mirror of
https://github.com/scm-manager/scm-manager.git
synced 2026-07-06 12:18:34 +02:00
Merge with 2.0.0-m3
This commit is contained in:
@@ -38,6 +38,30 @@ public class MeITCase {
|
||||
.assertStatusCode(204);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nonAdminUserShouldChangeOwnPassword() {
|
||||
String newPassword = "pass1";
|
||||
String username = "user1";
|
||||
String password = "pass";
|
||||
TestData.createUser(username, password,false,"xml", "em@l.de");
|
||||
// user change the own password
|
||||
ScmRequests.start()
|
||||
.requestIndexResource(username, password)
|
||||
.requestMe()
|
||||
.assertStatusCode(200)
|
||||
.assertAdmin(aBoolean -> assertThat(aBoolean).isEqualTo(Boolean.FALSE))
|
||||
.assertPassword(Assert::assertNull)
|
||||
.assertType(s -> assertThat(s).isEqualTo("xml"))
|
||||
.requestChangePassword(password, newPassword)
|
||||
.assertStatusCode(204);
|
||||
// assert password is changed -> login with the new Password than undo changes
|
||||
ScmRequests.start()
|
||||
.requestIndexResource(username, newPassword)
|
||||
.requestMe()
|
||||
.assertStatusCode(200);
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHidePasswordLinkIfUserTypeIsNotXML() {
|
||||
String newUser = "user";
|
||||
|
||||
@@ -29,7 +29,7 @@ public class UserITCase {
|
||||
.assertStatusCode(200)
|
||||
.assertAdmin(aBoolean -> assertThat(aBoolean).isEqualTo(Boolean.TRUE))
|
||||
.assertPassword(Assert::assertNull)
|
||||
.requestChangePassword(newPassword) // the oldPassword is not needed in the user resource
|
||||
.requestChangePassword(newPassword)
|
||||
.assertStatusCode(204);
|
||||
// assert password is changed -> login with the new Password
|
||||
ScmRequests.start()
|
||||
@@ -65,6 +65,25 @@ public class UserITCase {
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void nonAdminUserShouldNotChangePasswordOfOtherUser() {
|
||||
String user = "user";
|
||||
String password = "pass";
|
||||
TestData.createUser(user, password, false, "xml", "em@l.de");
|
||||
String user2 = "user2";
|
||||
TestData.createUser(user2, password, false, "xml", "em@l.de");
|
||||
ScmRequests.start()
|
||||
.requestIndexResource(user, password)
|
||||
.assertUsersLinkDoesNotExists();
|
||||
// use the users/ endpoint bypassed the index resource
|
||||
ScmRequests.start()
|
||||
.requestUser(user, password, user2)
|
||||
.assertStatusCode(403);
|
||||
// use the users/password endpoint bypassed the index and users resources
|
||||
ScmRequests.start()
|
||||
.requestUserChangePassword(user, password, user2, "newPassword")
|
||||
.assertStatusCode(403);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void shouldHidePasswordLinkIfUserTypeIsNotXML() {
|
||||
|
||||
@@ -3,6 +3,9 @@ package sonia.scm.it.utils;
|
||||
import io.restassured.RestAssured;
|
||||
import io.restassured.response.Response;
|
||||
import org.junit.Assert;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import sonia.scm.user.User;
|
||||
import sonia.scm.web.VndMediaType;
|
||||
|
||||
import java.net.ConnectException;
|
||||
@@ -26,7 +29,8 @@ import static sonia.scm.it.utils.TestData.createPasswordChangeJson;
|
||||
*/
|
||||
public class ScmRequests {
|
||||
|
||||
private String url;
|
||||
private static final Logger LOG = LoggerFactory.getLogger(ScmRequests.class);
|
||||
|
||||
private String username;
|
||||
private String password;
|
||||
|
||||
@@ -40,6 +44,18 @@ public class ScmRequests {
|
||||
return new IndexResponse(applyGETRequest(RestUtil.REST_BASE_URL.toString()));
|
||||
}
|
||||
|
||||
public <SELF extends UserResponse<SELF, T>, T extends ModelResponse> UserResponse<SELF,T> requestUser(String username, String password, String pathParam) {
|
||||
setUsername(username);
|
||||
setPassword(password);
|
||||
return new UserResponse<>(applyGETRequest(RestUtil.REST_BASE_URL.resolve("users/"+pathParam).toString()), null);
|
||||
}
|
||||
|
||||
public ChangePasswordResponse<ChangePasswordResponse> requestUserChangePassword(String username, String password, String userPathParam, String newPassword) {
|
||||
setUsername(username);
|
||||
setPassword(password);
|
||||
return new ChangePasswordResponse<>(applyPUTRequest(RestUtil.REST_BASE_URL.resolve("users/"+userPathParam+"/password").toString(), VndMediaType.PASSWORD_OVERWRITE, TestData.createPasswordChangeJson(password,newPassword)), null);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply a GET Request to the extracted url from the given link
|
||||
@@ -77,6 +93,7 @@ public class ScmRequests {
|
||||
* @return the response of the GET request using the given <code>url</code>
|
||||
*/
|
||||
private Response applyGETRequestWithQueryParams(String url, String params) {
|
||||
LOG.info("GET {}", url);
|
||||
return RestAssured.given()
|
||||
.auth().preemptive().basic(username, password)
|
||||
.when()
|
||||
@@ -119,6 +136,7 @@ public class ScmRequests {
|
||||
* @return the response of the PUT request using the given <code>url</code>
|
||||
*/
|
||||
private Response applyPUTRequest(String url, String mediaType, String body) {
|
||||
LOG.info("PUT {}", url);
|
||||
return RestAssured.given()
|
||||
.auth().preemptive().basic(username, password)
|
||||
.when()
|
||||
@@ -136,7 +154,6 @@ public class ScmRequests {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
|
||||
public class IndexResponse extends ModelResponse<IndexResponse, IndexResponse> {
|
||||
public static final String LINK_AUTOCOMPLETE_USERS = "_links.autocomplete.find{it.name=='users'}.href";
|
||||
public static final String LINK_AUTOCOMPLETE_GROUPS = "_links.autocomplete.find{it.name=='groups'}.href";
|
||||
@@ -164,10 +181,15 @@ public class ScmRequests {
|
||||
return new MeResponse<>(applyGETRequestFromLink(response, LINK_ME), this);
|
||||
}
|
||||
|
||||
public UserResponse<IndexResponse> requestUser(String username) {
|
||||
public UserResponse<? extends UserResponse, IndexResponse> requestUser(String username) {
|
||||
return new UserResponse<>(applyGETRequestFromLinkWithParams(response, LINK_USERS, username), this);
|
||||
}
|
||||
|
||||
public IndexResponse assertUsersLinkDoesNotExists() {
|
||||
return super.assertPropertyPathDoesNotExists(LINK_USERS);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
public class RepositoryResponse<PREV extends ModelResponse> extends ModelResponse<RepositoryResponse<PREV>, PREV> {
|
||||
@@ -271,17 +293,19 @@ public class ScmRequests {
|
||||
|
||||
}
|
||||
|
||||
public class MeResponse<PREV extends ModelResponse> extends UserResponse<PREV> {
|
||||
public class MeResponse<PREV extends ModelResponse> extends UserResponse<MeResponse<PREV>, PREV> {
|
||||
|
||||
|
||||
public MeResponse(Response response, PREV previousResponse) {
|
||||
super(response, previousResponse);
|
||||
}
|
||||
|
||||
|
||||
public ChangePasswordResponse<UserResponse> requestChangePassword(String oldPassword, String newPassword) {
|
||||
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_CHANGE, createPasswordChangeJson(oldPassword, newPassword)), this);
|
||||
}
|
||||
}
|
||||
|
||||
public class UserResponse<PREV extends ModelResponse> extends ModelResponse<UserResponse<PREV>, PREV> {
|
||||
public class UserResponse<SELF extends UserResponse<SELF, PREV>, PREV extends ModelResponse> extends ModelResponse<SELF, PREV> {
|
||||
|
||||
public static final String LINKS_PASSWORD_HREF = "_links.password.href";
|
||||
|
||||
@@ -289,34 +313,29 @@ public class ScmRequests {
|
||||
super(response, previousResponse);
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertPassword(Consumer<String> assertPassword) {
|
||||
public SELF assertPassword(Consumer<String> assertPassword) {
|
||||
return super.assertSingleProperty(assertPassword, "password");
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertType(Consumer<String> assertType) {
|
||||
public SELF assertType(Consumer<String> assertType) {
|
||||
return assertSingleProperty(assertType, "type");
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertAdmin(Consumer<Boolean> assertAdmin) {
|
||||
public SELF assertAdmin(Consumer<Boolean> assertAdmin) {
|
||||
return assertSingleProperty(assertAdmin, "admin");
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertPasswordLinkDoesNotExists() {
|
||||
public SELF assertPasswordLinkDoesNotExists() {
|
||||
return assertPropertyPathDoesNotExists(LINKS_PASSWORD_HREF);
|
||||
}
|
||||
|
||||
public UserResponse<PREV> assertPasswordLinkExists() {
|
||||
public SELF assertPasswordLinkExists() {
|
||||
return assertPropertyPathExists(LINKS_PASSWORD_HREF);
|
||||
}
|
||||
|
||||
public ChangePasswordResponse<UserResponse> requestChangePassword(String newPassword) {
|
||||
return requestChangePassword(null, newPassword);
|
||||
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_OVERWRITE, createPasswordChangeJson(null, newPassword)), this);
|
||||
}
|
||||
|
||||
public ChangePasswordResponse<UserResponse> requestChangePassword(String oldPassword, String newPassword) {
|
||||
return new ChangePasswordResponse<>(applyPUTRequestFromLink(super.response, LINKS_PASSWORD_HREF, VndMediaType.PASSWORD_CHANGE, createPasswordChangeJson(oldPassword, newPassword)), this);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user