Commit d4f98f30 authored by Piotr Gawron's avatar Piotr Gawron
Browse files

allow user to change his own password

parent 00fbf78c
......@@ -81,7 +81,7 @@ public class UserController extends BaseController {
.collect(Collectors.toList());
}
@PreAuthorize("hasAuthority('IS_ADMIN')")
@PreAuthorize("hasAuthority('IS_ADMIN') or #login == authentication.name")
@PatchMapping(value = "/{login:.+}")
public Map<String, Object> updateUser(
@RequestBody String body,
......
......@@ -217,9 +217,9 @@ public class UserControllerIntegrationTest extends ControllerIntegrationTest {
.andExpect(status().is2xxSuccessful())
.andReturn().getResponse().getContentAsString();
Map responseObject = new Gson().fromJson(response, Map.class);
Map<?, ?> responseObject = new Gson().fromJson(response, Map.class);
List privileges = (List) responseObject.get("privileges");
List<?> privileges = (List<?>) responseObject.get("privileges");
assertEquals(0, privileges.size());
}
......@@ -403,4 +403,23 @@ public class UserControllerIntegrationTest extends ControllerIntegrationTest {
.andExpect(status().isBadRequest());
}
@Test
public void userUpdateOwnPassword() throws Exception {
MockHttpSession session = createSession(TEST_USER_LOGIN, TEST_USER_PASSWORD);
String newPassword = "new pass";
String body = "{\"user\":{\"password\":\"" + newPassword + "\"}}";
RequestBuilder grantRequest = patch("/users/" + TEST_USER_LOGIN)
.contentType(MediaType.APPLICATION_FORM_URLENCODED)
.content(body)
.session(session);
mockMvc.perform(grantRequest)
.andExpect(status().is2xxSuccessful());
MockHttpSession sessionWithNewPass = createSession(TEST_USER_LOGIN, newPassword);
assertNotNull(sessionWithNewPass);
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment