mirror of
https://github.com/sismics/docs.git
synced 2024-12-22 11:23:48 +01:00
#647: always return OK on password lost route
This commit is contained in:
parent
5e7f06070e
commit
ca85c1fa9f
@ -1081,11 +1081,16 @@ public class UserResource extends BaseResource {
|
||||
// Validate input data
|
||||
ValidationUtil.validateStringNotBlank("username", username);
|
||||
|
||||
// Prepare response
|
||||
Response response = Response.ok().entity(Json.createObjectBuilder()
|
||||
.add("status", "ok")
|
||||
.build()).build();
|
||||
|
||||
// Check for user existence
|
||||
UserDao userDao = new UserDao();
|
||||
List<UserDto> userDtoList = userDao.findByCriteria(new UserCriteria().setUserName(username), null);
|
||||
if (userDtoList.isEmpty()) {
|
||||
throw new ClientException("UserNotFound", "User not found: " + username);
|
||||
return response;
|
||||
}
|
||||
UserDto user = userDtoList.get(0);
|
||||
|
||||
@ -1102,9 +1107,7 @@ public class UserResource extends BaseResource {
|
||||
AppContext.getInstance().getMailEventBus().post(passwordLostEvent);
|
||||
|
||||
// Always return OK
|
||||
JsonObjectBuilder response = Json.createObjectBuilder()
|
||||
.add("status", "ok");
|
||||
return Response.ok().entity(response.build()).build();
|
||||
return response;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -439,13 +439,11 @@ public class TestUserResource extends BaseJerseyTest {
|
||||
// Create absent_minded who lost his password
|
||||
clientUtil.createUser("absent_minded");
|
||||
|
||||
// User no_such_user try to recovery its password: invalid user
|
||||
Response response = target().path("/user/password_lost").request()
|
||||
// User no_such_user try to recovery its password: silently do nothing to avoid leaking users
|
||||
JsonObject json = target().path("/user/password_lost").request()
|
||||
.post(Entity.form(new Form()
|
||||
.param("username", "no_such_user")));
|
||||
Assert.assertEquals(Response.Status.BAD_REQUEST, Response.Status.fromStatusCode(response.getStatus()));
|
||||
JsonObject json = response.readEntity(JsonObject.class);
|
||||
Assert.assertEquals("UserNotFound", json.getString("type"));
|
||||
.param("username", "no_such_user")), JsonObject.class);
|
||||
Assert.assertEquals("ok", json.getString("status"));
|
||||
|
||||
// User absent_minded try to recovery its password: OK
|
||||
json = target().path("/user/password_lost").request()
|
||||
@ -461,7 +459,7 @@ public class TestUserResource extends BaseJerseyTest {
|
||||
String key = keyMatcher.group(1).replaceAll("=", "");
|
||||
|
||||
// User absent_minded resets its password: invalid key
|
||||
response = target().path("/user/password_reset").request()
|
||||
Response response = target().path("/user/password_reset").request()
|
||||
.post(Entity.form(new Form()
|
||||
.param("key", "no_such_key")
|
||||
.param("password", "87654321")));
|
||||
|
Loading…
Reference in New Issue
Block a user