Google Git
Sign in
apache / sling-org-apache-sling-jcr-jackrabbit-usermanager / 931c59c58b5279e92b5803d067ff444066847ae4 / . / src / test / java / org / apache / sling / jcr / jackrabbit / usermanager / it / post / UpdateUserIT.java
blob: 78bc8f37af1ad784d9793b428b486092f017bb03 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.sling.jcr.jackrabbit.usermanager.it.post;
import static org.apache.sling.testing.paxexam.SlingOptions.slingAuthForm;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.ops4j.pax.exam.CoreOptions.composite;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import jakarta.json.JsonException;
import jakarta.json.JsonObject;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.NameValuePair;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.message.BasicNameValuePair;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.ops4j.pax.exam.Option;
import org.ops4j.pax.exam.junit.PaxExam;
import org.ops4j.pax.exam.spi.reactors.ExamReactorStrategy;
import org.ops4j.pax.exam.spi.reactors.PerClass;
/**
* Tests for the 'updateAuthorizable' and 'changePassword' Sling Post
* Operations on a user resource.
*/
@RunWith(PaxExam.class)
@ExamReactorStrategy(PerClass.class)
public class UpdateUserIT extends UserManagerClientTestSupport {
@Override
protected Option[] additionalOptions() {
return composite(super.additionalOptions())
.add(slingAuthForm()) // needed for testDisableUser
.getOptions();
}
@Test
public void testUpdateUser() throws IOException, JsonException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("displayName", "My Updated Test User"));
postParams.add(new BasicNameValuePair("url", "http://www.apache.org/updated"));
// add nested param (SLING-6747)
postParams.add(new BasicNameValuePair("nested/param", "value"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_OK, null); //make sure the profile request returns some data
String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = parseJson(json);
assertEquals("My Updated Test User", jsonObj.getString("displayName"));
assertEquals("http://www.apache.org/updated", jsonObj.getString("url"));
// get path (SLING-6753)
String path = jsonObj.getString("path");
assertNotNull(path);
// retrieve nested property via regular GET servlet
getUrl = String.format("%s%s/nested.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertEquals("value", jsonObj.getString("param"));
}
/**
* SLING-7901 test to verify update user delete nested property functionality
*/
@Test
public void testUpdateUserDeleteProperties() throws IOException, JsonException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("url", "http://www.apache.org/updated"));
// add nested param (SLING-6747)
postParams.add(new BasicNameValuePair("nested/param", "value"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_OK, null); //make sure the profile request returns some data
String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = parseJson(json);
assertEquals("http://www.apache.org/updated", jsonObj.getString("url"));
// get path (SLING-6753)
String path = jsonObj.getString("path");
assertNotNull(path);
// retrieve nested property via regular GET servlet
getUrl = String.format("%s%s/nested.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertEquals("value", jsonObj.getString("param"));
//now remove
postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("url@Delete", "true"));
// remove nested param
postParams.add(new BasicNameValuePair("nested/param@Delete", "true"));
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
//and verify
getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_OK, null); //make sure the profile request returns some data
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertFalse(jsonObj.containsKey("url"));
// get path (SLING-6753)
path = jsonObj.getString("path");
assertNotNull(path);
// retrieve nested property via regular GET servlet
getUrl = String.format("%s%s/nested.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertFalse("Nested property should not exist", jsonObj.containsKey("param"));
}
@Test
public void testNotAuthorizedUpdateUser() throws IOException, JsonException {
//a user who is not authorized to do the action
testUserId2 = createTestUser();
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("displayName", "My Updated Test User"));
postParams.add(new BasicNameValuePair("url", "http://www.apache.org/updated"));
// add nested param (SLING-6747)
postParams.add(new BasicNameValuePair("nested/param", "value"));
Credentials creds = new UsernamePasswordCredentials(testUserId2, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_NOT_FOUND, null); //make sure the profile request is not there
}
@Test
public void testAuthorizedUpdateUser() throws IOException, JsonException {
//a user who is authorized to do the action
testUserId2 = createTestUser();
grantUserManagementRights(testUserId2);
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("displayName", "My Updated Test User"));
postParams.add(new BasicNameValuePair("url", "http://www.apache.org/updated"));
// add nested param (SLING-6747)
postParams.add(new BasicNameValuePair("nested/param", "value"));
Credentials creds = new UsernamePasswordCredentials(testUserId2, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_OK, null); //make sure the profile request returns some data
String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = parseJson(json);
assertEquals("My Updated Test User", jsonObj.getString("displayName"));
assertEquals("http://www.apache.org/updated", jsonObj.getString("url"));
// get path (SLING-6753)
String path = jsonObj.getString("path");
assertNotNull(path);
// retrieve nested property via regular GET servlet
getUrl = String.format("%s%s/nested.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertEquals("value", jsonObj.getString("param"));
}
/**
* Test for SLING-7831
*/
@Test
public void testUpdateUserCustomPostResponse() throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair(":responseType", "custom"));
postParams.add(new BasicNameValuePair("displayName", "My Updated Test User"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
String content = getAuthenticatedPostContent(creds, postUrl, CONTENT_TYPE_HTML, postParams, HttpServletResponse.SC_OK);
assertEquals("Thanks!", content); //verify that the content matches the custom response
}
@Test
public void testChangeUserPassword() throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.changePassword.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("oldPwd", "testPwd"));
postParams.add(new BasicNameValuePair("newPwd", "testNewPwd"));
postParams.add(new BasicNameValuePair("newPwdConfirm", "testNewPwd"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
}
/**
* Test for SLING-7831
*/
@Test
public void testChangeUserPasswordCustomPostResponse() throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.changePassword.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair(":responseType", "custom"));
postParams.add(new BasicNameValuePair("oldPwd", "testPwd"));
postParams.add(new BasicNameValuePair("newPwd", "testNewPwd"));
postParams.add(new BasicNameValuePair("newPwdConfirm", "testNewPwd"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
String content = getAuthenticatedPostContent(creds, postUrl, CONTENT_TYPE_HTML, postParams, HttpServletResponse.SC_OK);
assertEquals("Thanks!", content); //verify that the content matches the custom response
}
@Test
public void testChangeUserPasswordWrongOldPwd() throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.changePassword.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("oldPwd", "wrongTestPwd"));
postParams.add(new BasicNameValuePair("newPwd", "testNewPwd"));
postParams.add(new BasicNameValuePair("newPwdConfirm", "testNewPwd"));
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
}
@Test
public void testChangeUserPasswordWrongConfirmPwd() throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.changePassword.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("oldPwd", "testPwd"));
postParams.add(new BasicNameValuePair("newPwd", "testNewPwd"));
postParams.add(new BasicNameValuePair("newPwdConfirm", "wrongTestNewPwd"));
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, postParams, null);
}
/**
* Test for SLING-1677
*/
@Test
public void testUpdateUserResponseAsJSON() throws IOException, JsonException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.json", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("displayName", "My Updated Test User"));
postParams.add(new BasicNameValuePair("url", "http://www.apache.org/updated"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
String json = getAuthenticatedPostContent(creds, postUrl, CONTENT_TYPE_JSON, postParams, HttpServletResponse.SC_OK);
//make sure the json response can be parsed as a JSON object
JsonObject jsonObj = parseJson(json);
assertNotNull(jsonObj);
}
/**
* Test for SLING-2069
* @throws IOException
*/
@Test
public void testChangeUserPasswordAsAdministratorWithoutOldPwd() throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.changePassword.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("newPwd", "testNewPwd"));
postParams.add(new BasicNameValuePair("newPwdConfirm", "testNewPwd"));
Credentials creds = new UsernamePasswordCredentials("admin", "admin");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
}
/**
* Test for SLING-2072
*/
@Test
public void testDisableUser() throws IOException {
testUserId = createTestUser();
//login before the user is disabled, so login should work
List<NameValuePair> params = new ArrayList<>();
params.add(new BasicNameValuePair("j_username", testUserId));
params.add(new BasicNameValuePair("j_password", "testPwd"));
params.add(new BasicNameValuePair("j_validate", "true"));
String postUrl = String.format("%s/j_security_check", baseServerUri);
assertAuthenticatedPostStatus(null, postUrl, HttpServletResponse.SC_OK, params, null,
response -> assertNull(response.getFirstHeader("X-Reason")));
httpContext.getCredentialsProvider().clear();
httpContext.getCookieStore().clear();
//update the user to disable it
postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair(":disabled", "true"));
postParams.add(new BasicNameValuePair(":disabledReason", "Just Testing"));
assertAuthenticatedAdminPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
//the user is now disabled, so login should fail
postUrl = String.format("%s/j_security_check", baseServerUri);
assertAuthenticatedPostStatus(null, postUrl, HttpServletResponse.SC_FORBIDDEN, params, null,
response -> assertNotNull(response.getFirstHeader("X-Reason")));
httpContext.getCredentialsProvider().clear();
httpContext.getCookieStore().clear();
//enable the user again
postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair(":disabled", "false"));
assertAuthenticatedAdminPostStatus(postUrl, HttpServletResponse.SC_OK, postParams, null);
//login after the user is enabled, so login should work
postUrl = String.format("%s/j_security_check", baseServerUri);
assertAuthenticatedPostStatus(null, postUrl, HttpServletResponse.SC_OK, params, null,
response -> assertNull(response.getFirstHeader("X-Reason")));
httpContext.getCredentialsProvider().clear();
httpContext.getCookieStore().clear();
}
private void testChangeUserPasswordRedirect(String redirectTo, int expectedStatus) throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.changePassword.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("oldPwd", "testPwd"));
postParams.add(new BasicNameValuePair("newPwd", "testNewPwd"));
postParams.add(new BasicNameValuePair("newPwdConfirm", "testNewPwd"));
postParams.add(new BasicNameValuePair(":redirect", redirectTo));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, expectedStatus, postParams, null);
}
@Test
public void testChangeUserPasswordValidRedirect() throws IOException, JsonException {
testChangeUserPasswordRedirect("/*.html", HttpServletResponse.SC_MOVED_TEMPORARILY);
}
@Test
public void testChangeUserPasswordInvalidRedirectWithAuthority() throws IOException, JsonException {
testChangeUserPasswordRedirect("https://sling.apache.org", SC_UNPROCESSABLE_ENTITY);
}
@Test
public void testChangeUserPasswordInvalidRedirectWithInvalidURI() throws IOException, JsonException {
testChangeUserPasswordRedirect("https://", SC_UNPROCESSABLE_ENTITY);
}
private void testUpdateUserRedirect(String redirectTo, int expectedStatus) throws IOException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
postParams.add(new BasicNameValuePair("displayName", "My Updated Test User"));
postParams.add(new BasicNameValuePair(":redirect", redirectTo));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, expectedStatus, postParams, null);
}
@Test
public void testUpdateUserValidRedirect() throws IOException, JsonException {
testUpdateUserRedirect("/*.html", HttpServletResponse.SC_MOVED_TEMPORARILY);
}
@Test
public void testUpdateUserInvalidRedirectWithAuthority() throws IOException, JsonException {
testUpdateUserRedirect("https://sling.apache.org", SC_UNPROCESSABLE_ENTITY);
}
@Test
public void testUpdateUserInvalidRedirectWithInvalidURI() throws IOException, JsonException {
testUpdateUserRedirect("https://", SC_UNPROCESSABLE_ENTITY);
}
/**
* SLING-11023 Test for setting jcr:mixinTypes values
*/
@Test
public void testUpdateUserMixins() throws IOException, JsonException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
// add nested mixin params
postParams.add(new BasicNameValuePair("jcr:mixinTypes", "mix:lastModified"));
postParams.add(new BasicNameValuePair("nested/jcr:mixinTypes", "mix:title"));
postParams.add(new BasicNameValuePair("nested/again/jcr:mixinTypes", "mix:created"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_OK, null); //make sure the profile request returns some data
String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = parseJson(json);
// get path
String path = jsonObj.getString("path");
assertNotNull(path);
// retrieve property via regular GET servlet
getUrl = String.format("%s%s.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertContains(jsonObj.getJsonArray("jcr:mixinTypes"), "mix:lastModified");
// retrieve nested property via regular GET servlet
getUrl = String.format("%s%s/nested.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertContains(jsonObj.getJsonArray("jcr:mixinTypes"), "mix:title");
// retrieve nested/again property via regular GET servlet
getUrl = String.format("%s%s/nested/again.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertContains(jsonObj.getJsonArray("jcr:mixinTypes"), "mix:created");
}
/**
* SLING-11023 Test for setting jcr:primaryType values
*/
@Test
public void testUpdateUserNestedPrimaryTypes() throws IOException, JsonException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.html", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
// add nested primaryType params
postParams.add(new BasicNameValuePair("nested/jcr:primaryType", "nt:unstructured"));
postParams.add(new BasicNameValuePair("nested/again/jcr:primaryType", "oak:Unstructured"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_OK, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_OK, null); //make sure the profile request returns some data
String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = parseJson(json);
// get path
String path = jsonObj.getString("path");
assertNotNull(path);
// retrieve nested property via regular GET servlet
getUrl = String.format("%s%s/nested.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertEquals("nt:unstructured", jsonObj.getString("jcr:primaryType"));
// retrieve nested/again property via regular GET servlet
getUrl = String.format("%s%s/nested/again.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertEquals("oak:Unstructured", jsonObj.getString("jcr:primaryType"));
}
/**
* SLING-11023 Test for failing attempt to set jcr:primaryType value
*/
@Test
public void testUpdateUserPrimaryTypeFails() throws IOException, JsonException {
testUserId = createTestUser();
String postUrl = String.format("%s/system/userManager/user/%s.update.json", baseServerUri, testUserId);
List<NameValuePair> postParams = new ArrayList<>();
// add nested primaryType params
postParams.add(new BasicNameValuePair("jcr:primaryType", "nt:unstructured"));
Credentials creds = new UsernamePasswordCredentials(testUserId, "testPwd");
assertAuthenticatedPostStatus(creds, postUrl, HttpServletResponse.SC_FORBIDDEN, postParams, null);
//fetch the user profile json to verify the settings
String getUrl = String.format("%s/system/userManager/user/%s.json", baseServerUri, testUserId);
assertAuthenticatedHttpStatus(creds, getUrl, HttpServletResponse.SC_OK, null); //make sure the profile request returns some data
String json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
JsonObject jsonObj = parseJson(json);
// get path
String path = jsonObj.getString("path");
assertNotNull(path);
// retrieve content via regular GET servlet
getUrl = String.format("%s%s.json", baseServerUri, path);
json = getAuthenticatedContent(creds, getUrl, CONTENT_TYPE_JSON, HttpServletResponse.SC_OK);
assertNotNull(json);
jsonObj = parseJson(json);
assertEquals("rep:User", jsonObj.getString("jcr:primaryType"));
}
}