-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DS-4027: New user registration & forgot password #2763
DS-4027: New user registration & forgot password #2763
Conversation
…ITs for the functionality
…ost with token and added its to verify functionality
… in RegistrationRestControllerIT
…l instead of as a parameter
…thorizeUpdatePassword method
…w-registration Conflicts: dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@benbosman : I gave this a (partial) code review today. Unfortunately I ran into a lot of minor mistakes/cleanup. Please see my inline comments. There are areas of this code that don't make sense to me...so either they need fixing or need inline code comments to explain the logic.
I stopped reviewing part way through as there was too much to comment on (especially in the ITs, which I found very messy overall & not implemented based on current best practices). So, I'd recommend working with the developer on cleaning up this code based on our best practices & then let me know when you feel it's ready for a public review again.
dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/main/java/org/dspace/app/rest/RegistrationRestController.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/main/java/org/dspace/app/rest/RegistrationRestController.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
…w-registration Conflicts: dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/EPersonRestRepository.java dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
… to the new registration endpoints
@tdonohue All feedback has been resolved and/or answered |
…n to now be available to anonymous calls
… and rewrote EPersonRestRepositoryIT tests to use this
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@benbosman : This is looking great overall. That said, in my re-review, I stumbled on a few tiny mistakes. Some look like simple copy & paste errors that were overlooked. Once these tiny things are cleaned up, I think this is ready to go. Thanks!
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/ProcessRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/RegistrationRestControllerIT.java
Outdated
Show resolved
Hide resolved
...ver-webapp/src/test/java/org/dspace/app/rest/authorization/EPersonRegistrationFeatureIT.java
Outdated
Show resolved
Hide resolved
...ver-webapp/src/test/java/org/dspace/app/rest/authorization/EPersonRegistrationFeatureIT.java
Outdated
Show resolved
Hide resolved
...ver-webapp/src/test/java/org/dspace/app/rest/authorization/EPersonRegistrationFeatureIT.java
Outdated
Show resolved
Hide resolved
...ce-server-webapp/src/test/java/org/dspace/app/rest/jackson/IgnoreJacksonWriteOnlyAccess.java
Show resolved
Hide resolved
…w-registration Conflicts: dspace-api/src/main/java/org/dspace/app/util/AuthorizeUtil.java dspace-server-webapp/src/main/java/org/dspace/app/rest/security/EPersonRestPermissionEvaluatorPlugin.java dspace-server-webapp/src/test/java/org/dspace/app/rest/EPersonRestRepositoryIT.java
@tdonohue all feedback has been processed, and the branch has been updated with the latest master This should be ready to merge now |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@benbosman : Thanks for the updates! I've found two more minor things that can be cleaned up quickly (a recent commit to add in an odd context.complete()
in a test made me realize these additional minor flaws). Then it all looks good to me.
dspace-server-webapp/src/test/java/org/dspace/app/rest/RegistrationRestControllerIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/RegistrationRestRepositoryIT.java
Show resolved
Hide resolved
…RestRepositoryIT and added extra cleanup
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have added some minor comments and questions inline
// This allowSetPassword is currently the only mthod that would return true only when it's | ||
// actually expected to be returning true. | ||
// For example the LDAP canSelfRegister will return true due to auto-register, while that | ||
// does not imply a new user can register explicitly | ||
return AuthenticateServiceFactory.getInstance().getAuthenticationService() | ||
.allowSetPassword(context, request, null); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have read the previous discussion but I still don't understand why we cannot simply rely only on the dspace.cfg property. Why should I put user.registration to true if I wan't allow user registration?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed with Tim in https://github.com/DSpace/DSpace/pull/2763/files/891ab3f3e261e8a78321091b8835fab413937899#r428844401, there is no method in the authentication services which correctly verifies whether you can register a new account. A ticket can be created for that problem, but it was considered out of scope for this PR to fix that issue in the API
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've created #2793
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm fine with moving this to a separate discussion
if (!configurationService.getBooleanProperty("user.registration", true)) { | ||
throw new IllegalStateException("The user.registration parameter was set to false"); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this seems me to confirm that we only need to check the dspace.cfg parameter (see previous comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A ticket can be created to deal with the lack of this detail in the API
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've created #2793
RegistrationData registrationData = registrationDataService.findByToken(context, token); | ||
if (registrationData == null) { | ||
throw new DSpaceBadRequestException("The token given as parameter: " + token + " does not exist" + | ||
" in the database"); | ||
} | ||
if (es.findByEmail(context, registrationData.getEmail()) != null) { | ||
throw new DSpaceBadRequestException("The token given already contains an email address that resolves" + | ||
"to an eperson"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this meet the current contract, I'm just thinking that a 422 would be more appropriate here as there is a semantic / status issue more than a formal error. But if you don't agree, ignore it and we can eventually open an issue to discuss it in future and apply later the changes (if agreed)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The contract explicitly mentions status 400 for this use case, that would contradict the contract
throw new DSpaceBadRequestException("The eperson.firstname and eperson.lastname values need to be " + | ||
"filled in"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also in this case, as the issue is inside the json I would prefer a 422. It would be useful in any case note in the contract that this error is throw when the metadata are missing (it is noted that they are mandatory)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not defined in the contract, 422 is fine for me. We'll update this in the code
getClient().perform(post("/api/eperson/registrations") | ||
.content(mapper.writeValueAsBytes(registrationRest)) | ||
.contentType(contentType)) | ||
.andExpect(status().is(401)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
small thing but I would appreciate if we can use the constant here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code has been moved, but can indeed be adjusted
dspace-server-webapp/src/test/java/org/dspace/app/rest/RegistrationRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/RegistrationRestRepositoryIT.java
Show resolved
Hide resolved
dspace-server-webapp/src/test/java/org/dspace/app/rest/RegistrationRestRepositoryIT.java
Outdated
Show resolved
Hide resolved
registrationDataList = registrationDataDAO.findAll(context, RegistrationData.class); | ||
assertEquals(1, registrationDataList.size()); | ||
assertTrue(StringUtils.equalsIgnoreCase(registrationDataList.get(0).getEmail(), eperson.getEmail())); | ||
Iterator<RegistrationData> iterator = registrationDataList.iterator(); | ||
while (iterator.hasNext()) { | ||
RegistrationData registrationData = iterator.next(); | ||
registrationDataDAO.delete(context, registrationData); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
put in a finally block
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll move this to a finally
...ver-webapp/src/test/java/org/dspace/app/rest/authorization/EPersonRegistrationFeatureIT.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 Thanks @benbosman! This looks good to me now. So, once @abollini 's minor feedback is addressed, this can be merged.
(Also, as noted on Slack, if you rebase on current master
then LGTM should build properly and stop putting a ❌ here. It also will analyze your PR and provide feedback as well.)
This pull request introduces 1 alert when merging 0555644 into 000b5c7 - view on LGTM.com new alerts:
|
it is ready to go for me now. Thanks @benbosman |
References
Description
This is the backend to:
Instructions for Reviewers
List of changes in this PR:
POST /api/eperson/registrations
POST /api/eperson/epersons?token=<:token>
PATCH /api/eperson/epersons/<:id-eperson>?token=<:token>
Checklist
This checklist provides a reminder of what we are going to look for when reviewing your PR. You need not complete this checklist prior to creating your PR (draft PRs are always welcome). If you are unsure about an item in the checklist, don't hesitate to ask. We're here to help!
400 Bad Request
,401 Unauthorized
,403 Forbidden
,404 Not Found
, etc)pom.xml
), I've made sure their licenses align with the DSpace BSD License based on the Licensing of Contributions documentation.