Enables API access to /my/account for updating user account data (#31399).

Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@18257 e93f8b46-1217-0410-a6f0-8f06a7374b81
author: Go MAEDA <maeda@farend.jp> 2019-06-16 09:34:49 +0000
committer: Go MAEDA <maeda@farend.jp> 2019-06-16 09:34:49 +0000
commit: 9cdd8bf039c78017ff80283ef76c2f45783ec987 (patch)
tree: ea157e585970ed801b7340fd4e8432c9912c6c76
parent: d16e36028fa635d736b8fc04b53408aab766d9eb (diff)
download: redmine-9cdd8bf039c78017ff80283ef76c2f45783ec987.tar.gz
redmine-9cdd8bf039c78017ff80283ef76c2f45783ec987.zip
8 files changed, 144 insertions, 13 deletions
diff --git a/app/controllers/my_controller.rb b/app/controllers/my_controller.rb
index 58763f0c3..606fd5cb3 100644
--- a/app/controllers/my_controller.rb
+++ b/app/controllers/my_controller.rb
@@ -23,7 +23,9 @@ class MyController < ApplicationController
   # let user change user's password when user has to
   skip_before_action :check_password_change, :only => :password
 
-  require_sudo_mode :account, only: :post
+  accept_api_auth :account
+
+  require_sudo_mode :account, only: :put
   require_sudo_mode :reset_rss_key, :reset_api_key, :show_api_key, :destroy
 
   helper :issues
@@ -49,15 +51,25 @@ class MyController < ApplicationController
   def account
     @user = User.current
     @pref = @user.pref
-    if request.post?
+    if request.put?
       @user.safe_attributes = params[:user]
       @user.pref.safe_attributes = params[:pref]
       if @user.save
         @user.pref.save
         set_language_if_valid @user.language
-        flash[:notice] = l(:notice_account_updated)
-        redirect_to my_account_path
+        respond_to do |format|
+          format.html {
+            flash[:notice] = l(:notice_account_updated)
+            redirect_to my_account_path
+          }
+          format.api  { render_api_ok }
+        end
         return
+      else
+        respond_to do |format|
+          format.html { render :action => :account }
+          format.api  { render_validation_errors(@user) }
+        end
       end
     end
   end
diff --git a/app/views/my/account.api.rsb b/app/views/my/account.api.rsb
new file mode 100644
index 000000000..c1cac2bbe
--- /dev/null
+++ b/app/views/my/account.api.rsb
@@ -0,0 +1,13 @@
+api.user do
+  api.id         @user.id
+  api.login      @user.login
+  api.admin      @user.admin?
+  api.firstname  @user.firstname
+  api.lastname   @user.lastname
+  api.mail       @user.mail
+  api.created_on @user.created_on
+  api.last_login_on @user.last_login_on
+  api.api_key    @user.api_key
+
+  render_api_custom_values @user.visible_custom_field_values, api
+end
diff --git a/app/views/my/account.html.erb b/app/views/my/account.html.erb
index 63402c977..87b2d7cbd 100644
--- a/app/views/my/account.html.erb
+++ b/app/views/my/account.html.erb
@@ -14,7 +14,7 @@
 <%= labelled_form_for :user, @user,
                      :url => { :action => "account" },
                      :html => { :id => 'my_account_form',
-                                :method => :post, :multipart => true } do |f| %>
+                                :method => :put, :multipart => true } do |f| %>
 <div class="splitcontent">
 <div class="splitcontentleft">
 <fieldset class="box tabular">
diff --git a/config/routes.rb b/config/routes.rb
index 5ac2575c3..c6d172ee4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -72,7 +72,7 @@ Rails.application.routes.draw do
   match '/imports/:id/mapping', :to => 'imports#mapping', :via => [:get, :post], :as => 'import_mapping'
   match '/imports/:id/run', :to => 'imports#run', :via => [:get, :post], :as => 'import_run'
 
-  match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :post]
+  match 'my/account', :controller => 'my', :action => 'account', :via => [:get, :put]
   match 'my/account/destroy', :controller => 'my', :action => 'destroy', :via => [:get, :post]
   match 'my/page', :controller => 'my', :action => 'page', :via => :get
   post 'my/page', :to => 'my#update_page'
diff --git a/test/functional/my_controller_test.rb b/test/functional/my_controller_test.rb
index 1295767f2..069cfdc33 100644
--- a/test/functional/my_controller_test.rb
+++ b/test/functional/my_controller_test.rb
@@ -382,7 +382,7 @@ class MyControllerTest < Redmine::ControllerTest
   end
 
   def test_update_account
-    post :account, :params => {
+    put :account, :params => {
         :user => {
           :firstname => "Joe",
           :login => "root",
@@ -407,7 +407,7 @@ class MyControllerTest < Redmine::ControllerTest
 
   def test_update_account_should_send_security_notification
     ActionMailer::Base.deliveries.clear
-    post :account, :params => {
+    put :account, :params => {
         :user => {
           :mail => 'foobar@example.com'
 
diff --git a/test/integration/api_test/my_test.rb b/test/integration/api_test/my_test.rb
new file mode 100644
index 000000000..92a54f3ea
--- /dev/null
+++ b/test/integration/api_test/my_test.rb
@@ -0,0 +1,106 @@
+# frozen_string_literal: true
+
+# Redmine - project management software
+# Copyright (C) 2006-2017  Jean-Philippe Lang
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+require File.expand_path('../../../test_helper', __FILE__)
+
+class Redmine::ApiTest::MyTest < Redmine::ApiTest::Base
+  fixtures :users, :email_addresses, :members, :member_roles, :roles, :projects
+
+  test "GET /my/account.json should return user" do
+    assert Setting.rest_api_enabled?
+    get '/my/account.json', :headers => credentials('dlopper', 'foo')
+
+    assert_response :success
+    assert_equal 'application/json', response.content_type
+    json = ActiveSupport::JSON.decode(response.body)
+    assert json.key?('user')
+    assert_equal 'dlopper', json['user']['login']
+  end
+
+  test "PUT /my/account.xml with valid parameters should update the user" do
+    put '/my/account.xml',
+      :params => {
+        :user => {
+          :firstname => 'Dave', :lastname => 'Renamed',
+          :mail => 'dave@somenet.foo'
+        }
+      },
+      :headers => credentials('dlopper', 'foo')
+    assert_response :no_content
+    assert_equal '', @response.body
+
+    assert user = User.find_by_lastname('Renamed')
+    assert_equal 'Dave', user.firstname
+    assert_equal 'Renamed', user.lastname
+    assert_equal 'dave@somenet.foo', user.mail
+    refute user.admin?
+  end
+
+  test "PUT /my/account.json with valid parameters should update the user" do
+    put '/my/account.xml',
+      :params => {
+        :user => {
+          :firstname => 'Dave', :lastname => 'Renamed',
+          :mail => 'dave@somenet.foo'
+        }
+      },
+      :headers => credentials('dlopper', 'foo')
+    assert_response :no_content
+    assert_equal '', @response.body
+
+    assert user = User.find_by_lastname('Renamed')
+    assert_equal 'Dave', user.firstname
+    assert_equal 'Renamed', user.lastname
+    assert_equal 'dave@somenet.foo', user.mail
+    refute user.admin?
+
+  end
+
+  test "PUT /my/account.xml with invalid parameters" do
+    put '/my/account.xml',
+      :params => {
+        :user => {
+          :login => 'dlopper', :firstname => '', :lastname => 'Lastname'
+        }
+      },
+      :headers => credentials('dlopper', 'foo')
+
+    assert_response :unprocessable_entity
+    assert_equal 'application/xml', @response.content_type
+    assert_select 'errors error', :text => "First name cannot be blank"
+  end
+
+  test "PUT /my/account.json with invalid parameters" do
+    put '/my/account.json',
+      :params => {
+        :user => {
+          :login => 'dlopper', :firstname => '', :lastname => 'Lastname'
+        }
+      },
+      :headers => credentials('dlopper', 'foo')
+
+    assert_response :unprocessable_entity
+    assert_equal 'application/json', @response.content_type
+    json = ActiveSupport::JSON.decode(response.body)
+    assert_kind_of Hash, json
+    assert json.has_key?('errors')
+    assert_kind_of Array, json['errors']
+  end
+end
+
diff --git a/test/integration/routing/my_test.rb b/test/integration/routing/my_test.rb
index ce98f70b5..8b70ae7e4 100644
--- a/test/integration/routing/my_test.rb
+++ b/test/integration/routing/my_test.rb
@@ -22,7 +22,7 @@ require File.expand_path('../../../test_helper', __FILE__)
 class RoutingMyTest < Redmine::RoutingTest
   def test_my
     should_route 'GET /my/account' => 'my#account'
-    should_route 'POST /my/account' => 'my#account'
+    should_route 'PUT /my/account' => 'my#account'
 
     should_route 'GET /my/account/destroy' => 'my#destroy'
     should_route 'POST /my/account/destroy' => 'my#destroy'
diff --git a/test/integration/sudo_mode_test.rb b/test/integration/sudo_mode_test.rb
index b7d9cb5d7..a2ff7cd09 100644
--- a/test/integration/sudo_mode_test.rb
+++ b/test/integration/sudo_mode_test.rb
@@ -149,7 +149,7 @@ class SudoModeTest < Redmine::IntegrationTest
     expire_sudo_mode!
     get '/my/account'
     assert_response :success
-    post '/my/account', :params => {user: { mail: 'newmail@test.com' }}
+    put '/my/account', :params => {user: { mail: 'newmail@test.com' }}
     assert_response :success
     assert_select 'h2', 'Confirm your password to continue'
     assert_select 'form[action="/my/account"]'
@@ -157,7 +157,7 @@ class SudoModeTest < Redmine::IntegrationTest
     assert_select '#flash_error', 0
 
     # wrong password
-    post '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'wrong'}
+    put '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'wrong'}
     assert_response :success
     assert_select 'h2', 'Confirm your password to continue'
     assert_select 'form[action="/my/account"]'
@@ -165,12 +165,12 @@ class SudoModeTest < Redmine::IntegrationTest
     assert_select '#flash_error'
 
     # correct password
-    post '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'jsmith'}
+    put '/my/account', :params => {user: { mail: 'newmail@test.com' }, sudo_password: 'jsmith'}
     assert_redirected_to '/my/account'
     assert_equal 'newmail@test.com', User.find_by_login('jsmith').mail
 
     # sudo mode should now be active and not require password again
-    post '/my/account', :params => {user: { mail: 'even.newer.mail@test.com' }}
+    put '/my/account', :params => {user: { mail: 'even.newer.mail@test.com' }}
     assert_redirected_to '/my/account'
     assert_equal 'even.newer.mail@test.com', User.find_by_login('jsmith').mail
   end
author	Go MAEDA <maeda@farend.jp>	2019-06-16 09:34:49 +0000
committer	Go MAEDA <maeda@farend.jp>	2019-06-16 09:34:49 +0000
commit	9cdd8bf039c78017ff80283ef76c2f45783ec987 (patch)
tree	ea157e585970ed801b7340fd4e8432c9912c6c76
parent	d16e36028fa635d736b8fc04b53408aab766d9eb (diff)
download	redmine-9cdd8bf039c78017ff80283ef76c2f45783ec987.tar.gz redmine-9cdd8bf039c78017ff80283ef76c2f45783ec987.zip