AreaFiftyLAN · DevDonut · Jan 2, 2021 · Jan 2, 2021 · Jan 2, 2021 · Jan 30, 2021
diff --git a/src/main/java/ch/wisv/areafiftylan/security/authentication/PasswordChangeDTO.java b/src/main/java/ch/wisv/areafiftylan/security/authentication/PasswordChangeDTO.java
@@ -32,7 +32,7 @@ public class PasswordChangeDTO {
     String oldPassword = "";
     @Getter
     @Setter
-    @Length(min = UserServiceImpl.MIN_PASSWORD_LENGTH)
+    @NotEmpty
     String newPassword = "";
 
 }
diff --git a/src/main/java/ch/wisv/areafiftylan/users/controller/CurrentUserRestController.java b/src/main/java/ch/wisv/areafiftylan/users/controller/CurrentUserRestController.java
@@ -35,6 +35,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.validation.annotation.Validated;
@@ -89,8 +90,17 @@ public class CurrentUserRestController {
     @PostMapping("/password")
     public ResponseEntity<?> changeCurrentUserPassword(@AuthenticationPrincipal User user,
                                                        @RequestBody @Validated PasswordChangeDTO passwordChangeDTO) {
-        userService.changePassword(user.getId(),
-                passwordChangeDTO.getOldPassword(), passwordChangeDTO.getNewPassword());
+        try {
+            userService.changePassword(user.getId(),
+                    passwordChangeDTO.getOldPassword(), passwordChangeDTO.getNewPassword());
+        } catch (Exception e) {
+            if (e instanceof IllegalArgumentException) {
+                return createResponseEntity(HttpStatus.NOT_MODIFIED, e.getMessage());
+
+            } else if (e instanceof AccessDeniedException) {
+                return createResponseEntity(HttpStatus.FORBIDDEN, e.getMessage());
+            }
+        }
 
         return createResponseEntity(HttpStatus.OK, "Password successfully changed");
     }

diff --git a/src/test/java/ch/wisv/areafiftylan/integration/UserRestIntegrationTest.java b/src/test/java/ch/wisv/areafiftylan/integration/UserRestIntegrationTest.java
@@ -711,7 +711,7 @@ public void testChangeShortPassword() {
             contentType(ContentType.JSON).
             post("/users/current/password").
         then().
-            statusCode(HttpStatus.SC_BAD_REQUEST);
+            statusCode(HttpStatus.SC_NOT_MODIFIED);
         //@formatter:on
     }
 
@@ -796,6 +796,24 @@ public void testChangePasswordMissingOldPassword() {
         //@formatter:on
     }
 
+    @Test
+    public void testChangePasswordShortNewPassword() {
+        User user = createUser();
+        Map<String, String> passwordDTO = new HashMap<>();
+        passwordDTO.put("newPassword", "new");
+
+        //@formatter:off
+        given().
+                header(getXAuthTokenHeaderForUser(user)).
+                when().
+                body(passwordDTO).
+                contentType(ContentType.JSON).
+                post("/users/current/password").
+                then().
+                statusCode(HttpStatus.SC_BAD_REQUEST);
+        //@formatter:on
+    }
+
     //TODO: Move to SchedulerTest
 /*    @Test
     public void testExpiredUsersNoneExpired() {