feat: build admin lock/unlock account flow #171
Conversation
feat: added test cases
UditThakkar
changed the title
There was a problem hiding this comment.
Pull Request Overview
This pull request implements a new admin endpoint to toggle the lock status of a user account. Key changes include adding a new LockAccountDto and related test support classes, integrating the lock toggle functionality into UserService and AdminApi, and updating security configuration to include a custom authentication failure handler.
Reviewed Changes
Copilot reviewed 12 out of 12 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/test/java/com/digitalsanctuary/spring/user/api/provider/holder/ApiTestArgumentsHolder.java | Added support for LockAccountDto in API test arguments. |
| src/test/java/com/digitalsanctuary/spring/user/api/provider/ApiTestLockAccountArgumentsProvider.java | Provided new test cases for lock account flow. |
| src/test/java/com/digitalsanctuary/spring/user/api/data/DataStatus.java | Extended DataStatus enum with NOT_FOUND status. |
| src/test/java/com/digitalsanctuary/spring/user/api/data/ApiTestData.java | Added new methods for lock account test responses. |
| src/test/java/com/digitalsanctuary/spring/user/api/AdminApiTest.java | Introduced tests for toggle lock status but with an endpoint mismatch. |
| src/main/java/com/digitalsanctuary/spring/user/util/ResponseUtil.java | Created utility methods for error and success JSON responses. |
| src/main/java/com/digitalsanctuary/spring/user/service/UserService.java | Implemented the toggleLockStatus method for toggling user lock state. |
| src/main/java/com/digitalsanctuary/spring/user/security/* | Updated security configuration and failure handling. |
| src/main/java/com/digitalsanctuary/spring/user/api/AdminApi.java | Added a new admin endpoint for toggling user lock status. |
| new String[]{"Account Locked"}, null | ||
| ); | ||
| } | ||
| public static Response lockAccountFailry() { |
There was a problem hiding this comment.
The method name 'lockAccountFailry' appears to be misspelled. Consider renaming it to 'lockAccountFailure' for clarity.
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| @ParameterizedTest | ||
| @ArgumentsSource(ApiTestLockAccountArgumentsProvider.class) | ||
| public void toggleLockStatusOfUser(ApiTestArgumentsHolder argumentsHolder) throws Exception { | ||
| ResultActions action = perform(MockMvcRequestBuilders.post(URL + "/lock").contentType(MediaType.APPLICATION_FORM_URLENCODED) |
There was a problem hiding this comment.
The test is calling the '/lock' endpoint but the implemented endpoint is '/toggleLockStatus'. Update the test to use the correct endpoint.
| ResultActions action = perform(MockMvcRequestBuilders.post(URL + "/lock").contentType(MediaType.APPLICATION_FORM_URLENCODED) | |
| ResultActions action = perform(MockMvcRequestBuilders.post(URL + "/toggleLockStatus").contentType(MediaType.APPLICATION_FORM_URLENCODED) |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
|
High level comment: I don't love the lock API or service methods being toggles. I think there should be lockAccount and unlockAccount. I shouldn't have to query the current value, and then call the API to change it, hoping it hasn't changed in the mean time. I should be able to have largely idempotent clear actions. |
Thanks for the feedback! That makes sense I actually worked on a project where we had a similar feature with a "Lock Access" toggle in the admin panel. I see the benefit of having separate endpoints for clarity and idempotency. I’ll update the API to include distinct lockAccount and unlockAccount endpoints. |
|
I have updated the code, please help to check @devondragon |
| new ApiTestArgumentsHolder( | ||
| ApiTestData.getEmptyLockAccountDto(), | ||
| DataStatus.INVALID, | ||
| ApiTestData.invalidBodyLockAccountFailry() |
There was a problem hiding this comment.
Consider correcting the spelling 'Failry' to 'Failure' in the method call 'invalidBodyLockAccountFailry()'.
| ApiTestData.invalidBodyLockAccountFailry() | |
| ApiTestData.invalidBodyLockAccountFailure() |
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| new String[]{"Account Locked"}, null | ||
| ); | ||
| } | ||
| public static Response lockAccountFailry() { |
There was a problem hiding this comment.
Consider correcting the spelling 'Failry' to 'Failure' in 'lockAccountFailry()'.
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
| new String[]{"User not found"}, null | ||
| ); | ||
| } | ||
| public static Response invalidBodyLockAccountFailry() { |
There was a problem hiding this comment.
Consider correcting the spelling 'Failry' to 'Failure' in 'invalidBodyLockAccountFailry()'.
Copilot is powered by AI, so mistakes are possible. Review output carefully before use.
src/test/java/com/digitalsanctuary/spring/user/api/AdminApiTest.java
Outdated
Show resolved
Hide resolved
…t.java Co-authored-by: Copilot <[email protected]>
devondragon
merged commit 3eb7801
into
devondragon:issue-32-Build-Admin-Lock-Account-Flow
This pull request introduces a new REST API endpoint
/admin/toggleLockStatusthat allows adminsto toggle the lock status of a user account.Key changes include:
toggleLockStatusPOST endpoint under the/adminpath.LockAccountDtocontaining the user's email.UserServiceto perform the logic of toggling the account lock status.LockAccountDtoto ensure the email is provided.Link to the issue: #32