[SHIBUI-1031]

Modified PUT to only update fields if they are not blank.
TIER · Jan 7, 2019 · 9560ad0 · 9560ad0
1 parent fbe3075
commit 9560ad0
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java b/...main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
@@ -5,10 +5,12 @@
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserRoleService;
+import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.bcrypt.BCrypt;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -86,10 +88,18 @@ ResponseEntity<?> saveOne(@RequestBody User user) {
     @PutMapping("/{username}")
     ResponseEntity<?> updateOne(@PathVariable(value = "username") String username, @RequestBody User user) {
         User persistedUser = findUserOrThrowHttp404(username);
-        persistedUser.setPassword(user.getPassword()); //TODO: encrypt password?
-        persistedUser.setFirstName(user.getFirstName());
-        persistedUser.setLastName(user.getLastName());
-        persistedUser.setEmailAddress(user.getEmailAddress());
+        if (StringUtils.isNotBlank(user.getFirstName())) {
+            persistedUser.setFirstName(user.getFirstName());
+        }
+        if (StringUtils.isNotBlank(user.getLastName())) {
+            persistedUser.setLastName(user.getLastName());
+        }
+        if (StringUtils.isNotBlank(user.getEmailAddress())) {
+            persistedUser.setEmailAddress(user.getEmailAddress());
+        }
+        if (StringUtils.isNotBlank(user.getPassword())) {
+            persistedUser.setPassword(BCrypt.hashpw(user.getPassword(), BCrypt.gensalt()));
+        }
         userRoleService.updateUserRole(persistedUser);
         User savedUser = userRepository.save(persistedUser);
         return ResponseEntity.ok(savedUser);

diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/model/User.java
@@ -49,9 +49,7 @@ public class User extends AbstractAuditable {
     @Transient
     private String role;
 
-    //Ignore properties annotation here is to prevent stack overflow recursive error during JSON serialization
     @JsonIgnore
-//    @JsonIgnoreProperties("users")
     @ManyToMany(cascade = CascadeType.ALL)
     @JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id"), inverseJoinColumns = @JoinColumn(name = "role_id"))
     private Set<Role> roles = new HashSet<>();