diff --git a/src/main/java/ch/wisv/areafiftylan/security/authentication/PasswordChangeDTO.java b/src/main/java/ch/wisv/areafiftylan/security/authentication/PasswordChangeDTO.java index 351c6138..24d3613a 100644 --- a/src/main/java/ch/wisv/areafiftylan/security/authentication/PasswordChangeDTO.java +++ b/src/main/java/ch/wisv/areafiftylan/security/authentication/PasswordChangeDTO.java @@ -32,7 +32,7 @@ public class PasswordChangeDTO { String oldPassword = ""; @Getter @Setter - @Length(min = UserServiceImpl.MIN_PASSWORD_LENGTH) + @NotEmpty String newPassword = ""; } diff --git a/src/main/java/ch/wisv/areafiftylan/users/controller/CurrentUserRestController.java b/src/main/java/ch/wisv/areafiftylan/users/controller/CurrentUserRestController.java index e2d02992..9a0e6351 100644 --- a/src/main/java/ch/wisv/areafiftylan/users/controller/CurrentUserRestController.java +++ b/src/main/java/ch/wisv/areafiftylan/users/controller/CurrentUserRestController.java @@ -35,6 +35,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.annotation.AuthenticationPrincipal; import org.springframework.validation.annotation.Validated; @@ -89,8 +90,19 @@ public class CurrentUserRestController { @PostMapping("/password") public ResponseEntity changeCurrentUserPassword(@AuthenticationPrincipal User user, @RequestBody @Validated PasswordChangeDTO passwordChangeDTO) { - userService.changePassword(user.getId(), - passwordChangeDTO.getOldPassword(), passwordChangeDTO.getNewPassword()); + try { + userService.changePassword(user.getId(), + passwordChangeDTO.getOldPassword(), passwordChangeDTO.getNewPassword()); + } catch (Exception e) { + if (e instanceof IllegalArgumentException) { + return createResponseEntity(HttpStatus.NOT_MODIFIED, e.getMessage()); + + } else if (e instanceof AccessDeniedException) { + return createResponseEntity(HttpStatus.FORBIDDEN, e.getMessage()); + } else { + return createResponseEntity(HttpStatus.INTERNAL_SERVER_ERROR, "Something went wrong, please try again!"); + } + } return createResponseEntity(HttpStatus.OK, "Password successfully changed"); } diff --git a/src/test/java/ch/wisv/areafiftylan/integration/UserRestIntegrationTest.java b/src/test/java/ch/wisv/areafiftylan/integration/UserRestIntegrationTest.java index 4d26594e..d3faefb2 100644 --- a/src/test/java/ch/wisv/areafiftylan/integration/UserRestIntegrationTest.java +++ b/src/test/java/ch/wisv/areafiftylan/integration/UserRestIntegrationTest.java @@ -711,7 +711,7 @@ public void testChangeShortPassword() { contentType(ContentType.JSON). post("/users/current/password"). then(). - statusCode(HttpStatus.SC_BAD_REQUEST); + statusCode(HttpStatus.SC_NOT_MODIFIED); //@formatter:on } @@ -796,6 +796,24 @@ public void testChangePasswordMissingOldPassword() { //@formatter:on } + @Test + public void testChangePasswordShortNewPassword() { + User user = createUser(); + Map passwordDTO = new HashMap<>(); + passwordDTO.put("newPassword", "new"); + + //@formatter:off + given(). + header(getXAuthTokenHeaderForUser(user)). + when(). + body(passwordDTO). + contentType(ContentType.JSON). + post("/users/current/password"). + then(). + statusCode(HttpStatus.SC_BAD_REQUEST); + //@formatter:on + } + //TODO: Move to SchedulerTest /* @Test public void testExpiredUsersNoneExpired() {