merge

2025-11-12 16:35:45 +01:00 · 2018-10-19 11:26:14 +02:00
parent 9dc32fe128 a7089fc6db
commit 3ac803ce82
112 changed files with 11279 additions and 8661 deletions
--- a/scm-webapp/src/main/java/sonia/scm/ManagerDaoAdapter.java
+++ b/scm-webapp/src/main/java/sonia/scm/ManagerDaoAdapter.java
@@ -15,7 +15,7 @@ public class ManagerDaoAdapter<T extends ModelObject> {
    this.dao = dao;
  }

-  public void modify(T object, Function<T, PermissionCheck> permissionCheck, AroundHandler<T> beforeUpdate, AroundHandler<T> afterUpdate) throws NotFoundException {
+  public void modify(T object, Function<T, PermissionCheck> permissionCheck, AroundHandler<T> beforeUpdate, AroundHandler<T> afterUpdate) {
    T notModified = dao.get(object.getId());
    if (notModified != null) {
      permissionCheck.apply(notModified).check();
@@ -51,7 +51,7 @@ public class ManagerDaoAdapter<T extends ModelObject> {
    return newObject;
  }

-  public void delete(T toDelete, Supplier<PermissionCheck> permissionCheck, AroundHandler<T> beforeDelete, AroundHandler<T> afterDelete) throws NotFoundException {
+  public void delete(T toDelete, Supplier<PermissionCheck> permissionCheck, AroundHandler<T> beforeDelete, AroundHandler<T> afterDelete) {
    permissionCheck.get().check();
    if (dao.contains(toDelete)) {
      beforeDelete.handle(toDelete);
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/IllegalArgumentExceptionMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/IllegalArgumentExceptionMapper.java
@@ -63,6 +63,6 @@ public class IllegalArgumentExceptionMapper
  public Response toResponse(IllegalArgumentException exception)
  {
    log.info("caught IllegalArgumentException -- mapping to bad request", exception);
-    return Response.status(Status.BAD_REQUEST).build();
+    return Response.status(Status.BAD_REQUEST).entity(exception.getMessage()).build();
  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java
@@ -109,7 +109,7 @@ public class ChangePasswordResource
    @ResponseCode(code = 500, condition = "internal server error")
  })
  @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
-  public Response changePassword(@FormParam("old-password") String oldPassword, @FormParam("new-password") String newPassword) throws NotFoundException, ConcurrentModificationException {
+  public Response changePassword(@FormParam("old-password") String oldPassword, @FormParam("new-password") String newPassword) {
    AssertUtil.assertIsNotEmpty(oldPassword);
    AssertUtil.assertIsNotEmpty(newPassword);

--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/BranchRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/BranchRootResource.java
@@ -109,9 +109,10 @@ public class BranchRootResource {
      }
      Repository repository = repositoryService.getRepository();
      RepositoryPermissions.read(repository).check();
-      ChangesetPagingResult changesets = repositoryService.getLogCommand()
-        .setPagingStart(page)
-        .setPagingLimit(pageSize)
+      ChangesetPagingResult changesets = new PagedLogCommandBuilder(repositoryService)
+        .page(page)
+        .pageSize(pageSize)
+        .create()
        .setBranch(branchName)
        .getChangesets();
      if (changesets != null && changesets.getChangesets() != null) {
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ChangesetRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ChangesetRootResource.java
@@ -12,6 +12,7 @@ import sonia.scm.repository.Repository;
 import sonia.scm.repository.RepositoryNotFoundException;
 import sonia.scm.repository.RepositoryPermissions;
 import sonia.scm.repository.RevisionNotFoundException;
+import sonia.scm.repository.api.LogCommandBuilder;
 import sonia.scm.repository.api.RepositoryService;
 import sonia.scm.repository.api.RepositoryServiceFactory;
 import sonia.scm.web.VndMediaType;
@@ -59,9 +60,10 @@ public class ChangesetRootResource {
    try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
      Repository repository = repositoryService.getRepository();
      RepositoryPermissions.read(repository).check();
-      ChangesetPagingResult changesets = repositoryService.getLogCommand()
-        .setPagingStart(page)
-        .setPagingLimit(pageSize)
+      ChangesetPagingResult changesets = new PagedLogCommandBuilder(repositoryService)
+        .page(page)
+        .pageSize(pageSize)
+        .create()
        .getChangesets();
      if (changesets != null && changesets.getChangesets() != null) {
        PageResult<Changeset> pageResult = new PageResult<>(changesets.getChangesets(), changesets.getTotal());
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DiffRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/DiffRootResource.java
@@ -50,7 +50,7 @@ public class DiffRootResource {
    @ResponseCode(code = 404, condition = "not found, no revision with the specified param for the repository available or repository not found"),
    @ResponseCode(code = 500, condition = "internal server error")
  })
-  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision) throws NotFoundException {
+  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision){
    HttpUtil.checkForCRLFInjection(revision);
    try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
      StreamingOutput responseEntry = output -> {
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/FileHistoryRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/FileHistoryRootResource.java
@@ -73,9 +73,10 @@ public class FileHistoryRootResource {
    try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
      log.info("Get changesets of the file {} and revision {}", path, revision);
      Repository repository = repositoryService.getRepository();
-      ChangesetPagingResult changesets = repositoryService.getLogCommand()
-        .setPagingStart(page)
-        .setPagingLimit(pageSize)
+      ChangesetPagingResult changesets = new PagedLogCommandBuilder(repositoryService)
+        .page(page)
+        .pageSize(pageSize)
+        .create()
        .setPath(path)
        .setStartChangeset(revision)
        .getChangesets();
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupResource.java
@@ -53,7 +53,7 @@ public class GroupResource {
    @ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"),
    @ResponseCode(code = 500, condition = "internal server error")
  })
-  public Response get(@PathParam("id") String id) throws NotFoundException {
+  public Response get(@PathParam("id") String id){
    return adapter.get(id, groupToGroupDtoMapper::map);
  }

@@ -98,7 +98,7 @@ public class GroupResource {
    @ResponseCode(code = 500, condition = "internal server error")
  })
  @TypeHint(TypeHint.NO_CONTENT.class)
-  public Response update(@PathParam("id") String name, @Valid GroupDto groupDto) throws NotFoundException, ConcurrentModificationException {
+  public Response update(@PathParam("id") String name, @Valid GroupDto groupDto) throws ConcurrentModificationException {
    return adapter.update(name, existing -> dtoToGroupMapper.map(groupDto));
  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IdResourceManagerAdapter.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/IdResourceManagerAdapter.java
@@ -5,12 +5,10 @@ import sonia.scm.AlreadyExistsException;
 import sonia.scm.ConcurrentModificationException;
 import sonia.scm.Manager;
 import sonia.scm.ModelObject;
-import sonia.scm.NotFoundException;
 import sonia.scm.PageResult;

 import javax.ws.rs.core.Response;
 import java.util.Optional;
-import java.util.function.Consumer;
 import java.util.function.Function;
 import java.util.function.Predicate;
 import java.util.function.Supplier;
@@ -34,20 +32,11 @@ class IdResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
    collectionAdapter = new CollectionResourceManagerAdapter<>(manager, type);
  }

-  Response get(String id, Function<MODEL_OBJECT, DTO> mapToDto) throws NotFoundException {
+  Response get(String id, Function<MODEL_OBJECT, DTO> mapToDto) {
    return singleAdapter.get(loadBy(id), mapToDto);
  }

-  public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges, Consumer<MODEL_OBJECT> checker) throws NotFoundException, ConcurrentModificationException {
-    return singleAdapter.update(
-      loadBy(id),
-      applyChanges,
-      idStaysTheSame(id),
-      checker
-    );
-  }
-
-  public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges) throws NotFoundException, ConcurrentModificationException {
+  public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges) throws ConcurrentModificationException {
    return singleAdapter.update(
      loadBy(id),
      applyChanges,
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeResource.java
@@ -5,14 +5,12 @@ import com.webcohesion.enunciate.metadata.rs.StatusCodes;
 import com.webcohesion.enunciate.metadata.rs.TypeHint;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.credential.PasswordService;
-import sonia.scm.ConcurrentModificationException;
-import sonia.scm.NotFoundException;
-import sonia.scm.user.InvalidPasswordException;
 import sonia.scm.user.User;
 import sonia.scm.user.UserManager;
 import sonia.scm.web.VndMediaType;

 import javax.inject.Inject;
+import javax.validation.Valid;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.PUT;
@@ -22,9 +20,6 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Request;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriInfo;
-import java.util.function.Consumer;
-
-import static sonia.scm.user.InvalidPasswordException.INVALID_MATCHING;


 /**
@@ -60,7 +55,7 @@ public class MeResource {
    @ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
    @ResponseCode(code = 500, condition = "internal server error")
  })
-  public Response get(@Context Request request, @Context UriInfo uriInfo) throws NotFoundException {
+  public Response get(@Context Request request, @Context UriInfo uriInfo) {

    String id = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
    return adapter.get(id, meToUserDtoMapper::map);
@@ -78,19 +73,8 @@ public class MeResource {
  })
  @TypeHint(TypeHint.NO_CONTENT.class)
  @Consumes(VndMediaType.PASSWORD_CHANGE)
-  public Response changePassword(PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
-    String name = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
-    return adapter.update(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getUserTypeChecker().andThen(getOldOriginalPasswordChecker(passwordChangeDto.getOldPassword())));
-  }
-
-  /**
-   * Match given old password from the dto with the stored password before updating
-   */
-  private Consumer<User> getOldOriginalPasswordChecker(String oldPassword) {
-    return user -> {
-      if (!user.getPassword().equals(passwordService.encryptPassword(oldPassword))) {
-        throw new InvalidPasswordException(INVALID_MATCHING);
-      }
-    };
+  public Response changePassword(@Valid PasswordChangeDto passwordChangeDto) {
+    userManager.changePasswordForLoggedInUser(passwordService.encryptPassword(passwordChangeDto.getOldPassword()), passwordService.encryptPassword(passwordChangeDto.getNewPassword()));
+    return Response.noContent().build();
  }
 }
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PagedLogCommandBuilder.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PagedLogCommandBuilder.java
@@ -0,0 +1,30 @@
+package sonia.scm.api.v2.resources;
+
+import sonia.scm.repository.api.LogCommandBuilder;
+import sonia.scm.repository.api.RepositoryService;
+
+class PagedLogCommandBuilder {
+  private final RepositoryService repositoryService;
+  private int page;
+  private int pageSize ;
+
+  PagedLogCommandBuilder(RepositoryService repositoryService) {
+    this.repositoryService = repositoryService;
+  }
+
+  PagedLogCommandBuilder page(int page) {
+    this.page = page;
+    return this;
+  }
+
+  PagedLogCommandBuilder pageSize(int pageSize) {
+    this.pageSize = pageSize;
+    return this;
+  }
+
+  LogCommandBuilder create() {
+    return repositoryService.getLogCommand()
+      .setPagingStart(page * pageSize)
+      .setPagingLimit(pageSize);
+  }
+}
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PasswordChangeDto.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PasswordChangeDto.java
@@ -10,6 +10,7 @@ import org.hibernate.validator.constraints.NotEmpty;
@ToString
 public class PasswordChangeDto {

+  @NotEmpty
  private String oldPassword;

  @NotEmpty
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PasswordOverwriteDto.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PasswordOverwriteDto.java
@@ -0,0 +1,14 @@
+package sonia.scm.api.v2.resources;
+
+import lombok.Getter;
+import lombok.Setter;
+import lombok.ToString;
+import org.hibernate.validator.constraints.NotEmpty;
+
+@Getter
+@Setter
+@ToString
+public class PasswordOverwriteDto {
+  @NotEmpty
+  private String newPassword;
+}
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java
@@ -100,7 +100,7 @@ public class PermissionRootResource {
  @Produces(VndMediaType.PERMISSION)
  @TypeHint(PermissionDto.class)
  @Path("{permission-name}")
-  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("permission-name") String permissionName) throws NotFoundException {
+  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("permission-name") String permissionName) {
    Repository repository = load(namespace, name);
    RepositoryPermissions.permissionRead(repository).check();
    return Response.ok(
@@ -158,7 +158,7 @@ public class PermissionRootResource {
  public Response update(@PathParam("namespace") String namespace,
                         @PathParam("name") String name,
                         @PathParam("permission-name") String permissionName,
-                         @Valid PermissionDto permission) throws NotFoundException, AlreadyExistsException {
+                         @Valid PermissionDto permission) throws AlreadyExistsException {
    log.info("try to update the permission with name: {}. the modified permission is: {}", permissionName, permission);
    Repository repository = load(namespace, name);
    RepositoryPermissions.permissionWrite(repository).check();
@@ -198,7 +198,7 @@ public class PermissionRootResource {
  @Path("{permission-name}")
  public Response delete(@PathParam("namespace") String namespace,
                         @PathParam("name") String name,
-                         @PathParam("permission-name") String permissionName) throws NotFoundException {
+                         @PathParam("permission-name") String permissionName) {
    log.info("try to delete the permission with name: {}.", permissionName);
    Repository repository = load(namespace, name);
    RepositoryPermissions.modify(repository).check();
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryResource.java
@@ -91,7 +91,7 @@ public class RepositoryResource {
    @ResponseCode(code = 404, condition = "not found, no repository with the specified name available in the namespace"),
    @ResponseCode(code = 500, condition = "internal server error")
  })
-  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name) throws NotFoundException {
+  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name){
    return adapter.get(loadBy(namespace, name), repositoryToDtoMapper::map);
  }

@@ -138,7 +138,7 @@ public class RepositoryResource {
    @ResponseCode(code = 500, condition = "internal server error")
  })
  @TypeHint(TypeHint.NO_CONTENT.class)
-  public Response update(@PathParam("namespace") String namespace, @PathParam("name") String name, @Valid RepositoryDto repositoryDto) throws NotFoundException, ConcurrentModificationException {
+  public Response update(@PathParam("namespace") String namespace, @PathParam("name") String name, @Valid RepositoryDto repositoryDto) throws ConcurrentModificationException {
    return adapter.update(
      loadBy(namespace, name),
      existing -> processUpdate(repositoryDto, existing),
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ResourceLinks.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/ResourceLinks.java
@@ -87,7 +87,7 @@ class ResourceLinks {
    }

    public String passwordChange(String name) {
-      return userLinkBuilder.method("getUserResource").parameters(name).method("changePassword").parameters().href();
+      return userLinkBuilder.method("getUserResource").parameters(name).method("overwritePassword").parameters().href();
    }
  }

--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/SingleResourceManagerAdapter.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/SingleResourceManagerAdapter.java
@@ -47,7 +47,7 @@ class SingleResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
   * Reads the model object for the given id, transforms it to a dto and returns a corresponding http response.
   * This handles all corner cases, eg. no matching object for the id or missing privileges.
   */
-  Response get(Supplier<Optional<MODEL_OBJECT>> reader, Function<MODEL_OBJECT, DTO> mapToDto) throws NotFoundException {
+  Response get(Supplier<Optional<MODEL_OBJECT>> reader, Function<MODEL_OBJECT, DTO> mapToDto) {
    return reader.get()
      .map(mapToDto)
      .map(Response::ok)
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/SourceRootResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/SourceRootResource.java
@@ -47,7 +47,7 @@ public class SourceRootResource {
  @GET
  @Produces(VndMediaType.SOURCE)
  @Path("{revision}/{path: .*}")
-  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision, @PathParam("path") String path) throws NotFoundException, IOException {
+  public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision, @PathParam("path") String path) throws IOException {
    return getSource(namespace, name, path, revision);
  }

--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java
@@ -5,7 +5,6 @@ import com.webcohesion.enunciate.metadata.rs.StatusCodes;
 import com.webcohesion.enunciate.metadata.rs.TypeHint;
 import org.apache.shiro.authc.credential.PasswordService;
 import sonia.scm.ConcurrentModificationException;
-import sonia.scm.NotFoundException;
 import sonia.scm.user.User;
 import sonia.scm.user.UserManager;
 import sonia.scm.web.VndMediaType;
@@ -57,7 +56,7 @@ public class UserResource {
    @ResponseCode(code = 404, condition = "not found, no user with the specified id/name available"),
    @ResponseCode(code = 500, condition = "internal server error")
  })
-  public Response get(@PathParam("id") String id) throws NotFoundException {
+  public Response get(@PathParam("id") String id) {
    return adapter.get(id, userToDtoMapper::map);
  }

@@ -102,7 +101,7 @@ public class UserResource {
    @ResponseCode(code = 500, condition = "internal server error")
  })
  @TypeHint(TypeHint.NO_CONTENT.class)
-  public Response update(@PathParam("id") String name, @Valid UserDto userDto) throws NotFoundException, ConcurrentModificationException {
+  public Response update(@PathParam("id") String name, @Valid UserDto userDto) throws ConcurrentModificationException {
    return adapter.update(name, existing -> dtoToUserMapper.map(userDto, existing.getPassword()));
  }

@@ -111,13 +110,15 @@ public class UserResource {
   * The oldPassword property of the DTO is not needed here. it will be ignored.
   * The oldPassword property is needed in the MeResources when the actual user change the own password.
   *
-   * <strong>Note:</strong> This method requires "user:modify" privilege.
+   * <strong>Note:</strong> This method requires "user:modify" privilege to modify the password of other users.
+   * <strong>Note:</strong> This method requires "user:changeOwnPassword" privilege to modify the own password.
+   *
   * @param name              name of the user to be modified
-   * @param passwordChangeDto change password object to modify password. the old password is here not required
+   * @param passwordOverwriteDto change password object to modify password. the old password is here not required
   */
  @PUT
  @Path("password")
-  @Consumes(VndMediaType.PASSWORD_CHANGE)
+  @Consumes(VndMediaType.PASSWORD_OVERWRITE)
  @StatusCodes({
    @ResponseCode(code = 204, condition = "update success"),
    @ResponseCode(code = 400, condition = "Invalid body, e.g. the user type is not xml or the given oldPassword do not match the stored one"),
@@ -127,8 +128,8 @@ public class UserResource {
    @ResponseCode(code = 500, condition = "internal server error")
  })
  @TypeHint(TypeHint.NO_CONTENT.class)
-  public Response changePassword(@PathParam("id") String name, @Valid PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
-    return adapter.update(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getUserTypeChecker());
+  public Response overwritePassword(@PathParam("id") String name, @Valid PasswordOverwriteDto passwordOverwriteDto) {
+    userManager.overwritePassword(name, passwordService.encryptPassword(passwordOverwriteDto.getNewPassword()));
+    return Response.noContent().build();
  }
-
 }
--- a/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserToUserDtoMapper.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserToUserDtoMapper.java
@@ -39,9 +39,9 @@ public abstract class UserToUserDtoMapper extends BaseMapper<User, UserDto> {
    }
    if (UserPermissions.modify(user).isPermitted()) {
      linksBuilder.single(link("update", resourceLinks.user().update(target.getName())));
-    }
-    if (userManager.isTypeDefault(user)) {
-      linksBuilder.single(link("password", resourceLinks.user().passwordChange(target.getName())));
+      if (userManager.isTypeDefault(user)) {
+        linksBuilder.single(link("password", resourceLinks.user().passwordChange(target.getName())));
+      }
    }
    target.add(linksBuilder.build());
  }
--- a/scm-webapp/src/main/java/sonia/scm/filter/StaticResourceFilter.java
+++ b/scm-webapp/src/main/java/sonia/scm/filter/StaticResourceFilter.java
@@ -34,24 +34,21 @@ package sonia.scm.filter;
 //~--- non-JDK imports --------------------------------------------------------

 import com.google.inject.Singleton;
-
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-
 import sonia.scm.util.WebUtil;
 import sonia.scm.web.filter.HttpFilter;

-//~--- JDK imports ------------------------------------------------------------
-
-import java.io.File;
-import java.io.IOException;
-
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.File;
+import java.io.IOException;
+
+//~--- JDK imports ------------------------------------------------------------

 /**
 *
@@ -109,11 +106,7 @@ public class StaticResourceFilter extends HttpFilter
      {
        if (logger.isDebugEnabled())
        {
-          StringBuilder msg = new StringBuilder("return ");
-
-          msg.append(HttpServletResponse.SC_NOT_MODIFIED);
-          msg.append(" for ").append(uri);
-          logger.debug(msg.toString());
+          logger.debug("return {} for {}" , HttpServletResponse.SC_NOT_MODIFIED, uri);
        }

        response.setStatus(HttpServletResponse.SC_NOT_MODIFIED);
--- a/scm-webapp/src/main/java/sonia/scm/group/DefaultGroupManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/group/DefaultGroupManager.java
@@ -125,7 +125,7 @@ public class DefaultGroupManager extends AbstractGroupManager
  }

  @Override
-  public void delete(Group group) throws NotFoundException {
+  public void delete(Group group){
    logger.info("delete group {} of type {}", group.getName(), group.getType());
    managerDaoAdapter.delete(
      group,
@@ -145,7 +145,7 @@ public class DefaultGroupManager extends AbstractGroupManager
  public void init(SCMContextProvider context) {}

  @Override
-  public void modify(Group group) throws NotFoundException {
+  public void modify(Group group){
    logger.info("modify group {} of type {}", group.getName(), group.getType());

    managerDaoAdapter.modify(
@@ -160,7 +160,7 @@ public class DefaultGroupManager extends AbstractGroupManager
  }

  @Override
-  public void refresh(Group group) throws NotFoundException {
+  public void refresh(Group group){
    String name = group.getName();
    if (logger.isInfoEnabled())
    {
--- a/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
@@ -151,7 +151,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {
  }

  @Override
-  public void delete(Repository repository) throws NotFoundException {
+  public void delete(Repository repository){
    logger.info("delete repository {}/{} of type {}", repository.getNamespace(), repository.getName(), repository.getType());
    managerDaoAdapter.delete(
      repository,
@@ -179,7 +179,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {
  }

  @Override
-  public void modify(Repository repository) throws NotFoundException {
+  public void modify(Repository repository){
    logger.info("modify repository {}/{} of type {}", repository.getNamespace(), repository.getName(), repository.getType());

    managerDaoAdapter.modify(
--- a/scm-webapp/src/main/java/sonia/scm/repository/HealthChecker.java
+++ b/scm-webapp/src/main/java/sonia/scm/repository/HealthChecker.java
@@ -55,7 +55,7 @@ public final class HealthChecker {
    this.repositoryManager = repositoryManager;
  }

-  public void check(String id) throws NotFoundException {
+  public void check(String id){
    RepositoryPermissions.healthCheck(id).check();

    Repository repository = repositoryManager.get(id);
@@ -68,7 +68,7 @@ public final class HealthChecker {
  }

  public void check(Repository repository)
-    throws NotFoundException, ConcurrentModificationException {
+  {
    RepositoryPermissions.healthCheck(repository).check();

    doCheck(repository);
@@ -83,7 +83,7 @@ public final class HealthChecker {
      if (check.isPermitted(repository)) {
        try {
          check(repository);
-        } catch (ConcurrentModificationException | NotFoundException ex) {
+        } catch (NotFoundException ex) {
          logger.error("health check ends with exception", ex);
        }
      } else {
@@ -94,7 +94,7 @@ public final class HealthChecker {
    }
  }

-  private void doCheck(Repository repository) throws NotFoundException {
+  private void doCheck(Repository repository){
    logger.info("start health check for repository {}", repository.getName());

    HealthCheckResult result = HealthCheckResult.healthy();
--- a/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java
@@ -260,6 +260,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
      builder.add(canReadOwnUser(user));
      builder.add(getUserAutocompletePermission());
      builder.add(getGroupAutocompletePermission());
+      builder.add(getChangeOwnPasswordPermission(user));
      permissions = builder.build();
    }

@@ -272,6 +273,10 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
    return GroupPermissions.autocomplete().asShiroString();
  }

+  private String getChangeOwnPasswordPermission(User user) {
+    return UserPermissions.changePassword(user).asShiroString();
+  }
+
  private String getUserAutocompletePermission() {
    return UserPermissions.autocomplete().asShiroString();
  }
--- a/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java
+++ b/scm-webapp/src/main/java/sonia/scm/security/JwtAccessTokenBuilder.java
@@ -64,7 +64,7 @@ public final class JwtAccessTokenBuilder implements AccessTokenBuilder {
  
  private String subject;
  private String issuer;
-  private long expiresIn = 10l;
+  private long expiresIn = 60l;
  private TimeUnit expiresInUnit = TimeUnit.MINUTES;
  private Scope scope = Scope.empty();
  
--- a/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
+++ b/scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
@@ -33,11 +33,10 @@

 package sonia.scm.user;

-//~--- non-JDK imports --------------------------------------------------------
-
 import com.github.sdorra.ssp.PermissionActionCheck;
 import com.google.inject.Inject;
 import com.google.inject.Singleton;
+import org.apache.shiro.SecurityUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.AlreadyExistsException;
@@ -64,8 +63,6 @@ import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;

-//~--- JDK imports ------------------------------------------------------------
-
 /**
 *
 * @author Sebastian Sdorra
@@ -157,7 +154,7 @@ public class DefaultUserManager extends AbstractUserManager
  }

  @Override
-  public void delete(User user) throws NotFoundException {
+  public void delete(User user) {
    logger.info("delete user {} of type {}", user.getName(), user.getType());
    managerDaoAdapter.delete(
      user,
@@ -193,9 +190,8 @@ public class DefaultUserManager extends AbstractUserManager
   * @throws IOException
   */
  @Override
-  public void modify(User user) throws NotFoundException {
+  public void modify(User user) {
    logger.info("modify user {} of type {}", user.getName(), user.getType());
-
    managerDaoAdapter.modify(
      user,
      UserPermissions::modify,
@@ -212,7 +208,7 @@ public class DefaultUserManager extends AbstractUserManager
   * @throws IOException
   */
  @Override
-  public void refresh(User user) throws NotFoundException {
+  public void refresh(User user) {
    if (logger.isInfoEnabled())
    {
      logger.info("refresh user {} of type {}", user.getName(), user.getType());
@@ -402,6 +398,36 @@ public class DefaultUserManager extends AbstractUserManager

  //~--- methods --------------------------------------------------------------

+  @Override
+  public void changePasswordForLoggedInUser(String oldPassword, String newPassword) {
+    User user = get((String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal());
+
+    if (!user.getPassword().equals(oldPassword)) {
+      throw new InvalidPasswordException();
+    }
+
+    user.setPassword(newPassword);
+
+    managerDaoAdapter.modify(
+      user,
+      UserPermissions::changePassword,
+      notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, user, notModified),
+      notModified -> fireEvent(HandlerEventType.MODIFY, user, notModified));
+  }
+
+  @Override
+  public void overwritePassword(String userId, String newPassword) {
+    User user = get(userId);
+    if (user == null) {
+      throw new NotFoundException();
+    }
+    if (!isTypeDefault(user)) {
+      throw new ChangePasswordNotAllowedException(user.getType());
+    }
+    user.setPassword(newPassword);
+    this.modify(user);
+  }
+
  /**
   * Method description
   *