feat: demo profile

prevents users from changing their password

.idea/runConfigurations/komga__bootRun__dev_demo.xml

@@ -0,0 +1,26 @@
+<component name="ProjectRunConfigurationManager">
+  <configuration default="false" name="komga [bootRun] dev,demo" type="GradleRunConfiguration" factoryName="Gradle">
+    <ExternalSystemSettings>
+      <option name="env">
+        <map>
+          <entry key="SPRING_PROFILES_ACTIVE" value="dev,demo" />
+        </map>
+      </option>
+      <option name="executionName" />
+      <option name="externalProjectPath" value="$PROJECT_DIR$" />
+      <option name="externalSystemIdString" value="GRADLE" />
+      <option name="scriptParameters" value="" />
+      <option name="taskDescriptions">
+        <list />
+      </option>
+      <option name="taskNames">
+        <list>
+          <option value="bootRun" />
+        </list>
+      </option>
+      <option name="vmOptions" value="" />
+    </ExternalSystemSettings>
+    <GradleScriptDebugEnabled>true</GradleScriptDebugEnabled>
+    <method v="2" />
+  </configuration>
+</component>

komga/src/main/kotlin/org/gotson/komga/interfaces/rest/UserController.kt

@@ -8,6 +8,7 @@ import org.gotson.komga.infrastructure.security.KomgaPrincipal
 import org.gotson.komga.infrastructure.security.KomgaUserDetailsLifecycle
 import org.gotson.komga.infrastructure.security.UserEmailAlreadyExistsException
 import org.gotson.komga.interfaces.rest.dto.toDto
+import org.springframework.core.env.Environment
 import org.springframework.data.repository.findByIdOrNull
 import org.springframework.http.HttpStatus
 import org.springframework.http.MediaType
@@ -36,9 +37,12 @@ private val logger = KotlinLogging.logger {}
 class UserController(
   private val userDetailsLifecycle: KomgaUserDetailsLifecycle,
   private val userRepository: KomgaUserRepository,
-  private val libraryRepository: LibraryRepository
+  private val libraryRepository: LibraryRepository,
+  env: Environment
 ) {
 
+  private val demo = env.activeProfiles.contains("demo")
+
   @GetMapping("me")
   fun getMe(@AuthenticationPrincipal principal: KomgaPrincipal): UserDto =
     principal.user.toDto()
@@ -49,6 +53,7 @@ class UserController(
     @AuthenticationPrincipal principal: KomgaPrincipal,
     @Valid @RequestBody newPasswordDto: PasswordUpdateDto
   ) {
+    if (demo) throw ResponseStatusException(HttpStatus.FORBIDDEN)
     userDetailsLifecycle.updatePassword(principal, newPasswordDto.password, false)
   }
 

komga/src/test/kotlin/org/gotson/komga/interfaces/rest/UserControllerTest.kt

@@ -0,0 +1,38 @@
+package org.gotson.komga.interfaces.rest
+
+import org.gotson.komga.infrastructure.security.KomgaUserDetailsLifecycle
+import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.extension.ExtendWith
+import org.springframework.beans.factory.annotation.Autowired
+import org.springframework.boot.test.autoconfigure.jdbc.AutoConfigureTestDatabase
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc
+import org.springframework.boot.test.context.SpringBootTest
+import org.springframework.http.MediaType
+import org.springframework.test.context.ActiveProfiles
+import org.springframework.test.context.junit.jupiter.SpringExtension
+import org.springframework.test.web.servlet.MockMvc
+import org.springframework.test.web.servlet.patch
+
+@ExtendWith(SpringExtension::class)
+@SpringBootTest
+@AutoConfigureTestDatabase
+@AutoConfigureMockMvc(printOnlyOnFailure = false)
+@ActiveProfiles("demo")
+class UserControllerTest(
+  @Autowired private val userDetailsLifecycle: KomgaUserDetailsLifecycle,
+  @Autowired private val mockMvc: MockMvc
+
+) {
+  @Test
+  @WithMockCustomUser
+  fun `given demo profile is active when a user tries to update its password via api then returns forbidden`() {
+    val jsonString = """{"password":"new"}"""
+
+    mockMvc.patch("/api/v1/users/me/password") {
+      contentType = MediaType.APPLICATION_JSON
+      content = jsonString
+    }.andExpect {
+      status { isForbidden }
+    }
+  }
+}