FileFighter · open-schnick · Nov 23, 2020 · Nov 23, 2020 · Nov 23, 2020
diff --git a/src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java b/src/main/java/de/filefighter/rest/domain/user/business/UserBusinessService.java
@@ -155,7 +155,7 @@ public void updateUser(long userId, UserRegisterForm userToUpdate, User authenti
         if (null == userToUpdate)
             throw new UserNotUpdatedException("No updates specified.");
 
-        if(null == authenticatedUser.getGroups())
+        if (null == authenticatedUser.getGroups())
             throw new UserNotUpdatedException("Authenticated User is not allowed");
 
         boolean authenticatedUserIsAdmin = Arrays.stream(authenticatedUser.getGroups()).anyMatch(g -> g == Groups.ADMIN);
@@ -205,6 +205,10 @@ public void updateUser(long userId, UserRegisterForm userToUpdate, User authenti
 
             changesWereMade = true;
             newUpdate.set("password", password);
+
+            //update refreshToken
+            String newRefreshToken = AccessTokenBusinessService.generateRandomTokenValue();
+            newUpdate.set("refreshToken", newRefreshToken);
         }
 
         // groups
@@ -222,7 +226,7 @@ public void updateUser(long userId, UserRegisterForm userToUpdate, User authenti
             newUpdate.set("groupIds", userToUpdate.getGroupIds());
         }
 
-        if(!changesWereMade)
+        if (!changesWereMade)
             throw new UserNotUpdatedException("No changes were made.");
 
         Query query = new Query();

diff --git a/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java b/src/test/java/de/filefighter/rest/cucumber/CommonCucumberSteps.java
@@ -23,8 +23,7 @@
 import java.io.IOException;
 import java.util.Arrays;
 
-import static org.junit.jupiter.api.Assertions.assertEquals;
-import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.*;
 
 public class CommonCucumberSteps extends RestApplicationIntegrationTest {
 
@@ -80,6 +79,18 @@ public void userWithIdExistsAndHasUsernamePassword(long userId, String username,
                 .build()));
     }
 
+    @Autowired
+    MongoTemplate mongoTemplate;
+
+    @And("user with id {long} is in group with id {long}")
+    public void userWithIdIsInGroupWithId(long userId, long groupId) {
+        Query query = new Query();
+        Update newUpdate = new Update().set("groupIds", new long[]{groupId});
+        query.addCriteria(Criteria.where("userId").is(userId));
+
+        mongoTemplate.findAndModify(query, newUpdate, UserEntity.class);
+    }
+
     // This step almost needs a unit test.
     @Given("{string} exists with id {long} and path {string}")
     public void fileOrFolderExistsWithIdAndPath(String fileOrFolder, long fsItemId, String path) {
@@ -171,15 +182,11 @@ public void responseContainsKeyAndValueOfAtLeast(String key, int value) throws J
         assertTrue(actualValue >= value);
     }
 
-    @Autowired
-    MongoTemplate mongoTemplate;
-
-    @And("user with id {long} is in group with id {long}")
-    public void userWithIdIsInGroupWithId(long userId, long groupId) {
-        Query query = new Query();
-        Update newUpdate = new Update().set("groupIds", new long[]{groupId});
-        query.addCriteria(Criteria.where("userId").is(userId));
+    @And("response contains key {string} and a different value than {string}")
+    public void responseContainsKeyAndADifferentValueThan(String key, String differentValue) throws JsonProcessingException {
+        JsonNode rootNode = objectMapper.readTree(latestResponse.getBody());
+        String actualValue = rootNode.get(key).asText();
 
-        mongoTemplate.findAndModify(query, newUpdate, UserEntity.class);
+        assertNotEquals(differentValue, actualValue);
     }
 }
diff --git a/src/test/resources/UserEditInformation.feature b/src/test/resources/UserEditInformation.feature
@@ -4,7 +4,7 @@ Feature: Edit User Details
 
   Background:
     Given database is empty
-    And user with id 1234 exists and has username "user", password "secure_password"
+    And user with id 1234 exists and has username "user", password "secure_password" and refreshToken "refreshToken1234"
     And accessToken with value "accessToken" exists for user 1234
 
   Scenario: Successful change of username
@@ -37,3 +37,12 @@ Feature: Edit User Details
     Then response contains key "message" and value "User could not get updated. No changes were made."
     And response contains key "status" and value "Conflict"
     And response status code is 409
+
+  Scenario: RefreshToken of user is different after password change.
+    When user requests change of password with value "newValidPassword123" userId 1234 and accessToken "accessToken"
+    Then response contains key "message" and value "User successfully updated."
+    And response contains key "status" and value "Created"
+    And response status code is 201
+    When user requests login with username "user" and password "newValidPassword123"
+    And response contains key "tokenValue" and a different value than "refreshToken1234"
+    Then response status code is 200