Skip to content

Commit

Permalink
fix: An admin can now change a user's data again. An error occurred
Browse files Browse the repository at this point in the history 
because the check against duplicate usernames was wrong. The change of
the user data by the user himself was not affected.

It was always only checked whether the username already existed, not
whether this user was being changed. However, the username was and is
only transferred for admins, since only admins are allowed to change it.
  • Loading branch information
@jekutzsche
jekutzsche committed Oct 29, 2021
1 parent 85c07a5 commit 0fda2b6
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 5 deletions.
16 changes: 15 additions & 1 deletion iris-client-bff/src/main/java/iris/client_bff/users/web/UserController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ public UserDTO updateUser(@PathVariable UUID id, @RequestBody @Valid UserUpdateD

var userUpdateDTOValidated = validateUserUpdateDTO(userUpdateDTO);

checkUniqueUsername(userUpdateDTOValidated.getUserName());
checkUniqueUsername(userUpdateDTOValidated.getUserName(), id);

return map(userService.update(id, userUpdateDTOValidated, authentication));
}
Expand Down Expand Up @@ -188,4 +188,18 @@ private void checkUniqueUsername(String username) {
messages.getMessage("UserController.username.notunique"));
});
}

private void checkUniqueUsername(String username, UUID id) {

if (isBlank(username)) {
return;
}

userService.findByUsername(username)
.filter(it -> !it.getUser_id().equals(id))
.ifPresent(__ -> {
throw new ResponseStatusException(HttpStatus.BAD_REQUEST,
messages.getMessage("UserController.username.notunique"));
});
}
}
40 changes: 36 additions & 4 deletions iris-client-bff/src/test/java/iris/client_bff/users/UserControllerTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,18 +8,19 @@
import iris.client_bff.config.HealthDepartmentConfig;
import iris.client_bff.core.alert.AlertService;
import iris.client_bff.core.utils.ValidationHelper;
import iris.client_bff.ui.messages.ErrorMessages;
import iris.client_bff.users.entities.UserAccount;
import iris.client_bff.users.entities.UserRole;
import iris.client_bff.users.web.UserController;
import iris.client_bff.users.web.dto.UserInsertDTO;
import iris.client_bff.users.web.dto.UserRoleDTO;
import iris.client_bff.users.web.dto.UserUpdateDTO;

import java.util.Optional;
import java.util.UUID;

import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.ValueSource;
Expand Down Expand Up @@ -84,13 +85,12 @@ public void init() {
void testWrongPasswords(String pw) {

var dto = new UserInsertDTO().firstName("fn").lastName("ln").userName("un").password(pw).role(UserRoleDTO.USER);
Assertions.assertThrows(ResponseStatusException.class, () -> userController.createUser(dto),
ErrorMessages.PW_ERROR_MESSAGE);
Assertions.assertThrows(ResponseStatusException.class, () -> userController.createUser(dto));

var dto2 = new UserUpdateDTO().firstName("fn").lastName("ln").userName("un").password(pw).role(UserRoleDTO.USER);
var authentication = new UserAccountAuthentication("test", true, null);
Assertions.assertThrows(ResponseStatusException.class,
() -> userController.updateUser(UUID.randomUUID(), dto2, authentication), ErrorMessages.PW_ERROR_MESSAGE);
() -> userController.updateUser(UUID.randomUUID(), dto2, authentication));
}

@ParameterizedTest
Expand All @@ -106,9 +106,41 @@ void testCorrectPasswords(String pw) {
var dto2 = new UserUpdateDTO().firstName("fn").lastName("ln").userName("un").password(pw).role(UserRoleDTO.USER);
var authentication = new UserAccountAuthentication("test", true, null);
var id = UUID.randomUUID();

var account = new UserAccount();
account.setUser_id(id);
account.setFirstName("fn");
account.setLastName("ln");
account.setPassword(pw);
account.setUserName("un");
account.setRole(UserRole.USER);

when(userService.findByUsername(anyString())).thenReturn(Optional.of(account));

userController.updateUser(id, dto2, authentication);

verify(userService).update(id, dto2, authentication);
assertThat(user).isNotNull();
}

@Test
void testNewUserNameExist() {

var dto2 = new UserUpdateDTO().firstName("fn1").lastName("ln1").userName("un").password("abcde123")
.role(UserRoleDTO.USER);
var authentication = new UserAccountAuthentication("test", true, null);

var account = new UserAccount();
account.setUser_id(UUID.randomUUID());
account.setFirstName("fn");
account.setLastName("ln");
account.setPassword("abcde123");
account.setUserName("un");
account.setRole(UserRole.USER);

when(userService.findByUsername(anyString())).thenReturn(Optional.of(account));

Assertions.assertThrows(ResponseStatusException.class,
() -> userController.updateUser(UUID.randomUUID(), dto2, authentication));
}
}

0 comments on commit 0fda2b6

Please sign in to comment.