inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-08-14 17:58:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merged mward/5.2.n-repo1544-update-self (5.2.1) to 5.2.N (5.2.1)

Browse Source 
132914 mward: REPO-1544: allow people to update their own password


git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/DEV/5.2.N/root@132996 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Matt Ward
2016-11-22 10:26:06 +00:00
parent 396e471807
commit 3c8c8f03ac
5 changed files with 124 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
source/test-java/org/alfresco/rest/api/tests/TestPeople.java
View File

@@ -775,15 +775,15 @@ public class TestPeople extends EnterpriseTestApi
people.update("people", personId, null, null, "{\n" + " \"firstName\": \"Updated firstName\"\n" + "}", null, "Expected 401 response when updating " + personId, 401);
}
@Test
public void testUpdatePersonNonAdminNotAllowed() throws PublicApiException
{
final String personId = account3PersonIt.next();
publicApiClient.setRequestContext(new RequestContext(account3.getId(), personId));
people.update("people", personId, null, null, "{\n" + " \"firstName\": \"Updated firstName\"\n" + "}", null, "Expected 403 response when updating " + personId, 403);
}
// @Test
// public void testUpdatePersonNonSelfAndNonAdminDisallowed() throws PublicApiException
// {
// final String personId = account3PersonIt.next();
// publicApiClient.setRequestContext(new RequestContext(account3.getId(), personId));
//
// people.update("people", personId, null, null, "{\n" + " \"firstName\": \"Updated firstName\"\n" + "}", null, "Expected 403 response when updating " + personId, 403);
// }
@Test
public void testUpdatePersonNonexistentPerson() throws PublicApiException
@@ -955,17 +955,39 @@ public class TestPeople extends EnterpriseTestApi
people.update("people", account3Admin, null, null, "{\n" + " \"enabled\": \"" + false + "\"\n" + "}", params, "Expected 403 response when updating " + account3Admin, 403);
}
@Test
public void testUpdatePersonPasswordNonAdminNotAllowed() throws PublicApiException
{
final String personId = account3PersonIt.next();
publicApiClient.setRequestContext(new RequestContext(account3.getId(), personId));
@Test
public void testUpdatePersonPasswordByThemself() throws PublicApiException
{
publicApiClient.setRequestContext(new RequestContext(account1.getId(), account1Admin, "admin"));
Person me = new Person();
me.setId(UUID.randomUUID().toString()+"@"+account1.getId());
me.setUserName(me.getId());
me.setFirstName("Jo");
me.setEmail(me.getId());
me.setEnabled(true);
me.setPassword("password123");
me = people.create(me);
publicApiClient.setRequestContext(new RequestContext(account1.getId(), me.getId(), "password123"));
people.update("people", personId, null, null, "{\n" + " \"password\": \"newPassword\"\n" + "}", null, "Expected 403 response when updating " + personId, 403);
}
// update with correct oldPassword
people.update(me.getId(), qjson("{ `oldPassword`:`password123`, `password`:`newpassword456` }"), 200);
// The old password should no longer work - therefore they are "unauthorized".
publicApiClient.setRequestContext(new RequestContext(account1.getId(), me.getId(), "password123"));
people.getPerson(me.getId(), 401);
// The new password should work.
publicApiClient.setRequestContext(new RequestContext(account1.getId(), me.getId(), "newpassword456"));
people.getPerson(me.getId());
// update with wrong oldPassword
people.update(me.getId(), qjson("{ `oldPassword`:`password123`, `password`:`newpassword456` }"), 403);
// update with no oldPassword
people.update(me.getId(), qjson("{ `password`:`newpassword456` }"), 403);
}
@Test
public void testUpdatePersonPassword() throws PublicApiException
public void testUpdatePersonPasswordByAdmin() throws PublicApiException
{
final String personId = account3PersonIt.next();
final String networkId = account3.getId();