DC/dc-project
1
1
Fork 0
Code Issues 25 Pull Requests 2 Actions Packages Projects Releases Wiki Activity

Improve change password

Browse Source
This commit is contained in:
Fabrice Lecomte
2020-01-30 14:18:40 +01:00
parent 3d2d3c2e14
commit 24bc1520f7
3 changed files with 37 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/main/kotlin/fr/dcproject/routes/Citizen.kt
View File

@@ -1,5 +1,6 @@
package fr.dcproject.routes package fr.dcproject.routes
import com.fasterxml.jackson.module.kotlin.MissingKotlinParameterException
import fr.dcproject.citizen import fr.dcproject.citizen
import fr.dcproject.entity.Citizen import fr.dcproject.entity.Citizen
import fr.dcproject.routes.CitizenPaths.ChangePasswordCitizenRequest import fr.dcproject.routes.CitizenPaths.ChangePasswordCitizenRequest
@@ -11,6 +12,7 @@ import fr.dcproject.security.voter.CitizenVoter.Action.VIEW
import fr.dcproject.security.voter.assertCan import fr.dcproject.security.voter.assertCan
import fr.postgresjson.repository.RepositoryI.Direction import fr.postgresjson.repository.RepositoryI.Direction
import io.ktor.application.call import io.ktor.application.call
import io.ktor.auth.UserPasswordCredential
import io.ktor.http.HttpStatusCode import io.ktor.http.HttpStatusCode
import io.ktor.locations.KtorExperimentalLocationsAPI import io.ktor.locations.KtorExperimentalLocationsAPI
import io.ktor.locations.Location import io.ktor.locations.Location
@@ -44,7 +46,7 @@ object CitizenPaths {
@Location("/citizens/{citizen}/password/change") @Location("/citizens/{citizen}/password/change")
class ChangePasswordCitizenRequest(val citizen: Citizen) { class ChangePasswordCitizenRequest(val citizen: Citizen) {
data class Content(val password: String) data class Content(val oldPassword: String, val newPassword: String)
} }
} }
@@ -73,13 +75,20 @@ fun Route.citizen(
put<ChangePasswordCitizenRequest> { put<ChangePasswordCitizenRequest> {
assertCan(CHANGE_PASSWORD, it.citizen) assertCan(CHANGE_PASSWORD, it.citizen)
try {
val content = call.receive<ChangePasswordCitizenRequest.Content>() val content = call.receive<ChangePasswordCitizenRequest.Content>()
val currentUser = userRepository.findByCredentials(UserPasswordCredential(citizen.user.username, content.oldPassword))
val user = it.citizen.user val user = it.citizen.user
if (currentUser == null || currentUser.id != user.id) {
user.plainPassword = content.password call.respond(HttpStatusCode.BadRequest, "Bad password")
} else {
user.plainPassword = content.newPassword
userRepository.changePassword(user) userRepository.changePassword(user)
call.respond(HttpStatusCode.Created) call.respond(HttpStatusCode.Created)
} }
} catch (e: MissingKotlinParameterException) {
call.respond(HttpStatusCode.BadRequest, "Request format is not correct")
}
}
} }

8
src/main/resources/openApi.yaml
View File

@@ -154,7 +154,13 @@ paths:
application/json: application/json:
schema: schema:
properties: properties:
password: old_password:
type: string
format: password
required: true
example:
azerty
new_password:
type: string type: string
format: password format: password
required: true required: true

14
src/test/resources/feature/citizen.feature
View File

@@ -39,7 +39,19 @@ Feature: citizens routes
When I send a PUT request to "/citizens/c211dca6-aa21-45c2-95ba-c7f2179ee37e/password/change" with body: When I send a PUT request to "/citizens/c211dca6-aa21-45c2-95ba-c7f2179ee37e/password/change" with body:
""" """
{ {
"password": "qwerty" "old_password": "azerty",
"new_password": "qwerty"
} }
""" """
Then the response status code should be 201 Then the response status code should be 201
Scenario: If a send bad request when a change password, that return a 400 Bad request
Given I am authenticated as Joe Carotte with id "19110bb5-58a2-4ef1-9497-0207d4b4f48f"
When I send a PUT request to "/citizens/19110bb5-58a2-4ef1-9497-0207d4b4f48f/password/change" with body:
"""
{
"plup": "azerty",
"gloup": "qwerty"
}
"""
Then the response status code should be 400