add website to set and change WebUser API password

src/main/java/de/rwth/idsg/steve/config/SecurityConfiguration.java

@@ -79,6 +79,8 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
                         //only allowed to change the own password
                     .requestMatchers(prefix + "/webusers" + "/password/{name}")
                         .access(new WebExpressionAuthorizationManager("#name == authentication.name"))
+                    .requestMatchers(prefix + "/webusers" + "/apipassword/{name}")
+                        .access(new WebExpressionAuthorizationManager("#name == authentication.name"))
                         // otherwise denies access on backToOverview!
                     .requestMatchers(toOverview).hasAnyAuthority("USER", "ADMIN")
                     .requestMatchers(HttpMethod.GET, prefix + "/webusers/**").hasAnyAuthority("USER", "ADMIN")

src/main/java/de/rwth/idsg/steve/repository/WebUserRepository.java

@@ -43,6 +43,8 @@ public interface WebUserRepository  {
     void changePassword(String username, String newPassword);
 
     void changePassword(Integer userPk, String newPassword);
+
+    void changeApiPassword(Integer userPk, String newPassword);
 
     boolean userExists(String username);
 

src/main/java/de/rwth/idsg/steve/repository/impl/WebUserRepositoryImpl.java

@@ -129,6 +129,14 @@ public void changePassword(Integer userPk, String newPassword) {
             .execute();
     }
 
+    @Override
+    public void changeApiPassword(Integer userPk, String newPassword) {
+        ctx.update(WEB_USER)
+            .set(WEB_USER.API_PASSWORD, newPassword)
+            .where(WEB_USER.WEB_USER_PK.eq(userPk))
+            .execute();
+    }
+
     @Override
     public boolean userExists(String username) {
         return ctx.selectOne()

src/main/java/de/rwth/idsg/steve/service/WebUserService.java

@@ -208,6 +208,14 @@ public void update(WebUserBaseForm form) {
     public void updatePassword(WebUserForm form) {
         webUserRepository.changePassword(form.getWebUserPk(), encoder.encode(form.getPassword()));
     }
+
+    public void updateApiPassword(WebUserForm form) {
+        String newPassword = null;
+        if (form.getApiPassword() != null) {
+            newPassword = encoder.encode(form.getApiPassword());
+        }
+        webUserRepository.changeApiPassword(form.getWebUserPk(), newPassword);
+    }
 
     public List<WebUserOverview> getOverview(WebUserQueryForm form) {
         return webUserRepository.getOverview(form)

src/main/java/de/rwth/idsg/steve/web/controller/WebUsersController.java

@@ -55,6 +55,7 @@ public class WebUsersController {
     private static final String UPDATE_PATH = "/update";
     private static final String ADD_PATH = "/add";
     private static final String PASSWORD_PATH = "/password/{webUserName}";
+    private static final String API_PASSWORD_PATH = "/apipassword/{webUserName}";
 
     // -------------------------------------------------------------------------
     // HTTP methods
@@ -136,8 +137,31 @@ public String passwordChange(@Valid @ModelAttribute("webuserForm") WebUserForm w
         }
 
         webUserService.updatePassword(webuserForm);
-        String redirect_str = String.format("redirect:/manager/webusers/details/%s", webuserForm.getWebUserPk());
-        return redirect_str;
+        return toDetails(webuserForm.getWebUserPk());
+    }
+
+    @RequestMapping(value = API_PASSWORD_PATH, method = RequestMethod.GET)
+    public String apiPasswordChangeGet(@PathVariable("webUserName") String webUserName, Model model) {
+        WebUserForm webUserForm = new WebUserForm();
+        WebUserBaseForm webUserBaseForm = webUserService.getDetails(webUserName);
+        webUserForm.setWebUserPk(webUserBaseForm.getWebUserPk());
+        webUserForm.setWebUsername(webUserBaseForm.getWebUsername());
+        webUserForm.setAuthorities(webUserBaseForm.getAuthorities());
+        webUserForm.setEnabled(webUserBaseForm.getEnabled());
+
+        model.addAttribute("webuserForm", webUserForm);
+        return "data-man/webuserApiPassword";
+    }
+
+    @RequestMapping(params = "change", value = API_PASSWORD_PATH, method = RequestMethod.POST)
+    public String apiPasswordChange(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm,
+                         BindingResult result, Model model) {
+        if (result.hasErrors()) {
+            return "data-man/webuserApiPassword";
+        }
+
+        webUserService.updateApiPassword(webuserForm);
+        return toDetails(webuserForm.getWebUserPk());
     }
 
     @RequestMapping(value = DELETE_PATH, method = RequestMethod.POST)
@@ -153,8 +177,13 @@ public String delete(@PathVariable("webUserPk") Integer webUserPk) {
     @RequestMapping(params = "backToOverview", value = PASSWORD_PATH, method = RequestMethod.POST)
     public String passwordBackToOverview(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm,
                          BindingResult result, Model model) {
-        String redirect_str = String.format("redirect:/manager/webusers/details/%s", webuserForm.getWebUserPk());
-        return redirect_str;
+        return toDetails(webuserForm.getWebUserPk());
+    }
+
+    @RequestMapping(params = "backToOverview", value = API_PASSWORD_PATH, method = RequestMethod.POST)
+    public String apiPasswordBackToOverview(@Valid @ModelAttribute("webuserForm") WebUserForm webuserForm,
+                         BindingResult result, Model model) {
+        return toDetails(webuserForm.getWebUserPk());
     }
 
     @RequestMapping(params = "backToOverview", value = ADD_PATH, method = RequestMethod.POST)
@@ -170,4 +199,9 @@ public String updateBackToOverview() {
     private String toOverview() {
         return "redirect:/manager/webusers";
     }
+
+    private String toDetails(Integer userPk) {
+        String redirect_str = String.format("redirect:/manager/webusers/details/%s", userPk);
+        return redirect_str;
+    }
 }

src/main/java/de/rwth/idsg/steve/web/dto/WebUserForm.java

@@ -42,7 +42,7 @@ public class WebUserForm extends WebUserBaseForm {
     @AssertFalse(message = "The repeated password did not match!")
     private Boolean pwError;
 
-    private String apiToken = "";
+    private String apiPassword = "";
 
     public void setPassword(String password) {
         this.password = password;
@@ -56,7 +56,7 @@ public void setPasswordComparison(String passwordComparison) {
         }
     }
 
-    public void setApiToken(String apiToken) {
-        this.apiToken = apiToken;
+    public void setApiPassword(String apiPassword) {
+        this.apiPassword = apiPassword;
     }
 }

src/main/resources/webapp/WEB-INF/views/data-man/webuserApiPassword.jsp

@@ -0,0 +1,55 @@
+<%--
+
+    SteVe - SteckdosenVerwaltung - https://github.com/steve-community/steve
+    Copyright (C) 2013-2024 SteVe Community Team
+    All Rights Reserved.
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+--%>
+<%@ include file="../00-header.jsp" %>
+<spring:hasBindErrors name="webuserForm">
+    <div class="error">
+        Error while trying to change api password of webuser:
+        <ul>
+            <c:forEach var="error" items="${errors.allErrors}">
+                <li>${error.defaultMessage}</li>
+            </c:forEach>
+        </ul>
+    </div>
+</spring:hasBindErrors>
+<div class="content"><div>
+<section><span>Webuser change password</span></section>
+    <form:form action="${ctxPath}/manager/webusers/apipassword/${webuserForm.webUsername}" modelAttribute="webuserForm">
+       <table class="userInput">
+            <thead><tr><th>Webuser</th><th></th></thead>
+            <tbody>
+            <tr><td>Webusername:</td><td>${webuserForm.webUsername}
+                    <form:hidden path="webUsername" value="${webuserForm.webUsername}"/>
+                    <form:hidden path="webUserPk" value="${webuserForm.webUserPk}"/>
+                    <form:hidden path="password" value="doNotChange"/>
+                    <form:hidden path="passwordComparison" value="doNotChange"/>
+            </td></tr>
+            <tr><td>API Password:</td><td><form:password path="apiPassword" title="Set the API password"/></td></tr>
+            <tr><td></td>
+                <td id="add_space">
+                    <input type="submit" name="change" value="Change">
+                    <input type="submit" name="backToOverview" value="Back to Details">
+                </td>
+            </tr>
+            </tbody>
+        </table>
+    </form:form>
+</div></div>
+<%@ include file="../00-footer.jsp" %>

src/main/resources/webapp/WEB-INF/views/data-man/webuserDetails.jsp

@@ -44,6 +44,11 @@
                         <B>Change Password</B></a>
                     </td>
                 </tr>
+                <tr><td></td>
+                    <td><a href="${ctxPath}/manager/webusers/apipassword/${webuserForm.webUsername}">
+                        <B>Change API Password</B></a>
+                    </td>
+                </tr>
                 <tr><td>Roles:</td>
                     <td>
                         <select id="myRoleList" name="authorities" path="authorities" title="List of roles/authoriies the web-user has.">