawUser.setEmail( user.getEmail() );
rawUser.setValidated( user.isValidated() );
rawUser.setLocked( user.isLocked() );
- rawUser.setPassword( user.getPassword() );
+ if ( !StringUtils.isEmpty( user.getPassword( ) ) )
+ rawUser.setPassword( user.getPassword() );
rawUser.setPasswordChangeRequired( user.isPasswordChangeRequired() );
rawUser.setPermanent( user.isPermanent() );
- userManager.updateUser( rawUser );
- return ActionStatus.SUCCESS;
+ org.apache.archiva.redback.users.User updatedUser = userManager.updateUser( rawUser );
+
+ return getRestUser( updatedUser );
}
catch ( UserNotFoundException e )
{
- throw new RedbackServiceException( e.getMessage() );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ), 404 );
+ } catch ( PasswordRuleViolationException e ) {
+ List<ErrorMessage> messages = e.getViolations( ).getViolations( ).stream( ).map( m -> ErrorMessage.of( m.getKey( ), m.getArgs( ) ) ).collect( Collectors.toList() );
+ throw new RedbackServiceException( messages, 422 );
}
catch ( UserManagerException e )
{
@@ -532,18 +549,20 @@ public class DefaultUserService
}
@Override
- public ActionStatus createAdminUser( User adminUser )
+ public User createAdminUser( User adminUser )
throws RedbackServiceException
{
- if ( isAdminUserExists().isExists() )
+ User result;
+ if ( getAdminStatus().isExists() )
{
log.warn( "Admin user exists already" );
- return ActionStatus.FAIL;
+ httpServletResponse.setHeader( "Location", uriInfo.getAbsolutePath().toString() );
+ throw new RedbackServiceException( ErrorMessage.of( Constants.ERR_USER_ADMIN_EXISTS ), 303 );
}
log.debug("Creating admin admin user '{}'", adminUser.getUserId());
if (!RedbackRoleConstants.ADMINISTRATOR_ACCOUNT_NAME.equals(adminUser.getUserId())) {
log.error("Wrong admin user name {}", adminUser.getUserId());
- throw new RedbackServiceException(new ErrorMessage("admin.wrongUsername"));
+ throw new RedbackServiceException(ErrorMessage.of(Constants.ERR_USER_ADMIN_BAD_NAME ), 405);
}
try
@@ -559,27 +578,35 @@ public class DefaultUserService
user.setValidated( true );
userManager.addUser( user );
+ result = getRestUser( user );
roleManager.assignRole( "system-administrator", user.getUsername() );
}
catch ( RoleManagerException e )
{
- throw new RedbackServiceException( e.getMessage() );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_ROLEMANAGER_FAIL, e.getMessage( ) ) );
}
catch ( UserManagerException e )
{
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage() ) );
}
- return ActionStatus.SUCCESS;
+ httpServletResponse.setStatus( 201 );
+ httpServletResponse.setHeader( "Location", uriInfo.getAbsolutePath().toString() );
+ return result;
}
@Override
- public AvailabilityStatus isAdminUserExists()
+ public AvailabilityStatus getAdminStatus()
throws RedbackServiceException
{
try
{
- userManager.findUser( config.getString( UserConfigurationKeys.DEFAULT_ADMIN ) );
- return new AvailabilityStatus( true );
+ org.apache.archiva.redback.users.User user = userManager.findUser( config.getString( UserConfigurationKeys.DEFAULT_ADMIN ) );
+ if (user.getAccountCreationDate()!=null)
+ {
+ return new AvailabilityStatus( true, user.getAccountCreationDate( ).toInstant( ) );
+ } else {
+ return new AvailabilityStatus( true );
+ }
}
catch ( UserNotFoundException e )
{
@@ -593,7 +620,7 @@ public class DefaultUserService
{
return new AvailabilityStatus( false );
}
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage() ) );
}
return new AvailabilityStatus( false );
}
@@ -722,7 +749,7 @@ public class DefaultUserService
securityPolicy.setEnabled( false );
userManager.addUser( u );
- return new RegistrationKey( authkey.getKey() );
+ return new RegistrationKey( authkey.getKey(), true );
}
catch ( KeyManagerException e )
@@ -744,7 +771,7 @@ public class DefaultUserService
try
{
userManager.addUser( u );
- return new RegistrationKey( "-1" );
+ return new RegistrationKey( "-1", false );
}
catch ( UserManagerException e )
{
@@ -763,7 +790,7 @@ public class DefaultUserService
@Override
- public Collection<Permission> getCurrentUserPermissions(String userId)
+ public Collection<Permission> getCurrentUserPermissions( )
throws RedbackServiceException
{
RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
@@ -781,7 +808,7 @@ public class DefaultUserService
}
@Override
- public Collection<Operation> getCurrentUserOperations(String userId)
+ public Collection<Operation> getCurrentUserOperations( )
throws RedbackServiceException
{
RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
@@ -1036,7 +1063,7 @@ public class DefaultUserService
}
@Override
- public PasswordStatus passwordChangeRequired( String userId )
+ public PasswordStatus getPasswordStatus( String userId )
throws RedbackServiceException
{
User user = getUser( userId );
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/RoleManagementServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/RoleManagementServiceTest.java
index 69d4b10..c51060b 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/RoleManagementServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/RoleManagementServiceTest.java
@@ -24,6 +24,7 @@ import org.apache.archiva.redback.rest.api.model.User;
import org.apache.archiva.redback.rest.api.services.RoleManagementService;
import org.apache.archiva.redback.rest.api.services.UserService;
import org.apache.commons.lang3.StringUtils;
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.test.context.ContextConfiguration;
@@ -45,6 +46,7 @@ public class RoleManagementServiceTest
{
+ @Ignore
@Test
public void roleExist()
throws Exception
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index 0888c19..e2870c4 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -37,6 +37,7 @@ import java.util.List;
import java.util.Map;
import static io.restassured.RestAssured.given;
+import static io.restassured.RestAssured.replaceFiltersWith;
import static io.restassured.http.ContentType.JSON;
import static org.junit.jupiter.api.Assertions.*;
@@ -140,11 +141,27 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
jsonAsMap.put( "password", "pAssw0rD" );
- Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 405 );
+
+ }
+
+ @Test
+ void createInvalidMeUser() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "me" );
+ jsonAsMap.put( "email", "me@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Its just me" );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
.post( )
- .then( ).statusCode( 405 ).extract( ).response( );
+ .then( ).statusCode( 405 );
}
@@ -231,4 +248,171 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
}
+ @Test
+ void createExistingAdminUser() {
+ String token = null;
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "admin" );
+ jsonAsMap.put( "email", "admin@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Admin" );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .redirects().follow( false )
+ .post( "admin" )
+ .then( ).statusCode( 303 ).extract( ).response( );
+ assertTrue( response.getHeader( "Location" ).endsWith( "/users/admin" ) );
+ }
+
+ @Test
+ void checkAdminStatus() {
+ String token = null;
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .get( "admin/status" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertNotNull( response );
+ assertTrue( response.body( ).jsonPath( ).getBoolean("exists" ) );
+ assertNotNull( response.body( ).jsonPath( ).get( "since" ) );
+ }
+
+ @Test
+ void deleteUser() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ }
+
+ @Test
+ void deleteNonexistingUser() {
+ String token = getAdminToken( );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "galadriel" )
+ .then( ).statusCode( 404 ).extract( ).response( );
+ }
+
+ @Test
+ void deleteUserPermissionDenied() {
+ String adminToken = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+ String token = null;
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 401 ).extract( ).response( );
+ } finally
+ {
+ given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void updateUser() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+
+ try
+ {
+ jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "email", "aragorn2@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" );
+ jsonAsMap.put( "password", "pAssw0rDXX" );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .put( "aragorn" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertNotNull( response );
+ assertEquals( "aragorn2@lordoftherings.org", response.body( ).jsonPath( ).getString( "email" ) );
+ }finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void updateNonExistingUser() {
+ String token = getAdminToken( );
+ HashMap<Object, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "email", "aragorn2@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" );
+ jsonAsMap.put( "password", "pAssw0rDXX" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .put( "aragorn" )
+ .then( ).statusCode( 404 );
+ }
+
+ @Test
+ void updateUserPasswordViolation() {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+
+ try
+ {
+ jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "email", "aragorn2@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .put( "aragorn" )
+ .prettyPeek()
+ .then( ).statusCode( 422 ).extract( ).response( );
+ assertNotNull( response );
+ assertEquals( "user.password.violation.reuse", response.body( ).jsonPath( ).get( "errorMessages[0].errorKey" ) );
+ }finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
}
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index 5cacbc7..b11bda9 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -129,7 +129,6 @@ public class UserServiceTest
@Test
public void getUsersWithoutAuthz( )
- throws Exception
{
UserService userService = getUserService( null );
assertThrows( ForbiddenException.class, ( ) -> {
@@ -471,7 +470,7 @@ public class UserServiceTest
throws Exception
{
createGuestIfNeeded( );
- Collection<Permission> permissions = getUserService( null ).getCurrentUserPermissions("guest" );
+ Collection<Permission> permissions = getUserService( null ).getCurrentUserPermissions( );
log.info( "guest permisssions: {}", permissions );
}
@@ -488,7 +487,7 @@ public class UserServiceTest
throws Exception
{
createGuestIfNeeded( );
- Collection<Operation> operations = getUserService( null ).getCurrentUserOperations("guest" );
+ Collection<Operation> operations = getUserService( null ).getCurrentUserOperations( );
log.info( "guest operations: {}", operations );
}
[archiva-redback-core] 06/06: Adding me services for REST V2
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit aae69ef8d0beac1e44edb3f96b5c0ab778b741ab
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sat Aug 22 20:27:05 2020 +0200
Adding me services for REST V2
---
.../apache/archiva/redback/rest/api/Constants.java | 2 +
.../archiva/redback/rest/api/model/v2/User.java | 13 +-
.../redback/rest/api/services/v2/UserService.java | 52 ++--
.../rest/services/v2/DefaultUserService.java | 119 ++++-----
.../rest/services/v2/NativeUserServiceTest.java | 287 ++++++++++++++++-----
.../redback/rest/services/v2/UserServiceTest.java | 17 +-
6 files changed, 322 insertions(+), 168 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
index 7c2b406..415e49c 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/Constants.java
@@ -56,6 +56,8 @@ public interface Constants
String ERR_AUTH_INVALID_TOKEN = "redback:auth.invalid_token";
String ERR_AUTH_UNAUTHORIZED_REQUEST = "redback:auth.unauthorized_request";
+ String ERR_USER_BAD_PASSWORD = "redback:user.bad.password";
+
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java
index 4a3367d..de3c1b2 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/User.java
@@ -65,9 +65,8 @@ public class User
/**
* for password change only
*
- * @since 1.4
*/
- private String previousPassword;
+ private String currentPassword;
/**
* for roles update only <b>not return on user read</b>
@@ -279,14 +278,14 @@ public class User
this.timestampLastPasswordChange = OffsetDateTime.ofInstant( timestampLastPasswordChange, ZoneId.systemDefault() );
}
- public String getPreviousPassword()
+ public String getCurrentPassword()
{
- return previousPassword;
+ return currentPassword;
}
- public void setPreviousPassword( String previousPassword )
+ public void setCurrentPassword( String currentPassword )
{
- this.previousPassword = previousPassword;
+ this.currentPassword = currentPassword;
}
public List<String> getAssignedRoles()
@@ -353,7 +352,7 @@ public class User
", timestampAccountCreation='" + timestampAccountCreation + '\'' +
", timestampLastLogin='" + timestampLastLogin + '\'' +
", timestampLastPasswordChange='" + timestampLastPasswordChange + '\'' +
- ", previousPassword='" + previousPassword + '\'' +
+ ", previousPassword='" + currentPassword + '\'' +
", assignedRoles=" + assignedRoles +
", readOnly=" + readOnly +
", userManagerId='" + userManagerId + '\'' +
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index bb81317..ba739e0 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -237,7 +237,7 @@ public interface UserService
/**
- * update only the current logged in user and this fields: fullname, email, password.
+ * Update only the current logged in user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
* @return
*/
@@ -245,9 +245,34 @@ public interface UserService
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Updates information of the current logged in user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If user data has been updated"
+ ),
+ @ApiResponse( responseCode = "403", description = "Logged in user does not match the provided userid" ),
+ @ApiResponse( responseCode = "401", description = "User is not logged in" ),
+ @ApiResponse( responseCode = "400", description = "Provided data is not valid" )
+ }
+ )
User updateMe( User user )
throws RedbackServiceException;
+ @Path( "me" )
+ @GET
+ @Produces( { MediaType.APPLICATION_JSON } )
+ @RedbackAuthorization( noPermission = true )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Gets information of the current logged in user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If user data is returned"
+ ),
+ @ApiResponse( responseCode = "401", description = "User is not logged in" ),
+ @ApiResponse( responseCode = "400", description = "Provided data is not valid" )
+ }
+ )
+ User getLoggedInUser( ) throws RedbackServiceException;
+
@Path( "___ping___" )
@GET
@Produces( { MediaType.APPLICATION_JSON } )
@@ -259,27 +284,22 @@ public interface UserService
@POST
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
+ @io.swagger.v3.oas.annotations.Operation( summary = "Clears the cache for the user",
+ responses = {
+ @ApiResponse( responseCode = "200",
+ description = "If the cache was cleared properly"
+ ),
+ @ApiResponse( responseCode = "404", description = "User does not exist" ),
+ }
+ )
ActionStatus removeFromCache( @PathParam( "userId" ) String userId )
throws RedbackServiceException;
- @Path( "guest" )
- @GET
- @Produces( { MediaType.APPLICATION_JSON } )
- @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- User getGuestUser()
- throws RedbackServiceException;
-
- @Path( "guest" )
- @POST
- @Produces( { MediaType.APPLICATION_JSON } )
- @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
- User createGuestUser()
- throws RedbackServiceException;
-
/**
*
*
- * @return*/
+ * @return
+ */
@Path( "{userId}/register" )
@POST
@Produces( { MediaType.APPLICATION_JSON } )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 5462b1b..2273d00 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -104,7 +104,7 @@ public class DefaultUserService
private final Logger log = LoggerFactory.getLogger( getClass() );
private static final String VALID_USERNAME_CHARS = "[a-zA-Z_0-9\\-.@]*";
- private static final String[] INVALID_USER_NAMES = { "me" };
+ private static final String[] INVALID_CREATE_USER_NAMES = { "admin", "guest", "me" };
private UserManager userManager;
@@ -188,7 +188,7 @@ public class DefaultUserService
throws RedbackServiceException
{
User result;
- if ( Arrays.binarySearch( INVALID_USER_NAMES, user.getUserId( ) ) >=0 )
+ if ( Arrays.binarySearch( INVALID_CREATE_USER_NAMES, user.getUserId( ) ) >=0 )
{
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_ID_INVALID, user.getUserId() ), 405 );
}
@@ -318,6 +318,9 @@ public class DefaultUserService
{
try
{
+ if ("guest".equals(userId)) {
+ return getRestUser( userManager.getGuestUser( ) );
+ }
org.apache.archiva.redback.users.User user = userManager.findUser( userId );
return getRestUser( user );
}
@@ -362,11 +365,12 @@ public class DefaultUserService
public User updateMe( User user )
throws RedbackServiceException
{
- // check username == one in the session
-
RedbackPrincipal principal = getPrincipal( );
if (principal==null) {
- throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 403 );
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 );
+ }
+ if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() );
}
// check oldPassword with the current one
@@ -375,23 +379,27 @@ public class DefaultUserService
org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
try
{
- String previousEncodedPassword =
- securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
+ // current password is only needed, if password change is requested
+ if ( StringUtils.isNotBlank( user.getPassword( ) ) )
+ {
+ String previousEncodedPassword =
+ securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
- // check oldPassword with the current one
+ // check oldPassword with the current one
- PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( );
+ PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( );
- if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword( ) ) )
- {
+ if ( !encoder.isPasswordValid( previousEncodedPassword, user.getCurrentPassword( ) ) )
+ {
- return new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
- Response.Status.BAD_REQUEST.getStatusCode( ) );
+ return new RedbackServiceException( ErrorMessage.of( ERR_USER_BAD_PASSWORD ),
+ Response.Status.BAD_REQUEST.getStatusCode( ) );
+ }
}
}
catch ( UserNotFoundException e )
{
- return new RedbackServiceException( new ErrorMessage( "user not found" ),
+ return new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND ),
Response.Status.BAD_REQUEST.getStatusCode( ) );
}
catch ( UserManagerException e )
@@ -399,8 +407,14 @@ public class DefaultUserService
return new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
}
// only 3 fields to update
- realUser.setFullName( user.getFullName( ) );
- realUser.setEmail( user.getEmail( ) );
+ if (StringUtils.isNotBlank( user.getFullName() ))
+ {
+ realUser.setFullName( user.getFullName( ) );
+ }
+ if (StringUtils.isNotBlank( user.getEmail() ))
+ {
+ realUser.setEmail( user.getEmail( ) );
+ }
// ui can limit to not update password
if ( StringUtils.isNotBlank( user.getPassword( ) ) )
{
@@ -413,6 +427,26 @@ public class DefaultUserService
}
@Override
+ public User getLoggedInUser( )
+ throws RedbackServiceException
+ {
+ RedbackPrincipal principal = getPrincipal( );
+ if (principal==null) {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 );
+ }
+
+ try
+ {
+ org.apache.archiva.redback.users.User foundUser = userManager.findUser( principal.getUser().getUsername(), false );
+ return getRestUser( foundUser );
+ }
+ catch ( UserManagerException e )
+ {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ), 400 );
+ }
+ }
+
+ @Override
public User updateUser( String userId, User user )
throws RedbackServiceException
{
@@ -478,59 +512,6 @@ public class DefaultUserService
}
@Override
- public User getGuestUser()
- throws RedbackServiceException
- {
- try
- {
- org.apache.archiva.redback.users.User user = userManager.getGuestUser();
- return getRestUser( user );
- }
- catch ( Exception e )
- {
- return null;
- }
- }
-
- @Override
- public User createGuestUser()
- throws RedbackServiceException
- {
- User u = getGuestUser();
- if ( u != null )
- {
- return u;
- }
- // temporary disable policy during guest creation as no password !
- try
- {
- securitySystem.getPolicy().setEnabled( false );
- org.apache.archiva.redback.users.User user = userManager.createGuestUser();
- user.setPasswordChangeRequired( false );
- user = userManager.updateUser( user, false );
- roleManager.assignRole( config.getString( UserConfigurationKeys.DEFAULT_GUEST ), user.getUsername() );
- return getRestUser( user );
- }
- catch ( RoleManagerException | UserNotFoundException e )
- {
- log.error( e.getMessage(), e );
- throw new RedbackServiceException( e.getMessage() );
- }
- catch ( UserManagerException e )
- {
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
- }
- finally
- {
-
- if ( !securitySystem.getPolicy().isEnabled() )
- {
- securitySystem.getPolicy().setEnabled( true );
- }
- }
- }
-
- @Override
public PingResult ping()
throws RedbackServiceException
{
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index e03233c..e8fd540 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -31,13 +31,11 @@ import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit.jupiter.SpringExtension;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import static io.restassured.RestAssured.given;
-import static io.restassured.RestAssured.replaceFiltersWith;
import static io.restassured.http.ContentType.JSON;
import static org.junit.jupiter.api.Assertions.*;
@@ -48,7 +46,7 @@ import static org.junit.jupiter.api.Assertions.*;
@ContextConfiguration(
locations = {"classpath:/ldap-spring-test.xml"} )
@TestInstance( TestInstance.Lifecycle.PER_CLASS )
-@Tag("rest-native")
+@Tag( "rest-native" )
@TestMethodOrder( MethodOrderer.Random.class )
public class NativeUserServiceTest extends AbstractNativeRestServices
{
@@ -59,19 +57,20 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@BeforeAll
- void setup() throws Exception
+ void setup( ) throws Exception
{
- super.setupNative();
+ super.setupNative( );
}
@AfterAll
- void destroy() throws Exception
+ void destroy( ) throws Exception
{
- super.shutdownNative();
+ super.shutdownNative( );
}
@Test
- void getUsers() {
+ void getUsers( )
+ {
String token = getAdminToken( );
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( ).get( ).then( ).statusCode( 200 ).extract( ).response( );
@@ -85,13 +84,15 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void getUsersWithoutLogin() {
- given( ).spec( getRequestSpec( ) ).contentType( JSON )
+ void getUsersWithoutLogin( )
+ {
+ given( ).spec( getRequestSpec( ) ).contentType( JSON )
.when( ).get( ).then( ).statusCode( 403 );
}
@Test
- void getUser() {
+ void getUser( )
+ {
String token = getAdminToken( );
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.when( ).get( "admin" ).then( ).statusCode( 200 ).extract( ).response( );
@@ -102,14 +103,16 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void getUserWithoutLogin() {
- given( ).spec( getRequestSpec( ) ).contentType( JSON )
+ void getUserWithoutLogin( )
+ {
+ given( ).spec( getRequestSpec( ) ).contentType( JSON )
.when( ).get( "admin" ).then( ).statusCode( 403 );
}
@Test
- void createUser() {
+ void createUser( )
+ {
String token = getAdminToken( );
try
{
@@ -125,16 +128,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 201 ).extract( ).response( );
assertTrue( response.getHeader( "Location" ).endsWith( "/aragorn" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .when( ).delete( "aragorn").then( ).statusCode( 200 );
+ .when( ).delete( "aragorn" ).then( ).statusCode( 200 );
}
}
@Test
- void createInvalidUser() {
+ void createInvalidUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "" );
@@ -150,7 +155,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void createInvalidMeUser() {
+ void createInvalidMeUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "me" );
@@ -167,7 +173,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
@Test
- void createUserAndPermissionFail() {
+ void createUserAndPermissionFail( )
+ {
String token = getAdminToken( );
try
{
@@ -198,16 +205,18 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 403 );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .when( ).delete( "aragorn").then( ).statusCode( 200 );
+ .when( ).delete( "aragorn" ).then( ).statusCode( 200 );
}
}
@Test
- void createUserExistsAlready() {
+ void createUserExistsAlready( )
+ {
String token = getAdminToken( );
try
{
@@ -234,22 +243,24 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
- .redirects().follow( false ) // Rest assured default is following the 303 redirect
+ .redirects( ).follow( false ) // Rest assured default is following the 303 redirect
.post( )
- .prettyPeek()
- .peek()
- .then( ).statusCode( 303 ).extract().response();
+ .prettyPeek( )
+ .peek( )
+ .then( ).statusCode( 303 ).extract( ).response( );
assertTrue( response.getHeader( "Location" ).endsWith( "/aragorn" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .when( ).delete( "aragorn").then( ).statusCode( 200 );
+ .when( ).delete( "aragorn" ).then( ).statusCode( 200 );
}
}
@Test
- void createExistingAdminUser() {
+ void createExistingAdminUser( )
+ {
String token = null;
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "admin" );
@@ -259,25 +270,27 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.body( jsonAsMap )
.when( )
- .redirects().follow( false )
+ .redirects( ).follow( false )
.post( "admin" )
.then( ).statusCode( 303 ).extract( ).response( );
assertTrue( response.getHeader( "Location" ).endsWith( "/users/admin" ) );
}
@Test
- void checkAdminStatus() {
+ void checkAdminStatus( )
+ {
String token = null;
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.get( "admin/status" )
.then( ).statusCode( 200 ).extract( ).response( );
assertNotNull( response );
- assertTrue( response.body( ).jsonPath( ).getBoolean("exists" ) );
+ assertTrue( response.body( ).jsonPath( ).getBoolean( "exists" ) );
assertNotNull( response.body( ).jsonPath( ).get( "since" ) );
}
@Test
- void deleteUser() {
+ void deleteUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -296,7 +309,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void deleteNonexistingUser() {
+ void deleteNonexistingUser( )
+ {
String token = getAdminToken( );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "galadriel" )
@@ -304,7 +318,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void deleteUserPermissionDenied() {
+ void deleteUserPermissionDenied( )
+ {
String adminToken = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -322,7 +337,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
.then( ).statusCode( 401 ).extract( ).response( );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( adminToken ) ).contentType( JSON )
.delete( "aragorn" )
@@ -331,7 +347,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void updateUser() {
+ void updateUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -357,7 +374,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.then( ).statusCode( 200 ).extract( ).response( );
assertNotNull( response );
assertEquals( "aragorn2@lordoftherings.org", response.body( ).jsonPath( ).getString( "email" ) );
- }finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -366,21 +384,23 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void updateNonExistingUser() {
+ void updateNonExistingUser( )
+ {
String token = getAdminToken( );
HashMap<Object, Object> jsonAsMap = new HashMap<>( );
- jsonAsMap.put( "email", "aragorn2@lordoftherings.org" );
- jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" );
- jsonAsMap.put( "password", "pAssw0rDXX" );
- given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .body( jsonAsMap )
- .when( )
- .put( "aragorn" )
- .then( ).statusCode( 404 );
+ jsonAsMap.put( "email", "aragorn2@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor the Second" );
+ jsonAsMap.put( "password", "pAssw0rDXX" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .put( "aragorn" )
+ .then( ).statusCode( 404 );
}
@Test
- void updateUserWithPasswordViolation() {
+ void updateUserWithPasswordViolation( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -403,11 +423,12 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.body( jsonAsMap )
.when( )
.put( "aragorn" )
- .prettyPeek()
+ .prettyPeek( )
.then( ).statusCode( 422 ).extract( ).response( );
assertNotNull( response );
assertEquals( "user.password.violation.reuse", response.body( ).jsonPath( ).get( "errorMessages[0].errorKey" ) );
- }finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -416,7 +437,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void lockUser() {
+ void lockUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -438,7 +460,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertTrue( response.getBody( ).jsonPath( ).getBoolean( "locked" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -447,15 +470,17 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void lockUnknownUser() {
+ void lockUnknownUser( )
+ {
String token = getAdminToken( );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
- .post( "aragorn/lock" )
- .then( ).statusCode( 404 );
+ .post( "aragorn/lock" )
+ .then( ).statusCode( 404 );
}
@Test
- void unlockUser() {
+ void unlockUser( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -481,7 +506,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertFalse( response.getBody( ).jsonPath( ).getBoolean( "locked" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -491,7 +517,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void unlockUnknownUser() {
+ void unlockUnknownUser( )
+ {
String token = getAdminToken( );
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.post( "aragorn/unlock" )
@@ -499,7 +526,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void setPasswordChangeRequire() {
+ void setPasswordChangeRequire( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -521,7 +549,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertTrue( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
- } finally
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
@@ -530,7 +559,8 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
}
@Test
- void setNoPasswordChangeRequire() {
+ void setNoPasswordChangeRequire( )
+ {
String token = getAdminToken( );
Map<String, Object> jsonAsMap = new HashMap<>( );
jsonAsMap.put( "user_id", "aragorn" );
@@ -557,7 +587,140 @@ public class NativeUserServiceTest extends AbstractNativeRestServices
.get( "aragorn" )
.then( ).statusCode( 200 ).extract( ).response( );
assertFalse( response.getBody( ).jsonPath( ).getBoolean( "passwordChangeRequired" ) );
- } finally
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+
+ @Test
+ void updateMe( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rD" );
+ Map<String, Object> updateMap = new HashMap<>( );
+ updateMap.put( "user_id", "aragorn" );
+ updateMap.put( "email", "aragorn-swiss@lordoftherings.org" );
+ updateMap.put( "fullName", "Aragorn King of Switzerland" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .body( updateMap )
+ .when( )
+ .put( "me" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertEquals( "Aragorn King of Switzerland", response.getBody( ).jsonPath( ).getString( "fullName" ) );
+ assertEquals( "aragorn-swiss@lordoftherings.org", response.getBody( ).jsonPath( ).getString( "email" ) );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void updateMeInvalidUser( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rDA" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+
+ jsonAsMap.put( "user_id", "elrond" );
+ jsonAsMap.put( "email", "elrond@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Elrond King of Elves" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rDE" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rDA" );
+ Map<String, Object> updateMap = new HashMap<>( );
+ updateMap.put( "user_id", "elrond" );
+ updateMap.put( "email", "elrond-swiss@lordoftherings.org" );
+ updateMap.put( "fullName", "Elrond King of Switzerland" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .body( updateMap )
+ .when( )
+ .put( "me" )
+ .then( ).statusCode( 403 ).extract( ).response( );
+ }
+ finally
+ {
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .delete( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ }
+
+ @Test
+ void updateMeWithPassword( )
+ {
+ String token = getAdminToken( );
+ Map<String, Object> jsonAsMap = new HashMap<>( );
+ jsonAsMap.put( "user_id", "aragorn" );
+ jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
+ jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
+ jsonAsMap.put( "validated", true );
+ jsonAsMap.put( "password", "pAssw0rD" );
+ given( ).spec( getRequestSpec( token ) ).contentType( JSON )
+ .body( jsonAsMap )
+ .when( )
+ .post( )
+ .then( ).statusCode( 201 );
+ try
+ {
+
+ String userToken = getUserToken( "aragorn", "pAssw0rD" );
+ Map<String, Object> updateMap = new HashMap<>( );
+ updateMap.put( "user_id", "aragorn" );
+ updateMap.put( "email", "aragorn-sweden@lordoftherings.org" );
+ updateMap.put( "fullName", "Aragorn King of Sweden" );
+ updateMap.put( "currentPassword", "pAssw0rD" );
+ updateMap.put( "password", "x1y2z3a4b5c6d8##" );
+ Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
+ .body( updateMap )
+ .when( )
+ .put( "me" )
+ .then( ).statusCode( 200 ).extract( ).response( );
+ assertEquals( "Aragorn King of Sweden", response.getBody( ).jsonPath( ).getString( "fullName" ) );
+ assertEquals( "aragorn-sweden@lordoftherings.org", response.getBody( ).jsonPath( ).getString( "email" ) );
+ userToken = getUserToken( "aragorn", "x1y2z3a4b5c6d8##" );
+ given( ).spec( getRequestSpec( userToken ) ).contentType( JSON ).get( "aragorn" )
+ .then( ).statusCode( 200 );
+ }
+ finally
{
given( ).spec( getRequestSpec( token ) ).contentType( JSON )
.delete( "aragorn" )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index 05ddf4a..0268452 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -507,7 +507,7 @@ public class UserServiceTest
u.setFullName( "the toto123" );
u.setEmail( "toto@titi.fr" );
u.setPassword( "toto1234" );
- u.setPreviousPassword( "toto123" );
+ u.setCurrentPassword( "toto123" );
getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
@@ -517,7 +517,7 @@ public class UserServiceTest
u.setFullName( "the toto1234" );
u.setEmail( "toto@tititi.fr" );
u.setPassword( "toto12345" );
- u.setPreviousPassword( "toto1234" );
+ u.setCurrentPassword( "toto1234" );
getUserService( getUserAuthzHeader( "toto" )) .updateMe( u );
u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
@@ -567,23 +567,12 @@ public class UserServiceTest
}
}
- public void guestUserCreate( )
- throws Exception
- {
- UserService userService = getUserService( getAdminAuthzHeader( ) );
- assertNull( userService.getGuestUser( ) );
- assertNull( userService.createGuestUser( ) );
- }
protected void createGuestIfNeeded( )
throws Exception
{
- UserService userService = getUserService( getAdminAuthzHeader( ) );
- if ( userService.getGuestUser( ) == null )
- {
- userService.createGuestUser( );
- }
+
}
}
[archiva-redback-core] 02/06: Changing return to void for delete
action
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit bcdc1f24b631c39a06d49fedff8570e343f8d8c5
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Tue Aug 4 18:06:49 2020 +0200
Changing return to void for delete action
---
.../org/apache/archiva/redback/rest/api/services/v2/GroupService.java | 2 +-
.../apache/archiva/redback/rest/services/v2/DefaultGroupService.java | 4 ++--
.../archiva/redback/rest/services/v2/NativeGroupServiceTest.java | 1 -
3 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/GroupService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/GroupService.java
index b216498..851f07f 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/GroupService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/GroupService.java
@@ -117,7 +117,7 @@ public interface GroupService
@ApiResponse( responseCode = "404", description = "Group mapping not found" )
}
)
- ActionStatus removeGroupMapping( @Parameter( description = "The group name", required = true )
+ void removeGroupMapping( @Parameter( description = "The group name", required = true )
@PathParam( "group" ) String group )
throws RedbackServiceException;
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultGroupService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultGroupService.java
index d5610ac..e4dbf86 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultGroupService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultGroupService.java
@@ -201,7 +201,7 @@ public class DefaultGroupService
}
@Override
- public ActionStatus removeGroupMapping( String group )
+ public void removeGroupMapping( String group )
throws RedbackServiceException
{
try
@@ -213,7 +213,7 @@ public class DefaultGroupService
log.error( e.getMessage(), e );
throw new RedbackServiceException( ErrorMessage.of( ERR_ROLE_MAPPING, e.getMessage( ) ) );
}
- return ActionStatus.SUCCESS;
+ response.setStatus( 200 );
}
@Override
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java
index ce2bcb1..4129adb 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeGroupServiceTest.java
@@ -454,7 +454,6 @@ public class NativeGroupServiceTest extends AbstractNativeRestServices
.delete( "/mappings/archiva-admin" )
.then( )
.statusCode( 200 ).extract( ).response( );
- assertTrue( response.getBody( ).jsonPath( ).getBoolean( "success" ) );
} finally {
// Put it back
Map<String, Object> jsonAsMap = new HashMap<>( );
[archiva-redback-core] 05/06: Changing user REST interface V2
Posted by ma...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
martin_s pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/archiva-redback-core.git
commit d9fe4b0b8cad5b320b2bd39ffdea8a185d5f41e3
Author: Martin Stockhammer <ma...@apache.org>
AuthorDate: Sat Aug 22 15:08:38 2020 +0200
Changing user REST interface V2
---
.../redback/rest/api/services/v2/UserService.java | 3 +-
.../interceptors/BearerAuthInterceptor.java | 2 +
.../services/v2/DefaultAuthenticationService.java | 2 -
.../rest/services/v2/DefaultUserService.java | 115 ++++++++++-----------
4 files changed, 61 insertions(+), 61 deletions(-)
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index f1a9899..bb81317 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -239,12 +239,13 @@ public interface UserService
/**
* update only the current logged in user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
+ * @return
*/
@Path( "me" )
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
- ActionStatus updateMe( User user )
+ User updateMe( User user )
throws RedbackServiceException;
@Path( "___ping___" )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java
index 94cf2c2..c02580e 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java
@@ -220,6 +220,8 @@ public class BearerAuthInterceptor extends AbstractInterceptor
// message.put( AuthenticationResult.class, authenticationResult );
requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );
requestContext.setProperty( SECURITY_SESSION, securitySession );
+ RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );
+ requestContext.setSecurityContext( securityContext );
return;
}
catch ( AuthenticationException e )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
index 9be5b98..d2d99c5 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
@@ -83,8 +83,6 @@ public class DefaultAuthenticationService
@Context
private SecurityContext securityContext;
- private RedbackPrincipal redbackPrincipal;
-
@Context
private ContainerRequestContext requestContext;
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 9f29c04..5462b1b 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -47,7 +47,6 @@ import org.apache.archiva.redback.rest.api.model.ActionStatus;
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.v2.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@@ -61,6 +60,7 @@ import org.apache.archiva.redback.rest.api.services.RedbackServiceException;
import org.apache.archiva.redback.rest.api.services.v2.UserService;
import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;
import org.apache.archiva.redback.rest.services.RedbackRequestInformation;
+import org.apache.archiva.redback.rest.services.interceptors.RedbackPrincipal;
import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.role.RoleManagerException;
@@ -82,7 +82,9 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -160,6 +162,9 @@ public class DefaultUserService
@Context
private UriInfo uriInfo;
+ @Context
+ private SecurityContext securityContext;
+
@Inject
public DefaultUserService( @Named( value = "userManager#default" ) UserManager userManager,
SecuritySystem securitySystem )
@@ -168,6 +173,15 @@ public class DefaultUserService
this.securitySystem = securitySystem;
}
+ RedbackPrincipal getPrincipal() {
+ if (this.securityContext!=null) {
+ Principal pri = this.securityContext.getUserPrincipal( );
+ if (pri!=null && pri instanceof RedbackPrincipal) {
+ return (RedbackPrincipal) pri;
+ }
+ }
+ return null;
+ }
@Override
public User createUser( User user )
@@ -345,74 +359,57 @@ public class DefaultUserService
}
@Override
- public ActionStatus updateMe( User user )
+ public User updateMe( User user )
throws RedbackServiceException
{
// check username == one in the session
- RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
- if ( redbackRequestInformation == null || redbackRequestInformation.getUser() == null )
- {
- log.warn( "RedbackRequestInformation from ThreadLocal is null" );
- throw new RedbackServiceException( new ErrorMessage( "you must be logged to update your profile" ),
- Response.Status.FORBIDDEN.getStatusCode() );
- }
- if ( user == null )
- {
- throw new RedbackServiceException( new ErrorMessage( "user parameter is mandatory" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
- }
- if ( !StringUtils.equals( redbackRequestInformation.getUser().getUsername(), user.getUserId() ) )
- {
- throw new RedbackServiceException( new ErrorMessage( "you can update only your profile" ),
- Response.Status.FORBIDDEN.getStatusCode() );
- }
- if ( StringUtils.isEmpty( user.getPreviousPassword() ) )
- {
- throw new RedbackServiceException( new ErrorMessage( "previous password is empty" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
+ RedbackPrincipal principal = getPrincipal( );
+ if (principal==null) {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 403 );
}
- User realUser = getUser( user.getUserId() );
- try
- {
- String previousEncodedPassword =
- securitySystem.getUserManager().findUser( user.getUserId(), false ).getEncodedPassword();
+ // check oldPassword with the current one
+ // only 3 fields to update
+ // ui can limit to not update password
+ org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
+ try
+ {
+ String previousEncodedPassword =
+ securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
- // check oldPassword with the current one
+ // check oldPassword with the current one
- PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
+ PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( );
- if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword() ) )
- {
+ if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword( ) ) )
+ {
- throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
+ return new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
+ Response.Status.BAD_REQUEST.getStatusCode( ) );
+ }
}
- }
- catch ( UserNotFoundException e )
- {
- throw new RedbackServiceException( new ErrorMessage( "user not found" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
- }
- catch ( UserManagerException e )
- {
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
- }
- // only 3 fields to update
- realUser.setFullName( user.getFullName() );
- realUser.setEmail( user.getEmail() );
- // ui can limit to not update password
- if ( StringUtils.isNotBlank( user.getPassword() ) )
- {
- passwordValidator.validatePassword( user.getPassword(), user.getUserId() );
-
- realUser.setPassword( user.getPassword() );
- }
-
- updateUser( realUser.getUserId(), realUser );
+ catch ( UserNotFoundException e )
+ {
+ return new RedbackServiceException( new ErrorMessage( "user not found" ),
+ Response.Status.BAD_REQUEST.getStatusCode( ) );
+ }
+ catch ( UserManagerException e )
+ {
+ return new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
+ }
+ // only 3 fields to update
+ realUser.setFullName( user.getFullName( ) );
+ realUser.setEmail( user.getEmail( ) );
+ // ui can limit to not update password
+ if ( StringUtils.isNotBlank( user.getPassword( ) ) )
+ {
+ realUser.setPassword( user.getPassword( ) );
+ }
+ return null;
+ } );
- return ActionStatus.SUCCESS;
+ return getRestUser( foundUser );
}
@Override
@@ -1036,8 +1033,9 @@ public class DefaultUserService
}
- private void updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
+ private org.apache.archiva.redback.users.User updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
{
+
try
{
org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
@@ -1051,6 +1049,7 @@ public class DefaultUserService
} else {
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
}
+ return rawUser;
}
catch ( UserNotFoundException e )
{