diff --git a/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/MockSfiMessagesRestEndpoint.kt b/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/MockSfiMessagesRestEndpoint.kt index b2113c86795..ec4810006e5 100644 --- a/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/MockSfiMessagesRestEndpoint.kt +++ b/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/MockSfiMessagesRestEndpoint.kt @@ -50,11 +50,9 @@ class MockSfiMessagesRestEndpoint { @RequestBody body: ChangePasswordRequestBody, ): ResponseEntity = lock.withLock { - val accessToken = authorization?.removePrefix("Bearer ") + val accessToken = body.accessToken if (!tokens.contains(accessToken)) { - ResponseEntity.status(401).body(ApiError("Invalid token")) - } else if (body.accessToken != accessToken) { - ResponseEntity.status(400).body(ApiError("Invalid token in body")) + ResponseEntity.status(400).body(ApiError("Invalid token")) } else if (body.currentPassword != password) { ResponseEntity.status(400).body(ApiError("Invalid password")) } else { diff --git a/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClientIntegrationTest.kt b/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClientIntegrationTest.kt index 7b222c6b794..626ff035de1 100644 --- a/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClientIntegrationTest.kt +++ b/service/src/integrationTest/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClientIntegrationTest.kt @@ -195,4 +195,19 @@ class SfiMessagesRestClientIntegrationTest : FullApplicationTest(resetDbBeforeEa client.send(message) assertEquals(1, MockSfiMessagesRestEndpoint.getCapturedMessages().size) } + + @Test + fun `password change handles access token expiry gracefully`() { + client.send(message) + assertEquals(1, MockSfiMessagesRestEndpoint.getCapturedMessages().size) + MockSfiMessagesRestEndpoint.clearTokens() + val oldPassword = MockSfiMessagesRestEndpoint.getCurrentPassword() + client.rotatePassword() + val newPassword = MockSfiMessagesRestEndpoint.getCurrentPassword() + assertNotEquals(oldPassword, newPassword) + + // sending a message should still work after password change + client.send(message) + assertEquals(1, MockSfiMessagesRestEndpoint.getCapturedMessages().size) + } } diff --git a/service/src/main/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClient.kt b/service/src/main/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClient.kt index 1c0a78661c2..1ad5ea0a6ba 100644 --- a/service/src/main/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClient.kt +++ b/service/src/main/kotlin/fi/espoo/evaka/sficlient/rest/SfiMessagesRestClient.kt @@ -286,13 +286,11 @@ class SfiMessagesRestClient( } } - val authorization = authorizationHeader.get() - val accessToken = authorization.value.removePrefix("Bearer ") + val accessToken = getAccessToken(current.password) httpClient .newCall( Request.Builder() .url(config.urls.changePassword) - .header("Authorization", authorizationHeader.get().value) .header("Accept", "application/json") .post( jsonRequestBody(