add unit tests

Author: sudo87

plugins/api/discovery/src/main/java/org/apache/cloudstack/discovery/ApiDiscoveryServiceImpl.java

@@ -69,6 +69,7 @@ public class ApiDiscoveryServiceImpl extends ComponentLifecycleBase implements A
     List<APIChecker> _apiAccessCheckers = null;
     List<PluggableService> _services = null;
     protected static Map<String, ApiDiscoveryResponse> s_apiNameDiscoveryResponseMap = null;
+    public static final List<String> APIS_ALLOWED_FOR_PASSWORD_CHANGE = Arrays.asList("login", "logout", "updateUser", "listUsers", "listApis");
 
     @Inject
     AccountService accountService;
@@ -287,7 +288,7 @@ public ListResponse<? extends BaseResponse> listApis(User user, String name) {
             UserAccount userAccount = accountService.getUserAccountById(user.getId());
             Map<String, String> userAccDetails = userAccount.getDetails();
             if (MapUtils.isNotEmpty(userAccDetails) && "true".equalsIgnoreCase(userAccDetails.get(UserDetailVO.PasswordChangeRequired))) {
-                apisAllowed = Arrays.asList("login", "logout", "updateUser", "listUsers", "listApis");
+                apisAllowed = APIS_ALLOWED_FOR_PASSWORD_CHANGE;
             } else {
                 if (role.getRoleType() == RoleType.Admin && role.getId() == RoleType.Admin.getId()) {
                     logger.info(String.format("Account [%s] is Root Admin, all APIs are allowed.",

plugins/api/discovery/src/test/java/org/apache/cloudstack/discovery/ApiDiscoveryTest.java

@@ -22,6 +22,7 @@
 import com.cloud.user.AccountVO;
 import com.cloud.user.User;
 import com.cloud.user.UserAccount;
+import com.cloud.user.UserAccountVO;
 import com.cloud.user.UserVO;
 
 import org.apache.cloudstack.acl.APIChecker;
@@ -30,6 +31,8 @@
 import org.apache.cloudstack.acl.RoleType;
 import org.apache.cloudstack.acl.RoleVO;
 import org.apache.cloudstack.api.response.ApiDiscoveryResponse;
+import org.apache.cloudstack.api.response.ListResponse;
+import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -40,9 +43,12 @@
 import org.mockito.junit.MockitoJUnitRunner;
 
 import java.util.Arrays;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 
+import static org.apache.cloudstack.resourcedetail.UserDetailVO.PasswordChangeRequired;
+import static org.apache.cloudstack.resourcedetail.UserDetailVO.Setup2FADetail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.ArgumentMatchers.anyLong;
@@ -138,4 +144,29 @@ public void listApisTestGetsApisAllowedToUserOnUserRole() throws PermissionDenie
 
         Mockito.verify(apiCheckerMock, Mockito.times(1)).getApisAllowedToUser(any(Role.class), any(User.class), anyList());
     }
+
+    @Test
+    public void listApisForUserWithoutEnforcedPwdChange() throws PermissionDeniedException {
+        RoleVO userRoleVO = new RoleVO(4L, "name", RoleType.User, "description");
+        Map<String, String> userDetails = new HashMap<>();
+        userDetails.put(Setup2FADetail, UserAccountVO.Setup2FAstatus.ENABLED.name());
+        Mockito.when(mockUserAccount.getDetails()).thenReturn(userDetails);
+        Mockito.when(accountServiceMock.getAccount(Mockito.anyLong())).thenReturn(getNormalAccount());
+        Mockito.when(roleServiceMock.findRole(Mockito.anyLong())).thenReturn(userRoleVO);
+        discoveryServiceSpy.listApis(getTestUser(), null);
+        Mockito.verify(apiCheckerMock, Mockito.times(1)).getApisAllowedToUser(any(Role.class), any(User.class), anyList());
+    }
+
+    @Test
+    public void listApisForUserEnforcedPwdChange() throws PermissionDeniedException {
+        RoleVO userRoleVO = new RoleVO(4L, "name", RoleType.User, "description");
+        Map<String, String> userDetails = new HashMap<>();
+        userDetails.put(PasswordChangeRequired, "true");
+        Mockito.when(mockUserAccount.getDetails()).thenReturn(userDetails);
+        Mockito.when(accountServiceMock.getAccount(Mockito.anyLong())).thenReturn(getNormalAccount());
+        Mockito.when(roleServiceMock.findRole(Mockito.anyLong())).thenReturn(userRoleVO);
+        Mockito.when(apiNameDiscoveryResponseMapMock.get(Mockito.anyString())).thenReturn(Mockito.mock(ApiDiscoveryResponse.class));
+        ListResponse<ApiDiscoveryResponse> response = (ListResponse<ApiDiscoveryResponse>) discoveryServiceSpy.listApis(getTestUser(), null);
+        Assert.assertEquals(5, response.getResponses().size());
+    }
 }

server/src/test/java/com/cloud/user/AccountManagerImplTest.java

@@ -432,6 +432,19 @@ public void updateUserTestTimeZoneAndEmailNotNull() {
         prepareMockAndExecuteUpdateUserTest(1);
     }
 
+    @Test
+    public void updateUserTestPwdChange() {
+        Mockito.doReturn(true).when(UpdateUserCmdMock).isPasswordChangeRequired();
+        Mockito.when(userVoMock.getAccountId()).thenReturn(10L);
+        Mockito.doReturn(accountMock).when(accountManagerImpl).getAccount(10L);
+        Mockito.when(accountMock.getAccountId()).thenReturn(10L);
+        Mockito.doReturn(false).when(accountManagerImpl).isRootAdmin(10L);
+        Mockito.lenient().when(accountManagerImpl.getRoleType(Mockito.eq(accountMock))).thenReturn(RoleType.User);
+        Mockito.when(callingUser.getAccountId()).thenReturn(1L);
+        Mockito.doReturn(true).when(accountManagerImpl).isRootAdmin(1L);
+        prepareMockAndExecuteUpdateUserTest(0);
+    }
+
     private void prepareMockAndExecuteUpdateUserTest(int numberOfExpectedCallsForSetEmailAndSetTimeZone) {
         Mockito.doReturn("password").when(UpdateUserCmdMock).getPassword();
         Mockito.doReturn("newpassword").when(UpdateUserCmdMock).getCurrentPassword();