Merge pull request #5917 from espoon-voltti/sfi-password-change-token…

…-handling Korjataan väärinymmärrys Suomi.fi REST salasanan vaihdossa
espoon-voltti · Nov 6, 2024 · 1976040 · 1976040
2 parents b2267b6 + 4d55d22
commit 1976040
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/...e/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/MockSfiMessagesRestEndpoint.kt b/...e/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/MockSfiMessagesRestEndpoint.kt
@@ -50,11 +50,9 @@ class MockSfiMessagesRestEndpoint {
         @RequestBody body: ChangePasswordRequestBody,
     ): ResponseEntity<Any> =
         lock.withLock {
-            val accessToken = authorization?.removePrefix("Bearer ")
+            val accessToken = body.accessToken
             if (!tokens.contains(accessToken)) {
-                ResponseEntity.status(401).body(ApiError("Invalid token"))
-            } else if (body.accessToken != accessToken) {
-                ResponseEntity.status(400).body(ApiError("Invalid token in body"))
+                ResponseEntity.status(400).body(ApiError("Invalid token"))
             } else if (body.currentPassword != password) {
                 ResponseEntity.status(400).body(ApiError("Invalid password"))
             } else {

diff --git a/...egrationTest/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClientIntegrationTest.kt b/...egrationTest/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClientIntegrationTest.kt
@@ -195,4 +195,19 @@ class SfiMessagesRestClientIntegrationTest : FullApplicationTest(resetDbBeforeEa
         client.send(message)
         assertEquals(1, MockSfiMessagesRestEndpoint.getCapturedMessages().size)
     }
+
+    @Test
+    fun `password change handles access token expiry gracefully`() {
+        client.send(message)
+        assertEquals(1, MockSfiMessagesRestEndpoint.getCapturedMessages().size)
+        MockSfiMessagesRestEndpoint.clearTokens()
+        val oldPassword = MockSfiMessagesRestEndpoint.getCurrentPassword()
+        client.rotatePassword()
+        val newPassword = MockSfiMessagesRestEndpoint.getCurrentPassword()
+        assertNotEquals(oldPassword, newPassword)
+
+        // sending a message should still work after password change
+        client.send(message)
+        assertEquals(1, MockSfiMessagesRestEndpoint.getCapturedMessages().size)
+    }
 }
diff --git a/service/src/main/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClient.kt b/service/src/main/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClient.kt
@@ -286,13 +286,11 @@ class SfiMessagesRestClient(
                 }
             }
 
-        val authorization = authorizationHeader.get()
-        val accessToken = authorization.value.removePrefix("Bearer ")
+        val accessToken = getAccessToken(current.password)
         httpClient
             .newCall(
                 Request.Builder()
                     .url(config.urls.changePassword)
-                    .header("Authorization", authorizationHeader.get().value)
                     .header("Accept", "application/json")
                     .post(
                         jsonRequestBody(