diff --git a/src/main/java/alfio/config/authentication/support/UserCreatorBeforeLoginFilter.java b/src/main/java/alfio/config/authentication/support/UserCreatorBeforeLoginFilter.java index 9a140ccb50..a7c2ddc642 100644 --- a/src/main/java/alfio/config/authentication/support/UserCreatorBeforeLoginFilter.java +++ b/src/main/java/alfio/config/authentication/support/UserCreatorBeforeLoginFilter.java @@ -53,8 +53,8 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha String username = req.getParameter("username"); if (!userManager.usernameExists(username)) { var organizationModification = new OrganizationModification(null, UUID.randomUUID().toString(), username, username, null, null); - int orgId = userManager.createOrganization(organizationModification); - userManager.insertUser(orgId, username, "", "", username, Role.OWNER, User.Type.DEMO, req.getParameter("password"), null, null); + int orgId = userManager.createOrganization(organizationModification, null); + userManager.insertUser(orgId, username, "", "", username, Role.OWNER, User.Type.DEMO, req.getParameter("password"), null, null, null); } } diff --git a/src/main/java/alfio/controller/api/admin/UsersApiController.java b/src/main/java/alfio/controller/api/admin/UsersApiController.java index 0ada6ed254..9b9095ec14 100644 --- a/src/main/java/alfio/controller/api/admin/UsersApiController.java +++ b/src/main/java/alfio/controller/api/admin/UsersApiController.java @@ -137,15 +137,15 @@ public ResponseEntity bulkCreate(@RequestBody BulkApiKeyCreation request Optional userOptional = userManager.findOptionalEnabledUserByUsername(principal.getName()) .filter(u -> userManager.isOwnerOfOrganization(u, request.organizationId)); if(userOptional.isPresent()) { - userManager.bulkInsertApiKeys(request.organizationId, request.role, request.descriptions); + userManager.bulkInsertApiKeys(request.organizationId, request.role, request.descriptions, principal); return ResponseEntity.ok("OK"); } return ResponseEntity.badRequest().build(); } @PostMapping("/organizations/new") - public String insertOrganization(@RequestBody OrganizationModification om) { - userManager.createOrganization(om); + public String insertOrganization(@RequestBody OrganizationModification om, Principal principal) { + userManager.createOrganization(om, principal); return OK; } @@ -180,7 +180,7 @@ public String editUser(@RequestBody UserModification userModification, Principal userManager.editUser(userModification.getId(), userModification.getOrganizationId(), userModification.getUsername(), userModification.getFirstName(), userModification.getLastName(), userModification.getEmailAddress(), userModification.getDescription(), - Role.valueOf(userModification.getRole()), principal.getName()); + Role.valueOf(userModification.getRole()), principal); return OK; } @@ -193,7 +193,7 @@ public UserWithPasswordAndQRCode insertUser(@RequestBody UserModification userMo userModification.getFirstName(), userModification.getLastName(), userModification.getEmailAddress(), requested, type == null ? User.Type.INTERNAL : type, - userModification.getValidToAsDateTime(), userModification.getDescription()); + userModification.getValidToAsDateTime(), userModification.getDescription(), principal); String qrCode = type != User.Type.API_KEY ? Base64.getEncoder().encodeToString(generateQRCode(userWithPassword, baseUrl)) : null; return new UserWithPasswordAndQRCode(userWithPassword, qrCode); } @@ -236,13 +236,13 @@ private static byte[] generateQRCode(UserWithPassword userWithPassword, String b @DeleteMapping("/users/{id}") public String deleteUser(@PathVariable("id") int userId, Principal principal) { - userManager.deleteUser(userId, principal.getName()); + userManager.deleteUser(userId, principal); return OK; } @PostMapping("/users/{id}/enable/{enable}") public String enableUser(@PathVariable("id") int userId, @PathVariable("enable")boolean enable, Principal principal) { - userManager.enable(userId, principal.getName(), enable); + userManager.enable(userId, enable, principal); return OK; } @@ -267,19 +267,18 @@ public UserModification loadCurrentUser(Principal principal) { @PostMapping("/users/current/update-password") public ValidationResult updateCurrentUserPassword(@RequestBody PasswordModification passwordModification, Principal principal) { return userManager.validateNewPassword(principal.getName(), passwordModification.oldPassword, passwordModification.newPassword, passwordModification.newPasswordConfirm) - .ifSuccess(() -> userManager.updateCurrentUserPassword(principal.getName(), passwordModification.newPassword)); + .ifSuccess(() -> userManager.updateCurrentUserPassword(passwordModification.newPassword, principal)); } @PostMapping("/users/current/edit") public void updateCurrentUser(@RequestBody UserModification userModification, Principal principal) { - User user = userManager.findUserByUsername(principal.getName()); - userManager.updateUserContactInfo(user.getId(), userModification.getFirstName(), userModification.getLastName(), userModification.getEmailAddress()); + userManager.updateCurrentUserContactInfo(userModification.getFirstName(), userModification.getLastName(), userModification.getEmailAddress(), principal); } @PutMapping("/users/{id}/reset-password") public UserWithPasswordAndQRCode resetPassword(@PathVariable("id") int userId, @RequestParam("baseUrl") String baseUrl, Principal principal) { - UserWithPassword userWithPassword = userManager.resetPassword(userId, principal.getName()); + UserWithPassword userWithPassword = userManager.resetPassword(userId, principal); return new UserWithPasswordAndQRCode(userWithPassword, Base64.getEncoder().encodeToString(generateQRCode(userWithPassword, baseUrl))); } diff --git a/src/main/java/alfio/controller/api/v1/admin/OrganizationsApiV1Controller.java b/src/main/java/alfio/controller/api/v1/admin/OrganizationsApiV1Controller.java index 6071006af5..2dc6af089f 100644 --- a/src/main/java/alfio/controller/api/v1/admin/OrganizationsApiV1Controller.java +++ b/src/main/java/alfio/controller/api/v1/admin/OrganizationsApiV1Controller.java @@ -43,11 +43,11 @@ public OrganizationsApiV1Controller(UserManager userManager, } @PostMapping("/create") - public ResponseEntity createOrganization(@RequestBody OrganizationModification om) { + public ResponseEntity createOrganization(@RequestBody OrganizationModification om, Principal principal) { if (om == null || !om.isValid(true)) { return ResponseEntity.badRequest().build(); } - int orgId = userManager.createOrganization(om); + int orgId = userManager.createOrganization(om, principal); return ResponseEntity.ok(userManager.findOrganizationById(orgId, UserManager.ADMIN_USERNAME)); } @@ -62,8 +62,8 @@ public ResponseEntity getSingleOrganization(@PathVariable("id") in } @PutMapping("/{id}/api-key") - public OrganizationApiKey createApiKeyForOrganization(@PathVariable("id") int organizationId) { - var user = userManager.insertUser(organizationId, null, null, null, null, Role.fromRoleName("ROLE_API_CLIENT"), User.Type.API_KEY, null, "Auto-generated API Key"); + public OrganizationApiKey createApiKeyForOrganization(@PathVariable("id") int organizationId, Principal principal) { + var user = userManager.insertUser(organizationId, null, null, null, null, Role.fromRoleName("ROLE_API_CLIENT"), User.Type.API_KEY, null, "Auto-generated API Key", principal); return new OrganizationApiKey(organizationId, user.getUsername()); } diff --git a/src/main/java/alfio/manager/user/UserManager.java b/src/main/java/alfio/manager/user/UserManager.java index 329a4bebfc..c75e0a27ec 100644 --- a/src/main/java/alfio/manager/user/UserManager.java +++ b/src/main/java/alfio/manager/user/UserManager.java @@ -87,6 +87,7 @@ private List getUserAuthorities(User user) { return authorityRepository.findGrantedAuthorities(user.getUsername()); } + @Transactional(readOnly = true) public List findAllUsers(String username) { List organizations = findUserOrganizations(username); Predicate> isNotEmpty = ks -> !ks.isEmpty(); @@ -109,6 +110,7 @@ public List findAllUsers(String username) { }).orElseGet(Collections::emptyList); } + @Transactional(readOnly = true) public List findAllEnabledUsers(String username) { return findUserOrganizations(username) .stream() @@ -118,26 +120,32 @@ public List findAllEnabledUsers(String username) { .collect(toList()); } + @Transactional(readOnly = true) public List findAllApiKeysFor(int organizationId) { return userRepository.findAllApiKeysForOrganization(organizationId); } + @Transactional(readOnly = true) public User findUserByUsername(String username) { return userRepository.findEnabledByUsername(username).orElseThrow(IllegalArgumentException::new); } + @Transactional(readOnly = true) public Optional findOptionalEnabledUserByUsername(String username) { return userRepository.findEnabledByUsername(username); } + @Transactional(readOnly = true) public boolean usernameExists(String username) { return userRepository.findIdByUserName(username).isPresent(); } + @Transactional(readOnly = true) public User findUser(int id) { return userRepository.findById(id); } + @Transactional(readOnly = true) public Collection getAvailableRoles(String username) { User user = findUserByUsername(username); return isAdmin(user) || isOwner(user) ? EnumSet.of(Role.OWNER, Role.OPERATOR, Role.SUPERVISOR, Role.SPONSOR, Role.API_CONSUMER) : Collections.emptySet(); @@ -148,18 +156,22 @@ public Collection getAvailableRoles(String username) { * @param user * @return user role */ + @Transactional(readOnly = true) public Role getUserRole(User user) { return getUserAuthorities(user).stream().map(Authority::getRole).sorted().findFirst().orElse(Role.OPERATOR); } + @Transactional(readOnly = true) public List findUserOrganizations(String username) { return organizationRepository.findAllForUser(username); } + @Transactional(readOnly = true) public Organization findOrganizationById(int id, String username) { return findOptionalOrganizationById(id, username).orElseThrow(IllegalArgumentException::new); } + @Transactional(readOnly = true) public Optional findOptionalOrganizationById(int id, String username) { return findUserOrganizations(username) .stream() @@ -167,18 +179,22 @@ public Optional findOptionalOrganizationById(int id, String userna .findFirst(); } + @Transactional(readOnly = true) public boolean isAdmin(User user) { return checkRole(user, Collections.singleton(Role.ADMIN)); } + @Transactional(readOnly = true) public boolean isOwner(User user) { return checkRole(user, EnumSet.of(Role.ADMIN, Role.OWNER, Role.API_CONSUMER)); } + @Transactional(readOnly = true) public boolean isOwnerOfOrganization(User user, int organizationId) { return isAdmin(user) || (isOwner(user) && userOrganizationRepository.findByUserId(user.getId()).stream().anyMatch(uo -> uo.organizationId() == organizationId)); } + @Transactional(readOnly = true) public boolean isOwnerOfOrganization(String username, int organizationId) { return userRepository.findByUsername(username) .filter(user -> isOwnerOfOrganization(user, organizationId)) @@ -190,7 +206,10 @@ private boolean checkRole(User user, Set expectedRoles) { return authorityRepository.checkRole(user.getUsername(), roleNames); } - public int createOrganization(OrganizationModification om) { + public int createOrganization(OrganizationModification om, Principal principal) { + // + checkIsAdmin(principal); + // var affectedRowNumAndKey = organizationRepository.create(om.getName(), om.getDescription(), om.getEmail(), om.getExternalId(), om.getSlug()); int orgId = affectedRowNumAndKey.getKey(); Validate.isTrue(invoiceSequencesRepository.initFor(orgId) == 2); @@ -198,8 +217,12 @@ public int createOrganization(OrganizationModification om) { } public void updateOrganization(OrganizationModification om, Principal principal) { + // + var orgId = requireNonNull(om.getId()); + checkAccessToOrganizationId(principal, orgId); + // boolean isAdmin = RequestUtils.isAdmin(principal) || RequestUtils.isSystemApiKey(principal); - var currentOrg = organizationRepository.getById(requireNonNull(om.getId())); + var currentOrg = organizationRepository.getById(orgId); organizationRepository.update(om.getId(), om.getName(), om.getDescription(), @@ -208,6 +231,7 @@ public void updateOrganization(OrganizationModification om, Principal principal) isAdmin ? om.getSlug() : currentOrg.getSlug()); } + @Transactional(readOnly = true) public ValidationResult validateOrganizationSlug(OrganizationModification om, Principal principal) { if(!RequestUtils.isAdmin(principal)) { return ValidationResult.failed(new ValidationResult.ErrorDescriptor("slug", "Cannot update Organizer URL.")); @@ -222,6 +246,7 @@ public ValidationResult validateOrganizationSlug(OrganizationModification om, Pr return ValidationResult.success(); } + @Transactional(readOnly = true) public ValidationResult validateOrganization(OrganizationModification om, Principal principal) { if(om.getId() == null && organizationRepository.findByName(om.getName()).isPresent()) { return ValidationResult.failed(new ValidationResult.ErrorDescriptor("name", "There is already another organization with the same name.")); @@ -238,7 +263,11 @@ public ValidationResult validateOrganization(OrganizationModification om, Princi return ValidationResult.success(); } - public void editUser(int id, int organizationId, String username, String firstName, String lastName, String emailAddress, String description, Role role, String currentUsername) { + public void editUser(int id, int organizationId, String username, String firstName, String lastName, String emailAddress, String description, Role role, Principal principal) { + // + checkAccessToUserIdAndNewOrganization(principal, id, organizationId); + // + String currentUsername = principal.getName(); boolean admin = ADMIN_USERNAME.equals(username) && Role.ADMIN == role; if(!admin) { int userOrganizationResult = userOrganizationRepository.updateUserOrganization(id, organizationId); @@ -253,16 +282,17 @@ public void editUser(int id, int organizationId, String username, String firstNa } } - public void updateUserContactInfo(int id, String firstName, String lastName, String emailAddress) { + public void updateCurrentUserContactInfo(String firstName, String lastName, String emailAddress, Principal principal) { + var id = userRepository.findIdByUserName(principal.getName()).orElseThrow(); userRepository.updateContactInfo(id, firstName, lastName, emailAddress); } - public UserWithPassword insertUser(int organizationId, String username, String firstName, String lastName, String emailAddress, Role role, User.Type userType) { - return insertUser(organizationId, username, firstName, lastName, emailAddress, role, userType, null, null); + public UserWithPassword insertUser(int organizationId, String username, String firstName, String lastName, String emailAddress, Role role, User.Type userType, Principal principal) { + return insertUser(organizationId, username, firstName, lastName, emailAddress, role, userType, null, null, principal); } - public UserWithPassword insertUser(int organizationId, String username, String firstName, String lastName, String emailAddress, Role role, User.Type userType, ZonedDateTime validTo, String description) { + public UserWithPassword insertUser(int organizationId, String username, String firstName, String lastName, String emailAddress, Role role, User.Type userType, ZonedDateTime validTo, String description, Principal principal) { if (userType == User.Type.API_KEY) { username = UUID.randomUUID().toString(); firstName = "apikey"; @@ -271,17 +301,20 @@ public UserWithPassword insertUser(int organizationId, String username, String f } String userPassword = PasswordGenerator.generateRandomPassword(); - return insertUser(organizationId, username, firstName, lastName, emailAddress, role, userType, userPassword, validTo, description); + return insertUser(organizationId, username, firstName, lastName, emailAddress, role, userType, userPassword, validTo, description, principal); } - public void bulkInsertApiKeys(int organizationId, Role role, List descriptions) { + public void bulkInsertApiKeys(int organizationId, Role role, List descriptions, Principal principal) { for (String description : descriptions) { - insertUser(organizationId, null, null, null, null, role, User.Type.API_KEY, null, description); + insertUser(organizationId, null, null, null, null, role, User.Type.API_KEY, null, description, principal); } } - public UserWithPassword insertUser(int organizationId, String username, String firstName, String lastName, String emailAddress, Role role, User.Type userType, String userPassword, ZonedDateTime validTo, String description) { + public UserWithPassword insertUser(int organizationId, String username, String firstName, String lastName, String emailAddress, Role role, User.Type userType, String userPassword, ZonedDateTime validTo, String description, Principal principal) { + // + checkAccessToOrganizationId(principal, organizationId); + // Organization organization = organizationRepository.getById(organizationId); AffectedRowCountAndKey result = userRepository.create(username, passwordEncoder.encode(userPassword), firstName, lastName, emailAddress, true, userType, validTo, description); userOrganizationRepository.create(result.getKey(), organization.getId()); @@ -290,12 +323,15 @@ public UserWithPassword insertUser(int organizationId, String username, String f } - public UserWithPassword resetPassword(int userId, String currentUser) { + public UserWithPassword resetPassword(int userId, Principal principal) { + // + checkAccessToUserId(principal, userId); + // User user = findUser(userId); String password = PasswordGenerator.generateRandomPassword(); Validate.isTrue(userRepository.resetPassword(userId, passwordEncoder.encode(password)) == 1, "error during password reset"); - if (!currentUser.equals(user.getUsername())) { + if (!Objects.requireNonNull(principal).getName().equals(user.getUsername())) { invalidateSessionsForUser(user.getUsername()); } @@ -303,14 +339,19 @@ public UserWithPassword resetPassword(int userId, String currentUser) { } - public void updateCurrentUserPassword(String username, String newPassword) { + public void updateCurrentUserPassword(String newPassword, Principal principal) { + var username = principal.getName(); User user = userRepository.findByUsername(username).orElseThrow(IllegalStateException::new); Validate.isTrue(PasswordGenerator.isValid(newPassword), "invalid password"); Validate.isTrue(userRepository.resetPassword(user.getId(), passwordEncoder.encode(newPassword)) == 1, "error during password update"); } - public void deleteUser(int userId, String currentUsername) { + public void deleteUser(int userId, Principal principal) { + // + checkAccessToUserId(principal, userId); + // + var currentUsername = principal.getName(); User currentUser = userRepository.findEnabledByUsername(currentUsername).orElseThrow(IllegalArgumentException::new); Assert.isTrue(userId != currentUser.getId(), "sorry but you cannot delete your own account."); var userToDelete = userRepository.findById(userId); @@ -323,7 +364,11 @@ private void invalidateSessionsForUser(String username) { sessionsToInvalidate.forEach(sessionsByPrincipalFinder::deleteById); } - public void enable(int userId, String currentUsername, boolean status) { + public void enable(int userId, boolean status, Principal principal) { + // + checkAccessToUserId(principal, userId); + // + var currentUsername = principal.getName(); User currentUser = userRepository.findEnabledByUsername(currentUsername).orElseThrow(IllegalArgumentException::new); Assert.isTrue(userId != currentUser.getId(), "sorry but you cannot commit suicide"); userRepository.toggleEnabled(userId, status); @@ -333,6 +378,7 @@ public void enable(int userId, String currentUsername, boolean status) { } } + @Transactional(readOnly = true) public ValidationResult validateUser(Integer id, String username, String firstName, String lastName, String emailAddress) { Optional existing = Optional.ofNullable(id).flatMap(userRepository::findOptionalById); @@ -346,6 +392,7 @@ public ValidationResult validateUser(Integer id, String username, String firstNa .collect(toList())); } + @Transactional(readOnly = true) public ValidationResult validateNewPassword(String username, String oldPassword, String newPassword, String newPasswordConfirm) { return userRepository.findByUsername(username) .map(u -> { @@ -380,4 +427,51 @@ public Integer createPublicUserIfNotExists(String username, String email, String return userRepository.findIdByUserName(username).orElse(null); } + + private void checkIsAdmin(Principal principal) { + if (principal == null) { + return; + } + if (isAdmin(findUserByUsername(principal.getName()))) { + return; + } + log.warn("User {} is not an admin", principal.getName()); + throw new IllegalArgumentException("User " + principal.getName() + " is not an admin"); + } + + private void checkAccessToUserId(Principal principal, int userId) { + if (principal == null) { + return; + } + var currentUser = findUserByUsername(principal.getName()); + if (isAdmin(currentUser)) { + return; + } + var targetUser = findUser(userId); + var targetUserOrgs = findUserOrganizations(targetUser.getUsername()); + Assert.isTrue(targetUserOrgs.size() == 1, "Targeted user can only be in one organization"); + for (var org : targetUserOrgs) { + if (isOwnerOfOrganization(currentUser, org.getId())) { + return; + } + } + log.warn("User {} does not have access to userId {}", principal.getName(), userId); + throw new IllegalStateException("User " + principal.getName() + " does not have access to userId " + userId); + } + + private void checkAccessToUserIdAndNewOrganization(Principal principal, int userId, int newOrganization) { + checkAccessToUserId(principal, userId); + checkAccessToOrganizationId(principal, newOrganization); + } + + private void checkAccessToOrganizationId(Principal principal, int organizationId) { + if (principal == null) { + return; + } + if (isOwnerOfOrganization(principal.getName(), organizationId)) { + return; + } + log.warn("User {} don't have access to organizationId {}", principal.getName(), organizationId); + throw new IllegalArgumentException("User " + principal.getName() + " don't have access to organizationId " + organizationId); + } } diff --git a/src/test/java/alfio/controller/api/v1/EventApiV1IntegrationTest.java b/src/test/java/alfio/controller/api/v1/EventApiV1IntegrationTest.java index 0bf5b5bf38..2c3ae41bc7 100644 --- a/src/test/java/alfio/controller/api/v1/EventApiV1IntegrationTest.java +++ b/src/test/java/alfio/controller/api/v1/EventApiV1IntegrationTest.java @@ -105,9 +105,9 @@ public void ensureConfiguration() { this.username = UUID.randomUUID().toString(); var organizationModification = new OrganizationModification(null, organizationName, "email@example.com", "org", null, null); - userManager.createOrganization(organizationModification); + userManager.createOrganization(organizationModification, null); this.organization = organizationRepository.findByName(organizationName).orElseThrow(); - userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.API_CONSUMER, User.Type.INTERNAL); + userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.API_CONSUMER, User.Type.INTERNAL, null); this.mockPrincipal = Mockito.mock(Principal.class); Mockito.when(mockPrincipal.getName()).thenReturn(username); diff --git a/src/test/java/alfio/controller/api/v1/ReservationApiV1ControllerTest.java b/src/test/java/alfio/controller/api/v1/ReservationApiV1ControllerTest.java index 14531737f2..f7af1ddec1 100644 --- a/src/test/java/alfio/controller/api/v1/ReservationApiV1ControllerTest.java +++ b/src/test/java/alfio/controller/api/v1/ReservationApiV1ControllerTest.java @@ -115,7 +115,7 @@ void setUp() { Pair eventAndUser = initEvent(categories, organizationRepository, userManager, eventManager, eventRepository); event = eventAndUser.getLeft(); username = UUID.randomUUID().toString(); - userManager.insertUser(event.getOrganizationId(), username, "test", "test", "test@example.com", Role.API_CONSUMER, User.Type.INTERNAL); + userManager.insertUser(event.getOrganizationId(), username, "test", "test", "test@example.com", Role.API_CONSUMER, User.Type.INTERNAL, null); } @Test diff --git a/src/test/java/alfio/controller/api/v1/SubscriptionApiV1IntegrationTest.java b/src/test/java/alfio/controller/api/v1/SubscriptionApiV1IntegrationTest.java index b2b1454b26..ce8029c08b 100644 --- a/src/test/java/alfio/controller/api/v1/SubscriptionApiV1IntegrationTest.java +++ b/src/test/java/alfio/controller/api/v1/SubscriptionApiV1IntegrationTest.java @@ -103,9 +103,9 @@ public void ensureConfiguration() { this.username = UUID.randomUUID().toString(); var organizationModification = new OrganizationModification(null, organizationName, "email@example.com", "org", null, null); - userManager.createOrganization(organizationModification); + userManager.createOrganization(organizationModification, null); var organization = organizationRepository.findByName(organizationName).orElseThrow(); - userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.API_CONSUMER, User.Type.INTERNAL); + userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.API_CONSUMER, User.Type.INTERNAL, null); this.principal = Mockito.mock(Principal.class); Mockito.when(principal.getName()).thenReturn(username); diff --git a/src/test/java/alfio/manager/ConfigurationManagerIntegrationTest.java b/src/test/java/alfio/manager/ConfigurationManagerIntegrationTest.java index a73485b1c7..877a00e2f0 100644 --- a/src/test/java/alfio/manager/ConfigurationManagerIntegrationTest.java +++ b/src/test/java/alfio/manager/ConfigurationManagerIntegrationTest.java @@ -100,7 +100,7 @@ void prepareEnv() { organizationRepository.create("org", "org", "email@example.com", null, null); Organization organization = organizationRepository.findByName("org").orElseThrow(); - userManager.insertUser(organization.getId(), USERNAME, "test", "test", "test@example.com", Role.OWNER, User.Type.INTERNAL); + userManager.insertUser(organization.getId(), USERNAME, "test", "test", "test@example.com", Role.OWNER, User.Type.INTERNAL, null); Map desc = new HashMap<>(); desc.put("en", "muh description"); diff --git a/src/test/java/alfio/manager/system/DataMigratorIntegrationTest.java b/src/test/java/alfio/manager/system/DataMigratorIntegrationTest.java index a9aca07939..da15744fce 100644 --- a/src/test/java/alfio/manager/system/DataMigratorIntegrationTest.java +++ b/src/test/java/alfio/manager/system/DataMigratorIntegrationTest.java @@ -100,7 +100,7 @@ private Pair initEvent(List categories organizationRepository.create(organizationName, "org", "email@example.com", null, null); Organization organization = organizationRepository.findByName(organizationName).get(); - userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.OPERATOR, User.Type.INTERNAL); + userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.OPERATOR, User.Type.INTERNAL, null); Map desc = new HashMap<>(); desc.put("en", "muh description"); diff --git a/src/test/java/alfio/test/util/IntegrationTestUtil.java b/src/test/java/alfio/test/util/IntegrationTestUtil.java index 3dd79133d6..8dbd5d1207 100644 --- a/src/test/java/alfio/test/util/IntegrationTestUtil.java +++ b/src/test/java/alfio/test/util/IntegrationTestUtil.java @@ -118,10 +118,10 @@ public static Pair initEvent(List cat String eventName = UUID.randomUUID().toString(); var organizationModification = new OrganizationModification(null, organizationName, "email@example.com", "org", null, null); - userManager.createOrganization(organizationModification); + userManager.createOrganization(organizationModification, null); Organization organization = organizationRepository.findByName(organizationName).orElseThrow(); - userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.OPERATOR, User.Type.INTERNAL); - userManager.insertUser(organization.getId(), username+"_owner", "test", "test", "test@example.com", Role.OWNER, User.Type.INTERNAL); + userManager.insertUser(organization.getId(), username, "test", "test", "test@example.com", Role.OPERATOR, User.Type.INTERNAL, null); + userManager.insertUser(organization.getId(), username+"_owner", "test", "test", "test@example.com", Role.OWNER, User.Type.INTERNAL, null); LocalDateTime expiration = LocalDateTime.now(ClockProvider.clock()).plusDays(5).plusHours(1);