From commits-return-12399-archive-asf-public=cust-asf.ponee.io@syncope.apache.org Tue Oct 30 18:03:02 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 0FDDD180652 for ; Tue, 30 Oct 2018 18:03:00 +0100 (CET) Received: (qmail 5066 invoked by uid 500); 30 Oct 2018 17:03:00 -0000 Mailing-List: contact commits-help@syncope.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@syncope.apache.org Delivered-To: mailing list commits@syncope.apache.org Received: (qmail 5044 invoked by uid 99); 30 Oct 2018 17:03:00 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Oct 2018 17:03:00 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id F13B9E0181; Tue, 30 Oct 2018 17:02:59 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: ilgrosso@apache.org To: commits@syncope.apache.org Date: Tue, 30 Oct 2018 17:02:59 -0000 Message-Id: X-Mailer: ASF-Git Admin Mailer Subject: [1/3] syncope git commit: [SYNCOPE-1388] Now only POST /user/self/mustChangePassword is allowed when mustChangePassword flag is set on user Repository: syncope Updated Branches: refs/heads/2_0_X 8973b910e -> 9488345f8 refs/heads/2_1_X 54ea52c7f -> eae67f83d refs/heads/master 9fc33d2dc -> 01e32d2d0 [SYNCOPE-1388] Now only POST /user/self/mustChangePassword is allowed when mustChangePassword flag is set on user Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/eae67f83 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/eae67f83 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/eae67f83 Branch: refs/heads/2_1_X Commit: eae67f83d57b8382c5e6aa10d0ca1838c4018856 Parents: 54ea52c Author: Francesco Chicchiriccò Authored: Tue Oct 30 17:56:59 2018 +0100 Committer: Francesco Chicchiriccò Committed: Tue Oct 30 17:56:59 2018 +0100 ---------------------------------------------------------------------- appveyor.yml | 4 ++-- .../console/SyncopeConsoleApplication.java | 3 +-- .../client/console/SyncopeConsoleSession.java | 24 ++++++++++++++------ .../client/console/panels/AnyTypesPanel.java | 4 ++-- .../client/enduser/SyncopeEnduserSession.java | 23 +++++++++++-------- .../resources/UserSelfChangePassword.java | 12 +--------- .../enduser/resources/UserSelfReadResource.java | 1 - .../app/js/controllers/UserController.js | 10 ++++---- .../app/js/services/userSelfService.js | 3 ++- .../apache/syncope/core/logic/UserLogic.java | 12 ++++++---- .../security/MustChangePasswordFilter.java | 10 ++------ .../spring/security/SyncopeJWTSSOProvider.java | 2 +- .../client/console/pages/SAML2SPLogin.java | 1 - .../apache/syncope/fit/core/UserSelfITCase.java | 12 +++++----- 14 files changed, 62 insertions(+), 59 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/appveyor.yml ---------------------------------------------------------------------- diff --git a/appveyor.yml b/appveyor.yml index afd0b8f..f58a884 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -26,9 +26,9 @@ install: (new-object System.Net.WebClient).DownloadFile('https://www.apache.org/dist/maven/maven-3/3.5.4/binaries/apache-maven-3.5.4-bin.zip', 'C:\maven-bin.zip') [System.IO.Compression.ZipFile]::ExtractToDirectory("C:\maven-bin.zip", "C:\maven") } - - cmd: SET PATH=C:\maven\apache-maven-3.5.3\bin;%JAVA_HOME%\bin;=%; + - cmd: SET PATH=C:\maven\apache-maven-3.5.4\bin;%JAVA_HOME%\bin;=%; - cmd: SET JAVA_HOME=C:\Program Files\Java\jdk1.8.0 - - cmd: SET M2_HOME=C:\maven\apache-maven-3.5.3 + - cmd: SET M2_HOME=C:\maven\apache-maven-3.5.4 - cmd: SET MAVEN_OPTS=-Xmx4g - cmd: SET JAVA_OPTS=-Xmx4g build_script: http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java index f03f823..3431f04 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleApplication.java @@ -49,7 +49,6 @@ import org.apache.syncope.client.lib.SyncopeClientFactoryBean; import org.apache.syncope.common.lib.PropertyUtils; import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.to.EntityTO; -import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.common.rest.api.service.DomainService; import org.apache.wicket.Page; import org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession; @@ -254,7 +253,7 @@ public class SyncopeConsoleApplication extends AuthenticatedWebApplication { @Override public Class getHomePage() { return AuthenticatedWebSession.get().isSignedIn() - && SyncopeConsoleSession.get().owns(StandardEntitlement.MUST_CHANGE_PASSWORD) + && SyncopeConsoleSession.get().getSelfTO().isMustChangePassword() ? MustChangePassword.class : Dashboard.class; } http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java index d793da2..6f9d7a9 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/SyncopeConsoleSession.java @@ -31,6 +31,7 @@ import java.util.Set; import java.util.concurrent.Callable; import java.util.concurrent.CompletableFuture; import java.util.concurrent.Future; +import javax.ws.rs.ForbiddenException; import javax.ws.rs.core.EntityTag; import javax.ws.rs.core.MediaType; import org.apache.commons.collections4.list.SetUniqueList; @@ -48,6 +49,7 @@ import org.apache.syncope.common.lib.SyncopeConstants; import org.apache.syncope.common.lib.info.PlatformInfo; import org.apache.syncope.common.lib.info.SystemInfo; import org.apache.syncope.common.lib.to.UserTO; +import org.apache.syncope.common.lib.types.StandardEntitlement; import org.apache.syncope.common.rest.api.service.SyncopeService; import org.apache.wicket.Session; import org.apache.wicket.authroles.authentication.AuthenticatedWebSession; @@ -163,7 +165,7 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession { try { client = clientFactory.setDomain(getDomain()).create(username, password); - refreshAuth(); + refreshAuth(username); authenticated = true; } catch (Exception e) { @@ -179,7 +181,7 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession { try { client = clientFactory.setDomain(getDomain()).create(jwt); - refreshAuth(); + refreshAuth(null); authenticated = true; } catch (Exception e) { @@ -270,11 +272,19 @@ public class SyncopeConsoleSession extends AuthenticatedWebSession { return roles; } - public void refreshAuth() { - Pair>, UserTO> self = client.self(); - auth = self.getLeft(); - selfTO = self.getRight(); - roles = null; + public void refreshAuth(final String username) { + try { + Pair>, UserTO> self = client.self(); + auth = self.getLeft(); + selfTO = self.getRight(); + roles = null; + } catch (ForbiddenException e) { + LOG.warn("Could not read self(), probably in a {} scenario", StandardEntitlement.MUST_CHANGE_PASSWORD, e); + + selfTO = new UserTO(); + selfTO.setUsername(username); + selfTO.setMustChangePassword(true); + } } @SuppressWarnings("unchecked") http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java ---------------------------------------------------------------------- diff --git a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java index 97158e5..8e407f7 100644 --- a/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java +++ b/client/console/src/main/java/org/apache/syncope/client/console/panels/AnyTypesPanel.java @@ -75,7 +75,7 @@ public class AnyTypesPanel extends TypesDirectoryPanel object.getType() != AttrSchemaType.Date).collect(Collectors.toSet())); } - private void afterAuthentication() { - Pair>, UserTO> self = client.self(); - selfTO = self.getRight(); + private void afterAuthentication(final String username) { + try { + selfTO = client.self().getRight(); + } catch (ForbiddenException e) { + LOG.warn("Could not read self(), probably in a {} scenario", StandardEntitlement.MUST_CHANGE_PASSWORD, e); + + selfTO = new UserTO(); + selfTO.setUsername(username); + selfTO.setMustChangePassword(true); + } // bind explicitly this session to have a stateful behavior during http requests, unless session will // expire for every request @@ -104,7 +110,7 @@ public class SyncopeEnduserSession extends WebSession { setDomain(SyncopeEnduserApplication.get().getDomain()). create(username, password); - afterAuthentication(); + afterAuthentication(username); authenticated = true; } catch (Exception e) { @@ -121,7 +127,7 @@ public class SyncopeEnduserSession extends WebSession { client = SyncopeEnduserApplication.get().getClientFactory(). setDomain(SyncopeEnduserApplication.get().getDomain()).create(jwt); - afterAuthentication(); + afterAuthentication(null); authenticated = true; } catch (Exception e) { @@ -190,5 +196,4 @@ public class SyncopeEnduserSession extends WebSession { public void setXsrfTokenGenerated(final boolean xsrfTokenGenerated) { this.xsrfTokenGenerated = xsrfTokenGenerated; } - } http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java index 2d476e8..e18cd28 100644 --- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java +++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfChangePassword.java @@ -18,7 +18,6 @@ */ package org.apache.syncope.client.enduser.resources; -import java.io.IOException; import java.nio.charset.StandardCharsets; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -56,16 +55,7 @@ public class UserSelfChangePassword extends BaseResource { mustChangePassword(parameters.get("newPassword")[0]); response.setTextEncoding(StandardCharsets.UTF_8.name()); - - response.setWriteCallback(new WriteCallback() { - - @Override - public void writeData(final Attributes attributes) throws IOException { - attributes.getResponse().write("Password changed correctly"); - } - }); - - response.setStatusCode(Response.Status.OK.getStatusCode()); + response.setStatusCode(Response.Status.NO_CONTENT.getStatusCode()); } catch (final Exception e) { LOG.error("Error while updating user", e); response.setError(Response.Status.BAD_REQUEST.getStatusCode(), new StringBuilder() http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java index 3e8e2ce..c58be85 100644 --- a/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java +++ b/client/enduser/src/main/java/org/apache/syncope/client/enduser/resources/UserSelfReadResource.java @@ -149,5 +149,4 @@ public class UserSelfReadResource extends BaseUserSelfResource { attrs.clear(); } } - } http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js index 7718db7..f919b08 100644 --- a/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js +++ b/client/enduser/src/main/resources/META-INF/resources/app/js/controllers/UserController.js @@ -341,7 +341,6 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l $scope.user = UserUtil.getUnwrappedUser(response); $scope.user.password = undefined; - $scope.initialSecurityQuestion = $scope.user.securityQuestion; // initialize already assigned resources $scope.dynamicForm.selectedResources = $scope.user.resources; @@ -520,7 +519,7 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l + $filter('translate')(["SUCCESSFULLY_UPDATED"]).SUCCESSFULLY_UPDATED }); }, function (response) { - console.info("Error during user update: ", response); + console.error("Error during user update: ", response); var errorMessage; // parse error response if (response !== undefined) { @@ -614,8 +613,11 @@ angular.module("self").controller("UserController", ['$scope', '$rootScope', '$l //check if password and confirmPassword are equals using angular built-in validation if (ValidationExecutor.validate(currentForm, $scope)) { if (user && user.password) { - UserSelfService.changePassword({"newPassword": user.password}).then(function (data) { - $scope.logout(data); + UserSelfService.changePassword({"newPassword": user.password}).then(function (response) { + console.debug("User " + user.username + " password successfully CHANGED"); + $scope.logout({ + successMessage: $filter('translate')(["PASSWORD_UPDATED"]).PASSWORD_UPDATED + }); }, function (response) { var errorMessage; // parse error response http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js ---------------------------------------------------------------------- diff --git a/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js b/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js index 2920814..b7e05d3 100644 --- a/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js +++ b/client/enduser/src/main/resources/META-INF/resources/app/js/services/userSelfService.js @@ -115,8 +115,9 @@ angular.module('login') } }) .then(function (response) { - return response.data || response.statusText; + return response; }, function (response) { + console.error("Something went wrong during passwod change, exit with status: ", response); return $q.reject(response.data || response.statusText); }); }; http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java ---------------------------------------------------------------------- diff --git a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java index dace468..56a01b4 100644 --- a/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java +++ b/core/logic/src/main/java/org/apache/syncope/core/logic/UserLogic.java @@ -85,7 +85,7 @@ public class UserLogic extends AbstractAnyLogic { @Autowired protected SyncopeLogic syncopeLogic; - @PreAuthorize("isAuthenticated()") + @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") @Transactional(readOnly = true) public Pair selfRead() { return Pair.of( @@ -164,7 +164,9 @@ public class UserLogic extends AbstractAnyLogic { binder.returnUserTO(binder.getUserTO(created.getKey())), created.getRight(), before.getRight()); } - @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))") + @PreAuthorize("isAuthenticated() " + + "and not(hasRole('" + StandardEntitlement.ANONYMOUS + "')) " + + "and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult selfUpdate(final UserPatch userPatch, final boolean nullPriorityAsync) { UserTO userTO = binder.getAuthenticatedUserTO(); userPatch.setKey(userTO.getKey()); @@ -264,7 +266,7 @@ public class UserLogic extends AbstractAnyLogic { Collections.emptySet()); } - @PreAuthorize("isAuthenticated()") + @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult selfStatus(final StatusPatch statusPatch, final boolean nullPriorityAsync) { statusPatch.setKey(userDAO.findKey(AuthContextUtils.getUsername())); Pair> updated = setStatusOnWfAdapter(statusPatch, nullPriorityAsync); @@ -316,7 +318,9 @@ public class UserLogic extends AbstractAnyLogic { provisioningManager.confirmPasswordReset(user.getKey(), token, password); } - @PreAuthorize("isAuthenticated() and not(hasRole('" + StandardEntitlement.ANONYMOUS + "'))") + @PreAuthorize("isAuthenticated() " + + "and not(hasRole('" + StandardEntitlement.ANONYMOUS + "')) " + + "and not(hasRole('" + StandardEntitlement.MUST_CHANGE_PASSWORD + "'))") public ProvisioningResult selfDelete(final boolean nullPriorityAsync) { UserTO userTO = binder.getAuthenticatedUserTO(); return doDelete(userTO, true, nullPriorityAsync); http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java ---------------------------------------------------------------------- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java index c901c0b..15ea6a9 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/MustChangePasswordFilter.java @@ -25,7 +25,6 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; -import org.apache.commons.lang3.ArrayUtils; import org.apache.syncope.common.lib.types.StandardEntitlement; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.core.context.SecurityContextHolder; @@ -33,10 +32,6 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq public class MustChangePasswordFilter implements Filter { - private static final String[] ALLOWED = new String[] { - "/users/self", "/users/self/changePassword" - }; - @Override public void init(final FilterConfig filterConfig) throws ServletException { // not used @@ -58,8 +53,8 @@ public class MustChangePasswordFilter implements Filter { SecurityContextHolderAwareRequestWrapper wrapper = SecurityContextHolderAwareRequestWrapper.class.cast(request); - if (isMustChangePassword && "GET".equalsIgnoreCase(wrapper.getMethod()) - && !ArrayUtils.contains(ALLOWED, wrapper.getPathInfo())) { + if (isMustChangePassword && !"POST".equalsIgnoreCase(wrapper.getMethod()) + && !"/users/self/changePassword".equals(wrapper.getPathInfo())) { throw new AccessDeniedException("Please change your password first"); } @@ -67,5 +62,4 @@ public class MustChangePasswordFilter implements Filter { chain.doFilter(request, response); } - } http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java ---------------------------------------------------------------------- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java index 08715e1..279cd6f 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/SyncopeJWTSSOProvider.java @@ -87,7 +87,7 @@ public class SyncopeJWTSSOProvider implements JWTSSOProvider { Set authorities = Collections.emptySet(); if (user != null) { AccessToken accessToken = accessTokenDAO.find(jwtClaims.getTokenId()); - if (accessToken.getAuthorities() != null) { + if (accessToken != null && accessToken.getAuthorities() != null) { try { authorities = POJOHelper.deserialize( ENCRYPTOR.decode(new String(accessToken.getAuthorities()), CipherAlgorithm.AES), http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java ---------------------------------------------------------------------- diff --git a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java index 69f8294..d6b10c9 100644 --- a/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java +++ b/ext/saml2sp/client-console/src/main/java/org/apache/syncope/client/console/pages/SAML2SPLogin.java @@ -68,5 +68,4 @@ public class SAML2SPLogin extends WebPage { } strategy.remove(); } - } http://git-wip-us.apache.org/repos/asf/syncope/blob/eae67f83/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java index 63db20e..162cb88 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/UserSelfITCase.java @@ -57,7 +57,7 @@ import org.apache.syncope.common.lib.types.ClientExceptionType; import org.apache.syncope.common.lib.types.PatchOperation; import org.apache.syncope.common.rest.api.beans.AnyQuery; import org.apache.syncope.common.rest.api.beans.UserRequestFormQuery; -import org.apache.syncope.common.rest.api.service.ResourceService; +import org.apache.syncope.common.rest.api.service.AccessTokenService; import org.apache.syncope.common.rest.api.service.UserRequestService; import org.apache.syncope.common.rest.api.service.UserSelfService; import org.apache.syncope.common.rest.api.service.UserService; @@ -377,10 +377,10 @@ public class UserSelfITCase extends AbstractITCase { // 0. access as vivaldi -> succeed SyncopeClient vivaldiClient = clientFactory.create("vivaldi", "password321"); - Pair>, UserTO> self = vivaldiClient.self(); - assertFalse(self.getRight().isMustChangePassword()); + Response response = vivaldiClient.getService(AccessTokenService.class).refresh(); + assertEquals(Response.Status.NO_CONTENT.getStatusCode(), response.getStatus()); - // 1. update user vivaldi (3) requirig password update + // 1. update user vivaldi requiring password update userPatch = new UserPatch(); userPatch.setKey("b3cbc78d-32e6-4bd4-92e0-bbe07566a2ee"); userPatch.setMustChangePassword(new BooleanReplacePatchItem.Builder().value(true).build()); @@ -389,7 +389,7 @@ public class UserSelfITCase extends AbstractITCase { // 2. attempt to access -> fail try { - vivaldiClient.getService(ResourceService.class).list(); + vivaldiClient.self(); fail("This should not happen"); } catch (ForbiddenException e) { assertNotNull(e); @@ -400,7 +400,7 @@ public class UserSelfITCase extends AbstractITCase { vivaldiClient.getService(UserSelfService.class).mustChangePassword("password123"); // 4. verify it worked - self = clientFactory.create("vivaldi", "password123").self(); + Pair>, UserTO> self = clientFactory.create("vivaldi", "password123").self(); assertFalse(self.getRight().isMustChangePassword()); }