mirror of
https://github.com/scm-manager/scm-manager.git
synced 2025-11-08 22:45:45 +01:00
Merge with 2.0.0-m3
This commit is contained in:
René Pfeuffer
@@ -99,14 +99,14 @@ public interface Manager<T extends ModelObject>
|
||||
* @param limit parameter
|
||||
*
|
||||
* @since 1.4
|
||||
* @return objects from the store which are starts at the given
|
||||
* @return objects from the store which are starts at the given
|
||||
* start parameter
|
||||
*/
|
||||
Collection<T> getAll(int start, int limit);
|
||||
|
||||
/**
|
||||
* Returns objects from the store which are starts at the given start
|
||||
* parameter sorted by the given {@link java.util.Comparator}.
|
||||
* parameter sorted by the given {@link java.util.Comparator}.
|
||||
* The objects returned are limited by the limit parameter.
|
||||
*
|
||||
*
|
||||
@@ -115,7 +115,7 @@ public interface Manager<T extends ModelObject>
|
||||
* @param limit parameter
|
||||
*
|
||||
* @since 1.4
|
||||
* @return objects from the store which are starts at the given
|
||||
* @return objects from the store which are starts at the given
|
||||
* start parameter
|
||||
*/
|
||||
Collection<T> getAll(Comparator<T> comparator, int start, int limit);
|
||||
|
||||
@@ -71,7 +71,7 @@ public class ManagerDecorator<T extends ModelObject> implements Manager<T> {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(T object) throws NotFoundException {
|
||||
public void delete(T object){
|
||||
decorated.delete(object);
|
||||
}
|
||||
|
||||
@@ -82,12 +82,12 @@ public class ManagerDecorator<T extends ModelObject> implements Manager<T> {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void modify(T object) throws NotFoundException {
|
||||
public void modify(T object){
|
||||
decorated.modify(object);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void refresh(T object) throws NotFoundException {
|
||||
public void refresh(T object){
|
||||
decorated.refresh(object);
|
||||
}
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
package sonia.scm;
|
||||
|
||||
public class NotFoundException extends Exception {
|
||||
public class NotFoundException extends RuntimeException {
|
||||
public NotFoundException(String type, String id) {
|
||||
super(type + " with id '" + id + "' not found");
|
||||
}
|
||||
|
||||
@@ -2,10 +2,10 @@ package sonia.scm.user;
|
||||
|
||||
public class ChangePasswordNotAllowedException extends RuntimeException {
|
||||
|
||||
public static final String WRONG_USER_TYPE = "User of type {0} are not allowed to change password";
|
||||
public static final String WRONG_USER_TYPE = "User of type %s are not allowed to change password";
|
||||
|
||||
public ChangePasswordNotAllowedException(String message) {
|
||||
super(message);
|
||||
public ChangePasswordNotAllowedException(String type) {
|
||||
super(String.format(WRONG_USER_TYPE, type));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -2,9 +2,7 @@ package sonia.scm.user;
|
||||
|
||||
public class InvalidPasswordException extends RuntimeException {
|
||||
|
||||
public static final String INVALID_MATCHING = "The given Password does not match with the stored one.";
|
||||
|
||||
public InvalidPasswordException(String message) {
|
||||
super(message);
|
||||
public InvalidPasswordException() {
|
||||
super("The given Password does not match with the stored one.");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -56,7 +56,10 @@ import java.security.Principal;
|
||||
*
|
||||
* @author Sebastian Sdorra
|
||||
*/
|
||||
@StaticPermissions(value = "user", globalPermissions = {"create", "list", "autocomplete"})
|
||||
@StaticPermissions(
|
||||
value = "user",
|
||||
globalPermissions = {"create", "list", "autocomplete"},
|
||||
permissions = {"read", "modify", "delete", "changePassword"})
|
||||
@XmlRootElement(name = "users")
|
||||
@XmlAccessorType(XmlAccessType.FIELD)
|
||||
public class User extends BasicPropertiesAware implements Principal, ModelObject, PermissionObject, ReducedModelObject
|
||||
@@ -274,10 +277,6 @@ public class User extends BasicPropertiesAware implements Principal, ModelObject
|
||||
//J+
|
||||
}
|
||||
|
||||
public User changePassword(String password){
|
||||
setPassword(password);
|
||||
return this;
|
||||
}
|
||||
//~--- get methods ----------------------------------------------------------
|
||||
|
||||
/**
|
||||
|
||||
@@ -38,11 +38,7 @@ package sonia.scm.user;
|
||||
import sonia.scm.Manager;
|
||||
import sonia.scm.search.Searchable;
|
||||
|
||||
import java.text.MessageFormat;
|
||||
import java.util.Collection;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
import static sonia.scm.user.ChangePasswordNotAllowedException.WRONG_USER_TYPE;
|
||||
|
||||
/**
|
||||
* The central class for managing {@link User} objects.
|
||||
@@ -75,18 +71,6 @@ public interface UserManager
|
||||
*/
|
||||
public String getDefaultType();
|
||||
|
||||
|
||||
/**
|
||||
* Only account of the default type "xml" can change their password
|
||||
*/
|
||||
default Consumer<User> getUserTypeChecker() {
|
||||
return user -> {
|
||||
if (!isTypeDefault(user)) {
|
||||
throw new ChangePasswordNotAllowedException(MessageFormat.format(WRONG_USER_TYPE, user.getType()));
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
default boolean isTypeDefault(User user) {
|
||||
return getDefaultType().equals(user.getType());
|
||||
}
|
||||
@@ -99,5 +83,17 @@ public interface UserManager
|
||||
*/
|
||||
Collection<User> autocomplete(String filter);
|
||||
|
||||
/**
|
||||
* Changes the password of the logged in user.
|
||||
* @param oldPassword The current encrypted password of the user.
|
||||
* @param newPassword The new encrypted password of the user.
|
||||
*/
|
||||
void changePasswordForLoggedInUser(String oldPassword, String newPassword);
|
||||
|
||||
/**
|
||||
* Overwrites the password for the given user id. This needs user write privileges.
|
||||
* @param userId The id of the user to change the password for.
|
||||
* @param newPassword The new encrypted password.
|
||||
*/
|
||||
void overwritePassword(String userId, String newPassword);
|
||||
}
|
||||
|
||||
@@ -126,7 +126,16 @@ public class UserManagerDecorator extends ManagerDecorator<User>
|
||||
return decorated.autocomplete(filter);
|
||||
}
|
||||
|
||||
//~--- fields ---------------------------------------------------------------
|
||||
@Override
|
||||
public void changePasswordForLoggedInUser(String oldPassword, String newPassword) {
|
||||
decorated.changePasswordForLoggedInUser(oldPassword, newPassword);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void overwritePassword(String userId, String newPassword) {
|
||||
decorated.overwritePassword(userId, newPassword);
|
||||
}
|
||||
//~--- fields ---------------------------------------------------------------
|
||||
|
||||
/** Field description */
|
||||
private final UserManager decorated;
|
||||
|
||||
@@ -39,6 +39,8 @@ public class VndMediaType {
|
||||
public static final String UI_PLUGIN_COLLECTION = PREFIX + "uiPluginCollection" + SUFFIX;
|
||||
@SuppressWarnings("squid:S2068")
|
||||
public static final String PASSWORD_CHANGE = PREFIX + "passwordChange" + SUFFIX;
|
||||
@SuppressWarnings("squid:S2068")
|
||||
public static final String PASSWORD_OVERWRITE = PREFIX + "passwordOverwrite" + SUFFIX;
|
||||
|
||||
public static final String ME = PREFIX + "me" + SUFFIX;
|
||||
public static final String SOURCE = PREFIX + "source" + SUFFIX;
|
||||
|
||||
@@ -154,7 +154,7 @@ public class SyncingRealmHelperTest {
|
||||
* Tests {@link SyncingRealmHelper#store(Group)} with an existing group.
|
||||
*/
|
||||
@Test
|
||||
public void testStoreGroupModify() throws NotFoundException {
|
||||
public void testStoreGroupModify(){
|
||||
Group group = new Group("unit-test", "heartOfGold");
|
||||
|
||||
when(groupManager.get("heartOfGold")).thenReturn(group);
|
||||
@@ -191,7 +191,7 @@ public class SyncingRealmHelperTest {
|
||||
* Tests {@link SyncingRealmHelper#store(User)} with an existing user.
|
||||
*/
|
||||
@Test
|
||||
public void testStoreUserModify() throws NotFoundException {
|
||||
public void testStoreUserModify(){
|
||||
when(userManager.contains("tricia")).thenReturn(Boolean.TRUE);
|
||||
|
||||
User user = new User("tricia");
|
||||
|
||||
@@ -38,6 +38,30 @@ public class MeITCase {
|
||||
.assertStatusCode(204);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nonAdminUserShouldChangeOwnPassword() {
|
||||
String newPassword = "pass1";
|
||||
String username = "user1";
|
||||
String password = "pass";
|
||||
TestData.createUser(username, password,false,"xml", "em@l.de");
|
||||
// user change the own password
|
||||
ScmRequests.start()
|
||||
.requestIndexResource(username, password)
|
||||
.requestMe()
|
||||
.assertStatusCode(200)
|
||||
.assertAdmin(aBoolean -> assertThat(aBoolean).isEqualTo(Boolean.FALSE))
|
||||
.assertPassword(Assert::assertNull)
|
||||
.assertType(s -> assertThat(s).isEqualTo("xml"))
|
||||
.requestChangePassword(password, newPassword)
|
||||
.assertStatusCode(204);
|
||||
// assert password is changed -> login with the new Password than undo changes
|
||||
ScmRequests.start()
|
||||
.requestIndexResource(username, newPassword)
|
||||
.requestMe()
|
||||
.assertStatusCode(200);
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHidePasswordLinkIfUserTypeIsNotXML() {
|
||||
String newUser = "user";
|
||||
|
||||
@@ -29,7 +29,7 @@ public class UserITCase {
|
||||
.assertStatusCode(200)
|
||||
.assertAdmin(aBoolean -> assertThat(aBoolean).isEqualTo(Boolean.TRUE))
|
||||
.assertPassword(Assert::assertNull)
|
||||
.requestChangePassword(newPassword) // the oldPassword is not needed in the user resource
|
||||
.requestChangePassword(newPassword)
|
||||
.assertStatusCode(204);
|
||||
// assert password is changed -> login with the new Password
|
||||
ScmRequests.start()
|
||||
@@ -65,6 +65,25 @@ public class UserITCase {
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nonAdminUserShouldNotChangePasswordOfOtherUser() {
|
||||
String user = "user";
|
||||
String password = "pass";
|
||||
TestData.createUser(user, password, false, "xml", "em@l.de");
|
||||
String user2 = "user2";
|
||||
TestData.createUser(user2, password, false, "xml", "em@l.de");
|
||||
ScmRequests.start()
|
||||
.requestIndexResource(user, password)
|
||||
.assertUsersLinkDoesNotExists();
|
||||
// use the users/ endpoint bypassed the index resource
|
||||
ScmRequests.start()
|
||||
.requestUser(user, password, user2)
|
||||
.assertStatusCode(403);
|
||||
// use the users/password endpoint bypassed the index and users resources
|
||||
ScmRequests.start()
|
||||
.requestUserChangePassword(user, password, user2, "newPassword")
|
||||
.assertStatusCode(403);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHidePasswordLinkIfUserTypeIsNotXML() {
|
||||
|
||||
@@ -3,6 +3,9 @@ package sonia.scm.it.utils;
|
||||
import io.restassured.RestAssured;
|
||||
import io.restassured.response.Response;
|
||||
import org.junit.Assert;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
|
||||
import java.net.ConnectException;
|
||||
@@ -26,7 +29,8 @@ import static sonia.scm.it.utils.TestData.createPasswordChangeJson;
|
||||
*/
|
||||
public class ScmRequests {
|
||||
|
||||
private String url;
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ScmRequests.class);
|
||||
|
||||
private String username;
|
||||
private String password;
|
||||
|
||||
@@ -40,6 +44,18 @@ public class ScmRequests {
|
||||
return new IndexResponse(applyGETRequest(RestUtil.REST_BASE_URL.toString()));
|
||||
}
|
||||
|
||||
public <SELF extends UserResponse<SELF, T>, T extends ModelResponse> UserResponse<SELF,T> requestUser(String username, String password, String pathParam) {
|
||||
setUsername(username);
|
||||
setPassword(password);
|
||||
return new UserResponse<>(applyGETRequest(RestUtil.REST_BASE_URL.resolve("users/"+pathParam).toString()), null);
|
||||
}
|
||||
|
||||
public ChangePasswordResponse<ChangePasswordResponse> requestUserChangePassword(String username, String password, String userPathParam, String newPassword) {
|
||||
setUsername(username);
|
||||
setPassword(password);
|
||||
return new ChangePasswordResponse<>(applyPUTRequest(RestUtil.REST_BASE_URL.resolve("users/"+userPathParam+"/password").toString(), VndMediaType.PASSWORD_OVERWRITE, TestData.createPasswordChangeJson(password,newPassword)), null);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply a GET Request to the extracted url from the given link
|
||||
@@ -77,6 +93,7 @@ public class ScmRequests {
|
||||
* @return the response of the GET request using the given <code>url</code>
|
||||
*/
|
||||
private Response applyGETRequestWithQueryParams(String url, String params) {
|
||||
LOG.info("GET {}", url);
|
||||
return RestAssured.given()
|
||||
.auth().preemptive().basic(username, password)
|
||||
.when()
|
||||
@@ -119,6 +136,7 @@ public class ScmRequests {
|
||||
* @return the response of the PUT request using the given <code>url</code>
|
||||
*/
|
||||
private Response applyPUTRequest(String url, String mediaType, String body) {
|
||||
LOG.info("PUT {}", url);
|
||||
return RestAssured.given()
|
||||
.auth().preemptive().basic(username, password)
|
||||
.when()
|
||||
@@ -136,7 +154,6 @@ public class ScmRequests {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
|
||||
public class IndexResponse extends ModelResponse<IndexResponse, IndexResponse> {
|
||||
public static final String LINK_AUTOCOMPLETE_USERS = "_links.autocomplete.find{it.name=='users'}.href";
|
||||
public static final String LINK_AUTOCOMPLETE_GROUPS = "_links.autocomplete.find{it.name=='groups'}.href";
|
||||
@@ -164,10 +181,15 @@ public class ScmRequests {
|
||||
return new MeResponse<>(applyGETRequestFromLink(response, LINK_ME), this);
|
||||
}
|
||||
|
||||
public UserResponse<IndexResponse> requestUser(String username) {
|
||||
public UserResponse<? extends UserResponse, IndexResponse> requestUser(String username) {
|
||||
return new UserResponse<>(applyGETRequestFromLinkWithParams(response, LINK_USERS, username), this);
|
||||
}
|
||||
|
||||
public IndexResponse assertUsersLinkDoesNotExists() {
|
||||
return super.assertPropertyPathDoesNotExists(LINK_USERS);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
public class RepositoryResponse<PREV extends ModelResponse> extends ModelResponse<RepositoryResponse<PREV>, PREV> {
|
||||
@@ -271,17 +293,19 @@ public class ScmRequests {
|
||||
|
||||
}
|
||||
|
||||
public class MeResponse<PREV extends ModelResponse> extends UserResponse<PREV> {
|
||||
public class MeResponse<PREV extends ModelResponse> extends UserResponse<MeResponse<PREV>, PREV> {
|
||||
|
||||
|
||||
public MeResponse(Response response, PREV previousResponse) {
|
||||
super(response, previousResponse);
|
||||
}
|
||||
|
||||
|
||||
public ChangePasswordResponse<UserResponse> requestChangePassword(String oldPassword, String newPassword) {
|
||||
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_CHANGE, createPasswordChangeJson(oldPassword, newPassword)), this);
|
||||
}
|
||||
}
|
||||
|
||||
public class UserResponse<PREV extends ModelResponse> extends ModelResponse<UserResponse<PREV>, PREV> {
|
||||
public class UserResponse<SELF extends UserResponse<SELF, PREV>, PREV extends ModelResponse> extends ModelResponse<SELF, PREV> {
|
||||
|
||||
public static final String LINKS_PASSWORD_HREF = "_links.password.href";
|
||||
|
||||
@@ -289,34 +313,29 @@ public class ScmRequests {
|
||||
super(response, previousResponse);
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertPassword(Consumer<String> assertPassword) {
|
||||
public SELF assertPassword(Consumer<String> assertPassword) {
|
||||
return super.assertSingleProperty(assertPassword, "password");
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertType(Consumer<String> assertType) {
|
||||
public SELF assertType(Consumer<String> assertType) {
|
||||
return assertSingleProperty(assertType, "type");
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertAdmin(Consumer<Boolean> assertAdmin) {
|
||||
public SELF assertAdmin(Consumer<Boolean> assertAdmin) {
|
||||
return assertSingleProperty(assertAdmin, "admin");
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertPasswordLinkDoesNotExists() {
|
||||
public SELF assertPasswordLinkDoesNotExists() {
|
||||
return assertPropertyPathDoesNotExists(LINKS_PASSWORD_HREF);
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertPasswordLinkExists() {
|
||||
public SELF assertPasswordLinkExists() {
|
||||
return assertPropertyPathExists(LINKS_PASSWORD_HREF);
|
||||
}
|
||||
|
||||
public ChangePasswordResponse<UserResponse> requestChangePassword(String newPassword) {
|
||||
return requestChangePassword(null, newPassword);
|
||||
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_OVERWRITE, createPasswordChangeJson(null, newPassword)), this);
|
||||
}
|
||||
|
||||
public ChangePasswordResponse<UserResponse> requestChangePassword(String oldPassword, String newPassword) {
|
||||
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_CHANGE, createPasswordChangeJson(oldPassword, newPassword)), this);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -196,7 +196,7 @@ public abstract class UserManagerTestBase extends ManagerTestBase<User> {
|
||||
}
|
||||
|
||||
@Test(expected = NotFoundException.class)
|
||||
public void testModifyNotExisting() throws NotFoundException, ConcurrentModificationException {
|
||||
public void testModifyNotExisting() {
|
||||
manager.modify(UserTestData.createZaphod());
|
||||
}
|
||||
|
||||
@@ -249,7 +249,7 @@ public abstract class UserManagerTestBase extends ManagerTestBase<User> {
|
||||
}
|
||||
|
||||
@Test(expected = NotFoundException.class)
|
||||
public void testRefreshNotFound() throws NotFoundException {
|
||||
public void testRefreshNotFound(){
|
||||
manager.refresh(UserTestData.createDent());
|
||||
}
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ public class ManagerDaoAdapter<T extends ModelObject> {
|
||||
this.dao = dao;
|
||||
}
|
||||
|
||||
public void modify(T object, Function<T, PermissionCheck> permissionCheck, AroundHandler<T> beforeUpdate, AroundHandler<T> afterUpdate) throws NotFoundException {
|
||||
public void modify(T object, Function<T, PermissionCheck> permissionCheck, AroundHandler<T> beforeUpdate, AroundHandler<T> afterUpdate) {
|
||||
T notModified = dao.get(object.getId());
|
||||
if (notModified != null) {
|
||||
permissionCheck.apply(notModified).check();
|
||||
@@ -51,7 +51,7 @@ public class ManagerDaoAdapter<T extends ModelObject> {
|
||||
return newObject;
|
||||
}
|
||||
|
||||
public void delete(T toDelete, Supplier<PermissionCheck> permissionCheck, AroundHandler<T> beforeDelete, AroundHandler<T> afterDelete) throws NotFoundException {
|
||||
public void delete(T toDelete, Supplier<PermissionCheck> permissionCheck, AroundHandler<T> beforeDelete, AroundHandler<T> afterDelete) {
|
||||
permissionCheck.get().check();
|
||||
if (dao.contains(toDelete)) {
|
||||
beforeDelete.handle(toDelete);
|
||||
|
||||
@@ -63,6 +63,6 @@ public class IllegalArgumentExceptionMapper
|
||||
public Response toResponse(IllegalArgumentException exception)
|
||||
{
|
||||
log.info("caught IllegalArgumentException -- mapping to bad request", exception);
|
||||
return Response.status(Status.BAD_REQUEST).build();
|
||||
return Response.status(Status.BAD_REQUEST).entity(exception.getMessage()).build();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -109,7 +109,7 @@ public class ChangePasswordResource
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
|
||||
public Response changePassword(@FormParam("old-password") String oldPassword, @FormParam("new-password") String newPassword) throws NotFoundException, ConcurrentModificationException {
|
||||
public Response changePassword(@FormParam("old-password") String oldPassword, @FormParam("new-password") String newPassword) {
|
||||
AssertUtil.assertIsNotEmpty(oldPassword);
|
||||
AssertUtil.assertIsNotEmpty(newPassword);
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ public class DiffRootResource {
|
||||
@ResponseCode(code = 404, condition = "not found, no revision with the specified param for the repository available or repository not found"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision) throws NotFoundException {
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision){
|
||||
HttpUtil.checkForCRLFInjection(revision);
|
||||
try (RepositoryService repositoryService = serviceFactory.create(new NamespaceAndName(namespace, name))) {
|
||||
StreamingOutput responseEntry = output -> {
|
||||
|
||||
@@ -53,7 +53,7 @@ public class GroupResource {
|
||||
@ResponseCode(code = 404, condition = "not found, no group with the specified id/name available"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response get(@PathParam("id") String id) throws NotFoundException {
|
||||
public Response get(@PathParam("id") String id){
|
||||
return adapter.get(id, groupToGroupDtoMapper::map);
|
||||
}
|
||||
|
||||
@@ -98,7 +98,7 @@ public class GroupResource {
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response update(@PathParam("id") String name, @Valid GroupDto groupDto) throws NotFoundException, ConcurrentModificationException {
|
||||
public Response update(@PathParam("id") String name, @Valid GroupDto groupDto) throws ConcurrentModificationException {
|
||||
return adapter.update(name, existing -> dtoToGroupMapper.map(groupDto));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5,12 +5,10 @@ import sonia.scm.AlreadyExistsException;
|
||||
import sonia.scm.ConcurrentModificationException;
|
||||
import sonia.scm.Manager;
|
||||
import sonia.scm.ModelObject;
|
||||
import sonia.scm.NotFoundException;
|
||||
import sonia.scm.PageResult;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
import java.util.Optional;
|
||||
import java.util.function.Consumer;
|
||||
import java.util.function.Function;
|
||||
import java.util.function.Predicate;
|
||||
import java.util.function.Supplier;
|
||||
@@ -34,20 +32,11 @@ class IdResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
|
||||
collectionAdapter = new CollectionResourceManagerAdapter<>(manager, type);
|
||||
}
|
||||
|
||||
Response get(String id, Function<MODEL_OBJECT, DTO> mapToDto) throws NotFoundException {
|
||||
Response get(String id, Function<MODEL_OBJECT, DTO> mapToDto) {
|
||||
return singleAdapter.get(loadBy(id), mapToDto);
|
||||
}
|
||||
|
||||
public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges, Consumer<MODEL_OBJECT> checker) throws NotFoundException, ConcurrentModificationException {
|
||||
return singleAdapter.update(
|
||||
loadBy(id),
|
||||
applyChanges,
|
||||
idStaysTheSame(id),
|
||||
checker
|
||||
);
|
||||
}
|
||||
|
||||
public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges) throws NotFoundException, ConcurrentModificationException {
|
||||
public Response update(String id, Function<MODEL_OBJECT, MODEL_OBJECT> applyChanges) throws ConcurrentModificationException {
|
||||
return singleAdapter.update(
|
||||
loadBy(id),
|
||||
applyChanges,
|
||||
|
||||
@@ -5,14 +5,12 @@ import com.webcohesion.enunciate.metadata.rs.StatusCodes;
|
||||
import com.webcohesion.enunciate.metadata.rs.TypeHint;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.apache.shiro.authc.credential.PasswordService;
|
||||
import sonia.scm.ConcurrentModificationException;
|
||||
import sonia.scm.NotFoundException;
|
||||
import sonia.scm.user.InvalidPasswordException;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
|
||||
import javax.inject.Inject;
|
||||
import javax.validation.Valid;
|
||||
import javax.ws.rs.Consumes;
|
||||
import javax.ws.rs.GET;
|
||||
import javax.ws.rs.PUT;
|
||||
@@ -22,9 +20,6 @@ import javax.ws.rs.core.Context;
|
||||
import javax.ws.rs.core.Request;
|
||||
import javax.ws.rs.core.Response;
|
||||
import javax.ws.rs.core.UriInfo;
|
||||
import java.util.function.Consumer;
|
||||
|
||||
import static sonia.scm.user.InvalidPasswordException.INVALID_MATCHING;
|
||||
|
||||
|
||||
/**
|
||||
@@ -60,7 +55,7 @@ public class MeResource {
|
||||
@ResponseCode(code = 401, condition = "not authenticated / invalid credentials"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response get(@Context Request request, @Context UriInfo uriInfo) throws NotFoundException {
|
||||
public Response get(@Context Request request, @Context UriInfo uriInfo) {
|
||||
|
||||
String id = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
|
||||
return adapter.get(id, meToUserDtoMapper::map);
|
||||
@@ -78,19 +73,8 @@ public class MeResource {
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
@Consumes(VndMediaType.PASSWORD_CHANGE)
|
||||
public Response changePassword(PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
|
||||
String name = (String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal();
|
||||
return adapter.update(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getUserTypeChecker().andThen(getOldOriginalPasswordChecker(passwordChangeDto.getOldPassword())));
|
||||
}
|
||||
|
||||
/**
|
||||
* Match given old password from the dto with the stored password before updating
|
||||
*/
|
||||
private Consumer<User> getOldOriginalPasswordChecker(String oldPassword) {
|
||||
return user -> {
|
||||
if (!user.getPassword().equals(passwordService.encryptPassword(oldPassword))) {
|
||||
throw new InvalidPasswordException(INVALID_MATCHING);
|
||||
}
|
||||
};
|
||||
public Response changePassword(@Valid PasswordChangeDto passwordChangeDto) {
|
||||
userManager.changePasswordForLoggedInUser(passwordService.encryptPassword(passwordChangeDto.getOldPassword()), passwordService.encryptPassword(passwordChangeDto.getNewPassword()));
|
||||
return Response.noContent().build();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,6 +10,7 @@ import org.hibernate.validator.constraints.NotEmpty;
|
||||
@ToString
|
||||
public class PasswordChangeDto {
|
||||
|
||||
@NotEmpty
|
||||
private String oldPassword;
|
||||
|
||||
@NotEmpty
|
||||
|
||||
@@ -0,0 +1,14 @@
|
||||
package sonia.scm.api.v2.resources;
|
||||
|
||||
import lombok.Getter;
|
||||
import lombok.Setter;
|
||||
import lombok.ToString;
|
||||
import org.hibernate.validator.constraints.NotEmpty;
|
||||
|
||||
@Getter
|
||||
@Setter
|
||||
@ToString
|
||||
public class PasswordOverwriteDto {
|
||||
@NotEmpty
|
||||
private String newPassword;
|
||||
}
|
||||
@@ -100,7 +100,7 @@ public class PermissionRootResource {
|
||||
@Produces(VndMediaType.PERMISSION)
|
||||
@TypeHint(PermissionDto.class)
|
||||
@Path("{permission-name}")
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("permission-name") String permissionName) throws NotFoundException {
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("permission-name") String permissionName) {
|
||||
Repository repository = load(namespace, name);
|
||||
RepositoryPermissions.permissionRead(repository).check();
|
||||
return Response.ok(
|
||||
@@ -158,7 +158,7 @@ public class PermissionRootResource {
|
||||
public Response update(@PathParam("namespace") String namespace,
|
||||
@PathParam("name") String name,
|
||||
@PathParam("permission-name") String permissionName,
|
||||
@Valid PermissionDto permission) throws NotFoundException, AlreadyExistsException {
|
||||
@Valid PermissionDto permission) throws AlreadyExistsException {
|
||||
log.info("try to update the permission with name: {}. the modified permission is: {}", permissionName, permission);
|
||||
Repository repository = load(namespace, name);
|
||||
RepositoryPermissions.permissionWrite(repository).check();
|
||||
@@ -198,7 +198,7 @@ public class PermissionRootResource {
|
||||
@Path("{permission-name}")
|
||||
public Response delete(@PathParam("namespace") String namespace,
|
||||
@PathParam("name") String name,
|
||||
@PathParam("permission-name") String permissionName) throws NotFoundException {
|
||||
@PathParam("permission-name") String permissionName) {
|
||||
log.info("try to delete the permission with name: {}.", permissionName);
|
||||
Repository repository = load(namespace, name);
|
||||
RepositoryPermissions.modify(repository).check();
|
||||
|
||||
@@ -91,7 +91,7 @@ public class RepositoryResource {
|
||||
@ResponseCode(code = 404, condition = "not found, no repository with the specified name available in the namespace"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name) throws NotFoundException {
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name){
|
||||
return adapter.get(loadBy(namespace, name), repositoryToDtoMapper::map);
|
||||
}
|
||||
|
||||
@@ -138,7 +138,7 @@ public class RepositoryResource {
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response update(@PathParam("namespace") String namespace, @PathParam("name") String name, @Valid RepositoryDto repositoryDto) throws NotFoundException, ConcurrentModificationException {
|
||||
public Response update(@PathParam("namespace") String namespace, @PathParam("name") String name, @Valid RepositoryDto repositoryDto) throws ConcurrentModificationException {
|
||||
return adapter.update(
|
||||
loadBy(namespace, name),
|
||||
existing -> processUpdate(repositoryDto, existing),
|
||||
|
||||
@@ -87,7 +87,7 @@ class ResourceLinks {
|
||||
}
|
||||
|
||||
public String passwordChange(String name) {
|
||||
return userLinkBuilder.method("getUserResource").parameters(name).method("changePassword").parameters().href();
|
||||
return userLinkBuilder.method("getUserResource").parameters(name).method("overwritePassword").parameters().href();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ class SingleResourceManagerAdapter<MODEL_OBJECT extends ModelObject,
|
||||
* Reads the model object for the given id, transforms it to a dto and returns a corresponding http response.
|
||||
* This handles all corner cases, eg. no matching object for the id or missing privileges.
|
||||
*/
|
||||
Response get(Supplier<Optional<MODEL_OBJECT>> reader, Function<MODEL_OBJECT, DTO> mapToDto) throws NotFoundException {
|
||||
Response get(Supplier<Optional<MODEL_OBJECT>> reader, Function<MODEL_OBJECT, DTO> mapToDto) {
|
||||
return reader.get()
|
||||
.map(mapToDto)
|
||||
.map(Response::ok)
|
||||
|
||||
@@ -45,7 +45,7 @@ public class SourceRootResource {
|
||||
@GET
|
||||
@Produces(VndMediaType.SOURCE)
|
||||
@Path("{revision}/{path: .*}")
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision, @PathParam("path") String path) throws NotFoundException, IOException {
|
||||
public Response get(@PathParam("namespace") String namespace, @PathParam("name") String name, @PathParam("revision") String revision, @PathParam("path") String path) throws IOException {
|
||||
return getSource(namespace, name, path, revision);
|
||||
}
|
||||
|
||||
|
||||
@@ -5,7 +5,6 @@ import com.webcohesion.enunciate.metadata.rs.StatusCodes;
|
||||
import com.webcohesion.enunciate.metadata.rs.TypeHint;
|
||||
import org.apache.shiro.authc.credential.PasswordService;
|
||||
import sonia.scm.ConcurrentModificationException;
|
||||
import sonia.scm.NotFoundException;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
@@ -57,7 +56,7 @@ public class UserResource {
|
||||
@ResponseCode(code = 404, condition = "not found, no user with the specified id/name available"),
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
public Response get(@PathParam("id") String id) throws NotFoundException {
|
||||
public Response get(@PathParam("id") String id) {
|
||||
return adapter.get(id, userToDtoMapper::map);
|
||||
}
|
||||
|
||||
@@ -102,7 +101,7 @@ public class UserResource {
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response update(@PathParam("id") String name, @Valid UserDto userDto) throws NotFoundException, ConcurrentModificationException {
|
||||
public Response update(@PathParam("id") String name, @Valid UserDto userDto) throws ConcurrentModificationException {
|
||||
return adapter.update(name, existing -> dtoToUserMapper.map(userDto, existing.getPassword()));
|
||||
}
|
||||
|
||||
@@ -111,13 +110,15 @@ public class UserResource {
|
||||
* The oldPassword property of the DTO is not needed here. it will be ignored.
|
||||
* The oldPassword property is needed in the MeResources when the actual user change the own password.
|
||||
*
|
||||
* <strong>Note:</strong> This method requires "user:modify" privilege.
|
||||
* <strong>Note:</strong> This method requires "user:modify" privilege to modify the password of other users.
|
||||
* <strong>Note:</strong> This method requires "user:changeOwnPassword" privilege to modify the own password.
|
||||
*
|
||||
* @param name name of the user to be modified
|
||||
* @param passwordChangeDto change password object to modify password. the old password is here not required
|
||||
* @param passwordOverwriteDto change password object to modify password. the old password is here not required
|
||||
*/
|
||||
@PUT
|
||||
@Path("password")
|
||||
@Consumes(VndMediaType.PASSWORD_CHANGE)
|
||||
@Consumes(VndMediaType.PASSWORD_OVERWRITE)
|
||||
@StatusCodes({
|
||||
@ResponseCode(code = 204, condition = "update success"),
|
||||
@ResponseCode(code = 400, condition = "Invalid body, e.g. the user type is not xml or the given oldPassword do not match the stored one"),
|
||||
@@ -127,8 +128,8 @@ public class UserResource {
|
||||
@ResponseCode(code = 500, condition = "internal server error")
|
||||
})
|
||||
@TypeHint(TypeHint.NO_CONTENT.class)
|
||||
public Response changePassword(@PathParam("id") String name, @Valid PasswordChangeDto passwordChangeDto) throws NotFoundException, ConcurrentModificationException {
|
||||
return adapter.update(name, user -> user.changePassword(passwordService.encryptPassword(passwordChangeDto.getNewPassword())), userManager.getUserTypeChecker());
|
||||
public Response overwritePassword(@PathParam("id") String name, @Valid PasswordOverwriteDto passwordOverwriteDto) {
|
||||
userManager.overwritePassword(name, passwordService.encryptPassword(passwordOverwriteDto.getNewPassword()));
|
||||
return Response.noContent().build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -39,9 +39,9 @@ public abstract class UserToUserDtoMapper extends BaseMapper<User, UserDto> {
|
||||
}
|
||||
if (UserPermissions.modify(user).isPermitted()) {
|
||||
linksBuilder.single(link("update", resourceLinks.user().update(target.getName())));
|
||||
}
|
||||
if (userManager.isTypeDefault(user)) {
|
||||
linksBuilder.single(link("password", resourceLinks.user().passwordChange(target.getName())));
|
||||
if (userManager.isTypeDefault(user)) {
|
||||
linksBuilder.single(link("password", resourceLinks.user().passwordChange(target.getName())));
|
||||
}
|
||||
}
|
||||
target.add(linksBuilder.build());
|
||||
}
|
||||
|
||||
@@ -125,7 +125,7 @@ public class DefaultGroupManager extends AbstractGroupManager
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(Group group) throws NotFoundException {
|
||||
public void delete(Group group){
|
||||
logger.info("delete group {} of type {}", group.getName(), group.getType());
|
||||
managerDaoAdapter.delete(
|
||||
group,
|
||||
@@ -145,7 +145,7 @@ public class DefaultGroupManager extends AbstractGroupManager
|
||||
public void init(SCMContextProvider context) {}
|
||||
|
||||
@Override
|
||||
public void modify(Group group) throws NotFoundException {
|
||||
public void modify(Group group){
|
||||
logger.info("modify group {} of type {}", group.getName(), group.getType());
|
||||
|
||||
managerDaoAdapter.modify(
|
||||
@@ -160,7 +160,7 @@ public class DefaultGroupManager extends AbstractGroupManager
|
||||
}
|
||||
|
||||
@Override
|
||||
public void refresh(Group group) throws NotFoundException {
|
||||
public void refresh(Group group){
|
||||
String name = group.getName();
|
||||
if (logger.isInfoEnabled())
|
||||
{
|
||||
|
||||
@@ -151,7 +151,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(Repository repository) throws NotFoundException {
|
||||
public void delete(Repository repository){
|
||||
logger.info("delete repository {}/{} of type {}", repository.getNamespace(), repository.getName(), repository.getType());
|
||||
managerDaoAdapter.delete(
|
||||
repository,
|
||||
@@ -179,7 +179,7 @@ public class DefaultRepositoryManager extends AbstractRepositoryManager {
|
||||
}
|
||||
|
||||
@Override
|
||||
public void modify(Repository repository) throws NotFoundException {
|
||||
public void modify(Repository repository){
|
||||
logger.info("modify repository {}/{} of type {}", repository.getNamespace(), repository.getName(), repository.getType());
|
||||
|
||||
managerDaoAdapter.modify(
|
||||
|
||||
@@ -55,7 +55,7 @@ public final class HealthChecker {
|
||||
this.repositoryManager = repositoryManager;
|
||||
}
|
||||
|
||||
public void check(String id) throws NotFoundException {
|
||||
public void check(String id){
|
||||
RepositoryPermissions.healthCheck(id).check();
|
||||
|
||||
Repository repository = repositoryManager.get(id);
|
||||
@@ -68,7 +68,7 @@ public final class HealthChecker {
|
||||
}
|
||||
|
||||
public void check(Repository repository)
|
||||
throws NotFoundException, ConcurrentModificationException {
|
||||
{
|
||||
RepositoryPermissions.healthCheck(repository).check();
|
||||
|
||||
doCheck(repository);
|
||||
@@ -83,7 +83,7 @@ public final class HealthChecker {
|
||||
if (check.isPermitted(repository)) {
|
||||
try {
|
||||
check(repository);
|
||||
} catch (ConcurrentModificationException | NotFoundException ex) {
|
||||
} catch (NotFoundException ex) {
|
||||
logger.error("health check ends with exception", ex);
|
||||
}
|
||||
} else {
|
||||
@@ -94,7 +94,7 @@ public final class HealthChecker {
|
||||
}
|
||||
}
|
||||
|
||||
private void doCheck(Repository repository) throws NotFoundException {
|
||||
private void doCheck(Repository repository){
|
||||
logger.info("start health check for repository {}", repository.getName());
|
||||
|
||||
HealthCheckResult result = HealthCheckResult.healthy();
|
||||
|
||||
@@ -260,6 +260,7 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
|
||||
builder.add(canReadOwnUser(user));
|
||||
builder.add(getUserAutocompletePermission());
|
||||
builder.add(getGroupAutocompletePermission());
|
||||
builder.add(getChangeOwnPasswordPermission(user));
|
||||
permissions = builder.build();
|
||||
}
|
||||
|
||||
@@ -272,6 +273,10 @@ public class DefaultAuthorizationCollector implements AuthorizationCollector
|
||||
return GroupPermissions.autocomplete().asShiroString();
|
||||
}
|
||||
|
||||
private String getChangeOwnPasswordPermission(User user) {
|
||||
return UserPermissions.changePassword(user).asShiroString();
|
||||
}
|
||||
|
||||
private String getUserAutocompletePermission() {
|
||||
return UserPermissions.autocomplete().asShiroString();
|
||||
}
|
||||
|
||||
@@ -33,11 +33,10 @@
|
||||
|
||||
package sonia.scm.user;
|
||||
|
||||
//~--- non-JDK imports --------------------------------------------------------
|
||||
|
||||
import com.github.sdorra.ssp.PermissionActionCheck;
|
||||
import com.google.inject.Inject;
|
||||
import com.google.inject.Singleton;
|
||||
import org.apache.shiro.SecurityUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.AlreadyExistsException;
|
||||
@@ -64,8 +63,6 @@ import java.util.Collections;
|
||||
import java.util.Comparator;
|
||||
import java.util.List;
|
||||
|
||||
//~--- JDK imports ------------------------------------------------------------
|
||||
|
||||
/**
|
||||
*
|
||||
* @author Sebastian Sdorra
|
||||
@@ -157,7 +154,7 @@ public class DefaultUserManager extends AbstractUserManager
|
||||
}
|
||||
|
||||
@Override
|
||||
public void delete(User user) throws NotFoundException {
|
||||
public void delete(User user) {
|
||||
logger.info("delete user {} of type {}", user.getName(), user.getType());
|
||||
managerDaoAdapter.delete(
|
||||
user,
|
||||
@@ -193,9 +190,8 @@ public class DefaultUserManager extends AbstractUserManager
|
||||
* @throws IOException
|
||||
*/
|
||||
@Override
|
||||
public void modify(User user) throws NotFoundException {
|
||||
public void modify(User user) {
|
||||
logger.info("modify user {} of type {}", user.getName(), user.getType());
|
||||
|
||||
managerDaoAdapter.modify(
|
||||
user,
|
||||
UserPermissions::modify,
|
||||
@@ -212,7 +208,7 @@ public class DefaultUserManager extends AbstractUserManager
|
||||
* @throws IOException
|
||||
*/
|
||||
@Override
|
||||
public void refresh(User user) throws NotFoundException {
|
||||
public void refresh(User user) {
|
||||
if (logger.isInfoEnabled())
|
||||
{
|
||||
logger.info("refresh user {} of type {}", user.getName(), user.getType());
|
||||
@@ -402,6 +398,36 @@ public class DefaultUserManager extends AbstractUserManager
|
||||
|
||||
//~--- methods --------------------------------------------------------------
|
||||
|
||||
@Override
|
||||
public void changePasswordForLoggedInUser(String oldPassword, String newPassword) {
|
||||
User user = get((String) SecurityUtils.getSubject().getPrincipals().getPrimaryPrincipal());
|
||||
|
||||
if (!user.getPassword().equals(oldPassword)) {
|
||||
throw new InvalidPasswordException();
|
||||
}
|
||||
|
||||
user.setPassword(newPassword);
|
||||
|
||||
managerDaoAdapter.modify(
|
||||
user,
|
||||
UserPermissions::changePassword,
|
||||
notModified -> fireEvent(HandlerEventType.BEFORE_MODIFY, user, notModified),
|
||||
notModified -> fireEvent(HandlerEventType.MODIFY, user, notModified));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void overwritePassword(String userId, String newPassword) {
|
||||
User user = get(userId);
|
||||
if (user == null) {
|
||||
throw new NotFoundException();
|
||||
}
|
||||
if (!isTypeDefault(user)) {
|
||||
throw new ChangePasswordNotAllowedException(user.getType());
|
||||
}
|
||||
user.setPassword(newPassword);
|
||||
this.modify(user);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
|
||||
@@ -5,6 +5,7 @@ import org.jboss.resteasy.mock.MockDispatcherFactory;
|
||||
import sonia.scm.api.rest.AlreadyExistsExceptionMapper;
|
||||
import sonia.scm.api.rest.AuthorizationExceptionMapper;
|
||||
import sonia.scm.api.rest.ConcurrentModificationExceptionMapper;
|
||||
import sonia.scm.api.rest.IllegalArgumentExceptionMapper;
|
||||
|
||||
public class DispatcherMock {
|
||||
public static Dispatcher createDispatcher(Object resource) {
|
||||
@@ -17,6 +18,7 @@ public class DispatcherMock {
|
||||
dispatcher.getProviderFactory().registerProvider(InternalRepositoryExceptionMapper.class);
|
||||
dispatcher.getProviderFactory().registerProvider(ChangePasswordNotAllowedExceptionMapper.class);
|
||||
dispatcher.getProviderFactory().registerProvider(InvalidPasswordExceptionMapper.class);
|
||||
dispatcher.getProviderFactory().registerProvider(IllegalArgumentExceptionMapper.class);
|
||||
return dispatcher;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -13,10 +13,12 @@ import org.junit.Test;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import sonia.scm.user.InvalidPasswordException;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
|
||||
import javax.lang.model.util.Types;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.net.URI;
|
||||
import java.net.URISyntaxException;
|
||||
@@ -26,6 +28,7 @@ import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.ArgumentMatchers.any;
|
||||
import static org.mockito.ArgumentMatchers.eq;
|
||||
import static org.mockito.Mockito.doNothing;
|
||||
import static org.mockito.Mockito.doThrow;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
import static org.mockito.MockitoAnnotations.initMocks;
|
||||
@@ -69,7 +72,6 @@ public class MeResourceTest {
|
||||
doNothing().when(userManager).modify(userCaptor.capture());
|
||||
doNothing().when(userManager).delete(userCaptor.capture());
|
||||
when(userManager.isTypeDefault(userCaptor.capture())).thenCallRealMethod();
|
||||
when(userManager.getUserTypeChecker()).thenCallRealMethod();
|
||||
when(userManager.getDefaultType()).thenReturn("xml");
|
||||
MeResource meResource = new MeResource(userToDtoMapper, userManager, passwordService);
|
||||
when(uriInfo.getApiRestUri()).thenReturn(URI.create("/"));
|
||||
@@ -97,38 +99,40 @@ public class MeResourceTest {
|
||||
public void shouldEncryptPasswordBeforeChanging() throws Exception {
|
||||
String newPassword = "pwd123";
|
||||
String encryptedNewPassword = "encrypted123";
|
||||
String oldPassword = "notEncriptedSecret";
|
||||
String encryptedOldPassword = "encryptedOld";
|
||||
String oldPassword = "secret";
|
||||
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + MeResource.ME_PATH_V2 + "password")
|
||||
.contentType(VndMediaType.PASSWORD_CHANGE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword(eq(newPassword))).thenReturn(encryptedNewPassword);
|
||||
when(passwordService.encryptPassword(eq(oldPassword))).thenReturn("secret");
|
||||
|
||||
when(passwordService.encryptPassword(newPassword)).thenReturn(encryptedNewPassword);
|
||||
when(passwordService.encryptPassword(oldPassword)).thenReturn(encryptedOldPassword);
|
||||
|
||||
ArgumentCaptor<String> encryptedOldPasswordCaptor = ArgumentCaptor.forClass(String.class);
|
||||
ArgumentCaptor<String> encryptedNewPasswordCaptor = ArgumentCaptor.forClass(String.class);
|
||||
doNothing().when(userManager).changePasswordForLoggedInUser(encryptedOldPasswordCaptor.capture(), encryptedNewPasswordCaptor.capture());
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
assertEquals(HttpServletResponse.SC_NO_CONTENT, response.getStatus());
|
||||
verify(userManager).modify(any(User.class));
|
||||
User updatedUser = userCaptor.getValue();
|
||||
assertEquals(encryptedNewPassword, updatedUser.getPassword());
|
||||
assertEquals(encryptedNewPassword, encryptedNewPasswordCaptor.getValue());
|
||||
assertEquals(encryptedOldPassword, encryptedOldPasswordCaptor.getValue());
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldGet400OnChangePasswordOfUserWithNonDefaultType() throws Exception {
|
||||
public void shouldGet400OnMissingOldPassword() throws Exception {
|
||||
originalUser.setType("not an xml type");
|
||||
String newPassword = "pwd123";
|
||||
String oldPassword = "notEncriptedSecret";
|
||||
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
|
||||
String content = String.format("{ \"newPassword\": \"%s\" }", newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + MeResource.ME_PATH_V2 + "password")
|
||||
.contentType(VndMediaType.PASSWORD_CHANGE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
|
||||
when(passwordService.encryptPassword(eq(oldPassword))).thenReturn("secret");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
@@ -137,17 +141,34 @@ public class MeResourceTest {
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldGet400OnChangePasswordIfOldPasswordDoesNotMatchOriginalPassword() throws Exception {
|
||||
public void shouldGet400OnMissingEmptyPassword() throws Exception {
|
||||
String newPassword = "pwd123";
|
||||
String oldPassword = "notEncriptedSecret";
|
||||
String oldPassword = "";
|
||||
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + MeResource.ME_PATH_V2 + "password")
|
||||
.contentType(VndMediaType.PASSWORD_CHANGE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
|
||||
when(passwordService.encryptPassword(eq(oldPassword))).thenReturn("differentThanSecret");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
@SubjectAware(username = "trillian", password = "secret")
|
||||
public void shouldMapExceptionFromManager() throws Exception {
|
||||
String newPassword = "pwd123";
|
||||
String oldPassword = "secret";
|
||||
String content = String.format("{ \"oldPassword\": \"%s\" , \"newPassword\": \"%s\" }", oldPassword, newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + MeResource.ME_PATH_V2 + "password")
|
||||
.contentType(VndMediaType.PASSWORD_CHANGE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
doThrow(InvalidPasswordException.class).when(userManager).changePasswordForLoggedInUser(any(), any());
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
|
||||
@@ -14,7 +14,9 @@ import org.junit.Test;
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import org.mockito.InjectMocks;
|
||||
import org.mockito.Mock;
|
||||
import sonia.scm.NotFoundException;
|
||||
import sonia.scm.PageResult;
|
||||
import sonia.scm.user.ChangePasswordNotAllowedException;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserManager;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
@@ -31,6 +33,7 @@ import static org.junit.Assert.assertTrue;
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Matchers.eq;
|
||||
import static org.mockito.Mockito.doNothing;
|
||||
import static org.mockito.Mockito.doThrow;
|
||||
import static org.mockito.Mockito.never;
|
||||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
@@ -69,7 +72,6 @@ public class UserRootResourceTest {
|
||||
originalUser = createDummyUser("Neo");
|
||||
when(userManager.create(userCaptor.capture())).thenAnswer(invocation -> invocation.getArguments()[0]);
|
||||
when(userManager.isTypeDefault(userCaptor.capture())).thenCallRealMethod();
|
||||
when(userManager.getUserTypeChecker()).thenCallRealMethod();
|
||||
doNothing().when(userManager).modify(userCaptor.capture());
|
||||
doNothing().when(userManager).delete(userCaptor.capture());
|
||||
when(userManager.getDefaultType()).thenReturn("xml");
|
||||
@@ -143,7 +145,7 @@ public class UserRootResourceTest {
|
||||
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_CHANGE)
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
|
||||
@@ -151,26 +153,61 @@ public class UserRootResourceTest {
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
assertEquals(HttpServletResponse.SC_NO_CONTENT, response.getStatus());
|
||||
verify(userManager).modify(any(User.class));
|
||||
User updatedUser = userCaptor.getValue();
|
||||
assertEquals("encrypted123", updatedUser.getPassword());
|
||||
verify(userManager).overwritePassword("Neo", "encrypted123");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGet400OnChangePasswordOfUserWithNonDefaultType() throws Exception {
|
||||
public void shouldGet400OnOverwritePasswordWhenManagerThrowsNotAllowed() throws Exception {
|
||||
originalUser.setType("not an xml type");
|
||||
String newPassword = "pwd123";
|
||||
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_CHANGE)
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
doThrow(ChangePasswordNotAllowedException.class).when(userManager).overwritePassword(any(), any());
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGet404OnOverwritePasswordWhenNotFound() throws Exception {
|
||||
originalUser.setType("not an xml type");
|
||||
String newPassword = "pwd123";
|
||||
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
|
||||
doThrow(NotFoundException.class).when(userManager).overwritePassword(any(), any());
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
assertEquals(HttpServletResponse.SC_NOT_FOUND, response.getStatus());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldEncryptPasswordOnOverwritePassword() throws Exception {
|
||||
originalUser.setType("not an xml type");
|
||||
String newPassword = "pwd123";
|
||||
String content = String.format("{\"newPassword\": \"%s\"}", newPassword);
|
||||
MockHttpRequest request = MockHttpRequest
|
||||
.put("/" + UserRootResource.USERS_PATH_V2 + "Neo/password")
|
||||
.contentType(VndMediaType.PASSWORD_OVERWRITE)
|
||||
.content(content.getBytes());
|
||||
MockHttpResponse response = new MockHttpResponse();
|
||||
when(passwordService.encryptPassword(newPassword)).thenReturn("encrypted123");
|
||||
|
||||
dispatcher.invoke(request, response);
|
||||
|
||||
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
|
||||
assertEquals(HttpServletResponse.SC_NO_CONTENT, response.getStatus());
|
||||
verify(userManager).overwritePassword("Neo", "encrypted123");
|
||||
}
|
||||
|
||||
@Test
|
||||
|
||||
@@ -65,7 +65,7 @@ public class UserToUserDtoMapperTest {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldGetPasswordLinkOnlyForDefaultUserType() {
|
||||
public void shouldGetPasswordLinkForAdmin() {
|
||||
User user = createDefaultUser();
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
|
||||
when(userManager.isTypeDefault(eq(user))).thenReturn(true);
|
||||
@@ -73,14 +73,15 @@ public class UserToUserDtoMapperTest {
|
||||
UserDto userDto = mapper.map(user);
|
||||
|
||||
assertEquals("expected password link with modify permission", expectedBaseUri.resolve("abc/password").toString(), userDto.getLinks().getLinkBy("password").get().getHref());
|
||||
}
|
||||
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(false);
|
||||
userDto = mapper.map(user);
|
||||
assertEquals("expected password link on mission modify permission", expectedBaseUri.resolve("abc/password").toString(), userDto.getLinks().getLinkBy("password").get().getHref());
|
||||
|
||||
@Test
|
||||
public void shouldGetPasswordLinkOnlyForDefaultUserType() {
|
||||
User user = createDefaultUser();
|
||||
when(subject.isPermitted("user:modify:abc")).thenReturn(true);
|
||||
when(userManager.isTypeDefault(eq(user))).thenReturn(false);
|
||||
|
||||
userDto = mapper.map(user);
|
||||
UserDto userDto = mapper.map(user);
|
||||
|
||||
assertFalse("expected no password link", userDto.getLinks().getLinkBy("password").isPresent());
|
||||
}
|
||||
|
||||
@@ -152,7 +152,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
|
||||
}
|
||||
|
||||
@Test(expected = NotFoundException.class)
|
||||
public void testDeleteNotFound() throws NotFoundException {
|
||||
public void testDeleteNotFound(){
|
||||
manager.delete(createRepositoryWithId());
|
||||
}
|
||||
|
||||
@@ -304,7 +304,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testModify() throws NotFoundException, AlreadyExistsException {
|
||||
public void testModify() throws AlreadyExistsException {
|
||||
Repository heartOfGold = createTestRepository();
|
||||
|
||||
heartOfGold.setDescription("prototype ship");
|
||||
@@ -328,12 +328,12 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
|
||||
}
|
||||
|
||||
@Test(expected = NotFoundException.class)
|
||||
public void testModifyNotFound() throws NotFoundException {
|
||||
public void testModifyNotFound(){
|
||||
manager.modify(createRepositoryWithId());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testRefresh() throws NotFoundException, AlreadyExistsException {
|
||||
public void testRefresh() throws AlreadyExistsException {
|
||||
Repository heartOfGold = createTestRepository();
|
||||
String description = heartOfGold.getDescription();
|
||||
|
||||
@@ -354,7 +354,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
|
||||
}
|
||||
|
||||
@Test(expected = RepositoryNotFoundException.class)
|
||||
public void testRefreshNotFound() throws NotFoundException {
|
||||
public void testRefreshNotFound(){
|
||||
manager.refresh(createRepositoryWithId());
|
||||
}
|
||||
|
||||
@@ -495,7 +495,7 @@ public class DefaultRepositoryManagerTest extends ManagerTestBase<Repository> {
|
||||
return createRepository(RepositoryTestData.createHeartOfGold());
|
||||
}
|
||||
|
||||
private void delete(Manager<Repository> manager, Repository repository) throws NotFoundException {
|
||||
private void delete(Manager<Repository> manager, Repository repository){
|
||||
|
||||
String id = repository.getId();
|
||||
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
/**
|
||||
* Copyright (c) 2014, Sebastian Sdorra
|
||||
* All rights reserved.
|
||||
*
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions are met:
|
||||
*
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright notice,
|
||||
@@ -13,7 +13,7 @@
|
||||
* 3. Neither the name of SCM-Manager; nor the names of its
|
||||
* contributors may be used to endorse or promote products derived from this
|
||||
* software without specific prior written permission.
|
||||
*
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||||
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
||||
@@ -24,9 +24,9 @@
|
||||
* ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*
|
||||
*
|
||||
* http://bitbucket.org/sdorra/scm-manager
|
||||
*
|
||||
*
|
||||
*/
|
||||
|
||||
package sonia.scm.security;
|
||||
@@ -57,7 +57,6 @@ import sonia.scm.repository.RepositoryTestData;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.user.UserTestData;
|
||||
|
||||
import static org.hamcrest.Matchers.contains;
|
||||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
import static org.hamcrest.Matchers.hasSize;
|
||||
import static org.hamcrest.Matchers.nullValue;
|
||||
@@ -70,7 +69,7 @@ import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link AuthorizationCollector}.
|
||||
*
|
||||
*
|
||||
* @author Sebastian Sdorra
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
@@ -79,28 +78,28 @@ public class DefaultAuthorizationCollectorTest {
|
||||
|
||||
@Mock
|
||||
private Cache cache;
|
||||
|
||||
|
||||
@Mock
|
||||
private CacheManager cacheManager;
|
||||
|
||||
|
||||
@Mock
|
||||
private RepositoryDAO repositoryDAO;
|
||||
|
||||
@Mock
|
||||
private SecuritySystem securitySystem;
|
||||
|
||||
|
||||
private DefaultAuthorizationCollector collector;
|
||||
|
||||
|
||||
@Rule
|
||||
public ShiroRule shiro = new ShiroRule();
|
||||
|
||||
|
||||
/**
|
||||
* Set up object to test.
|
||||
*/
|
||||
@Before
|
||||
public void setUp(){
|
||||
when(cacheManager.getCache(Mockito.any(String.class))).thenReturn(cache);
|
||||
|
||||
|
||||
collector = new DefaultAuthorizationCollector(cacheManager, repositoryDAO, securitySystem);
|
||||
}
|
||||
|
||||
@@ -116,7 +115,7 @@ public class DefaultAuthorizationCollectorTest {
|
||||
assertThat(authInfo.getStringPermissions(), nullValue());
|
||||
assertThat(authInfo.getObjectPermissions(), nullValue());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCollector#collect()} from cache.
|
||||
*/
|
||||
@@ -124,16 +123,15 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void testCollectFromCache()
|
||||
{
|
||||
public void testCollectFromCache() {
|
||||
AuthorizationInfo info = new SimpleAuthorizationInfo();
|
||||
when(cache.get(anyObject())).thenReturn(info);
|
||||
authenticate(UserTestData.createTrillian(), "main");
|
||||
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertSame(info, authInfo);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCollector#collect()} with cache.
|
||||
*/
|
||||
@@ -141,13 +139,13 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void testCollectWithCache(){
|
||||
public void testCollectWithCache() {
|
||||
authenticate(UserTestData.createTrillian(), "main");
|
||||
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
verify(cache).put(any(), any());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCollector#collect()} without permissions.
|
||||
*/
|
||||
@@ -155,17 +153,16 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void testCollectWithoutPermissions()
|
||||
{
|
||||
public void testCollectWithoutPermissions() {
|
||||
authenticate(UserTestData.createTrillian(), "main");
|
||||
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertThat(authInfo.getRoles(), Matchers.contains(Role.USER));
|
||||
assertThat(authInfo.getStringPermissions(), hasSize(3));
|
||||
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "user:read:trillian"));
|
||||
assertThat(authInfo.getStringPermissions(), hasSize(4));
|
||||
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "user:changePassword:trillian", "user:read:trillian"));
|
||||
assertThat(authInfo.getObjectPermissions(), nullValue());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCollector#collect()} as admin.
|
||||
*/
|
||||
@@ -173,18 +170,17 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void testCollectAsAdmin()
|
||||
{
|
||||
public void testCollectAsAdmin() {
|
||||
User trillian = UserTestData.createTrillian();
|
||||
trillian.setAdmin(true);
|
||||
authenticate(trillian, "main");
|
||||
|
||||
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER, Role.ADMIN));
|
||||
assertThat(authInfo.getObjectPermissions(), nullValue());
|
||||
assertThat(authInfo.getStringPermissions(), Matchers.contains("*"));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCollector#collect()} with repository permissions.
|
||||
*/
|
||||
@@ -192,8 +188,7 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void testCollectWithRepositoryPermissions()
|
||||
{
|
||||
public void testCollectWithRepositoryPermissions() {
|
||||
String group = "heart-of-gold-crew";
|
||||
authenticate(UserTestData.createTrillian(), group);
|
||||
Repository heartOfGold = RepositoryTestData.createHeartOfGold();
|
||||
@@ -204,14 +199,14 @@ public class DefaultAuthorizationCollectorTest {
|
||||
sonia.scm.repository.Permission permission = new sonia.scm.repository.Permission(group, PermissionType.WRITE, true);
|
||||
puzzle42.setPermissions(Lists.newArrayList(permission));
|
||||
when(repositoryDAO.getAll()).thenReturn(Lists.newArrayList(heartOfGold, puzzle42));
|
||||
|
||||
|
||||
// execute and assert
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER));
|
||||
assertThat(authInfo.getObjectPermissions(), nullValue());
|
||||
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "repository:read,pull:one", "repository:read,pull,push:two", "user:read:trillian"));
|
||||
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("user:autocomplete", "group:autocomplete", "user:changePassword:trillian", "repository:read,pull:one", "repository:read,pull,push:two", "user:read:trillian"));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Tests {@link AuthorizationCollector#collect()} with global permissions.
|
||||
*/
|
||||
@@ -219,20 +214,20 @@ public class DefaultAuthorizationCollectorTest {
|
||||
@SubjectAware(
|
||||
configuration = "classpath:sonia/scm/shiro-001.ini"
|
||||
)
|
||||
public void testCollectWithGlobalPermissions(){
|
||||
public void testCollectWithGlobalPermissions() {
|
||||
authenticate(UserTestData.createTrillian(), "main");
|
||||
|
||||
|
||||
StoredAssignedPermission p1 = new StoredAssignedPermission("one", new AssignedPermission("one", "one:one"));
|
||||
StoredAssignedPermission p2 = new StoredAssignedPermission("two", new AssignedPermission("two", "two:two"));
|
||||
when(securitySystem.getPermissions(Mockito.any(Predicate.class))).thenReturn(Lists.newArrayList(p1, p2));
|
||||
|
||||
|
||||
// execute and assert
|
||||
AuthorizationInfo authInfo = collector.collect();
|
||||
assertThat(authInfo.getRoles(), Matchers.containsInAnyOrder(Role.USER));
|
||||
assertThat(authInfo.getObjectPermissions(), nullValue());
|
||||
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("one:one", "two:two", "user:read:trillian", "user:autocomplete" , "group:autocomplete" ));
|
||||
assertThat(authInfo.getStringPermissions(), containsInAnyOrder("one:one", "two:two", "user:read:trillian", "user:autocomplete", "group:autocomplete", "user:changePassword:trillian"));
|
||||
}
|
||||
|
||||
|
||||
private void authenticate(User user, String group, String... groups) {
|
||||
SimplePrincipalCollection spc = new SimplePrincipalCollection();
|
||||
spc.add(user.getName(), "unit");
|
||||
@@ -249,9 +244,9 @@ public class DefaultAuthorizationCollectorTest {
|
||||
public void testInvalidateCache() {
|
||||
collector.invalidateCache(AuthorizationChangedEvent.createForEveryUser());
|
||||
verify(cache).clear();
|
||||
|
||||
|
||||
collector.invalidateCache(AuthorizationChangedEvent.createForUser("dent"));
|
||||
verify(cache).removeAll(Mockito.any(Predicate.class));
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -39,9 +39,13 @@ import com.github.sdorra.shiro.ShiroRule;
|
||||
import com.github.sdorra.shiro.SubjectAware;
|
||||
import com.google.common.collect.Lists;
|
||||
|
||||
import org.assertj.core.api.Assertions;
|
||||
import org.junit.Assert;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import org.mockito.ArgumentCaptor;
|
||||
import sonia.scm.NotFoundException;
|
||||
import sonia.scm.store.JAXBConfigurationStoreFactory;
|
||||
import sonia.scm.user.xml.XmlUserDAO;
|
||||
import sonia.scm.util.MockUtil;
|
||||
@@ -70,6 +74,10 @@ public class DefaultUserManagerTest extends UserManagerTestBase
|
||||
@Rule
|
||||
public ShiroRule shiro = new ShiroRule();
|
||||
|
||||
|
||||
private UserDAO userDAO = mock(UserDAO.class);
|
||||
private User trillian;
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
@@ -82,6 +90,16 @@ public class DefaultUserManagerTest extends UserManagerTestBase
|
||||
return new DefaultUserManager(createXmlUserDAO());
|
||||
}
|
||||
|
||||
@Before
|
||||
public void initDao() {
|
||||
trillian = UserTestData.createTrillian();
|
||||
trillian.setPassword("oldEncrypted");
|
||||
|
||||
userDAO = mock(UserDAO.class);
|
||||
when(userDAO.getType()).thenReturn("xml");
|
||||
when(userDAO.get("trillian")).thenReturn(trillian);
|
||||
}
|
||||
|
||||
/**
|
||||
* Method description
|
||||
*
|
||||
@@ -89,7 +107,6 @@ public class DefaultUserManagerTest extends UserManagerTestBase
|
||||
@Test
|
||||
public void testDefaultAccountAfterFristStart()
|
||||
{
|
||||
UserDAO userDAO = mock(UserDAO.class);
|
||||
List<User> users = Lists.newArrayList(new User("tuser"));
|
||||
|
||||
when(userDAO.getAll()).thenReturn(users);
|
||||
@@ -108,8 +125,6 @@ public class DefaultUserManagerTest extends UserManagerTestBase
|
||||
@SuppressWarnings("unchecked")
|
||||
public void testDefaultAccountCreation()
|
||||
{
|
||||
UserDAO userDAO = mock(UserDAO.class);
|
||||
|
||||
when(userDAO.getAll()).thenReturn(Collections.EMPTY_LIST);
|
||||
|
||||
UserManager userManager = new DefaultUserManager(userDAO);
|
||||
@@ -118,6 +133,55 @@ public class DefaultUserManagerTest extends UserManagerTestBase
|
||||
verify(userDAO, times(2)).add(any(User.class));
|
||||
}
|
||||
|
||||
@Test(expected = InvalidPasswordException.class)
|
||||
public void shouldFailChangePasswordForWrongOldPassword() {
|
||||
UserManager userManager = new DefaultUserManager(userDAO);
|
||||
|
||||
userManager.changePasswordForLoggedInUser("wrongPassword", "---");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSucceedChangePassword() {
|
||||
ArgumentCaptor<User> userCaptor = ArgumentCaptor.forClass(User.class);
|
||||
|
||||
doNothing().when(userDAO).modify(userCaptor.capture());
|
||||
|
||||
UserManager userManager = new DefaultUserManager(userDAO);
|
||||
|
||||
userManager.changePasswordForLoggedInUser("oldEncrypted", "newEncrypted");
|
||||
|
||||
Assertions.assertThat(userCaptor.getValue().getPassword()).isEqualTo("newEncrypted");
|
||||
}
|
||||
|
||||
@Test(expected = ChangePasswordNotAllowedException.class)
|
||||
public void shouldFailOverwritePasswordForWrongType() {
|
||||
trillian.setType("wrongType");
|
||||
|
||||
UserManager userManager = new DefaultUserManager(userDAO);
|
||||
|
||||
userManager.overwritePassword("trillian", "---");
|
||||
}
|
||||
|
||||
@Test(expected = NotFoundException.class)
|
||||
public void shouldFailOverwritePasswordForMissingUser() {
|
||||
UserManager userManager = new DefaultUserManager(userDAO);
|
||||
|
||||
userManager.overwritePassword("notExisting", "---");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldSucceedOverwritePassword() {
|
||||
ArgumentCaptor<User> userCaptor = ArgumentCaptor.forClass(User.class);
|
||||
|
||||
doNothing().when(userDAO).modify(userCaptor.capture());
|
||||
|
||||
UserManager userManager = new DefaultUserManager(userDAO);
|
||||
|
||||
userManager.overwritePassword("trillian", "newEncrypted");
|
||||
|
||||
Assertions.assertThat(userCaptor.getValue().getPassword()).isEqualTo("newEncrypted");
|
||||
}
|
||||
|
||||
//~--- methods --------------------------------------------------------------
|
||||
|
||||
private XmlUserDAO createXmlUserDAO() {
|
||||
|
||||
Reference in New Issue
Block a user