Nemcio/SCM-Manager
1
0
Fork 0
mirror of https://github.com/scm-manager/scm-manager.git synced 2025-11-08 22:45:45 +01:00
Code Issues Packages Projects Releases Activity

Merge with 2.0.0-m3

Browse Source
This commit is contained in:
René Pfeuffer
2018-10-17 13:58:53 +02:00
parent 8c46a7f714 3c5ef28446
commit 46846673ae
42 changed files with 424 additions and 218 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
scm-core/src/main/java/sonia/scm/ManagerDecorator.java
View File

@@ -71,7 +71,7 @@ public class ManagerDecorator<T extends ModelObject> implements Manager<T> {
}
@Override
public void delete(T object) throws NotFoundException {
public void delete(T object){
decorated.delete(object);
}
@@ -82,12 +82,12 @@ public class ManagerDecorator<T extends ModelObject> implements Manager<T> {
}
@Override
public void modify(T object) throws NotFoundException {
public void modify(T object){
decorated.modify(object);
}
@Override
public void refresh(T object) throws NotFoundException {
public void refresh(T object){
decorated.refresh(object);
}

2
scm-core/src/main/java/sonia/scm/NotFoundException.java
View File

@@ -1,6 +1,6 @@
package sonia.scm;
public class NotFoundException extends Exception {
public class NotFoundException extends RuntimeException {
public NotFoundException(String type, String id) {
super(type + " with id '" + id + "' not found");
}

6
scm-core/src/main/java/sonia/scm/user/ChangePasswordNotAllowedException.java
View File

@@ -2,10 +2,10 @@ package sonia.scm.user;
public class ChangePasswordNotAllowedException extends RuntimeException {
public static final String WRONG_USER_TYPE = "User of type {0} are not allowed to change password";
public static final String WRONG_USER_TYPE = "User of type %s are not allowed to change password";
public ChangePasswordNotAllowedException(String message) {
super(message);
public ChangePasswordNotAllowedException(String type) {
super(String.format(WRONG_USER_TYPE, type));
}
}

6
scm-core/src/main/java/sonia/scm/user/InvalidPasswordException.java
View File

@@ -2,9 +2,7 @@ package sonia.scm.user;
public class InvalidPasswordException extends RuntimeException {
public static final String INVALID_MATCHING = "The given Password does not match with the stored one.";
public InvalidPasswordException(String message) {
super(message);
public InvalidPasswordException() {
super("The given Password does not match with the stored one.");
}
}

9
scm-core/src/main/java/sonia/scm/user/User.java
View File

@@ -56,7 +56,10 @@ import java.security.Principal;
*
* @author Sebastian Sdorra
*/
@StaticPermissions(value = "user", globalPermissions = {"create", "list", "autocomplete"})
@StaticPermissions(
value = "user",
globalPermissions = {"create", "list", "autocomplete"},
permissions = {"read", "modify", "delete", "changePassword"})
@XmlRootElement(name = "users")
@XmlAccessorType(XmlAccessType.FIELD)
public class User extends BasicPropertiesAware implements Principal, ModelObject, PermissionObject, ReducedModelObject
@@ -274,10 +277,6 @@ public class User extends BasicPropertiesAware implements Principal, ModelObject
//J+
}
public User changePassword(String password){
setPassword(password);
return this;
}
//~--- get methods ----------------------------------------------------------
/**

28
scm-core/src/main/java/sonia/scm/user/UserManager.java
View File

@@ -38,11 +38,7 @@ package sonia.scm.user;
import sonia.scm.Manager;
import sonia.scm.search.Searchable;
import java.text.MessageFormat;
import java.util.Collection;
import java.util.function.Consumer;
import static sonia.scm.user.ChangePasswordNotAllowedException.WRONG_USER_TYPE;
/**
* The central class for managing {@link User} objects.
@@ -75,18 +71,6 @@ public interface UserManager
*/
public String getDefaultType();
/**
* Only account of the default type "xml" can change their password
*/
default Consumer<User> getUserTypeChecker() {
return user -> {
if (!isTypeDefault(user)) {
throw new ChangePasswordNotAllowedException(MessageFormat.format(WRONG_USER_TYPE, user.getType()));
}
};
}
default boolean isTypeDefault(User user) {
return getDefaultType().equals(user.getType());
}
@@ -99,5 +83,17 @@ public interface UserManager
*/
Collection<User> autocomplete(String filter);
/**
* Changes the password of the logged in user.
* @param oldPassword The current encrypted password of the user.
* @param newPassword The new encrypted password of the user.
*/
void changePasswordForLoggedInUser(String oldPassword, String newPassword);
/**
* Overwrites the password for the given user id. This needs user write privileges.
* @param userId The id of the user to change the password for.
* @param newPassword The new encrypted password.
*/
void overwritePassword(String userId, String newPassword);
}

9
scm-core/src/main/java/sonia/scm/user/UserManagerDecorator.java
View File

@@ -126,6 +126,15 @@ public class UserManagerDecorator extends ManagerDecorator<User>
return decorated.autocomplete(filter);
}
@Override
public void changePasswordForLoggedInUser(String oldPassword, String newPassword) {
decorated.changePasswordForLoggedInUser(oldPassword, newPassword);
}
@Override
public void overwritePassword(String userId, String newPassword) {
decorated.overwritePassword(userId, newPassword);
}
//~--- fields ---------------------------------------------------------------
/** Field description */

2
scm-core/src/main/java/sonia/scm/web/VndMediaType.java
View File

@@ -39,6 +39,8 @@ public class VndMediaType {
public static final String UI_PLUGIN_COLLECTION = PREFIX + "uiPluginCollection" + SUFFIX;
@SuppressWarnings("squid:S2068")
public static final String PASSWORD_CHANGE = PREFIX + "passwordChange" + SUFFIX;
@SuppressWarnings("squid:S2068")
public static final String PASSWORD_OVERWRITE = PREFIX + "passwordOverwrite" + SUFFIX;
public static final String ME = PREFIX + "me" + SUFFIX;
public static final String SOURCE = PREFIX + "source" + SUFFIX;

4
scm-core/src/test/java/sonia/scm/security/SyncingRealmHelperTest.java
View File

@@ -154,7 +154,7 @@ public class SyncingRealmHelperTest {
* Tests {@link SyncingRealmHelper#store(Group)} with an existing group.
*/
@Test
public void testStoreGroupModify() throws NotFoundException {
public void testStoreGroupModify(){
Group group = new Group("unit-test", "heartOfGold");
when(groupManager.get("heartOfGold")).thenReturn(group);
@@ -191,7 +191,7 @@ public class SyncingRealmHelperTest {
* Tests {@link SyncingRealmHelper#store(User)} with an existing user.
*/
@Test
public void testStoreUserModify() throws NotFoundException {
public void testStoreUserModify(){
when(userManager.contains("tricia")).thenReturn(Boolean.TRUE);
User user = new User("tricia");

24
scm-it/src/test/java/sonia/scm/it/MeITCase.java
View File

@@ -38,6 +38,30 @@ public class MeITCase {
.assertStatusCode(204);
}
@Test
public void nonAdminUserShouldChangeOwnPassword() {
String newPassword = "pass1";
String username = "user1";
String password = "pass";
TestData.createUser(username, password,false,"xml", "em@l.de");
// user change the own password
ScmRequests.start()
.requestIndexResource(username, password)
.requestMe()
.assertStatusCode(200)
.assertAdmin(aBoolean -> assertThat(aBoolean).isEqualTo(Boolean.FALSE))
.assertPassword(Assert::assertNull)
.assertType(s -> assertThat(s).isEqualTo("xml"))
.requestChangePassword(password, newPassword)
.assertStatusCode(204);
// assert password is changed -> login with the new Password than undo changes
ScmRequests.start()
.requestIndexResource(username, newPassword)
.requestMe()
.assertStatusCode(200);
}
@Test
public void shouldHidePasswordLinkIfUserTypeIsNotXML() {
String newUser = "user";

21
scm-it/src/test/java/sonia/scm/it/UserITCase.java
View File

@@ -29,7 +29,7 @@ public class UserITCase {
.assertStatusCode(200)
.assertAdmin(aBoolean -> assertThat(aBoolean).isEqualTo(Boolean.TRUE))
.assertPassword(Assert::assertNull)
.requestChangePassword(newPassword) // the oldPassword is not needed in the user resource
.requestChangePassword(newPassword)
.assertStatusCode(204);
// assert password is changed -> login with the new Password
ScmRequests.start()
@@ -65,6 +65,25 @@ public class UserITCase {
}
@Test
public void nonAdminUserShouldNotChangePasswordOfOtherUser() {
String user = "user";
String password = "pass";
TestData.createUser(user, password, false, "xml", "em@l.de");
String user2 = "user2";
TestData.createUser(user2, password, false, "xml", "em@l.de");
ScmRequests.start()
.requestIndexResource(user, password)
.assertUsersLinkDoesNotExists();
// use the users/ endpoint bypassed the index resource
ScmRequests.start()
.requestUser(user, password, user2)
.assertStatusCode(403);
// use the users/password endpoint bypassed the index and users resources
ScmRequests.start()
.requestUserChangePassword(user, password, user2, "newPassword")
.assertStatusCode(403);
}
@Test
public void shouldHidePasswordLinkIfUserTypeIsNotXML() {

53
scm-it/src/test/java/sonia/scm/it/utils/ScmRequests.java
View File

@@ -3,6 +3,9 @@ package sonia.scm.it.utils;
import io.restassured.RestAssured;
import io.restassured.response.Response;
import org.junit.Assert;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.user.User;
import sonia.scm.web.VndMediaType;
import java.net.ConnectException;
@@ -26,7 +29,8 @@ import static sonia.scm.it.utils.TestData.createPasswordChangeJson;
*/
public class ScmRequests {
private String url;
private static final Logger LOG = LoggerFactory.getLogger(ScmRequests.class);
private String username;
private String password;
@@ -40,6 +44,18 @@ public class ScmRequests {
return new IndexResponse(applyGETRequest(RestUtil.REST_BASE_URL.toString()));
}
public <SELF extends UserResponse<SELF, T>, T extends ModelResponse> UserResponse<SELF,T> requestUser(String username, String password, String pathParam) {
setUsername(username);
setPassword(password);
return new UserResponse<>(applyGETRequest(RestUtil.REST_BASE_URL.resolve("users/"+pathParam).toString()), null);
}
public ChangePasswordResponse<ChangePasswordResponse> requestUserChangePassword(String username, String password, String userPathParam, String newPassword) {
setUsername(username);
setPassword(password);
return new ChangePasswordResponse<>(applyPUTRequest(RestUtil.REST_BASE_URL.resolve("users/"+userPathParam+"/password").toString(), VndMediaType.PASSWORD_OVERWRITE, TestData.createPasswordChangeJson(password,newPassword)), null);
}
/**
* Apply a GET Request to the extracted url from the given link
@@ -77,6 +93,7 @@ public class ScmRequests {
* @return the response of the GET request using the given <code>url</code>
*/
private Response applyGETRequestWithQueryParams(String url, String params) {
LOG.info("GET {}", url);
return RestAssured.given()
.auth().preemptive().basic(username, password)
.when()
@@ -119,6 +136,7 @@ public class ScmRequests {
* @return the response of the PUT request using the given <code>url</code>
*/
private Response applyPUTRequest(String url, String mediaType, String body) {
LOG.info("PUT {}", url);
return RestAssured.given()
.auth().preemptive().basic(username, password)
.when()
@@ -136,7 +154,6 @@ public class ScmRequests {
this.password = password;
}
public class IndexResponse extends ModelResponse<IndexResponse, IndexResponse> {
public static final String LINK_AUTOCOMPLETE_USERS = "_links.autocomplete.find{it.name=='users'}.href";
public static final String LINK_AUTOCOMPLETE_GROUPS = "_links.autocomplete.find{it.name=='groups'}.href";
@@ -164,10 +181,15 @@ public class ScmRequests {
return new MeResponse<>(applyGETRequestFromLink(response, LINK_ME), this);
}
public UserResponse<IndexResponse> requestUser(String username) {
public UserResponse<? extends UserResponse, IndexResponse> requestUser(String username) {
return new UserResponse<>(applyGETRequestFromLinkWithParams(response, LINK_USERS, username), this);
}
public IndexResponse assertUsersLinkDoesNotExists() {
return super.assertPropertyPathDoesNotExists(LINK_USERS);
}
}
public class RepositoryResponse<PREV extends ModelResponse> extends ModelResponse<RepositoryResponse<PREV>, PREV> {
@@ -271,17 +293,19 @@ public class ScmRequests {
}
public class MeResponse<PREV extends ModelResponse> extends UserResponse<PREV> {
public class MeResponse<PREV extends ModelResponse> extends UserResponse<MeResponse<PREV>, PREV> {
public MeResponse(Response response, PREV previousResponse) {
super(response, previousResponse);
}
public ChangePasswordResponse<UserResponse> requestChangePassword(String oldPassword, String newPassword) {
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_CHANGE, createPasswordChangeJson(oldPassword, newPassword)), this);
}
}
public class UserResponse<PREV extends ModelResponse> extends ModelResponse<UserResponse<PREV>, PREV> {
public class UserResponse<SELF extends UserResponse<SELF, PREV>, PREV extends ModelResponse> extends ModelResponse<SELF, PREV> {
public static final String LINKS_PASSWORD_HREF = "_links.password.href";
@@ -289,34 +313,29 @@ public class ScmRequests {
super(response, previousResponse);
}
public UserResponse<PREV> assertPassword(Consumer<String> assertPassword) {
public SELF assertPassword(Consumer<String> assertPassword) {
return super.assertSingleProperty(assertPassword, "password");
}
public UserResponse<PREV> assertType(Consumer<String> assertType) {
public SELF assertType(Consumer<String> assertType) {
return assertSingleProperty(assertType, "type");
}
public UserResponse<PREV> assertAdmin(Consumer<Boolean> assertAdmin) {
public SELF assertAdmin(Consumer<Boolean> assertAdmin) {
return assertSingleProperty(assertAdmin, "admin");
}
public UserResponse<PREV> assertPasswordLinkDoesNotExists() {
public SELF assertPasswordLinkDoesNotExists() {
return assertPropertyPathDoesNotExists(LINKS_PASSWORD_HREF);
}
public UserResponse<PREV> assertPasswordLinkExists() {
public SELF assertPasswordLinkExists() {
return assertPropertyPathExists(LINKS_PASSWORD_HREF);
}
public ChangePasswordResponse<UserResponse> requestChangePassword(String newPassword) {
return requestChangePassword(null, newPassword);
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_OVERWRITE, createPasswordChangeJson(null, newPassword)), this);
}
public ChangePasswordResponse<UserResponse> requestChangePassword(String oldPassword, String newPassword) {
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_CHANGE, createPasswordChangeJson(oldPassword, newPassword)), this);
}
}

4
scm-test/src/main/java/sonia/scm/user/UserManagerTestBase.java
View File

@@ -196,7 +196,7 @@ public abstract class UserManagerTestBase extends ManagerTestBase<User> {
}
@Test(expected = NotFoundException.class)
public void testModifyNotExisting() throws NotFoundException, ConcurrentModificationException {
public void testModifyNotExisting() {
manager.modify(UserTestData.createZaphod());
}
@@ -249,7 +249,7 @@ public abstract class UserManagerTestBase extends ManagerTestBase<User> {
}
@Test(expected = NotFoundException.class)
public void testRefreshNotFound() throws NotFoundException {
public void testRefreshNotFound(){
manager.refresh(UserTestData.createDent());
}

4
scm-webapp/src/main/java/sonia/scm/ManagerDaoAdapter.java
View File

@@ -15,7 +15,7 @@ public class ManagerDaoAdapter<T extends ModelObject> {
this.dao = dao;
}
public void modify(T object, Function<T, PermissionCheck> permissionCheck, AroundHandler<T> beforeUpdate, AroundHandler<T> afterUpdate) throws NotFoundException {
public void modify(T object, Function<T, PermissionCheck> permissionCheck, AroundHandler<T> beforeUpdate, AroundHandler<T> afterUpdate) {
T notModified = dao.get(object.getId());
if (notModified != null) {
permissionCheck.apply(notModified).check();
@@ -51,7 +51,7 @@ public class ManagerDaoAdapter<T extends ModelObject> {
return newObject;
}
public void delete(T toDelete, Supplier<PermissionCheck> permissionCheck, AroundHandler<T> beforeDelete, AroundHandler<T> afterDelete) throws NotFoundException {
public void delete(T toDelete, Supplier<PermissionCheck> permissionCheck, AroundHandler<T> beforeDelete, AroundHandler<T> afterDelete) {
permissionCheck.get().check();
if (dao.contains(toDelete)) {
beforeDelete.handle(toDelete);

2
scm-webapp/src/main/java/sonia/scm/api/rest/IllegalArgumentExceptionMapper.java
View File

@@ -63,6 +63,6 @@ public class IllegalArgumentExceptionMapper
public Response toResponse(IllegalArgumentException exception)
{
log.info("caught IllegalArgumentException -- mapping to bad request", exception);
return Response.status(Status.BAD_REQUEST).build();
return Response.status(Status.BAD_REQUEST).entity(exception.getMessage()).build();
}
}

2
scm-webapp/src/main/java/sonia/scm/api/rest/resources/ChangePasswordResource.java
View File

@@ -109,7 +109,7 @@ public class ChangePasswordResource
@ResponseCode(code = 500, condition = "internal server error")
})
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response changePassword(@FormParam("old-password") String oldPassword, @FormParam("new-password") String newPassword) throws NotFoundException, ConcurrentModificationException {
public Response changePassword(@FormParam("old-password") String oldPassword, @FormParam("new-password") String newPassword) {
AssertUtil.assertIsNotEmpty(oldPassword);
AssertUtil.assertIsNotEmpty(newPassword);

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/DiffRootResource.java
View File

@@ -50,7 +50,7 @@ public class DiffRootResource {
@ResponseCode(code = 404, condition = "not found, no revision with the specified param for the repository available or repository not found"),
@ResponseCode(code = 500, condition = "internal server error")
})
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision) throws NotFoundException {
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision){
HttpUtil.checkForCRLFInjection(revision);
try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
StreamingOutput responseEntry = output -> {

4
scm-webapp/src/main/java/sonia/scm/api/v2/resources/GroupResource.java
View File

@@ -53,7 +53,7 @@ public class GroupResource {
@ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"),
@ResponseCode(code = 500, condition = "internal server error")
})
public Response get(@PathParam("id") String id) throws NotFoundException {
public Response get(@PathParam("id") String id){
return adapter.get(id, groupToGroupDtoMapper::map);
}
@@ -98,7 +98,7 @@ public class GroupResource {
@ResponseCode(code = 500, condition = "internal server error")
})
@TypeHint(TypeHint.NO_CONTENT.class)
public Response update(@PathParam("id") String name, @Valid GroupDto groupDto) throws NotFoundException, ConcurrentModificationException {
public Response update(@PathParam("id") String name, @Valid GroupDto groupDto) throws ConcurrentModificationException {
return adapter.update(name, existing -> dtoToGroupMapper.map(groupDto));
}
}

15
scm-webapp/src/main/java/sonia/scm/api/v2/resources/IdResourceManagerAdapter.java
View File

@@ -5,12 +5,10 @@ import sonia.scm.AlreadyExistsException;
import sonia.scm.ConcurrentModificationException;
import sonia.scm.Manager;
import sonia.scm.ModelObject;
import sonia.scm.NotFoundException;
import sonia.scm.PageResult;
import javax.ws.rs.core.Response;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.function.Supplier;
@@ -34,20 +32,11 @@ class IdResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
collectionAdapter = new CollectionResourceManagerAdapter<>(manager, type);
}
Response get(String id, Function<MODEL_OBJECT, DTO> mapToDto) throws NotFoundException {
Response get(String id, Function<MODEL_OBJECT, DTO> mapToDto) {
return singleAdapter.get(loadBy(id), mapToDto);
}
public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges, Consumer<MODEL_OBJECT> checker) throws NotFoundException, ConcurrentModificationException {
return singleAdapter.update(
loadBy(id),
applyChanges,
idStaysTheSame(id),
checker
);
}
public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges) throws NotFoundException, ConcurrentModificationException {
public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges) throws ConcurrentModificationException {
return singleAdapter.update(
loadBy(id),
applyChanges,

26
scm-webapp/src/main/java/sonia/scm/api/v2/resources/MeResource.java
View File

@@ -5,14 +5,12 @@ import com.webcohesion.enunciate.metadata.rs.StatusCodes;
import com.webcohesion.enunciate.metadata.rs.TypeHint;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.credential.PasswordService;
import sonia.scm.ConcurrentModificationException;
import sonia.scm.NotFoundException;
import sonia.scm.user.InvalidPasswordException;
import sonia.scm.user.User;
import sonia.scm.user.UserManager;
import sonia.scm.web.VndMediaType;
import javax.inject.Inject;
import javax.validation.Valid;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.PUT;
@@ -22,9 +20,6 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.Request;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import java.util.function.Consumer;
import static sonia.scm.user.InvalidPasswordException.INVALID_MATCHING;
/**
@@ -60,7 +55,7 @@ public class MeResource {
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
@ResponseCode(code = 500, condition = "internal server error")
})
public Response get(@Context Request request, @Context UriInfo uriInfo) throws NotFoundException {
public Response get(@Context Request request, @Context UriInfo uriInfo) {
String id = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
return adapter.get(id, meToUserDtoMapper::map);
@@ -78,19 +73,8 @@ public class MeResource {
})
@TypeHint(TypeHint.NO_CONTENT.class)
@Consumes(VndMediaType.PASSWORD_CHANGE)
public Response changePassword(PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
String name = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
return adapter.update(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getUserTypeChecker().andThen(getOldOriginalPasswordChecker(passwordChangeDto.getOldPassword())));
}
/**
* Match given old password from the dto with the stored password before updating
*/
private Consumer<User> getOldOriginalPasswordChecker(String oldPassword) {
return user -> {
if (!user.getPassword().equals(passwordService.encryptPassword(oldPassword))) {
throw new InvalidPasswordException(INVALID_MATCHING);
}
};
public Response changePassword(@Valid PasswordChangeDto passwordChangeDto) {
userManager.changePasswordForLoggedInUser(passwordService.encryptPassword(passwordChangeDto.getOldPassword()), passwordService.encryptPassword(passwordChangeDto.getNewPassword()));
return Response.noContent().build();
}
}

1
scm-webapp/src/main/java/sonia/scm/api/v2/resources/PasswordChangeDto.java
View File

@@ -10,6 +10,7 @@ import org.hibernate.validator.constraints.NotEmpty;
@ToString
public class PasswordChangeDto {
@NotEmpty
private String oldPassword;
@NotEmpty

14
scm-webapp/src/main/java/sonia/scm/api/v2/resources/PasswordOverwriteDto.java Normal file
View File

@@ -0,0 +1,14 @@
package sonia.scm.api.v2.resources;
import lombok.Getter;
import lombok.Setter;
import lombok.ToString;
import org.hibernate.validator.constraints.NotEmpty;
@Getter
@Setter
@ToString
public class PasswordOverwriteDto {
@NotEmpty
private String newPassword;
}

6
scm-webapp/src/main/java/sonia/scm/api/v2/resources/PermissionRootResource.java
View File

@@ -100,7 +100,7 @@ public class PermissionRootResource {
@Produces(VndMediaType.PERMISSION)
@TypeHint(PermissionDto.class)
@Path("{permission-name}")
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("permission-name") String permissionName) throws NotFoundException {
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("permission-name") String permissionName) {
Repository repository = load(namespace, name);
RepositoryPermissions.permissionRead(repository).check();
return Response.ok(
@@ -158,7 +158,7 @@ public class PermissionRootResource {
public Response update(@PathParam("namespace") String namespace,
@PathParam("name") String name,
@PathParam("permission-name") String permissionName,
@Valid PermissionDto permission) throws NotFoundException, AlreadyExistsException {
@Valid PermissionDto permission) throws AlreadyExistsException {
log.info("try to update the permission with name: {}. the modified permission is: {}", permissionName, permission);
Repository repository = load(namespace, name);
RepositoryPermissions.permissionWrite(repository).check();
@@ -198,7 +198,7 @@ public class PermissionRootResource {
@Path("{permission-name}")
public Response delete(@PathParam("namespace") String namespace,
@PathParam("name") String name,
@PathParam("permission-name") String permissionName) throws NotFoundException {
@PathParam("permission-name") String permissionName) {
log.info("try to delete the permission with name: {}.", permissionName);
Repository repository = load(namespace, name);
RepositoryPermissions.modify(repository).check();

4
scm-webapp/src/main/java/sonia/scm/api/v2/resources/RepositoryResource.java
View File

@@ -91,7 +91,7 @@ public class RepositoryResource {
@ResponseCode(code = 404, condition = "not found, no repository with the specified name available in the namespace"),
@ResponseCode(code = 500, condition = "internal server error")
})
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name) throws NotFoundException {
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name){
return adapter.get(loadBy(namespace, name), repositoryToDtoMapper::map);
}
@@ -138,7 +138,7 @@ public class RepositoryResource {
@ResponseCode(code = 500, condition = "internal server error")
})
@TypeHint(TypeHint.NO_CONTENT.class)
public Response update(@PathParam("namespace") String namespace, @PathParam("name") String name, @Valid RepositoryDto repositoryDto) throws NotFoundException, ConcurrentModificationException {
public Response update(@PathParam("namespace") String namespace, @PathParam("name") String name, @Valid RepositoryDto repositoryDto) throws ConcurrentModificationException {
return adapter.update(
loadBy(namespace, name),
existing -> processUpdate(repositoryDto, existing),

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/ResourceLinks.java
View File

@@ -87,7 +87,7 @@ class ResourceLinks {
}
public String passwordChange(String name) {
return userLinkBuilder.method("getUserResource").parameters(name).method("changePassword").parameters().href();
return userLinkBuilder.method("getUserResource").parameters(name).method("overwritePassword").parameters().href();
}
}

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/SingleResourceManagerAdapter.java
View File

@@ -47,7 +47,7 @@ class SingleResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
* Reads the model object for the given id, transforms it to a dto and returns a corresponding http response.
* This handles all corner cases, eg. no matching object for the id or missing privileges.
*/
Response get(Supplier<Optional<MODEL_OBJECT>> reader, Function<MODEL_OBJECT, DTO> mapToDto) throws NotFoundException {
Response get(Supplier<Optional<MODEL_OBJECT>> reader, Function<MODEL_OBJECT, DTO> mapToDto) {
return reader.get()
.map(mapToDto)
.map(Response::ok)

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/SourceRootResource.java
View File

@@ -45,7 +45,7 @@ public class SourceRootResource {
@GET
@Produces(VndMediaType.SOURCE)
@Path("{revision}/{path: .*}")
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision, @PathParam("path") String path) throws NotFoundException, IOException {
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision, @PathParam("path") String path) throws IOException {
return getSource(namespace, name, path, revision);
}

19
scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserResource.java
View File

@@ -5,7 +5,6 @@ import com.webcohesion.enunciate.metadata.rs.StatusCodes;
import com.webcohesion.enunciate.metadata.rs.TypeHint;
import org.apache.shiro.authc.credential.PasswordService;
import sonia.scm.ConcurrentModificationException;
import sonia.scm.NotFoundException;
import sonia.scm.user.User;
import sonia.scm.user.UserManager;
import sonia.scm.web.VndMediaType;
@@ -57,7 +56,7 @@ public class UserResource {
@ResponseCode(code = 404, condition = "not found, no user with the specified id/name available"),
@ResponseCode(code = 500, condition = "internal server error")
})
public Response get(@PathParam("id") String id) throws NotFoundException {
public Response get(@PathParam("id") String id) {
return adapter.get(id, userToDtoMapper::map);
}
@@ -102,7 +101,7 @@ public class UserResource {
@ResponseCode(code = 500, condition = "internal server error")
})
@TypeHint(TypeHint.NO_CONTENT.class)
public Response update(@PathParam("id") String name, @Valid UserDto userDto) throws NotFoundException, ConcurrentModificationException {
public Response update(@PathParam("id") String name, @Valid UserDto userDto) throws ConcurrentModificationException {
return adapter.update(name, existing -> dtoToUserMapper.map(userDto, existing.getPassword()));
}
@@ -111,13 +110,15 @@ public class UserResource {
* The oldPassword property of the DTO is not needed here. it will be ignored.
* The oldPassword property is needed in the MeResources when the actual user change the own password.
*
* <strong>Note:</strong> This method requires "user:modify" privilege.
* <strong>Note:</strong> This method requires "user:modify" privilege to modify the password of other users.
* <strong>Note:</strong> This method requires "user:changeOwnPassword" privilege to modify the own password.
*
* @param name name of the user to be modified
* @param passwordChangeDto change password object to modify password. the old password is here not required
* @param passwordOverwriteDto change password object to modify password. the old password is here not required
*/
@PUT
@Path("password")
@Consumes(VndMediaType.PASSWORD_CHANGE)
@Consumes(VndMediaType.PASSWORD_OVERWRITE)
@StatusCodes({
@ResponseCode(code = 204, condition = "update success"),
@ResponseCode(code = 400, condition = "Invalid body, e.g. the user type is not xml or the given oldPassword do not match the stored one"),
@@ -127,8 +128,8 @@ public class UserResource {
@ResponseCode(code = 500, condition = "internal server error")
})
@TypeHint(TypeHint.NO_CONTENT.class)
public Response changePassword(@PathParam("id") String name, @Valid PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
return adapter.update(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getUserTypeChecker());
public Response overwritePassword(@PathParam("id") String name, @Valid PasswordOverwriteDto passwordOverwriteDto) {
userManager.overwritePassword(name, passwordService.encryptPassword(passwordOverwriteDto.getNewPassword()));
return Response.noContent().build();
}
}

2
scm-webapp/src/main/java/sonia/scm/api/v2/resources/UserToUserDtoMapper.java
View File

@@ -39,10 +39,10 @@ public abstract class UserToUserDtoMapper extends BaseMapper<User, UserDto> {
}
if (UserPermissions.modify(user).isPermitted()) {
linksBuilder.single(link("update", resourceLinks.user().update(target.getName())));
}
if (userManager.isTypeDefault(user)) {
linksBuilder.single(link("password", resourceLinks.user().passwordChange(target.getName())));
}
}
target.add(linksBuilder.build());
}

6
scm-webapp/src/main/java/sonia/scm/group/DefaultGroupManager.java
View File

@@ -125,7 +125,7 @@ public class DefaultGroupManager extends AbstractGroupManager
}
@Override
public void delete(Group group) throws NotFoundException {
public void delete(Group group){
logger.info("delete group {} of type {}", group.getName(), group.getType());
managerDaoAdapter.delete(
group,
@@ -145,7 +145,7 @@ public class DefaultGroupManager extends AbstractGroupManager
public void init(SCMContextProvider context) {}
@Override
public void modify(Group group) throws NotFoundException {
public void modify(Group group){
logger.info("modify group {} of type {}", group.getName(), group.getType());
managerDaoAdapter.modify(
@@ -160,7 +160,7 @@ public class DefaultGroupManager extends AbstractGroupManager
}
@Override
public void refresh(Group group) throws NotFoundException {
public void refresh(Group group){
String name = group.getName();
if (logger.isInfoEnabled())
{

4
scm-webapp/src/main/java/sonia/scm/repository/DefaultRepositoryManager.java
View File

@@ -151,7 +151,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {
}
@Override
public void delete(Repository repository) throws NotFoundException {
public void delete(Repository repository){
logger.info("delete repository {}/{} of type {}", repository.getNamespace(), repository.getName(), repository.getType());
managerDaoAdapter.delete(
repository,
@@ -179,7 +179,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {
}
@Override
public void modify(Repository repository) throws NotFoundException {
public void modify(Repository repository){
logger.info("modify repository {}/{} of type {}", repository.getNamespace(), repository.getName(), repository.getType());
managerDaoAdapter.modify(

8
scm-webapp/src/main/java/sonia/scm/repository/HealthChecker.java
View File

@@ -55,7 +55,7 @@ public final class HealthChecker {
this.repositoryManager = repositoryManager;
}
public void check(String id) throws NotFoundException {
public void check(String id){
RepositoryPermissions.healthCheck(id).check();
Repository repository = repositoryManager.get(id);
@@ -68,7 +68,7 @@ public final class HealthChecker {
}
public void check(Repository repository)
throws NotFoundException, ConcurrentModificationException {
{
RepositoryPermissions.healthCheck(repository).check();
doCheck(repository);
@@ -83,7 +83,7 @@ public final class HealthChecker {
if (check.isPermitted(repository)) {
try {
check(repository);
} catch (ConcurrentModificationException | NotFoundException ex) {
} catch (NotFoundException ex) {
logger.error("health check ends with exception", ex);
}
} else {
@@ -94,7 +94,7 @@ public final class HealthChecker {
}
}
private void doCheck(Repository repository) throws NotFoundException {
private void doCheck(Repository repository){
logger.info("start health check for repository {}", repository.getName());
HealthCheckResult result = HealthCheckResult.healthy();

5
scm-webapp/src/main/java/sonia/scm/security/DefaultAuthorizationCollector.java
View File

@@ -260,6 +260,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
builder.add(canReadOwnUser(user));
builder.add(getUserAutocompletePermission());
builder.add(getGroupAutocompletePermission());
builder.add(getChangeOwnPasswordPermission(user));
permissions = builder.build();
}
@@ -272,6 +273,10 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
return GroupPermissions.autocomplete().asShiroString();
}
private String getChangeOwnPasswordPermission(User user) {
return UserPermissions.changePassword(user).asShiroString();
}
private String getUserAutocompletePermission() {
return UserPermissions.autocomplete().asShiroString();
}

42
scm-webapp/src/main/java/sonia/scm/user/DefaultUserManager.java
View File

@@ -33,11 +33,10 @@
package sonia.scm.user;
//~--- non-JDK imports --------------------------------------------------------
import com.github.sdorra.ssp.PermissionActionCheck;
import com.google.inject.Inject;
import com.google.inject.Singleton;
import org.apache.shiro.SecurityUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sonia.scm.AlreadyExistsException;
@@ -64,8 +63,6 @@ import java.util.Collections;
import java.util.Comparator;
import java.util.List;
//~--- JDK imports ------------------------------------------------------------
/**
*
* @author Sebastian Sdorra
@@ -157,7 +154,7 @@ public class DefaultUserManager extends AbstractUserManager
}
@Override
public void delete(User user) throws NotFoundException {
public void delete(User user) {
logger.info("delete user {} of type {}", user.getName(), user.getType());
managerDaoAdapter.delete(
user,
@@ -193,9 +190,8 @@ public class DefaultUserManager extends AbstractUserManager
* @throws IOException
*/
@Override
public void modify(User user) throws NotFoundException {
public void modify(User user) {
logger.info("modify user {} of type {}", user.getName(), user.getType());
managerDaoAdapter.modify(
user,
UserPermissions::modify,
@@ -212,7 +208,7 @@ public class DefaultUserManager extends AbstractUserManager
* @throws IOException
*/
@Override
public void refresh(User user) throws NotFoundException {
public void refresh(User user) {
if (logger.isInfoEnabled())
{
logger.info("refresh user {} of type {}", user.getName(), user.getType());
@@ -402,6 +398,36 @@ public class DefaultUserManager extends AbstractUserManager
//~--- methods --------------------------------------------------------------
@Override
public void changePasswordForLoggedInUser(String oldPassword, String newPassword) {
User user = get((String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal());
if (!user.getPassword().equals(oldPassword)) {
throw new InvalidPasswordException();
}
user.setPassword(newPassword);
managerDaoAdapter.modify(
user,
UserPermissions::changePassword,
notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, user, notModified),
notModified -> fireEvent(HandlerEventType.MODIFY, user, notModified));
}
@Override
public void overwritePassword(String userId, String newPassword) {
User user = get(userId);
if (user == null) {
throw new NotFoundException();
}
if (!isTypeDefault(user)) {
throw new ChangePasswordNotAllowedException(user.getType());
}
user.setPassword(newPassword);
this.modify(user);
}
/**
* Method description
*

2
scm-webapp/src/test/java/sonia/scm/api/v2/resources/DispatcherMock.java
View File

@@ -5,6 +5,7 @@ import org.jboss.resteasy.mock.MockDispatcherFactory;
import sonia.scm.api.rest.AlreadyExistsExceptionMapper;
import sonia.scm.api.rest.AuthorizationExceptionMapper;
import sonia.scm.api.rest.ConcurrentModificationExceptionMapper;
import sonia.scm.api.rest.IllegalArgumentExceptionMapper;
public class DispatcherMock {
public static Dispatcher createDispatcher(Object resource) {
@@ -17,6 +18,7 @@ public class DispatcherMock {
dispatcher.getProviderFactory().registerProvider(InternalRepositoryExceptionMapper.class);
dispatcher.getProviderFactory().registerProvider(ChangePasswordNotAllowedExceptionMapper.class);
dispatcher.getProviderFactory().registerProvider(InvalidPasswordExceptionMapper.class);
dispatcher.getProviderFactory().registerProvider(IllegalArgumentExceptionMapper.class);
return dispatcher;
}
}

53
scm-webapp/src/test/java/sonia/scm/api/v2/resources/MeResourceTest.java
View File

@@ -13,10 +13,12 @@ import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import sonia.scm.user.InvalidPasswordException;
import sonia.scm.user.User;
import sonia.scm.user.UserManager;
import sonia.scm.web.VndMediaType;
import javax.lang.model.util.Types;
import javax.servlet.http.HttpServletResponse;
import java.net.URI;
import java.net.URISyntaxException;
@@ -26,6 +28,7 @@ import static org.junit.Assert.assertTrue;
import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import static org.mockito.MockitoAnnotations.initMocks;
@@ -69,7 +72,6 @@ public class MeResourceTest {
doNothing().when(userManager).modify(userCaptor.capture());
doNothing().when(userManager).delete(userCaptor.capture());
when(userManager.isTypeDefault(userCaptor.capture())).thenCallRealMethod();
when(userManager.getUserTypeChecker()).thenCallRealMethod();
when(userManager.getDefaultType()).thenReturn("xml");
MeResource meResource = new MeResource(userToDtoMapper, userManager, passwordService);
when(uriInfo.getApiRestUri()).thenReturn(URI.create("/"));
@@ -97,38 +99,40 @@ public class MeResourceTest {
public void shouldEncryptPasswordBeforeChanging() throws Exception {
String newPassword = "pwd123";
String encryptedNewPassword = "encrypted123";
String oldPassword = "notEncriptedSecret";
String encryptedOldPassword = "encryptedOld";
String oldPassword = "secret";
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + MeResource.ME_PATH_V2 + "password")
.contentType(VndMediaType.PASSWORD_CHANGE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
when(passwordService.encryptPassword(eq(newPassword))).thenReturn(encryptedNewPassword);
when(passwordService.encryptPassword(eq(oldPassword))).thenReturn("secret");
when(passwordService.encryptPassword(newPassword)).thenReturn(encryptedNewPassword);
when(passwordService.encryptPassword(oldPassword)).thenReturn(encryptedOldPassword);
ArgumentCaptor<String> encryptedOldPasswordCaptor = ArgumentCaptor.forClass(String.class);
ArgumentCaptor<String> encryptedNewPasswordCaptor = ArgumentCaptor.forClass(String.class);
doNothing().when(userManager).changePasswordForLoggedInUser(encryptedOldPasswordCaptor.capture(), encryptedNewPasswordCaptor.capture());
dispatcher.invoke(request, response);
assertEquals(HttpServletResponse.SC_NO_CONTENT, response.getStatus());
verify(userManager).modify(any(User.class));
User updatedUser = userCaptor.getValue();
assertEquals(encryptedNewPassword, updatedUser.getPassword());
assertEquals(encryptedNewPassword, encryptedNewPasswordCaptor.getValue());
assertEquals(encryptedOldPassword, encryptedOldPasswordCaptor.getValue());
}
@Test
@SubjectAware(username = "trillian", password = "secret")
public void shouldGet400OnChangePasswordOfUserWithNonDefaultType() throws Exception {
public void shouldGet400OnMissingOldPassword() throws Exception {
originalUser.setType("not an xml type");
String newPassword = "pwd123";
String oldPassword = "notEncriptedSecret";
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
String content = String.format("{ \"newPassword\": \"%s\" }", newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + MeResource.ME_PATH_V2 + "password")
.contentType(VndMediaType.PASSWORD_CHANGE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
when(passwordService.encryptPassword(eq(oldPassword))).thenReturn("secret");
dispatcher.invoke(request, response);
@@ -137,17 +141,34 @@ public class MeResourceTest {
@Test
@SubjectAware(username = "trillian", password = "secret")
public void shouldGet400OnChangePasswordIfOldPasswordDoesNotMatchOriginalPassword() throws Exception {
public void shouldGet400OnMissingEmptyPassword() throws Exception {
String newPassword = "pwd123";
String oldPassword = "notEncriptedSecret";
String oldPassword = "";
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + MeResource.ME_PATH_V2 + "password")
.contentType(VndMediaType.PASSWORD_CHANGE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
when(passwordService.encryptPassword(eq(oldPassword))).thenReturn("differentThanSecret");
dispatcher.invoke(request, response);
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
}
@Test
@SubjectAware(username = "trillian", password = "secret")
public void shouldMapExceptionFromManager() throws Exception {
String newPassword = "pwd123";
String oldPassword = "secret";
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + MeResource.ME_PATH_V2 + "password")
.contentType(VndMediaType.PASSWORD_CHANGE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
doThrow(InvalidPasswordException.class).when(userManager).changePasswordForLoggedInUser(any(), any());
dispatcher.invoke(request, response);

53
scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserRootResourceTest.java
View File

@@ -14,7 +14,9 @@ import org.junit.Test;
import org.mockito.ArgumentCaptor;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import sonia.scm.NotFoundException;
import sonia.scm.PageResult;
import sonia.scm.user.ChangePasswordNotAllowedException;
import sonia.scm.user.User;
import sonia.scm.user.UserManager;
import sonia.scm.web.VndMediaType;
@@ -31,6 +33,7 @@ import static org.junit.Assert.assertTrue;
import static org.mockito.Matchers.any;
import static org.mockito.Matchers.eq;
import static org.mockito.Mockito.doNothing;
import static org.mockito.Mockito.doThrow;
import static org.mockito.Mockito.never;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@@ -69,7 +72,6 @@ public class UserRootResourceTest {
originalUser = createDummyUser("Neo");
when(userManager.create(userCaptor.capture())).thenAnswer(invocation -> invocation.getArguments()[0]);
when(userManager.isTypeDefault(userCaptor.capture())).thenCallRealMethod();
when(userManager.getUserTypeChecker()).thenCallRealMethod();
doNothing().when(userManager).modify(userCaptor.capture());
doNothing().when(userManager).delete(userCaptor.capture());
when(userManager.getDefaultType()).thenReturn("xml");
@@ -143,7 +145,7 @@ public class UserRootResourceTest {
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
.contentType(VndMediaType.PASSWORD_CHANGE)
.contentType(VndMediaType.PASSWORD_OVERWRITE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
@@ -151,26 +153,61 @@ public class UserRootResourceTest {
dispatcher.invoke(request, response);
assertEquals(HttpServletResponse.SC_NO_CONTENT, response.getStatus());
verify(userManager).modify(any(User.class));
User updatedUser = userCaptor.getValue();
assertEquals("encrypted123", updatedUser.getPassword());
verify(userManager).overwritePassword("Neo", "encrypted123");
}
@Test
public void shouldGet400OnChangePasswordOfUserWithNonDefaultType() throws Exception {
public void shouldGet400OnOverwritePasswordWhenManagerThrowsNotAllowed() throws Exception {
originalUser.setType("not an xml type");
String newPassword = "pwd123";
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
.contentType(VndMediaType.PASSWORD_CHANGE)
.contentType(VndMediaType.PASSWORD_OVERWRITE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
doThrow(ChangePasswordNotAllowedException.class).when(userManager).overwritePassword(any(), any());
dispatcher.invoke(request, response);
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
}
@Test
public void shouldGet404OnOverwritePasswordWhenNotFound() throws Exception {
originalUser.setType("not an xml type");
String newPassword = "pwd123";
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
.contentType(VndMediaType.PASSWORD_OVERWRITE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
doThrow(NotFoundException.class).when(userManager).overwritePassword(any(), any());
dispatcher.invoke(request, response);
assertEquals(HttpServletResponse.SC_NOT_FOUND, response.getStatus());
}
@Test
public void shouldEncryptPasswordOnOverwritePassword() throws Exception {
originalUser.setType("not an xml type");
String newPassword = "pwd123";
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
MockHttpRequest request = MockHttpRequest
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
.contentType(VndMediaType.PASSWORD_OVERWRITE)
.content(content.getBytes());
MockHttpResponse response = new MockHttpResponse();
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
dispatcher.invoke(request, response);
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
assertEquals(HttpServletResponse.SC_NO_CONTENT, response.getStatus());
verify(userManager).overwritePassword("Neo", "encrypted123");
}
@Test

13
scm-webapp/src/test/java/sonia/scm/api/v2/resources/UserToUserDtoMapperTest.java
View File

@@ -65,7 +65,7 @@ public class UserToUserDtoMapperTest {
}
@Test
public void shouldGetPasswordLinkOnlyForDefaultUserType() {
public void shouldGetPasswordLinkForAdmin() {
User user = createDefaultUser();
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
when(userManager.isTypeDefault(eq(user))).thenReturn(true);
@@ -73,14 +73,15 @@ public class UserToUserDtoMapperTest {
UserDto userDto = mapper.map(user);
assertEquals("expected password link with modify permission", expectedBaseUri.resolve("abc/password").toString(), userDto.getLinks().getLinkBy("password").get().getHref());
}
when(subject.isPermitted("user:modify:abc")).thenReturn(false);
userDto = mapper.map(user);
assertEquals("expected password link on mission modify permission", expectedBaseUri.resolve("abc/password").toString(), userDto.getLinks().getLinkBy("password").get().getHref());
@Test
public void shouldGetPasswordLinkOnlyForDefaultUserType() {
User user = createDefaultUser();
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
when(userManager.isTypeDefault(eq(user))).thenReturn(false);
userDto = mapper.map(user);
UserDto userDto = mapper.map(user);
assertFalse("expected no password link", userDto.getLinks().getLinkBy("password").isPresent());
}

12
scm-webapp/src/test/java/sonia/scm/repository/DefaultRepositoryManagerTest.java
View File

@@ -152,7 +152,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
}
@Test(expected = NotFoundException.class)
public void testDeleteNotFound() throws NotFoundException {
public void testDeleteNotFound(){
manager.delete(createRepositoryWithId());
}
@@ -304,7 +304,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
}
@Test
public void testModify() throws NotFoundException, AlreadyExistsException {
public void testModify() throws AlreadyExistsException {
Repository heartOfGold = createTestRepository();
heartOfGold.setDescription("prototype ship");
@@ -328,12 +328,12 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
}
@Test(expected = NotFoundException.class)
public void testModifyNotFound() throws NotFoundException {
public void testModifyNotFound(){
manager.modify(createRepositoryWithId());
}
@Test
public void testRefresh() throws NotFoundException, AlreadyExistsException {
public void testRefresh() throws AlreadyExistsException {
Repository heartOfGold = createTestRepository();
String description = heartOfGold.getDescription();
@@ -354,7 +354,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
}
@Test(expected = RepositoryNotFoundException.class)
public void testRefreshNotFound() throws NotFoundException {
public void testRefreshNotFound(){
manager.refresh(createRepositoryWithId());
}
@@ -495,7 +495,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
return createRepository(RepositoryTestData.createHeartOfGold());
}
private void delete(Manager<Repository> manager, Repository repository) throws NotFoundException {
private void delete(Manager<Repository> manager, Repository repository){
String id = repository.getId();

21
scm-webapp/src/test/java/sonia/scm/security/DefaultAuthorizationCollectorTest.java
View File

@@ -57,7 +57,6 @@ import sonia.scm.repository.RepositoryTestData;
import sonia.scm.user.User;
import sonia.scm.user.UserTestData;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.containsInAnyOrder;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.nullValue;
@@ -124,8 +123,7 @@ public class DefaultAuthorizationCollectorTest {
@SubjectAware(
configuration = "classpath:sonia/scm/shiro-001.ini"
)
public void testCollectFromCache()
{
public void testCollectFromCache() {
AuthorizationInfo info = new SimpleAuthorizationInfo();
when(cache.get(anyObject())).thenReturn(info);
authenticate(UserTestData.createTrillian(), "main");
@@ -155,14 +153,13 @@ public class DefaultAuthorizationCollectorTest {
@SubjectAware(
configuration = "classpath:sonia/scm/shiro-001.ini"
)
public void testCollectWithoutPermissions()
{
public void testCollectWithoutPermissions() {
authenticate(UserTestData.createTrillian(), "main");
AuthorizationInfo authInfo = collector.collect();
assertThat(authInfo.getRoles(), Matchers.contains(Role.USER));
assertThat(authInfo.getStringPermissions(), hasSize(3));
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "user:read:trillian"));
assertThat(authInfo.getStringPermissions(), hasSize(4));
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "user:changePassword:trillian", "user:read:trillian"));
assertThat(authInfo.getObjectPermissions(), nullValue());
}
@@ -173,8 +170,7 @@ public class DefaultAuthorizationCollectorTest {
@SubjectAware(
configuration = "classpath:sonia/scm/shiro-001.ini"
)
public void testCollectAsAdmin()
{
public void testCollectAsAdmin() {
User trillian = UserTestData.createTrillian();
trillian.setAdmin(true);
authenticate(trillian, "main");
@@ -192,8 +188,7 @@ public class DefaultAuthorizationCollectorTest {
@SubjectAware(
configuration = "classpath:sonia/scm/shiro-001.ini"
)
public void testCollectWithRepositoryPermissions()
{
public void testCollectWithRepositoryPermissions() {
String group = "heart-of-gold-crew";
authenticate(UserTestData.createTrillian(), group);
Repository heartOfGold = RepositoryTestData.createHeartOfGold();
@@ -209,7 +204,7 @@ public class DefaultAuthorizationCollectorTest {
AuthorizationInfo authInfo = collector.collect();
assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER));
assertThat(authInfo.getObjectPermissions(), nullValue());
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "repository:read,pull:one", "repository:read,pull,push:two", "user:read:trillian"));
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "user:changePassword:trillian", "repository:read,pull:one", "repository:read,pull,push:two", "user:read:trillian"));
}
/**
@@ -230,7 +225,7 @@ public class DefaultAuthorizationCollectorTest {
AuthorizationInfo authInfo = collector.collect();
assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER));
assertThat(authInfo.getObjectPermissions(), nullValue());
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("one:one", "two:two", "user:read:trillian", "user:autocomplete" , "group:autocomplete" ));
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("one:one", "two:two", "user:read:trillian", "user:autocomplete", "group:autocomplete", "user:changePassword:trillian"));
}
private void authenticate(User user, String group, String... groups) {

70
scm-webapp/src/test/java/sonia/scm/user/DefaultUserManagerTest.java
View File

@@ -39,9 +39,13 @@ import com.github.sdorra.shiro.ShiroRule;
import com.github.sdorra.shiro.SubjectAware;
import com.google.common.collect.Lists;
import org.assertj.core.api.Assertions;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentCaptor;
import sonia.scm.NotFoundException;
import sonia.scm.store.JAXBConfigurationStoreFactory;
import sonia.scm.user.xml.XmlUserDAO;
import sonia.scm.util.MockUtil;
@@ -70,6 +74,10 @@ public class DefaultUserManagerTest extends UserManagerTestBase
@Rule
public ShiroRule shiro = new ShiroRule();
private UserDAO userDAO = mock(UserDAO.class);
private User trillian;
/**
* Method description
*
@@ -82,6 +90,16 @@ public class DefaultUserManagerTest extends UserManagerTestBase
return new DefaultUserManager(createXmlUserDAO());
}
@Before
public void initDao() {
trillian = UserTestData.createTrillian();
trillian.setPassword("oldEncrypted");
userDAO = mock(UserDAO.class);
when(userDAO.getType()).thenReturn("xml");
when(userDAO.get("trillian")).thenReturn(trillian);
}
/**
* Method description
*
@@ -89,7 +107,6 @@ public class DefaultUserManagerTest extends UserManagerTestBase
@Test
public void testDefaultAccountAfterFristStart()
{
UserDAO userDAO = mock(UserDAO.class);
List<User> users = Lists.newArrayList(new User("tuser"));
when(userDAO.getAll()).thenReturn(users);
@@ -108,8 +125,6 @@ public class DefaultUserManagerTest extends UserManagerTestBase
@SuppressWarnings("unchecked")
public void testDefaultAccountCreation()
{
UserDAO userDAO = mock(UserDAO.class);
when(userDAO.getAll()).thenReturn(Collections.EMPTY_LIST);
UserManager userManager = new DefaultUserManager(userDAO);
@@ -118,6 +133,55 @@ public class DefaultUserManagerTest extends UserManagerTestBase
verify(userDAO, times(2)).add(any(User.class));
}
@Test(expected = InvalidPasswordException.class)
public void shouldFailChangePasswordForWrongOldPassword() {
UserManager userManager = new DefaultUserManager(userDAO);
userManager.changePasswordForLoggedInUser("wrongPassword", "---");
}
@Test
public void shouldSucceedChangePassword() {
ArgumentCaptor<User> userCaptor = ArgumentCaptor.forClass(User.class);
doNothing().when(userDAO).modify(userCaptor.capture());
UserManager userManager = new DefaultUserManager(userDAO);
userManager.changePasswordForLoggedInUser("oldEncrypted", "newEncrypted");
Assertions.assertThat(userCaptor.getValue().getPassword()).isEqualTo("newEncrypted");
}
@Test(expected = ChangePasswordNotAllowedException.class)
public void shouldFailOverwritePasswordForWrongType() {
trillian.setType("wrongType");
UserManager userManager = new DefaultUserManager(userDAO);
userManager.overwritePassword("trillian", "---");
}
@Test(expected = NotFoundException.class)
public void shouldFailOverwritePasswordForMissingUser() {
UserManager userManager = new DefaultUserManager(userDAO);
userManager.overwritePassword("notExisting", "---");
}
@Test
public void shouldSucceedOverwritePassword() {
ArgumentCaptor<User> userCaptor = ArgumentCaptor.forClass(User.class);
doNothing().when(userDAO).modify(userCaptor.capture());
UserManager userManager = new DefaultUserManager(userDAO);
userManager.overwritePassword("trillian", "newEncrypted");
Assertions.assertThat(userCaptor.getValue().getPassword()).isEqualTo("newEncrypted");
}
//~--- methods --------------------------------------------------------------
private XmlUserDAO createXmlUserDAO() {