2018-09-19 15:54:24 +02:00
|
|
|
package sonia.scm.it;
|
|
|
|
|
|
|
|
|
|
import org.junit.Assert;
|
|
|
|
|
import org.junit.Before;
|
|
|
|
|
import org.junit.Test;
|
|
|
|
|
import sonia.scm.it.utils.ScmRequests;
|
|
|
|
|
import sonia.scm.it.utils.TestData;
|
|
|
|
|
|
|
|
|
|
import static org.assertj.core.api.Assertions.assertThat;
|
|
|
|
|
|
|
|
|
|
public class UserITCase {
|
|
|
|
|
|
|
|
|
|
@Before
|
|
|
|
|
public void init(){
|
|
|
|
|
TestData.cleanup();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void adminShouldChangeOwnPassword() {
|
2018-09-20 11:51:10 +02:00
|
|
|
String newUser = "user";
|
|
|
|
|
String password = "pass";
|
2018-10-12 11:06:53 +02:00
|
|
|
TestData.createUser(newUser, password, true, "xml", "user@scm-manager.org");
|
2018-09-20 11:51:10 +02:00
|
|
|
String newPassword = "new_password";
|
2018-09-19 15:54:24 +02:00
|
|
|
// admin change the own password
|
|
|
|
|
ScmRequests.start()
|
2018-10-15 18:35:45 +02:00
|
|
|
.requestIndexResource(newUser, password)
|
|
|
|
|
.assertStatusCode(200)
|
|
|
|
|
.requestUser(newUser)
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertStatusCode(200)
|
2019-03-13 15:56:40 +01:00
|
|
|
// we could no longer easily check if the user is an admin, because the admin flag is gone
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertPassword(Assert::assertNull)
|
2018-10-17 13:25:07 +02:00
|
|
|
.requestChangePassword(newPassword)
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertStatusCode(204);
|
2018-09-20 11:51:10 +02:00
|
|
|
// assert password is changed -> login with the new Password
|
2018-09-19 15:54:24 +02:00
|
|
|
ScmRequests.start()
|
2018-10-15 18:35:45 +02:00
|
|
|
.requestIndexResource(newUser, newPassword)
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertStatusCode(200)
|
2018-10-15 18:35:45 +02:00
|
|
|
.requestUser(newUser)
|
2019-03-13 15:56:40 +01:00
|
|
|
// we could no longer easily check if the user is an admin, because the admin flag is gone
|
2018-09-20 11:51:10 +02:00
|
|
|
.assertPassword(Assert::assertNull);
|
2018-09-19 15:54:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@Test
|
|
|
|
|
public void adminShouldChangePasswordOfOtherUser() {
|
|
|
|
|
String newUser = "user";
|
|
|
|
|
String password = "pass";
|
2018-10-12 11:06:53 +02:00
|
|
|
TestData.createUser(newUser, password, true, "xml", "user@scm-manager.org");
|
2018-09-19 15:54:24 +02:00
|
|
|
String newPassword = "new_password";
|
|
|
|
|
// admin change the password of the user
|
|
|
|
|
ScmRequests.start()
|
2018-10-15 18:35:45 +02:00
|
|
|
.requestIndexResource(TestData.USER_SCM_ADMIN, TestData.USER_SCM_ADMIN)
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertStatusCode(200)
|
2018-10-15 18:35:45 +02:00
|
|
|
.requestUser(newUser)
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertStatusCode(200)
|
2019-03-13 15:56:40 +01:00
|
|
|
// we could no longer easily check if the user is an admin, because the admin flag is gone
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertPassword(Assert::assertNull)
|
|
|
|
|
.requestChangePassword(newPassword) // the oldPassword is not needed in the user resource
|
|
|
|
|
.assertStatusCode(204);
|
|
|
|
|
// assert password is changed
|
|
|
|
|
ScmRequests.start()
|
2018-10-15 18:35:45 +02:00
|
|
|
.requestIndexResource(newUser, newPassword)
|
|
|
|
|
.assertStatusCode(200)
|
|
|
|
|
.requestUser(newUser)
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertStatusCode(200);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2018-10-12 15:20:58 +02:00
|
|
|
@Test
|
2018-10-16 10:47:52 +02:00
|
|
|
public void nonAdminUserShouldNotChangePasswordOfOtherUser() {
|
|
|
|
|
String user = "user";
|
|
|
|
|
String password = "pass";
|
2018-10-16 15:58:54 +02:00
|
|
|
TestData.createUser(user, password, false, "xml", "em@l.de");
|
2018-10-16 10:47:52 +02:00
|
|
|
String user2 = "user2";
|
2018-10-16 15:58:54 +02:00
|
|
|
TestData.createUser(user2, password, false, "xml", "em@l.de");
|
|
|
|
|
ScmRequests.start()
|
|
|
|
|
.requestIndexResource(user, password)
|
|
|
|
|
.assertUsersLinkDoesNotExists();
|
|
|
|
|
// use the users/ endpoint bypassed the index resource
|
2018-10-16 10:47:52 +02:00
|
|
|
ScmRequests.start()
|
2018-10-16 15:58:54 +02:00
|
|
|
.requestUser(user, password, user2)
|
|
|
|
|
.assertStatusCode(403);
|
|
|
|
|
// use the users/password endpoint bypassed the index and users resources
|
|
|
|
|
ScmRequests.start()
|
|
|
|
|
.requestUserChangePassword(user, password, user2, "newPassword")
|
2018-10-16 10:47:52 +02:00
|
|
|
.assertStatusCode(403);
|
|
|
|
|
}
|
|
|
|
|
|
2018-09-19 15:54:24 +02:00
|
|
|
@Test
|
|
|
|
|
public void shouldHidePasswordLinkIfUserTypeIsNotXML() {
|
|
|
|
|
String newUser = "user";
|
|
|
|
|
String password = "pass";
|
|
|
|
|
String type = "not XML Type";
|
2018-10-12 11:06:53 +02:00
|
|
|
TestData.createUser(newUser, password, true, type, "user@scm-manager.org");
|
2018-09-19 15:54:24 +02:00
|
|
|
ScmRequests.start()
|
2018-10-15 18:35:45 +02:00
|
|
|
.requestIndexResource(newUser, password)
|
|
|
|
|
.assertStatusCode(200)
|
|
|
|
|
.requestUser(newUser)
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertStatusCode(200)
|
2019-03-13 15:56:40 +01:00
|
|
|
// we could no longer easily check if the user is an admin, because the admin flag is gone
|
2018-09-19 15:54:24 +02:00
|
|
|
.assertPassword(Assert::assertNull)
|
|
|
|
|
.assertType(s -> assertThat(s).isEqualTo(type))
|
|
|
|
|
.assertPasswordLinkDoesNotExists();
|
|
|
|
|
}
|
|
|
|
|
}
|
