inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged WEBAPP-API (5.2.1) to 5.2.N (5.2.1)

Browse Source 
135804 jkaabimofrad: APPSREPO-35, APPSREPO-118: Added tests for reset password service and REST API.
       - Added a utility class (EmailUtil) to work with MailActionExecutor in test mode
       - Added a new workflow task responsible for sending the reset password confirmation email (per peer review)
       - Changed the reset-password endpoint to return a 202 response for an inactive workflow or invalid workflow id, key or mismatched user
       - Some other minor changes as the result of adding tests
       - Also, fixed tests failures by changing the reset password workflow definition target namespace URI.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@135931 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jamal Kaabi-Mofrad
2017-03-16 19:39:31 +00:00
parent cded2f354d
commit 1aff84d8f7
4 changed files with 325 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
source/java/org/alfresco/rest/api/impl/PeopleImpl.java
View File

@@ -32,10 +32,9 @@ import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.authentication.ResetPasswordService;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.InvalidResetPasswordWorkflowException;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordDetails;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordWorkflowException;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordWorkflowInvalidUserException;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordWorkflowNotFoundException;
import org.alfresco.rest.api.Nodes;
import org.alfresco.rest.api.People;
import org.alfresco.rest.api.Sites;
@@ -44,7 +43,6 @@ import org.alfresco.rest.api.model.Person;
import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException;
import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.NotFoundException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
import org.alfresco.rest.framework.resource.parameters.Paging;
@@ -768,8 +766,8 @@ public class PeopleImpl implements People
checkRequiredField("userId", userId);
checkRequiredField("client", client);
// This is an un-authenticated API call so we wrap it to run as Admin
AuthenticationUtil.runAs(() -> {
// This is an un-authenticated API call so we wrap it to run as System
AuthenticationUtil.runAsSystem(() -> {
try
{
resetPasswordService.requestReset(userId, client);
@@ -787,7 +785,7 @@ public class PeopleImpl implements People
}
return null;
}, AuthenticationUtil.getAdminUserName());
});
}
@Override
@@ -803,21 +801,23 @@ public class PeopleImpl implements People
.setWorkflowKey(passwordReset.getKey());
try
{
// This is an un-authenticated API call so we wrap it to run as Admin
AuthenticationUtil.runAs(() -> {
resetPasswordService.resetPassword(resetDetails);
// This is an un-authenticated API call so we wrap it to run as System
AuthenticationUtil.runAsSystem(() -> {
resetPasswordService.initiateResetPassword(resetDetails);
return null;
}, AuthenticationUtil.getAdminUserName());
});
}
catch (InvalidResetPasswordWorkflowException iex)
catch (ResetPasswordWorkflowException ex)
{
throw new InvalidArgumentException(iex.getMessage());
}
catch (ResetPasswordWorkflowNotFoundException ex)
{
throw new NotFoundException(ex.getMessage());
// we don't throw an exception.
// For security reason, the endpoint returns a 202 response
// See APPSREPO-35 acceptance criteria
if (LOGGER.isWarnEnabled())
{
LOGGER.warn(ex.getMessage());
}
}
}