[backend] Fix regression in reset password

OpenBAS-Platform · Jan 2, 2025 · d98e4ef · d98e4ef
1 parent 508c1c7
commit d98e4ef
Show file tree

Hide file tree

Showing 5 changed files with 88 additions and 11 deletions.
diff --git a/openbas-api/src/main/java/io/openbas/rest/helper/RestBehavior.java b/openbas-api/src/main/java/io/openbas/rest/helper/RestBehavior.java
@@ -163,21 +163,29 @@ public ResponseEntity<ErrorMessage> handleAlreadyExistingException(AlreadyExisti
 
   // --- Open channel access
   public User impersonateUser(UserRepository userRepository, Optional<String> userId) {
-    if (currentUser().getId().equals(ANONYMOUS)) {
-      if (userId.isPresent()) {
-        return userRepository.findById(userId.get()).orElseThrow();
+    if (ANONYMOUS.equals(currentUser().getId())) {
+      if (userId.isEmpty()) {
+        throw new UnsupportedOperationException(
+            "User must be logged or dynamic player is required");
       }
-      throw new UnsupportedOperationException("User must be logged or dynamic player is required");
+      return userRepository
+          .findById(userId.get())
+          .orElseThrow(() -> new ElementNotFoundException("User not found"));
     }
-    return userRepository.findById(currentUser().getId()).orElseThrow();
+    return userRepository
+        .findById(currentUser().getId())
+        .orElseThrow(() -> new ElementNotFoundException("Current user not found"));
   }
 
   public void checkUserAccess(UserRepository userRepository, String userId) {
     User askedUser = userRepository.findById(userId).orElseThrow();
     if (askedUser.getOrganization() != null) {
       OpenBASPrincipal currentUser = currentUser();
       if (!currentUser.isAdmin()) {
-        User local = userRepository.findById(currentUser.getId()).orElseThrow();
+        User local =
+            userRepository
+                .findById(currentUser.getId())
+                .orElseThrow(() -> new ElementNotFoundException("Current user not found"));
         List<String> localOrganizationIds =
             local.getGroups().stream()
                 .flatMap(group -> group.getOrganizations().stream())
@@ -194,7 +202,10 @@ public void checkOrganizationAccess(UserRepository userRepository, String organi
     if (organizationId != null) {
       OpenBASPrincipal currentUser = currentUser();
       if (!currentUser.isAdmin()) {
-        User local = userRepository.findById(currentUser.getId()).orElseThrow();
+        User local =
+            userRepository
+                .findById(currentUser.getId())
+                .orElseThrow(() -> new ElementNotFoundException("Current user not found"));
         List<String> localOrganizationIds =
             local.getGroups().stream()
                 .flatMap(group -> group.getOrganizations().stream())

diff --git a/openbas-api/src/main/java/io/openbas/rest/inject/InjectApi.java b/openbas-api/src/main/java/io/openbas/rest/inject/InjectApi.java
@@ -318,7 +318,9 @@ public Inject createInjectForExercise(
     // Get common attributes
     Inject inject = input.toInject(injectorContract);
     inject.setUser(
-        userRepository.findById(currentUser().getId()).orElseThrow(ElementNotFoundException::new));
+        userRepository
+            .findById(currentUser().getId())
+            .orElseThrow(() -> new ElementNotFoundException("Current user not found")));
     inject.setExercise(exercise);
     // Set dependencies
     if (input.getDependsOn() != null) {
@@ -488,7 +490,8 @@ public List<Inject> nextInjectsToExecute(@RequestParam Optional<Integer> size) {
                     .isUserHasAccess(
                         userRepository
                             .findById(currentUser().getId())
-                            .orElseThrow(ElementNotFoundException::new)))
+                            .orElseThrow(
+                                () -> new ElementNotFoundException("Current user not found"))))
         // Order by near execution
         .sorted(Inject.executionComparator)
         // Keep only the expected size
@@ -551,7 +554,7 @@ public Inject createInjectForScenario(
     inject.setUser(
         this.userRepository
             .findById(currentUser().getId())
-            .orElseThrow(ElementNotFoundException::new));
+            .orElseThrow(() -> new ElementNotFoundException("Current user not found")));
     inject.setScenario(scenario);
     // Set dependencies
     if (input.getDependsOn() != null) {

diff --git a/openbas-api/src/main/java/io/openbas/rest/objective/ExerciseObjectiveApi.java b/openbas-api/src/main/java/io/openbas/rest/objective/ExerciseObjectiveApi.java
@@ -101,7 +101,9 @@ public Evaluation createEvaluation(
     Objective objective = resolveRelation(objectiveId, objectiveRepository);
     evaluation.setObjective(objective);
     evaluation.setUser(
-        userRepository.findById(currentUser().getId()).orElseThrow(ElementNotFoundException::new));
+        userRepository
+            .findById(currentUser().getId())
+            .orElseThrow(() -> new ElementNotFoundException("Current user not found")));
     Evaluation result = evaluationRepository.save(evaluation);
     objective.setUpdatedAt(now());
     objectiveRepository.save(objective);

diff --git a/openbas-api/src/test/java/io/openbas/rest/UserApiTest.java b/openbas-api/src/test/java/io/openbas/rest/UserApiTest.java
@@ -2,7 +2,12 @@
 
 import static io.openbas.utils.JsonUtils.asJsonString;
 import static io.openbas.utils.fixtures.UserFixture.EMAIL;
+import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.TestInstance.Lifecycle.PER_CLASS;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.verify;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -11,10 +16,15 @@
 import io.openbas.database.model.User;
 import io.openbas.database.repository.UserRepository;
 import io.openbas.rest.user.form.login.LoginUserInput;
+import io.openbas.rest.user.form.login.ResetUserInput;
 import io.openbas.rest.user.form.user.CreateUserInput;
+import io.openbas.service.MailingService;
 import io.openbas.utils.fixtures.UserFixture;
+import java.util.List;
 import org.junit.jupiter.api.*;
+import org.mockito.ArgumentCaptor;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.http.MediaType;
 import org.springframework.security.test.context.support.WithMockUser;
 import org.springframework.test.web.servlet.MockMvc;
@@ -28,6 +38,8 @@ class UserApiTest extends IntegrationTest {
 
   @Autowired private UserRepository userRepository;
 
+  @MockBean private MailingService mailingService;
+
   @BeforeAll
   public void setup() {
     // Create user
@@ -143,4 +155,45 @@ void given_known_create_user_in_uppercase_input_should_return_conflict() throws
           .andExpect(status().isConflict());
     }
   }
+
+  @Nested
+  @DisplayName("Reset Password from I forget my pswd option")
+  class ResetPassword {
+    @DisplayName("With a known email")
+    @Test
+    void resetPassword() throws Exception {
+      // -- PREPARE --
+      ResetUserInput input = UserFixture.getResetUserInput();
+
+      // -- EXECUTE --
+      mvc.perform(
+              post("/api/reset")
+                  .contentType(MediaType.APPLICATION_JSON)
+                  .content(asJsonString(input)))
+          .andExpect(status().isOk());
+
+      // -- ASSERT --
+      ArgumentCaptor<List<User>> userCaptor = ArgumentCaptor.forClass(List.class);
+      verify(mailingService).sendEmail(anyString(), anyString(), userCaptor.capture());
+      assertEquals(EMAIL, userCaptor.getValue().get(0).getEmail());
+    }
+
+    @DisplayName("With a unknown email")
+    @Test
+    void resetPasswordWithUnknownEmail() throws Exception {
+      // -- PREPARE --
+      ResetUserInput input = UserFixture.getResetUserInput();
+      input.setLogin("[email protected]");
+
+      // -- EXECUTE --
+      mvc.perform(
+              post("/api/reset")
+                  .contentType(MediaType.APPLICATION_JSON)
+                  .content(asJsonString(input)))
+          .andExpect(status().isOk());
+
+      // -- ASSERT --
+      verify(mailingService, never()).sendEmail(anyString(), anyString(), any(List.class));
+    }
+  }
 }
diff --git a/openbas-api/src/test/java/io/openbas/utils/fixtures/UserFixture.java b/openbas-api/src/test/java/io/openbas/utils/fixtures/UserFixture.java
@@ -2,6 +2,7 @@
 
 import io.openbas.database.model.User;
 import io.openbas.rest.user.form.login.LoginUserInput;
+import io.openbas.rest.user.form.login.ResetUserInput;
 import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
 
 public class UserFixture {
@@ -45,4 +46,11 @@ public static User getSavedUser() {
     user.setId("saved-user-id");
     return user;
   }
+
+  public static ResetUserInput getResetUserInput() {
+    ResetUserInput resetUserInput = new ResetUserInput();
+    resetUserInput.setLogin(EMAIL);
+
+    return resetUserInput;
+  }
 }