diff --git a/src/main/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationController.java b/src/main/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationController.java index 2bcba08f8..08e3519a8 100644 --- a/src/main/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationController.java +++ b/src/main/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationController.java @@ -34,7 +34,7 @@ import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -47,7 +47,7 @@ @ConditionalOnProperty(prefix = "termit.security", name = "provider", havingValue = "internal", matchIfMissing = true) @Tag(name = "Admin User Registration", description = "Allows admins to register new users.") @RestController -@RequestMapping("/users") +@RequestMapping("/admin/users") public class AdminBasedRegistrationController { private static final Logger LOG = LoggerFactory.getLogger(AdminBasedRegistrationController.class); @@ -67,7 +67,7 @@ public AdminBasedRegistrationController(UserService userService) { @ApiResponse(responseCode = "409", description = "User data are invalid") }) @PreAuthorize("hasRole('" + SecurityConstants.ROLE_ADMIN + "')") - @PutMapping(consumes = {MediaType.APPLICATION_JSON_VALUE, JsonLd.MEDIA_TYPE}) + @PostMapping(consumes = {MediaType.APPLICATION_JSON_VALUE, JsonLd.MEDIA_TYPE}) public ResponseEntity createUser(@RequestBody UserAccount user) { userService.adminCreateUser(user); LOG.info("User {} successfully registered by {}.", user, userService.getCurrent().getUsername()); diff --git a/src/main/java/cz/cvut/kbss/termit/rest/PasswordChangeController.java b/src/main/java/cz/cvut/kbss/termit/rest/PasswordChangeController.java index e00b5e44b..ad5cea4ed 100644 --- a/src/main/java/cz/cvut/kbss/termit/rest/PasswordChangeController.java +++ b/src/main/java/cz/cvut/kbss/termit/rest/PasswordChangeController.java @@ -35,7 +35,6 @@ public class PasswordChangeController { @Autowired public PasswordChangeController(UserService userService) { this.userService = userService; - LOG.debug("Instantiating password change controller."); } @Operation(description = "Requests a password reset for the specified username.") diff --git a/src/main/java/cz/cvut/kbss/termit/service/business/UserService.java b/src/main/java/cz/cvut/kbss/termit/service/business/UserService.java index 486056985..a5022f675 100644 --- a/src/main/java/cz/cvut/kbss/termit/service/business/UserService.java +++ b/src/main/java/cz/cvut/kbss/termit/service/business/UserService.java @@ -48,7 +48,6 @@ import org.springframework.transaction.annotation.Transactional; import java.net.URI; -import java.time.Instant; import java.util.List; import java.util.Objects; import java.util.Optional; @@ -368,7 +367,7 @@ public void requestPasswordReset(String username) { } private boolean isValid(PasswordChangeRequest request) { - return request.getCreatedAt().plus(securityConfig.getPasswordChangeRequestValidity()).isAfter(Instant.now()); + return request.getCreatedAt().plus(securityConfig.getPasswordChangeRequestValidity()).isAfter(Utils.timestamp()); } /** diff --git a/src/main/java/cz/cvut/kbss/termit/service/repository/PasswordChangeRequestRepositoryService.java b/src/main/java/cz/cvut/kbss/termit/service/repository/PasswordChangeRequestRepositoryService.java index 324db884f..66e4b1cad 100644 --- a/src/main/java/cz/cvut/kbss/termit/service/repository/PasswordChangeRequestRepositoryService.java +++ b/src/main/java/cz/cvut/kbss/termit/service/repository/PasswordChangeRequestRepositoryService.java @@ -6,10 +6,10 @@ import cz.cvut.kbss.termit.model.UserAccount; import cz.cvut.kbss.termit.persistence.dao.GenericDao; import cz.cvut.kbss.termit.persistence.dao.PasswordChangeRequestDao; +import cz.cvut.kbss.termit.util.Utils; import jakarta.validation.Validator; import org.springframework.stereotype.Service; -import java.time.Instant; import java.util.List; import java.util.UUID; @@ -36,7 +36,7 @@ public PasswordChangeRequest create(UserAccount userAccount) { PasswordChangeRequest request = new PasswordChangeRequest(); request.setUserAccount(userAccount); request.setToken(UUID.randomUUID().toString()); - request.setCreatedAt(Instant.now()); + request.setCreatedAt(Utils.timestamp()); passwordChangeRequestDao.persist(request); postPersist(request); diff --git a/src/test/java/cz/cvut/kbss/termit/persistence/dao/PasswordChangeRequestDaoTest.java b/src/test/java/cz/cvut/kbss/termit/persistence/dao/PasswordChangeRequestDaoTest.java index dad4147bb..d8c84e2a7 100644 --- a/src/test/java/cz/cvut/kbss/termit/persistence/dao/PasswordChangeRequestDaoTest.java +++ b/src/test/java/cz/cvut/kbss/termit/persistence/dao/PasswordChangeRequestDaoTest.java @@ -4,16 +4,14 @@ import cz.cvut.kbss.termit.environment.Generator; import cz.cvut.kbss.termit.model.PasswordChangeRequest; import cz.cvut.kbss.termit.model.UserAccount; +import cz.cvut.kbss.termit.util.Utils; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; -import java.time.Instant; import java.util.List; -import java.util.Optional; import java.util.UUID; import static org.junit.jupiter.api.Assertions.assertEquals; -import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; class PasswordChangeRequestDaoTest extends BaseDaoTestRunner { @@ -41,8 +39,8 @@ void findAllByUsernameReturnsAllResults() { secondPasswordChangeRequest.setToken(ANOTHER_TOKEN); passwordChangeRequest.setUserAccount(user); secondPasswordChangeRequest.setUserAccount(user); - passwordChangeRequest.setCreatedAt(Instant.now()); - secondPasswordChangeRequest.setCreatedAt(Instant.now()); + passwordChangeRequest.setCreatedAt(Utils.timestamp()); + secondPasswordChangeRequest.setCreatedAt(Utils.timestamp()); transactional(() -> em.persist(passwordChangeRequest)); transactional(() -> em.persist(secondPasswordChangeRequest)); diff --git a/src/test/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationControllerTest.java b/src/test/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationControllerTest.java index f2554624c..3c50beb10 100644 --- a/src/test/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationControllerTest.java +++ b/src/test/java/cz/cvut/kbss/termit/rest/AdminBasedRegistrationControllerTest.java @@ -53,7 +53,7 @@ import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; -import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put; +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post; import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status; @WebMvcTest(AdminBasedRegistrationController.class) @@ -69,7 +69,7 @@ @ActiveProfiles("test") class AdminBasedRegistrationControllerTest extends BaseControllerTestRunner { - private static final String PATH = REST_MAPPING_PATH + "/users"; + private static final String PATH = REST_MAPPING_PATH + "/admin/users"; @Autowired private MockMvc mockMvc; @@ -94,7 +94,7 @@ void createUserPersistsUserWhenCalledByAdmin() throws Exception { when(securityUtils.getCurrentUser()).thenReturn(admin); userService.persist(admin); final UserAccount user = Generator.generateUserAccountWithPassword(); - mockMvc.perform(put(PATH).content(toJson(user)) + mockMvc.perform(post(PATH).content(toJson(user)) .contentType(MediaType.APPLICATION_JSON_VALUE)) .andExpect(status().isCreated()); verify(userService).adminCreateUser(user); @@ -106,7 +106,7 @@ void createUserThrowsForbiddenForNonAdminUser() throws Exception { Environment.setCurrentUser(admin); when(securityUtils.getCurrentUser()).thenReturn(admin); final UserAccount user = Generator.generateUserAccount(); - mockMvc.perform(put(PATH).content(toJson(user)) + mockMvc.perform(post(PATH).content(toJson(user)) .contentType(MediaType.APPLICATION_JSON_VALUE)) .andExpect(status().isForbidden()); verify(userService, never()).persist(any()); @@ -120,7 +120,7 @@ void createUserSendsEmailWhenPasswordIsEmpty() throws Exception { when(securityUtils.getCurrentUser()).thenReturn(admin); userService.persist(admin); final UserAccount user = Generator.generateUserAccount(); - mockMvc.perform(put(PATH).content(toJson(user)) + mockMvc.perform(post(PATH).content(toJson(user)) .contentType(MediaType.APPLICATION_JSON_VALUE)) .andExpect(status().isCreated()); diff --git a/src/test/java/cz/cvut/kbss/termit/service/business/UserServiceTest.java b/src/test/java/cz/cvut/kbss/termit/service/business/UserServiceTest.java index 6a93c52e7..f7bf983ba 100644 --- a/src/test/java/cz/cvut/kbss/termit/service/business/UserServiceTest.java +++ b/src/test/java/cz/cvut/kbss/termit/service/business/UserServiceTest.java @@ -39,6 +39,7 @@ import cz.cvut.kbss.termit.service.repository.UserRoleRepositoryService; import cz.cvut.kbss.termit.service.security.SecurityUtils; import cz.cvut.kbss.termit.util.Configuration; +import cz.cvut.kbss.termit.util.Utils; import cz.cvut.kbss.termit.util.Vocabulary; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; @@ -51,7 +52,6 @@ import org.mockito.junit.jupiter.MockitoExtension; import java.net.URI; -import java.time.Instant; import java.util.Arrays; import java.util.HashSet; import java.util.List; @@ -493,7 +493,7 @@ void changePasswordValidRequestPasswordChanged() { final UserAccount account = Generator.generateUserAccountWithPassword(); final String originalPassword = account.getPassword(); final PasswordChangeRequest request = new PasswordChangeRequest(); - request.setCreatedAt(Instant.now()); + request.setCreatedAt(Utils.timestamp()); request.setToken(UUID.randomUUID().toString()); request.setUserAccount(account); request.setUri(Generator.generateUri()); @@ -533,7 +533,7 @@ void changePasswordRequestNotFoundExceptionThrown() { @Test void changePasswordExpiredRequestExceptionThrown() { final PasswordChangeRequest request = new PasswordChangeRequest(); - request.setCreatedAt(Instant.now().minus(configuration.getSecurity() + request.setCreatedAt(Utils.timestamp().minus(configuration.getSecurity() .getPasswordChangeRequestValidity()) .minusNanos(1)); request.setUri(Generator.generateUri()); @@ -555,7 +555,7 @@ void changePasswordExpiredRequestExceptionThrown() { @Test void changePasswordValidURINotMatchingTokenExceptionThrown() { final PasswordChangeRequest request = new PasswordChangeRequest(); - request.setCreatedAt(Instant.now()); + request.setCreatedAt(Utils.timestamp()); request.setUri(Generator.generateUri()); request.setToken(UUID.randomUUID().toString()); @@ -578,7 +578,7 @@ void changePasswordUnlocksLockedAccount() { user.lock(); final PasswordChangeRequest request = new PasswordChangeRequest(); - request.setCreatedAt(Instant.now().minusNanos(1)); + request.setCreatedAt(Utils.timestamp().minusMillis(1)); request.setUri(Generator.generateUri()); request.setToken(UUID.randomUUID().toString()); request.setUserAccount(user);