Changing user REST interface V2
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index f1a9899..bb81317 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -239,12 +239,13 @@
/**
* update only the current logged in user and this fields: fullname, email, password.
* The service verifies the current logged user with the one passed in the method
+ * @return
*/
@Path( "me" )
@PUT
@Produces( { MediaType.APPLICATION_JSON } )
@RedbackAuthorization( noPermission = true )
- ActionStatus updateMe( User user )
+ User updateMe( User user )
throws RedbackServiceException;
@Path( "___ping___" )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java
index 94cf2c2..c02580e 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/interceptors/BearerAuthInterceptor.java
@@ -220,6 +220,8 @@
// message.put( AuthenticationResult.class, authenticationResult );
requestContext.setProperty( AUTHENTICATION_RESULT, authenticationResult );
requestContext.setProperty( SECURITY_SESSION, securitySession );
+ RedbackSecurityContext securityContext = new RedbackSecurityContext(requestContext.getUriInfo(), user, securitySession );
+ requestContext.setSecurityContext( securityContext );
return;
}
catch ( AuthenticationException e )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
index 9be5b98..d2d99c5 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultAuthenticationService.java
@@ -83,8 +83,6 @@
@Context
private SecurityContext securityContext;
- private RedbackPrincipal redbackPrincipal;
-
@Context
private ContainerRequestContext requestContext;
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 9f29c04..5462b1b 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -47,7 +47,6 @@
import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
import org.apache.archiva.redback.rest.api.model.ErrorMessage;
import org.apache.archiva.redback.rest.api.model.Operation;
-import org.apache.archiva.redback.rest.api.model.v2.PasswordStatus;
import org.apache.archiva.redback.rest.api.model.Permission;
import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
@@ -61,6 +60,7 @@
import org.apache.archiva.redback.rest.api.services.v2.UserService;
import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;
import org.apache.archiva.redback.rest.services.RedbackRequestInformation;
+import org.apache.archiva.redback.rest.services.interceptors.RedbackPrincipal;
import org.apache.archiva.redback.rest.services.utils.PasswordValidator;
import org.apache.archiva.redback.role.RoleManager;
import org.apache.archiva.redback.role.RoleManagerException;
@@ -82,7 +82,9 @@
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
+import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
+import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
@@ -160,6 +162,9 @@
@Context
private UriInfo uriInfo;
+ @Context
+ private SecurityContext securityContext;
+
@Inject
public DefaultUserService( @Named( value = "userManager#default" ) UserManager userManager,
SecuritySystem securitySystem )
@@ -168,6 +173,15 @@
this.securitySystem = securitySystem;
}
+ RedbackPrincipal getPrincipal() {
+ if (this.securityContext!=null) {
+ Principal pri = this.securityContext.getUserPrincipal( );
+ if (pri!=null && pri instanceof RedbackPrincipal) {
+ return (RedbackPrincipal) pri;
+ }
+ }
+ return null;
+ }
@Override
public User createUser( User user )
@@ -345,74 +359,57 @@
}
@Override
- public ActionStatus updateMe( User user )
+ public User updateMe( User user )
throws RedbackServiceException
{
// check username == one in the session
- RedbackRequestInformation redbackRequestInformation = RedbackAuthenticationThreadLocal.get();
- if ( redbackRequestInformation == null || redbackRequestInformation.getUser() == null )
- {
- log.warn( "RedbackRequestInformation from ThreadLocal is null" );
- throw new RedbackServiceException( new ErrorMessage( "you must be logged to update your profile" ),
- Response.Status.FORBIDDEN.getStatusCode() );
- }
- if ( user == null )
- {
- throw new RedbackServiceException( new ErrorMessage( "user parameter is mandatory" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
- }
- if ( !StringUtils.equals( redbackRequestInformation.getUser().getUsername(), user.getUserId() ) )
- {
- throw new RedbackServiceException( new ErrorMessage( "you can update only your profile" ),
- Response.Status.FORBIDDEN.getStatusCode() );
+
+ RedbackPrincipal principal = getPrincipal( );
+ if (principal==null) {
+ throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 403 );
}
- if ( StringUtils.isEmpty( user.getPreviousPassword() ) )
- {
- throw new RedbackServiceException( new ErrorMessage( "previous password is empty" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
- }
-
- User realUser = getUser( user.getUserId() );
- try
- {
- String previousEncodedPassword =
- securitySystem.getUserManager().findUser( user.getUserId(), false ).getEncodedPassword();
-
- // check oldPassword with the current one
-
- PasswordEncoder encoder = securitySystem.getPolicy().getPasswordEncoder();
-
- if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword() ) )
- {
-
- throw new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
- }
- }
- catch ( UserNotFoundException e )
- {
- throw new RedbackServiceException( new ErrorMessage( "user not found" ),
- Response.Status.BAD_REQUEST.getStatusCode() );
- }
- catch ( UserManagerException e )
- {
- throw new RedbackServiceException( new ErrorMessage( e.getMessage() ) );
- }
+ // check oldPassword with the current one
// only 3 fields to update
- realUser.setFullName( user.getFullName() );
- realUser.setEmail( user.getEmail() );
// ui can limit to not update password
- if ( StringUtils.isNotBlank( user.getPassword() ) )
- {
- passwordValidator.validatePassword( user.getPassword(), user.getUserId() );
+ org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
+ try
+ {
+ String previousEncodedPassword =
+ securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
- realUser.setPassword( user.getPassword() );
- }
+ // check oldPassword with the current one
- updateUser( realUser.getUserId(), realUser );
+ PasswordEncoder encoder = securitySystem.getPolicy( ).getPasswordEncoder( );
- return ActionStatus.SUCCESS;
+ if ( !encoder.isPasswordValid( previousEncodedPassword, user.getPreviousPassword( ) ) )
+ {
+
+ return new RedbackServiceException( new ErrorMessage( "password.provided.does.not.match.existing" ),
+ Response.Status.BAD_REQUEST.getStatusCode( ) );
+ }
+ }
+ catch ( UserNotFoundException e )
+ {
+ return new RedbackServiceException( new ErrorMessage( "user not found" ),
+ Response.Status.BAD_REQUEST.getStatusCode( ) );
+ }
+ catch ( UserManagerException e )
+ {
+ return new RedbackServiceException( ErrorMessage.of( ERR_USERMANAGER_FAIL, e.getMessage( ) ) );
+ }
+ // only 3 fields to update
+ realUser.setFullName( user.getFullName( ) );
+ realUser.setEmail( user.getEmail( ) );
+ // ui can limit to not update password
+ if ( StringUtils.isNotBlank( user.getPassword( ) ) )
+ {
+ realUser.setPassword( user.getPassword( ) );
+ }
+ return null;
+ } );
+
+ return getRestUser( foundUser );
}
@Override
@@ -1036,8 +1033,9 @@
}
- private void updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
+ private org.apache.archiva.redback.users.User updateUser( String userId, Function<org.apache.archiva.redback.users.User, RedbackServiceException> updateFunction ) throws RedbackServiceException
{
+
try
{
org.apache.archiva.redback.users.User rawUser = userManager.findUser( userId, false );
@@ -1051,6 +1049,7 @@
} else {
throw new RedbackServiceException( ErrorMessage.of( ERR_USER_NOT_FOUND, userId ), 404 );
}
+ return rawUser;
}
catch ( UserNotFoundException e )
{