Bugfix for backward compatible new mobile API

account-gui/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.openconext</groupId>
         <artifactId>myconext</artifactId>
-        <version>7.2.9</version>
+        <version>7.2.10</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>account-gui</artifactId>

myconext-gui/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.openconext</groupId>
         <artifactId>myconext</artifactId>
-        <version>7.2.9</version>
+        <version>7.2.10</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>myconext-gui</artifactId>

myconext-server/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.openconext</groupId>
         <artifactId>myconext</artifactId>
-        <version>7.2.9</version>
+        <version>7.2.10</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>myconext-server</artifactId>

myconext-server/src/main/java/myconext/api/UserController.java

@@ -363,11 +363,22 @@ public ResponseEntity<StatusResponse> createEduIDAccount(@Valid @RequestBody Cre
     @PutMapping("/sp/update")
     public ResponseEntity<UserResponse> updateUserProfile(Authentication authentication, @Valid @RequestBody UpdateUserNameRequest deltaUser) {
         User user = userFromAuthentication(authentication);
+        if (StringUtils.hasText(deltaUser.getGivenName())) {
+            user.setChosenName(deltaUser.getGivenName());
+        }
+        //New API allows for update chosen name, override previous update
         if (StringUtils.hasText(deltaUser.getChosenName())) {
             user.setChosenName(deltaUser.getChosenName());
         }
-        user.setGivenName(deltaUser.getGivenName());
-        user.setFamilyName(deltaUser.getFamilyName());
+        //Only if there is not validated name, we allow for updates
+        if (CollectionUtils.isEmpty(user.getLinkedAccounts())) {
+            if (StringUtils.hasText(deltaUser.getGivenName())) {
+                user.setGivenName(deltaUser.getGivenName());
+            }
+            if (StringUtils.hasText(deltaUser.getFamilyName())) {
+                user.setFamilyName(deltaUser.getFamilyName());
+            }
+        }
         user.validate();
 
         userRepository.save(user);

myconext-server/src/main/java/myconext/model/UpdateUserNameRequest.java

@@ -14,9 +14,7 @@ public class UpdateUserNameRequest implements Serializable {
 
     private String chosenName;
 
-    @NotBlank
     private String givenName;
 
-    @NotBlank
     private String familyName;
 }

myconext-server/src/test/java/myconext/api/UserControllerTest.java

@@ -256,21 +256,20 @@ public void relayState() throws IOException {
 
     @Test
     public void updateUser() {
-        User user = userRepository.findOneUserByEmail("[email protected]");
-        user.setGivenName("Mary");
-        user.setFamilyName("Poppins");
+        UpdateUserNameRequest updateUserNameRequest = new UpdateUserNameRequest("chosenName", "Mary", "Poppins");
         given()
                 .when()
                 .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-                .body(user)
+                .body(updateUserNameRequest)
                 .put("/myconext/api/sp/update")
                 .then()
                 .statusCode(HttpStatus.CREATED.value());
 
         User userFromDB = userRepository.findOneUserByEmail("[email protected]");
-
-        assertEquals(user.getGivenName(), userFromDB.getGivenName());
-        assertEquals(user.getFamilyName(), userFromDB.getFamilyName());
+        //Has linked accounts, so no update
+        assertEquals(userFromDB.getGivenName(), "John");
+        assertEquals(userFromDB.getFamilyName(), "Doe");
+        assertEquals(userFromDB.getChosenName(), updateUserNameRequest.getChosenName());
     }
 
     @Test
@@ -362,17 +361,6 @@ public void removeUserService() {
         assertFalse(userFromDB.getEduIDS().stream().anyMatch(val -> val.getServiceProviderEntityId().equals(("http://mock-sp"))));
     }
 
-    @Test
-    public void updateUser403() {
-        given()
-                .when()
-                .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE)
-                .body(new User())
-                .put("/myconext/api/sp/update")
-                .then()
-                .statusCode(400);
-    }
-
     @Test
     public void updateUserWeakPassword() {
         User user = userRepository.findOneUserByEmail("[email protected]");

myconext-server/src/test/java/myconext/api/UserMobileControllerTest.java

@@ -35,23 +35,40 @@ public void me() throws IOException {
 
     @Test
     public void updateUserProfile() throws IOException {
-        UpdateUserNameRequest userNameRequest = new UpdateUserNameRequest("CallName", "Mary", "Winters");
+        UpdateUserNameRequest userNameRequest = new UpdateUserNameRequest("Annie", "Anna", "Winters");
         given()
                 .when()
                 .accept(ContentType.JSON)
                 .contentType(ContentType.JSON)
-                .auth().oauth2(opaqueAccessToken(true, "eduid.nl/mobile"))
+                .auth().oauth2(doOpaqueAccessToken(true, new String[] {"eduid.nl/mobile"}, "introspect_no_linked_accounts"))
                 .body(userNameRequest)
                 .put("/mobile/api/sp/update")
                 .then()
                 .statusCode(201);
-        User user = userRepository.findUserByEmail("jdoe@example.com").get();
+        User user = userRepository.findUserByEmail("mdoe@example.com").get();
 
         assertEquals(userNameRequest.getChosenName(), user.getChosenName());
         assertEquals(userNameRequest.getGivenName(), user.getGivenName());
         assertEquals(userNameRequest.getFamilyName(), user.getFamilyName());
     }
 
+    @Test
+    public void updateUserProfileOldAPI() throws IOException {
+        UpdateUserNameRequest userNameRequest = new UpdateUserNameRequest(null, "Anna", null);
+        given()
+                .when()
+                .accept(ContentType.JSON)
+                .contentType(ContentType.JSON)
+                .auth().oauth2(doOpaqueAccessToken(true, new String[] {"eduid.nl/mobile"}, "introspect_no_linked_accounts"))
+                .body(userNameRequest)
+                .put("/mobile/api/sp/update")
+                .then()
+                .statusCode(201);
+        User user = userRepository.findUserByEmail("[email protected]").get();
+
+        assertEquals(userNameRequest.getGivenName(), user.getChosenName());
+    }
+
     @Test
     public void institutionNames() throws IOException {
         Map names = given()

pom.xml

@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.openconext</groupId>
     <artifactId>myconext</artifactId>
-    <version>7.2.9</version>
+    <version>7.2.10</version>
     <packaging>pom</packaging>
     <name>myconext</name>
     <description>My OpenConext</description>

tiqr-mock/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>org.openconext</groupId>
         <artifactId>myconext</artifactId>
-        <version>7.2.9</version>
+        <version>7.2.10</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>tiqr-mock</artifactId>