hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-07 18:14:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Task 70399] created the POST EPerson endpoint with token and added tests

Browse Source
This commit is contained in:
Raf Ponsaerts
2020-04-20 11:31:34 +02:00
parent fee24e3f96
commit cb8b5c8efc
3 changed files with 462 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
dspace-server-webapp/src/main/java/org/dspace/app/rest/model/EPersonRest.java
View File

@@ -41,7 +41,7 @@ public class EPersonRest extends DSpaceObjectRest {
private boolean requireCertificate = false; private boolean requireCertificate = false;
private boolean selfRegistered = false; private Boolean selfRegistered;
@JsonProperty(access = Access.WRITE_ONLY) @JsonProperty(access = Access.WRITE_ONLY)
private String password; private String password;
@@ -92,11 +92,11 @@ public class EPersonRest extends DSpaceObjectRest {
this.requireCertificate = requireCertificate; this.requireCertificate = requireCertificate;
} }
public boolean isSelfRegistered() { public Boolean isSelfRegistered() {
return selfRegistered; return selfRegistered;
} }
public void setSelfRegistered(boolean selfRegistered) { public void setSelfRegistered(Boolean selfRegistered) {
this.selfRegistered = selfRegistered; this.selfRegistered = selfRegistered;
} }

95
dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/EPersonRestRepository.java
View File

@@ -15,17 +15,29 @@ import javax.servlet.http.HttpServletRequest;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.log4j.Logger;
import org.dspace.app.rest.Parameter; import org.dspace.app.rest.Parameter;
import org.dspace.app.rest.SearchRestMethod; import org.dspace.app.rest.SearchRestMethod;
import org.dspace.app.rest.authorization.AuthorizationFeature;
import org.dspace.app.rest.authorization.AuthorizationFeatureService;
import org.dspace.app.rest.exception.UnprocessableEntityException; import org.dspace.app.rest.exception.UnprocessableEntityException;
import org.dspace.app.rest.model.EPersonRest; import org.dspace.app.rest.model.EPersonRest;
import org.dspace.app.rest.model.MetadataRest;
import org.dspace.app.rest.model.MetadataValueRest;
import org.dspace.app.rest.model.SiteRest;
import org.dspace.app.rest.model.patch.Operation; import org.dspace.app.rest.model.patch.Operation;
import org.dspace.app.rest.model.patch.Patch; import org.dspace.app.rest.model.patch.Patch;
import org.dspace.app.rest.projection.Projection;
import org.dspace.authorize.AuthorizeException; import org.dspace.authorize.AuthorizeException;
import org.dspace.authorize.service.AuthorizeService; import org.dspace.authorize.service.AuthorizeService;
import org.dspace.content.Site;
import org.dspace.content.service.SiteService;
import org.dspace.core.Context; import org.dspace.core.Context;
import org.dspace.eperson.EPerson; import org.dspace.eperson.EPerson;
import org.dspace.eperson.RegistrationData;
import org.dspace.eperson.service.AccountService;
import org.dspace.eperson.service.EPersonService; import org.dspace.eperson.service.EPersonService;
import org.dspace.eperson.service.RegistrationDataService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.domain.Page; import org.springframework.data.domain.Page;
import org.springframework.data.domain.Pageable; import org.springframework.data.domain.Pageable;
@@ -43,9 +55,23 @@ import org.springframework.stereotype.Component;
@Component(EPersonRest.CATEGORY + "." + EPersonRest.NAME) @Component(EPersonRest.CATEGORY + "." + EPersonRest.NAME)
public class EPersonRestRepository extends DSpaceObjectRestRepository<EPerson, EPersonRest> { public class EPersonRestRepository extends DSpaceObjectRestRepository<EPerson, EPersonRest> {
private static final Logger log = Logger.getLogger(EPersonRestRepository.class);
@Autowired @Autowired
AuthorizeService authorizeService; AuthorizeService authorizeService;
@Autowired
private AccountService accountService;
@Autowired
private AuthorizationFeatureService authorizationFeatureService;
@Autowired
private SiteService siteService;
@Autowired
private RegistrationDataService registrationDataService;
private final EPersonService es; private final EPersonService es;
@@ -66,7 +92,21 @@ public class EPersonRestRepository extends DSpaceObjectRestRepository<EPerson, E
} catch (IOException e1) { } catch (IOException e1) {
throw new UnprocessableEntityException("error parsing the body... maybe this is not the right error code"); throw new UnprocessableEntityException("error parsing the body... maybe this is not the right error code");
} }
String token = req.getParameter("token");
if (StringUtils.isNotBlank(token)) {
try {
return createAndReturn(context, epersonRest, token);
} catch (SQLException e) {
log.error(e.getMessage(), e);
throw new RuntimeException("Something with wrong in the creation of an EPerson with token: " + token);
}
}
EPerson eperson = createEPersonFromRestObject(context, epersonRest);
return converter.toRest(eperson, utils.obtainProjection());
}
private EPerson createEPersonFromRestObject(Context context, EPersonRest epersonRest) throws AuthorizeException {
EPerson eperson = null; EPerson eperson = null;
try { try {
eperson = es.create(context); eperson = es.create(context);
@@ -84,8 +124,61 @@ public class EPersonRestRepository extends DSpaceObjectRestRepository<EPerson, E
} catch (SQLException e) { } catch (SQLException e) {
throw new RuntimeException(e.getMessage(), e); throw new RuntimeException(e.getMessage(), e);
} }
return eperson;
}
return converter.toRest(eperson, utils.obtainProjection()); private EPersonRest createAndReturn(Context context, EPersonRest epersonRest, String token)
throws AuthorizeException, SQLException {
RegistrationData registrationData = registrationDataService.findByToken(context, token);
if (registrationData == null) {
throw new AccessDeniedException("The token given as parameter: " + token + " does not exist" +
" in the database");
}
if (es.findByEmail(context, registrationData.getEmail()) != null) {
throw new AccessDeniedException("The token given already contains an email address that resolves" +
"to an eperson");
}
String emailFromJson = epersonRest.getEmail();
if (StringUtils.isNotBlank(emailFromJson)) {
if (!StringUtils.equalsIgnoreCase(registrationData.getEmail(), emailFromJson)) {
throw new AccessDeniedException("The email resulting from the token does not match the email given" +
" in the json body. Email from token: " +
registrationData.getEmail() + " email from the json body: "
+ emailFromJson);
}
}
if (epersonRest.isSelfRegistered() != null && !epersonRest.isSelfRegistered()) {
throw new AccessDeniedException("The self registered property cannot be set to false using this method" +
" with a token");
}
checkRequiredProperties(epersonRest);
AuthorizationFeature epersonRegistration = authorizationFeatureService.find("epersonRegistration");
Site site = siteService.findSite(context);
SiteRest siteRest = converter.toRest(site, Projection.DEFAULT);
if (!authorizationFeatureService.isAuthorized(context, epersonRegistration, siteRest)) {
throw new AccessDeniedException(
"Registration is disabled, you are not authorized to create a new Authorization");
}
EPerson ePerson = createEPersonFromRestObject(context, epersonRest);
accountService.deleteToken(context, token);
return converter.toRest(ePerson, utils.obtainProjection());
}
private void checkRequiredProperties(EPersonRest epersonRest) {
MetadataRest metadataRest = epersonRest.getMetadata();
if (metadataRest != null) {
List<MetadataValueRest> epersonFirstName = metadataRest.getMap().get("eperson.firstname");
List<MetadataValueRest> epersonLastName = metadataRest.getMap().get("eperson.lastname");
if (epersonFirstName == null || epersonLastName == null ||
epersonFirstName.isEmpty() || epersonLastName.isEmpty()) {
throw new AccessDeniedException("The eperson.firstname and eperson.lastname values need to be " +
"filled in");
}
}
String password = epersonRest.getPassword();
if (StringUtils.isBlank(password)) {
throw new AccessDeniedException("the password cannot be left blank");
}
} }
@Override @Override

365
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
View File

@@ -15,6 +15,8 @@ import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not; import static org.hamcrest.Matchers.not;
import static org.hamcrest.Matchers.nullValue; import static org.hamcrest.Matchers.nullValue;
import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get; import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
@@ -26,6 +28,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.UUID; import java.util.UUID;
import javax.ws.rs.core.MediaType; import javax.ws.rs.core.MediaType;
@@ -58,6 +61,7 @@ import org.dspace.eperson.service.RegistrationDataService;
import org.hamcrest.Matchers; import org.hamcrest.Matchers;
import org.junit.Test; import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.web.servlet.MvcResult;
public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest { public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
@@ -1803,4 +1807,365 @@ public class EPersonRestRepositoryIT extends AbstractControllerIntegrationTest {
assertFalse(registrationDataService.findByEmail(context, newRegisterEmail) == null); assertFalse(registrationDataService.findByEmail(context, newRegisterEmail) == null);
} }
@Test
public void postEPersonWithTokenWithoutEmailProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"password\":\"somePassword\"," +
"\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
MvcResult mvcResult = getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isCreated())
.andExpect(jsonPath("$", Matchers.allOf(
hasJsonPath("$.uuid", not(empty())),
// is it what you expect? EPerson.getName() returns the email...
//hasJsonPath("$.name", is("Doe John")),
hasJsonPath("$.type", is("eperson")),
hasJsonPath("$._links.self.href", not(empty())),
hasJsonPath("$.metadata", Matchers.allOf(
matchMetadata("eperson.firstname", "John"),
matchMetadata("eperson.lastname", "Doe")
))))).andReturn();
String content = mvcResult.getResponse().getContentAsString();
Map<String,Object> map = mapper.readValue(content, Map.class);
String epersonUuid = String.valueOf(map.get("uuid"));
EPerson createdEPerson = ePersonService.find(context, UUID.fromString(epersonUuid));
assertTrue(ePersonService.checkPassword(context, createdEPerson, "somePassword"));
assertNull(registrationDataService.findByToken(context, newRegisterToken));
context.turnOffAuthorisationSystem();
ePersonService.delete(context, createdEPerson);
context.restoreAuthSystemState();
}
@Test
public void postEPersonWithTokenWithEmailProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"email\":\"" + newRegisterEmail +
"\",\"password\":\"somePassword\",\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
MvcResult mvcResult = getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isCreated())
.andExpect(jsonPath("$", Matchers.allOf(
hasJsonPath("$.uuid", not(empty())),
// is it what you expect? EPerson.getName() returns the email...
//hasJsonPath("$.name", is("Doe John")),
hasJsonPath("$.email", is(newRegisterEmail)),
hasJsonPath("$.type", is("eperson")),
hasJsonPath("$._links.self.href", not(empty())),
hasJsonPath("$.metadata", Matchers.allOf(
matchMetadata("eperson.firstname", "John"),
matchMetadata("eperson.lastname", "Doe")
))))).andReturn();
String content = mvcResult.getResponse().getContentAsString();
Map<String,Object> map = mapper.readValue(content, Map.class);
String epersonUuid = String.valueOf(map.get("uuid"));
EPerson createdEPerson = ePersonService.find(context, UUID.fromString(epersonUuid));
assertTrue(ePersonService.checkPassword(context, createdEPerson, "somePassword"));
assertNull(registrationDataService.findByToken(context, newRegisterToken));
context.turnOffAuthorisationSystem();
ePersonService.delete(context, createdEPerson);
context.restoreAuthSystemState();
}
@Test
public void postEPersonWithTokenWithEmailAndSelfRegisteredProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"selfRegistered\":true,\"email\":\"" + newRegisterEmail +
"\",\"password\":\"somePassword\",\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
MvcResult mvcResult = getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isCreated())
.andExpect(jsonPath("$", Matchers.allOf(
hasJsonPath("$.uuid", not(empty())),
// is it what you expect? EPerson.getName() returns the email...
//hasJsonPath("$.name", is("Doe John")),
hasJsonPath("$.email", is(newRegisterEmail)),
hasJsonPath("$.type", is("eperson")),
hasJsonPath("$._links.self.href", not(empty())),
hasJsonPath("$.metadata", Matchers.allOf(
matchMetadata("eperson.firstname", "John"),
matchMetadata("eperson.lastname", "Doe")
))))).andReturn();
String content = mvcResult.getResponse().getContentAsString();
Map<String,Object> map = mapper.readValue(content, Map.class);
String epersonUuid = String.valueOf(map.get("uuid"));
EPerson createdEPerson = ePersonService.find(context, UUID.fromString(epersonUuid));
assertTrue(ePersonService.checkPassword(context, createdEPerson, "somePassword"));
assertNull(registrationDataService.findByToken(context, newRegisterToken));
context.turnOffAuthorisationSystem();
ePersonService.delete(context, createdEPerson);
context.restoreAuthSystemState();
}
@Test
public void postEPersonWithTokenWithTwoTokensDifferentEmailProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String newRegisterEmailTwo = "new-register-two@fake-email.com";
RegistrationRest registrationRestTwo = new RegistrationRest();
registrationRestTwo.setEmail(newRegisterEmailTwo);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRestTwo)))
.andExpect(status().isCreated());
String newRegisterTokenTwo = registrationDataService.findByEmail(context, newRegisterEmailTwo).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"email\":\"" + newRegisterEmailTwo +
"\",\"password\":\"somePassword\",\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden());
EPerson createdEPerson = ePersonService.findByEmail(context, newRegisterEmailTwo);
assertNull(createdEPerson);
assertNotNull(registrationDataService.findByToken(context, newRegisterToken));
assertNotNull(registrationDataService.findByToken(context, newRegisterTokenTwo));
}
@Test
public void postEPersonWithRandomTokenWithEmailProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"email\":\"" + newRegisterEmail +
"\",\"password\":\"somePassword\",\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(post("/api/eperson/epersons")
.param("token", "randomToken")
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden());
EPerson createdEPerson = ePersonService.findByEmail(context, newRegisterEmail);
assertNull(createdEPerson);
assertNotNull(registrationDataService.findByToken(context, newRegisterToken));
}
@Test
public void postEPersonWithTokenWithEmailAndSelfRegisteredFalseProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"selfRegistered\":false,\"email\":\"" + newRegisterEmail +
"\",\"password\":\"somePassword\",\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden());
EPerson createdEPerson = ePersonService.findByEmail(context, newRegisterEmail);
assertNull(createdEPerson);
assertNotNull(registrationDataService.findByToken(context, newRegisterToken));
}
@Test
public void postEPersonWithTokenWithoutLastNameProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]},\"selfRegistered\":true," +
"\"email\":\"" + newRegisterEmail + "\",\"password\":\"somePassword\",\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden());
EPerson createdEPerson = ePersonService.findByEmail(context, newRegisterEmail);
assertNull(createdEPerson);
assertNotNull(registrationDataService.findByToken(context, newRegisterToken));
}
@Test
public void postEPersonWithTokenWithoutFirstNameProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"selfRegistered\":true," +
"\"email\":\"" + newRegisterEmail + "\",\"password\":\"somePassword\",\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden());
EPerson createdEPerson = ePersonService.findByEmail(context, newRegisterEmail);
assertNull(createdEPerson);
assertNotNull(registrationDataService.findByToken(context, newRegisterToken));
}
@Test
public void postEPersonWithTokenWithoutPasswordProperty() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newRegisterEmail = "new-register@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(newRegisterEmail);
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String newRegisterToken = registrationDataService.findByEmail(context, newRegisterEmail).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]}," +
"\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(post("/api/eperson/epersons")
.param("token", newRegisterToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden());
EPerson createdEPerson = ePersonService.findByEmail(context, newRegisterEmail);
assertNull(createdEPerson);
assertNotNull(registrationDataService.findByToken(context, newRegisterToken));
}
@Test
public void postEPersonWithWrongToken() throws Exception {
ObjectMapper mapper = new ObjectMapper();
String newEmail = "new-email@fake-email.com";
RegistrationRest registrationRest = new RegistrationRest();
registrationRest.setEmail(eperson.getEmail());
getClient().perform(post("/api/eperson/registrations")
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsBytes(registrationRest)))
.andExpect(status().isCreated());
String forgotPasswordToken = registrationDataService.findByEmail(context, eperson.getEmail()).getToken();
String json = "{\"metadata\":{\"eperson.firstname\":[{\"value\":\"John\"}]," +
"\"eperson.lastname\":[{\"value\":\"Doe\"}]},\"selfRegistered\":true,\"password\":\"somePassword\"," +
"\"type\":\"eperson\"}";
String token = getAuthToken(admin.getEmail(), password);
getClient(token).perform(post("/api/eperson/epersons")
.param("token", forgotPasswordToken)
.content(json)
.contentType(MediaType.APPLICATION_JSON))
.andExpect(status().isForbidden());
EPerson createdEPerson = ePersonService.findByEmail(context, newEmail);
assertNull(createdEPerson);
assertNotNull(registrationDataService.findByToken(context, forgotPasswordToken));
}
} }