Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
03b0d9c9c5 |
@ -653,6 +653,7 @@ public class UserService {
|
|||||||
.max(Integer::compare)
|
.max(Integer::compare)
|
||||||
.orElse(-1);
|
.orElse(-1);
|
||||||
var targetRank = userRoles.stream()
|
var targetRank = userRoles.stream()
|
||||||
|
.filter(ApplicationRoles::isNoKneconRole)
|
||||||
.map(r -> roleMapping.getRole(r).getRank())
|
.map(r -> roleMapping.getRole(r).getRank())
|
||||||
.max(Integer::compare)
|
.max(Integer::compare)
|
||||||
.orElse(-1);
|
.orElse(-1);
|
||||||
|
|||||||
@ -497,6 +497,50 @@ public class UserTest extends AbstractTenantUserManagementIntegrationTest {
|
|||||||
e = assertThrows(FeignException.class, () -> userClient.setRoles(redUserAdmin.getUserId(), allRoles));
|
e = assertThrows(FeignException.class, () -> userClient.setRoles(redUserAdmin.getUserId(), allRoles));
|
||||||
assertEquals(400, e.status());
|
assertEquals(400, e.status());
|
||||||
|
|
||||||
|
// reset password for authentication
|
||||||
|
userClient.resetPassword(noKneconUser.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build());
|
||||||
|
|
||||||
|
// authenticate with user without knecon roles
|
||||||
|
tokenService.setUser("nokneconroles@notknecon.com", "Secret@secured!23");
|
||||||
|
|
||||||
|
e = assertThrows(FeignException.class, () -> userClient.resetPassword(onlyKneconUser.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build()));
|
||||||
|
assertEquals(404, e.status());
|
||||||
|
|
||||||
|
userClient.resetPassword(user.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build());
|
||||||
|
|
||||||
|
userClient.activateProfile(user.getUserId(), true);
|
||||||
|
|
||||||
|
userClient.deleteUser(user.getUserId());
|
||||||
|
|
||||||
|
e = assertThrows(FeignException.class, () -> userClient.getUserById(user.getUserId()));
|
||||||
|
assertEquals(404, e.status());
|
||||||
|
// give the user the old roles back
|
||||||
|
addRoles(user.getUserId(), allButKneconRoles);
|
||||||
|
|
||||||
|
// create several users with different roles for testing
|
||||||
|
createUserRequest = new CreateUserRequest();
|
||||||
|
createUserRequest.setEmail("lesseruser@user.com");
|
||||||
|
createUserRequest.setFirstName("Lesser");
|
||||||
|
createUserRequest.setLastName("User");
|
||||||
|
createUserRequest.setUsername("LesserSuperUser");
|
||||||
|
var lesserUser = userClient.createUser(createUserRequest);
|
||||||
|
addRoles(lesserUser.getUserId(), Set.of("LESS_SUPER_USER"));
|
||||||
|
|
||||||
|
// reset password for authentication
|
||||||
|
userClient.resetPassword(lesserUser.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build());
|
||||||
|
|
||||||
|
// authenticate with user without knecon roles
|
||||||
|
tokenService.setUser("lesseruser@user.com", "Secret@secured!23");
|
||||||
|
|
||||||
|
e = assertThrows(FeignException.class, () -> userClient.resetPassword(user.getUserId(), ResetPasswordRequest.builder().password("Secret@secured!23").build()));
|
||||||
|
assertEquals(403, e.status());
|
||||||
|
|
||||||
|
e = assertThrows(FeignException.class, () -> userClient.activateProfile(user.getUserId(), true));
|
||||||
|
assertEquals(403, e.status());
|
||||||
|
|
||||||
|
e = assertThrows(FeignException.class, () -> userClient.deleteUser(user.getUserId()));
|
||||||
|
assertEquals(403, e.status());
|
||||||
|
|
||||||
// authenticate as knecon admin again
|
// authenticate as knecon admin again
|
||||||
tokenService.setUser("admin@knecon.com", "secret");
|
tokenService.setUser("admin@knecon.com", "secret");
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user