RESTWS-885: Reset password REST endpoint requires privileges

openmrs · Sep 19, 2023 · 00d9dd0 · 00d9dd0
1 parent 0c5d4da
commit 00d9dd0
Showing 1 changed file with 24 additions and 6 deletions.
diff --git a/...odule/webservices/rest/web/v1_0/controller/openmrs2_2/PasswordResetController2_2Test.java b/...odule/webservices/rest/web/v1_0/controller/openmrs2_2/PasswordResetController2_2Test.java
@@ -13,6 +13,8 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 
+import java.util.List;
+
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
@@ -71,19 +73,35 @@ public void requestPasswordReset_shouldCreateUserActivationKeyGivenEmail() throw
 
 	@Test
 	public void requestPasswordReset_shouldCreateUserActivationKeyGivenUsernameOrEmail() throws Exception {
-		User user = userService.getUserByUuid("c98a1558-e131-11de-babe-001e378eb67e");
-		user.setEmail("[email protected]");
-		userService.saveUser(user);
-		assertNotNull(user.getEmail());
+		// Using Email
+		User user1 = userService.getUserByUuid("c98a1558-e131-11de-babe-001e378eb67e");
+		user1.setEmail("[email protected]");
+		userService.saveUser(user1);
+		assertNull(dao.getLoginCredential(user1).getActivationKey());
+		assertNotNull(user1.getEmail());
 
 		MessageException exception = null;
 		try {
-			handle(newPostRequest(RESET_PASSWORD_URI, "{\"usernameOrEmail\":\"" + user.getEmail() + "\"}"));
+			handle(newPostRequest(RESET_PASSWORD_URI, "{\"usernameOrEmail\":\"" + user1.getEmail() + "\"}"));
 		} catch (MessageException me) {
 			exception = me;
 		}
 		assertNotNull(exception);
-		assertNotNull(dao.getLoginCredential(user).getActivationKey());
+		assertNotNull(dao.getLoginCredential(user1).getActivationKey());
+
+		// Using Username
+		User user2 = userService.getUserByUuid("1010d442-e134-11de-babe-001e378eb67e");
+		assertNull(dao.getLoginCredential(user2).getActivationKey());
+		assertNotNull(user2.getUsername());
+
+		MessageException exception2 = null;
+		try {
+			handle(newPostRequest(RESET_PASSWORD_URI, "{\"usernameOrEmail\":\"" + user2.getUsername() + "\"}"));
+		} catch (MessageException me) {
+			exception2 = me;
+		}
+		assertNotNull(exception2);
+		assertNotNull(dao.getLoginCredential(user2).getActivationKey());
 	}
 
 	@Test