/** * Create a {@link MockHttpServletRequestBuilder} for a PATCH request. * @param uri the URL * @return the builder for the PATCH request */ public static MockHttpServletRequestBuilder patch(URI uri) { return MockMvcRequestBuilders.patch(uri); }
private ResultActions updateAccountStatus(ScimUser user, UserAccountStatus alteredAccountStatus) throws Exception { String jsonStatus = JsonUtils.writeValueAsString(alteredAccountStatus); return mockMvc .perform( patch("/Users/" + user.getId() + "/status") .header("Authorization", "Bearer " + uaaAdminToken) .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(jsonStatus) ); }
@Test public void patchWhenDefaultConfigurationThenForbiddenSinceCsrfIsEnabled() throws Exception { this.spring.configLocations( this.xml("AutoConfig") ).autowire(); this.mvc.perform(patch("/csrf")) .andExpect(status().isForbidden()) .andExpect(csrfCreated()); }
@Test public void patchWhenCsrfElementEnabledThenForbidden() throws Exception { this.spring.configLocations( this.xml("CsrfEnabled") ).autowire(); this.mvc.perform(patch("/csrf")) .andExpect(status().isForbidden()) .andExpect(csrfCreated()); }
/** * Create a {@link MockHttpServletRequestBuilder} for a PATCH request. The url * template will be captured and made available for documentation. * @param urlTemplate a URL template; the resulting URL will be encoded * @param urlVariables zero or more URL variables * @return the builder for the PATCH request */ public static MockHttpServletRequestBuilder patch(String urlTemplate, Object... urlVariables) { return MockMvcRequestBuilders.patch(urlTemplate, urlVariables).requestAttr( RestDocumentationGenerator.ATTRIBUTE_NAME_URL_TEMPLATE, urlTemplate); }
/** * sec-2355 */ @Test public void requestWhenUsingPatchThenAuthorizesRequestsAccordingly() throws Exception { this.spring.configLocations(this.xml("PatchMethod")).autowire(); this.mvc.perform(get("/path") .with(httpBasic("user", "password"))) .andExpect(status().isOk()); this.mvc.perform(patch("/path") .with(httpBasic("user", "password"))) .andExpect(status().isForbidden()); this.mvc.perform(patch("/path") .with(httpBasic("admin", "password"))) .andExpect(status().isOk()); }
@Test public void patch_has_one_path() throws Exception { getMockMvc().perform( patch("/Group/groupId/members") .header("Authorization", "Bearer " + scimWriteToken) .header("Content-Type", APPLICATION_JSON_VALUE) ) .andDo(print()) .andExpect(header().string("Location", "http://localhost/login?error=invalid_login_request")) .andExpect(status().isFound()); //gets caught by the ui filter for unknown URIs but wantsJson; }
@Test void patch_updateUserEmail_WithAccessToken_ShouldFail() throws Exception { String accessToken = testClient.getUserOAuthAccessTokenForZone( zoneSeeder.getImplicitPasswordRefreshTokenClient().getClientId(), "", seededUser.getUserName(), zoneSeeder.getPlainTextPassword(seededUser), "openid", zoneSeeder.getIdentityZoneSubdomain()); seededUser.addEmail("addAnotherNew@email.com"); MockHttpServletRequestBuilder patch = patch("/Users/" + seededUser.getId()) .headers(zoneSeeder.getZoneSubomainRequestHeader()) .header("Authorization", "Bearer " + accessToken) .header("If-Match", "\"" + seededUser.getVersion() + "\"") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(seededUser)); mockMvc.perform(patch) .andExpect(status().is(403)) .andExpect(content().string(JsonObjectMatcherUtils.matchesJsonObject( new JSONObject() .put("error_description", "Internal User Creation is currently disabled. External User Store is in use.") .put("message", "Internal User Creation is currently disabled. External User Store is in use.") .put("error", "internal_user_management_disabled")))); }
@BeforeEach void setup() throws Exception { UserAccountStatus userAccountStatus = new UserAccountStatus(); userAccountStatus.setPasswordChangeRequired(true); String jsonStatus = JsonUtils.writeValueAsString(userAccountStatus); mockMvc.perform( patch("/Users/" + user.getId() + "/status") .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(jsonStatus)) .andExpect(status().isOk()); }
@Test void patch_user_to_inactive_then_login() throws Exception { ScimUser user = setUpScimUser(); user.setVerified(true); boolean active = true; user.setActive(active); mockMvc.perform( patch("/Users/" + user.getId()) .header("Authorization", "Bearer " + scimReadWriteToken) .header("If-Match", "\"" + user.getVersion() + "\"") .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(user))) .andExpect(status().isOk()) .andExpect(jsonPath("$.active", equalTo(active))); performAuthentication(user, true); active = false; user.setActive(active); mockMvc.perform( patch("/Users/" + user.getId()) .header("Authorization", "Bearer " + scimReadWriteToken) .header("If-Match", "\"" + (user.getVersion() + 1) + "\"") .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsString(user))) .andExpect(status().isOk()) .andExpect(jsonPath("$.active", equalTo(active))); performAuthentication(user, false); }
@Test void submit_password_change_when_not_authenticated() throws Exception { UserAccountStatus userAccountStatus = new UserAccountStatus(); userAccountStatus.setPasswordChangeRequired(true); String jsonStatus = JsonUtils.writeValueAsString(userAccountStatus); mockMvc.perform( patch("/Users/" + user.getId() + "/status") .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(jsonStatus)) .andExpect(status().isOk()); MockHttpServletRequestBuilder validPost = post("/force_password_change") .param("password", "test") .param("password_confirmation", "test"); validPost.with(cookieCsrf()); mockMvc.perform(validPost) .andExpect(status().isFound()) .andExpect(redirectedUrl(("http://localhost/login"))); }
@ParameterizedTest @MethodSource("org.cloudfoundry.identity.uaa.scim.endpoints.ScimUserEndpointsMockMvcTests#selfEditPatchTestParams") void patch_selfUpdate_WithAccessToken_SeveralWays(PatchTestParams params) throws Exception { String password = "pas5Word"; ScimUser storedScimUser = usersRepository.createUser(params.scimUserToStoreInDB, password, IdentityZoneHolder.get().getId()); String accessToken = testClient.getUserOAuthAccessToken( "cf", "", storedScimUser.getPrimaryEmail(), password, "openid"); MockHttpServletRequestBuilder patch = patch("/Users/" + storedScimUser.getId()) .header("Authorization", "Bearer " + accessToken) .header("If-Match", "\"" + storedScimUser.getVersion() + "\"") .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content(JsonUtils.writeValueAsBytes(params.scimUserToUseInRequest)); mockMvc.perform(patch) .andDo(print()) .andExpect(status().is(params.expectedHttpStatusCode)) .andExpect(jsonPath(params.expectedJsonPath).value(params.expectedValueAtJsonPath)); }
@Test void testUpdatePasswordPolicyWithPasswordNewerThan() throws Exception { IdentityProvider identityProvider = identityProviderProvisioning.retrieveByOrigin(OriginKeys.UAA, IdentityZone.getUaa().getId()); identityProvider.setConfig(new UaaIdentityProviderDefinition(new PasswordPolicy(0, 20, 0, 0, 0, 0, 0), null)); identityProviderProvisioning.update(identityProvider, identityProvider.getIdentityZoneId()); IdentityProviderStatus identityProviderStatus = new IdentityProviderStatus(); identityProviderStatus.setRequirePasswordChange(true); String accessToken = setUpAccessToken(); MvcResult mvcResult = mockMvc.perform(patch("/identity-providers/" + identityProvider.getId() + "/status") .header("Authorization", "Bearer " + accessToken) .content(JsonUtils.writeValueAsString(identityProviderStatus)) .contentType(APPLICATION_JSON) ).andExpect(status().isOk()).andReturn(); IdentityProviderStatus updatedStatus = JsonUtils.readValue(mvcResult.getResponse().getContentAsString(), IdentityProviderStatus.class); assertEquals(identityProviderStatus.getRequirePasswordChange(), updatedStatus.getRequirePasswordChange()); }
String jsonStatus = JsonUtils.writeValueAsString(userAccountStatus); mockMvc.perform( patch("/Users/" + user.getId() + "/status") .header("Authorization", "Bearer " + token) .accept(APPLICATION_JSON)
/** * Create a {@link MockHttpServletRequestBuilder} for a PATCH request. * @param uri the URL * @return the builder for the PATCH request */ public static MockHttpServletRequestBuilder patch(URI uri) { return MockMvcRequestBuilders.patch(uri); }
/** * Create a {@link MockHttpServletRequestBuilder} for a PATCH request. The url * template will be captured and made available for documentation. * @param urlTemplate a URL template; the resulting URL will be encoded * @param urlVariables zero or more URL variables * @return the builder for the PATCH request */ public static MockHttpServletRequestBuilder patch(String urlTemplate, Object... urlVariables) { return MockMvcRequestBuilders.patch(urlTemplate, urlVariables).requestAttr( RestDocumentationGenerator.ATTRIBUTE_NAME_URL_TEMPLATE, urlTemplate); }
@Test public void testRenameBoard() throws Exception { UUID boardUuid = UUID.randomUUID(); this.mockMvc.perform( patch( "/boards/{boardUuid}", boardUuid ).param( "name", "Test Board" ) ) .andDo( print() ) .andExpect( status().isAccepted() );; verify( this.service, times( 1 ) ).renameBoard( any( UUID.class ), anyString() ); }
@Test public void PATCH_whenUserGivesAPermission_forAPathAndActorThatDoesNotExist_theyReceiveA404() throws Exception { final String invalidGuid = "invalid"; final MockHttpServletRequestBuilder patchPermissionRequest = patch("/api/v2/permissions/" + invalidGuid) .header("Authorization", "Bearer " + ALL_PERMISSIONS_TOKEN) .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content("{" + " \"operations\": [\"" + "write" + "\"]\n" + "}"); final String responseJson = mockMvc.perform(patchPermissionRequest).andExpect(status().isNotFound()).andReturn().getResponse().getContentAsString(); final String errorMessage = new JSONObject(responseJson).getString("error"); assertThat(errorMessage, is(IsEqual.equalTo("The request includes a permission that does not exist."))); }
@Test public void PATCH_whenUserDoesNotHavePermissionOnPath_theyCannotAddAPermission() throws Exception { final String credentialName = "/test"; final UUID permissionUUID = PermissionsV2EndToEndTestHelper.setPermissions(mockMvc, credentialName, PermissionOperation.READ); final MockHttpServletRequestBuilder patchPermissionRequest = patch("/api/v2/permissions/" + permissionUUID) .header("Authorization", "Bearer " + NO_PERMISSIONS_TOKEN) .accept(APPLICATION_JSON) .contentType(APPLICATION_JSON) .content("{" + " \"operations\": [\"write\"]\n" + "}"); mockMvc.perform(patchPermissionRequest).andExpect(status().isNotFound()); }
@Test public void updateServiceInstanceWithUnknownServiceDefinitionIdFails() throws Exception { setupCatalogService(null); MvcResult mvcResult = mockMvc.perform(patch(buildCreateUpdateUrl()) .content(updateRequestBody) .contentType(MediaType.APPLICATION_JSON) .accept(MediaType.APPLICATION_JSON)) .andExpect(request().asyncStarted()) .andReturn(); mockMvc.perform(asyncDispatch(mvcResult)) .andExpect(status().isUnprocessableEntity()) .andExpect(content().contentTypeCompatibleWith(MediaType.APPLICATION_JSON)) .andExpect(jsonPath("$.description", containsString(serviceDefinition.getId()))); }