From 24bc1520f73a7dd0c2108cf314ecd86a663a0bc3 Mon Sep 17 00:00:00 2001 From: Fabrice Lecomte Date: Thu, 30 Jan 2020 14:18:40 +0100 Subject: [PATCH] Improve change password --- .../kotlin/fr/dcproject/routes/Citizen.kt | 25 +++++++++++++------ src/main/resources/openApi.yaml | 8 +++++- src/test/resources/feature/citizen.feature | 14 ++++++++++- 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/src/main/kotlin/fr/dcproject/routes/Citizen.kt b/src/main/kotlin/fr/dcproject/routes/Citizen.kt index ff43722..4528cd3 100644 --- a/src/main/kotlin/fr/dcproject/routes/Citizen.kt +++ b/src/main/kotlin/fr/dcproject/routes/Citizen.kt @@ -1,5 +1,6 @@ package fr.dcproject.routes +import com.fasterxml.jackson.module.kotlin.MissingKotlinParameterException import fr.dcproject.citizen import fr.dcproject.entity.Citizen import fr.dcproject.routes.CitizenPaths.ChangePasswordCitizenRequest @@ -11,6 +12,7 @@ import fr.dcproject.security.voter.CitizenVoter.Action.VIEW import fr.dcproject.security.voter.assertCan import fr.postgresjson.repository.RepositoryI.Direction import io.ktor.application.call +import io.ktor.auth.UserPasswordCredential import io.ktor.http.HttpStatusCode import io.ktor.locations.KtorExperimentalLocationsAPI import io.ktor.locations.Location @@ -44,7 +46,7 @@ object CitizenPaths { @Location("/citizens/{citizen}/password/change") class ChangePasswordCitizenRequest(val citizen: Citizen) { - data class Content(val password: String) + data class Content(val oldPassword: String, val newPassword: String) } } @@ -73,13 +75,20 @@ fun Route.citizen( put { assertCan(CHANGE_PASSWORD, it.citizen) - val content = call.receive() + try { + val content = call.receive() + val currentUser = userRepository.findByCredentials(UserPasswordCredential(citizen.user.username, content.oldPassword)) + val user = it.citizen.user + if (currentUser == null || currentUser.id != user.id) { + call.respond(HttpStatusCode.BadRequest, "Bad password") + } else { + user.plainPassword = content.newPassword + userRepository.changePassword(user) - val user = it.citizen.user - - user.plainPassword = content.password - userRepository.changePassword(user) - - call.respond(HttpStatusCode.Created) + call.respond(HttpStatusCode.Created) + } + } catch (e: MissingKotlinParameterException) { + call.respond(HttpStatusCode.BadRequest, "Request format is not correct") + } } } \ No newline at end of file diff --git a/src/main/resources/openApi.yaml b/src/main/resources/openApi.yaml index 0adc48c..991eb3f 100644 --- a/src/main/resources/openApi.yaml +++ b/src/main/resources/openApi.yaml @@ -154,7 +154,13 @@ paths: application/json: schema: properties: - password: + old_password: + type: string + format: password + required: true + example: + azerty + new_password: type: string format: password required: true diff --git a/src/test/resources/feature/citizen.feature b/src/test/resources/feature/citizen.feature index 30430ea..d5e9cb2 100644 --- a/src/test/resources/feature/citizen.feature +++ b/src/test/resources/feature/citizen.feature @@ -39,7 +39,19 @@ Feature: citizens routes When I send a PUT request to "/citizens/c211dca6-aa21-45c2-95ba-c7f2179ee37e/password/change" with body: """ { - "password": "qwerty" + "old_password": "azerty", + "new_password": "qwerty" } """ Then the response status code should be 201 + + Scenario: If a send bad request when a change password, that return a 400 Bad request + Given I am authenticated as Joe Carotte with id "19110bb5-58a2-4ef1-9497-0207d4b4f48f" + When I send a PUT request to "/citizens/19110bb5-58a2-4ef1-9497-0207d4b4f48f/password/change" with body: + """ + { + "plup": "azerty", + "gloup": "qwerty" + } + """ + Then the response status code should be 400