inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged WEBAPP-API (5.2.1) to 5.2.N (5.2.1)

Browse Source 
135804 jkaabimofrad: APPSREPO-35, APPSREPO-118: Added tests for reset password service and REST API.
       - Added a utility class (EmailUtil) to work with MailActionExecutor in test mode
       - Added a new workflow task responsible for sending the reset password confirmation email (per peer review)
       - Changed the reset-password endpoint to return a 202 response for an inactive workflow or invalid workflow id, key or mismatched user
       - Some other minor changes as the result of adding tests
       - Also, fixed tests failures by changing the reset password workflow definition target namespace URI.


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@135931 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Jamal Kaabi-Mofrad
2017-03-16 19:39:31 +00:00
parent cded2f354d
commit 1aff84d8f7
4 changed files with 325 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
source/java/org/alfresco/rest/api/impl/PeopleImpl.java
View File

@@ -32,10 +32,9 @@ import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
import org.alfresco.repo.security.authentication.ResetPasswordService;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.InvalidResetPasswordWorkflowException;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordDetails;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordWorkflowException;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordWorkflowInvalidUserException;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl.ResetPasswordWorkflowNotFoundException;
import org.alfresco.rest.api.Nodes;
import org.alfresco.rest.api.People;
import org.alfresco.rest.api.Sites;
@@ -44,7 +43,6 @@ import org.alfresco.rest.api.model.Person;
import org.alfresco.rest.framework.core.exceptions.ConstraintViolatedException;
import org.alfresco.rest.framework.core.exceptions.EntityNotFoundException;
import org.alfresco.rest.framework.core.exceptions.InvalidArgumentException;
import org.alfresco.rest.framework.core.exceptions.NotFoundException;
import org.alfresco.rest.framework.core.exceptions.PermissionDeniedException;
import org.alfresco.rest.framework.resource.parameters.CollectionWithPagingInfo;
import org.alfresco.rest.framework.resource.parameters.Paging;
@@ -768,8 +766,8 @@ public class PeopleImpl implements People
checkRequiredField("userId", userId);
checkRequiredField("client", client);
// This is an un-authenticated API call so we wrap it to run as Admin
AuthenticationUtil.runAs(() -> {
// This is an un-authenticated API call so we wrap it to run as System
AuthenticationUtil.runAsSystem(() -> {
try
{
resetPasswordService.requestReset(userId, client);
@@ -787,7 +785,7 @@ public class PeopleImpl implements People
}
return null;
}, AuthenticationUtil.getAdminUserName());
});
}
@Override
@@ -803,21 +801,23 @@ public class PeopleImpl implements People
.setWorkflowKey(passwordReset.getKey());
try
{
// This is an un-authenticated API call so we wrap it to run as Admin
AuthenticationUtil.runAs(() -> {
resetPasswordService.resetPassword(resetDetails);
// This is an un-authenticated API call so we wrap it to run as System
AuthenticationUtil.runAsSystem(() -> {
resetPasswordService.initiateResetPassword(resetDetails);
return null;
}, AuthenticationUtil.getAdminUserName());
});
}
catch (InvalidResetPasswordWorkflowException iex)
catch (ResetPasswordWorkflowException ex)
{
throw new InvalidArgumentException(iex.getMessage());
}
catch (ResetPasswordWorkflowNotFoundException ex)
{
throw new NotFoundException(ex.getMessage());
// we don't throw an exception.
// For security reason, the endpoint returns a 202 response
// See APPSREPO-35 acceptance criteria
if (LOGGER.isWarnEnabled())
{
LOGGER.warn(ex.getMessage());
}
}
}

240
source/test-java/org/alfresco/rest/api/tests/TestPeople.java
View File

@@ -2,7 +2,7 @@
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
@@ -27,6 +27,11 @@ package org.alfresco.rest.api.tests;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.ResetPasswordServiceImpl;
import org.alfresco.rest.api.model.Client;
import org.alfresco.rest.api.model.LoginTicket;
import org.alfresco.rest.api.model.LoginTicketResponse;
import org.alfresco.rest.api.model.PasswordReset;
import org.alfresco.rest.api.tests.RepoService.TestNetwork;
import org.alfresco.rest.api.tests.client.HttpResponse;
import org.alfresco.rest.api.tests.client.Pair;
@@ -37,6 +42,8 @@ import org.alfresco.rest.api.tests.client.RequestContext;
import org.alfresco.rest.api.tests.client.data.Company;
import org.alfresco.rest.api.tests.client.data.JSONAble;
import org.alfresco.rest.api.tests.client.data.Person;
import org.alfresco.util.email.EmailUtil;
import org.alfresco.rest.api.tests.util.RestApiUtil;
import org.alfresco.service.cmr.preference.PreferenceService;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
@@ -63,6 +70,9 @@ import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.mail.internet.MimeMessage;
import static org.alfresco.repo.security.authentication.ResetPasswordServiceImplTest.getWorkflowIdAndKeyFromUrl;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotEquals;
@@ -71,8 +81,9 @@ import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
public class TestPeople extends EnterpriseTestApi
public class TestPeople extends AbstractBaseApiTest
{
private static final String URL_PEOPLE = "people";
private static final QName ASPECT_COMMS = QName.createQName("test.people.api", "comms");
private static final QName PROP_TELEHASH = QName.createQName("test.people.api", "telehash");
private static final QName ASPECT_LUNCHABLE = QName.createQName("test.people.api", "lunchable");
@@ -156,7 +167,7 @@ public class TestPeople extends EnterpriseTestApi
nodeService = applicationContext.getBean("NodeService", NodeService.class);
personService = applicationContext.getBean("PersonService", PersonService.class);
// Capture authentication pre-test, so we can restore it again afterwards.
AuthenticationUtil.pushAuthentication();
}
@@ -1691,4 +1702,227 @@ public class TestPeople extends EnterpriseTestApi
checkList(expectedList, paging.getExpectedPaging(), resp);
}
/**
* Tests reset password.
* <p>POST:</p>
* <ul>
* <li> {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/people/<userId>/request-password-reset} </li>
* <li> {@literal <host>:<port>/alfresco/api/<networkId>/public/alfresco/versions/1/people/<userId>/reset-password} </li>
* </ul>
*/
@Test
public void testResetPassword() throws Exception
{
// As Admin, create a user
setRequestContext(account1.getId(), account1Admin, "admin");
Person person = new Person();
person.setUserName("john.doe@" + account1.getId());
person.setFirstName("John");
person.setLastName("Doe");
person.setEmail("john.doe@alfresco.com");
person.setEnabled(true);
person.setEmailNotificationsEnabled(true);
person.setPassword("password");
people.create(person);
// un-authenticated API
setRequestContext(account1.getId(), null, null);
// Just try to login, to test the new created user credential
LoginTicket loginRequest = new LoginTicket();
loginRequest.setUserId(person.getUserName());
loginRequest.setPassword(person.getPassword());
// Authenticate and create a ticket
HttpResponse response = post("tickets", RestApiUtil.toJsonAsString(loginRequest), null, null, "authentication", 201);
LoginTicketResponse loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertNotNull(loginResponse.getId());
assertNotNull(loginResponse.getUserId());
/**
* Reset Password
*/
// First make the service to send a synchronous email
ResetPasswordServiceImpl passwordService = applicationContext.getBean("resetPasswordService", ResetPasswordServiceImpl.class);
passwordService.setSendEmailAsynchronously(false);
// Get the 'mail' bean in a test mode.
EmailUtil emailUtil = new EmailUtil(applicationContext);
try
{
// Un-authenticated API
setRequestContext(account1.getId(), null, null);
// Reset email (just in case other tests didn't clean up...)
emailUtil.reset();
// Request reset password
Client client = new Client().setClient("share");
post(getRequestResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(client), 202);
assertEquals("A reset password email should have been sent.", 1, emailUtil.getSentCount());
MimeMessage msg = emailUtil.getLastEmail();
assertNotNull(msg);
assertEquals("Should've been only one email recipient.", 1, msg.getAllRecipients().length);
// Check the recipient is the person who requested the reset password
assertEquals(person.getEmail(), msg.getAllRecipients()[0].toString());
// There should be a subject
assertNotNull(msg.getSubject());
// Check the reset password url.
String resetPasswordUrl = (String) emailUtil.getLastEmailTemplateModelValue("reset_password_url");
assertNotNull("Wrong email is sent.", resetPasswordUrl);
// Get the workflow id and key
org.alfresco.util.Pair<String, String> pair = getWorkflowIdAndKeyFromUrl(resetPasswordUrl);
assertNotNull("Workflow Id can't be null.", pair.getFirst());
assertNotNull("Workflow Key can't be null.", pair.getSecond());
// Reset the email helper, to get rid of the request reset password email
emailUtil.reset();
// Un-authenticated APIs as we are still using the 'setRequestContext(account1.getId(), null, null)' set above.
// Reset the password
PasswordReset passwordReset = new PasswordReset()
.setPassword("changed")
.setId(pair.getFirst())
.setKey(pair.getSecond());
post(getResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(passwordReset), 202);
assertEquals("A reset password confirmation email should have been sent.", 1, emailUtil.getSentCount());
msg = emailUtil.getLastEmail();
assertNotNull(msg);
assertEquals("Should've been only one email recipient.", 1, msg.getAllRecipients().length);
assertEquals(person.getEmail(), msg.getAllRecipients()[0].toString());
// There should be a subject
assertNotNull(msg.getSubject());
// Try to login with old credential
post("tickets", RestApiUtil.toJsonAsString(loginRequest), null, null, "authentication", 403);
// Set the new password
loginRequest.setPassword(passwordReset.getPassword());
response = post("tickets", RestApiUtil.toJsonAsString(loginRequest), null, null, "authentication", 201);
loginResponse = RestApiUtil.parseRestApiEntry(response.getJsonResponse(), LoginTicketResponse.class);
assertNotNull(loginResponse.getId());
assertNotNull(loginResponse.getUserId());
/*
* -ve tests
*/
// First, reset the email helper
emailUtil.reset();
// Try reset with the used workflow
// Note: we still return 202 response for security reasons
passwordReset.setPassword("changedAgain");
post(getResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(passwordReset), 202);
assertEquals("No email should have been sent.", 0, emailUtil.getSentCount());
// Request reset password - Invalid user (user dose not exist)
post(getRequestResetPasswordUrl(System.currentTimeMillis() + "noUser"), RestApiUtil.toJsonAsString(client), 202);
assertEquals("No email should have been sent.", 0, emailUtil.getSentCount());
// As Admin disable the user
setRequestContext(account1.getId(), account1Admin, "admin");
Map<String, String> params = Collections.singletonMap("fields", "enabled");
Person updatedPerson = people.update(person.getUserName(), qjson("{`enabled`:" + false + "}"), params, 200);
assertFalse(updatedPerson.isEnabled());
// Un-authenticated API
setRequestContext(account1.getId(), null, null);
// Request reset password - Invalid user (user is disabled)
post(getRequestResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(client), 202);
assertEquals("No email should have been sent.", 0, emailUtil.getSentCount());
// Client is not specified
client = new Client();
post(getRequestResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(client), 400);
// Reset password
// First, reset the email helper and enable the user
emailUtil.reset();
// As Admin enable the user
setRequestContext(account1.getId(), account1Admin, "admin");
params = Collections.singletonMap("fields", "enabled");
updatedPerson = people.update(person.getUserName(), qjson("{`enabled`:" + true + "}"), params, 200);
assertTrue(updatedPerson.isEnabled());
// Un-authenticated API
setRequestContext(account1.getId(), null, null);
client = new Client().setClient("share");
post(getRequestResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(client), 202);
assertEquals("A reset password email should have been sent.", 1, emailUtil.getSentCount());
resetPasswordUrl = (String) emailUtil.getLastEmailTemplateModelValue("reset_password_url");
// Check the reset password url.
assertNotNull("Wrong email is sent.", resetPasswordUrl);
// Get the workflow id and key
pair = getWorkflowIdAndKeyFromUrl(resetPasswordUrl);
assertNotNull("Workflow Id can't be null.", pair.getFirst());
assertNotNull("Workflow Key can't be null.", pair.getSecond());
// Reset the email helper, to get rid of the request reset password email
emailUtil.reset();
// Invalid request - password is not provided
PasswordReset passwordResetInvalid = new PasswordReset()
.setId(pair.getFirst())
.setKey(pair.getSecond());
post(getResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(passwordResetInvalid), 400);
// Invalid request - workflow id is not provided
passwordResetInvalid.setPassword("changedAgain")
.setId(null);
post(getResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(passwordResetInvalid), 400);
// Invalid request - workflow key is not provided
passwordResetInvalid.setId(pair.getFirst())
.setKey(null);
post(getResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(passwordResetInvalid), 400);
// Invalid request - Invalid workflow id
// Note: we still return 202 response for security reasons
passwordResetInvalid = new PasswordReset()
.setPassword("changedAgain")
.setId("activiti$" + System.currentTimeMillis()) // Invalid Id
.setKey(pair.getSecond());
post(getResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(passwordResetInvalid), 202);
assertEquals("No email should have been sent.", 0, emailUtil.getSentCount());
// Invalid request - Invalid workflow key
// Note: we still return 202 response for security reasons
passwordResetInvalid = new PasswordReset()
.setPassword("changedAgain")
.setId(pair.getFirst())
.setKey(GUID.generate()); // Invalid Key
post(getResetPasswordUrl(person.getUserName()), RestApiUtil.toJsonAsString(passwordResetInvalid), 202);
assertEquals("No email should have been sent.", 0, emailUtil.getSentCount());
// Invalid request (not the same user) - The given user id 'user1' does not match the person's user id who requested the password reset.
// Note: we still return 202 response for security reasons
passwordResetInvalid = new PasswordReset()
.setPassword("changedAgain")
.setId(pair.getFirst())
.setKey(pair.getSecond());
post(getResetPasswordUrl(user1), RestApiUtil.toJsonAsString(passwordResetInvalid), 202);
assertEquals("No email should have been sent.", 0, emailUtil.getSentCount());
}
finally
{
passwordService.setSendEmailAsynchronously(true);
emailUtil.reset();
}
}
private String getRequestResetPasswordUrl(String userId)
{
return URL_PEOPLE + '/' + userId + "/request-password-reset";
}
private String getResetPasswordUrl(String userId)
{
return URL_PEOPLE + '/' + userId + "/reset-password";
}
@Override
public String getScope()
{
return "public";
}
}

98
source/test-java/org/alfresco/rest/api/tests/client/AuthenticatedHttp.java
View File

@@ -1,28 +1,28 @@
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
/*
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
* the paid license agreement will prevail. Otherwise, the software is
* provided under the following open source license terms:
*
* Alfresco is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Alfresco is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
* #L%
*/
package org.alfresco.rest.api.tests.client;
import java.io.IOException;
@@ -132,7 +132,41 @@ public class AuthenticatedHttp extends AbstractHttp
return executeWithBasicAuthentication(method, userName, password, callback);
}
}
public <T extends Object> T executeHttpMethodUnAuthenticated(HttpMethod method, HttpRequestCallback<T> callback)
{
try
{
// Try executing the method
httpProvider.getHttpClient().executeMethod(null, method);
if (callback != null)
{
return callback.onCallSuccess(method);
}
return null;
}
catch (Throwable t)
{
boolean handled = false;
// Delegate to callback to handle error. If not available, throw exception
if (callback != null)
{
handled = callback.onError(method, t);
}
if (!handled)
{
throw new RuntimeException("Error while executing an un-authenticated HTTP-call (" + method.getPath() + ")", t);
}
return null;
}
finally
{
method.releaseConnection();
}
}
/**
* Execute the given method, authenticated as the Alfresco Administrator.
*
@@ -156,7 +190,7 @@ public class AuthenticatedHttp extends AbstractHttp
/**
* Execute the given method, authenticated as the given user using Basic Authentication.
* @param method method to execute
* @param userName name of user to authenticate (note: if null then attempts to run with no authentication - eq. Quick/Shared Link test)
* @param userName name of user to authenticate (note: if null then attempts to run with no authentication - eq. Quick/Shared Link test)
* @param callback called after http-call is executed. When callback returns, the
* response stream is closed, so all respose-related operations should be done in the callback. Can be null.
* @return result returned by the callback or null if no callback is given.
@@ -166,13 +200,13 @@ public class AuthenticatedHttp extends AbstractHttp
try
{
HttpState state = new HttpState();
if (userName != null)
{
state.setCredentials(
if (userName != null)
{
state.setCredentials(
new AuthScope(null, AuthScope.ANY_PORT),
new UsernamePasswordCredentials(userName, password));
}
}
httpProvider.getHttpClient().executeMethod(null, method, state);

8
source/test-java/org/alfresco/rest/api/tests/client/PublicApiHttpClient.java
View File

@@ -2,7 +2,7 @@
* #%L
* Alfresco Remote API
* %%
* Copyright (C) 2005 - 2016 Alfresco Software Limited
* Copyright (C) 2005 - 2017 Alfresco Software Limited
* %%
* This file is part of the Alfresco software.
* If the software was purchased under a paid Alfresco license, the terms of
@@ -271,10 +271,14 @@ public class PublicApiHttpClient
{
response = authenticatedHttp.executeHttpMethodAuthenticated(req, rq.getRunAsUser(), rq.getPassword(), callback);
}
else
else if (rq.getRunAsUser() != null)
{
response = authenticatedHttp.executeHttpMethodAuthenticated(req, rq.getRunAsUser(), callback);
}
else
{
response = authenticatedHttp.executeHttpMethodUnAuthenticated(req, callback);
}
return response;
}
finally