fix update user workflow

bernardodemarco · bernardodemarco · commit 00dc78e6f7fd · 2026-03-02T18:19:46.000-03:00
diff --git a/server/src/main/java/com/cloud/user/AccountManagerImpl.java b/server/src/main/java/com/cloud/user/AccountManagerImpl.java
@@ -1937,7 +1937,7 @@ protected Account getCurrentCallingAccount() {
     }
 
     /**
-     * Validates user API and Secret keys. If a new pair of keys is provided, we update them in the user POJO.
+     * Validates user API and Secret keys. If a new pair of keys is provided, we update them in the key pair POJO.
      * <ul>
      * <li>When updating the keys, it must be provided a pair (API and Secret keys); otherwise, an {@link InvalidParameterValueException} is thrown.
      * <li>If a pair of keys is provided, we validate to see if there is an user already using the provided API key. If there is someone else using, we throw an {@link InvalidParameterValueException} because two users cannot have the same API key.
@@ -1950,25 +1950,25 @@ protected void validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmd updateUser
         boolean isApiKeyBlank = StringUtils.isBlank(apiKey);
         boolean isSecretKeyBlank = StringUtils.isBlank(secretKey);
         if (isApiKeyBlank ^ isSecretKeyBlank) {
-            throw new InvalidParameterValueException("Please provide a userApiKey/userSecretKey pair");
+            throw new InvalidParameterValueException("Please provide a valid API and secret key pair.");
         }
         if (isApiKeyBlank && isSecretKeyBlank) {
             return;
         }
-        Ternary<User, Account, ApiKeyPair> keyPairTernary = findUserByApiKey(apiKey);
-        if (keyPairTernary == null) {
-            throw new InvalidParameterValueException(String.format("The API key [%s] does not exist in the system. Please provide a valid key.", apiKey));
+
+        ApiKeyPairVO lastUserKeyPair = apiKeyPairDao.getLastApiKeyCreatedByUser(user.getId());
+        if (lastUserKeyPair == null) {
+            throw new InvalidParameterValueException(String.format("User [%s] has no active API key pairs to be updated.", user.getUsername()));
         }
 
-        User userThatHasTheProvidedApiKey = keyPairTernary.first();
-        if (userThatHasTheProvidedApiKey.getId() != user.getId()) {
+        Ternary<User, Account, ApiKeyPair> keyPairTernary = findUserByApiKey(apiKey);
+        if (keyPairTernary != null) {
             throw new InvalidParameterValueException(String.format("The API key [%s] already exists in the system. Please provide a unique key.", apiKey));
         }
 
-        ApiKeyPairVO keyPair = (ApiKeyPairVO) keyPairTernary.third();
-        keyPair.setApiKey(apiKey);
-        keyPair.setSecretKey(secretKey);
-        apiKeyPairDao.update(keyPair.getId(), keyPair);
+        lastUserKeyPair.setApiKey(apiKey);
+        lastUserKeyPair.setSecretKey(secretKey);
+        apiKeyPairDao.update(lastUserKeyPair.getId(), lastUserKeyPair);
     }
 
     protected void validateAndUpdateUserApiKeyAccess(UpdateUserCmd updateUserCmd, UserVO user) {
diff --git a/server/src/test/java/com/cloud/user/AccountManagerImplTest.java b/server/src/test/java/com/cloud/user/AccountManagerImplTest.java
@@ -513,7 +513,6 @@ private void prepareMockAndExecuteUpdateUserTest(int numberOfExpectedCallsForSet
         Mockito.doReturn("password").when(UpdateUserCmdMock).getPassword();
         Mockito.doReturn("newpassword").when(UpdateUserCmdMock).getCurrentPassword();
         Mockito.doReturn(userVoMock).when(accountManagerImpl).retrieveAndValidateUser(UpdateUserCmdMock);
-        Mockito.doReturn(apiKeyPairVOMock).when(accountManagerImpl).validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
         Mockito.doReturn(accountMock).when(accountManagerImpl).retrieveAndValidateAccount(userVoMock);
 
         Mockito.doNothing().when(accountManagerImpl).validateAndUpdateFirstNameIfNeeded(UpdateUserCmdMock, userVoMock);
@@ -564,33 +563,35 @@ public void retrieveAndValidateUserTestUserIsFound() {
     }
 
     @Test
-    public void validateAndUpdatApiAndSecretKeyIfNeededTestNoKeys() {
+    public void validateAndUpdateApiAndSecretKeyIfNeededTestNoKeys() {
         accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
 
+        Mockito.verify(apiKeyPairDaoMock, Mockito.times(0)).getLastApiKeyCreatedByUser(Mockito.anyLong());
         Mockito.verify(accountManagerImpl, Mockito.times(0)).findUserByApiKey(Mockito.anyString());
     }
 
     @Test(expected = InvalidParameterValueException.class)
-    public void validateAndUpdatApiAndSecretKeyIfNeededTestOnlyApiKeyInformed() {
+    public void validateAndUpdateApiAndSecretKeyIfNeededTestOnlyApiKeyInformed() {
         Mockito.doReturn("apiKey").when(UpdateUserCmdMock).getApiKey();
 
         accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
     }
 
     @Test(expected = InvalidParameterValueException.class)
-    public void validateAndUpdatApiAndSecretKeyIfNeededTestOnlySecretKeyInformed() {
+    public void validateAndUpdateApiAndSecretKeyIfNeededTestOnlySecretKeyInformed() {
         Mockito.doReturn("secretKey").when(UpdateUserCmdMock).getSecretKey();
 
         accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
     }
 
     @Test(expected = InvalidParameterValueException.class)
-    public void validateAndUpdatApiAndSecretKeyIfNeededTestApiKeyAlreadyUsedBySomeoneElse() {
+    public void validateAndUpdateApiAndSecretKeyIfNeededTestApiKeyAlreadyUsedBySomeoneElse() {
         String apiKey = "apiKey";
         Mockito.doReturn(apiKey).when(UpdateUserCmdMock).getApiKey();
         Mockito.doReturn("secretKey").when(UpdateUserCmdMock).getSecretKey();
 
         Mockito.doReturn(1L).when(userVoMock).getId();
+        Mockito.doReturn(apiKeyPairVOMock).when(apiKeyPairDaoMock).getLastApiKeyCreatedByUser(1L);
 
         User otherUserMock = Mockito.mock(User.class);
 
@@ -600,6 +601,15 @@ public void validateAndUpdatApiAndSecretKeyIfNeededTestApiKeyAlreadyUsedBySomeon
         accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
     }
 
+    @Test(expected = InvalidParameterValueException.class)
+    public void validateAndUpdateApiAndSecretKeyIfNeededTestUserHasNoActiveApiKeyPair() {
+        String apiKey = "apiKey";
+        Mockito.doReturn(apiKey).when(UpdateUserCmdMock).getApiKey();
+        Mockito.doReturn("secretKey").when(UpdateUserCmdMock).getSecretKey();
+        Mockito.doReturn(1L).when(userVoMock).getId();
+        accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
+    }
+
     @Test
     public void validateAndUpdateApiAndSecretKeyIfNeededTest() {
         String apiKey = "apiKey";
@@ -608,12 +618,8 @@ public void validateAndUpdateApiAndSecretKeyIfNeededTest() {
         String secretKey = "secretKey";
         Mockito.doReturn(secretKey).when(UpdateUserCmdMock).getSecretKey();
 
-        User otherUserMock = Mockito.mock(User.class);
-        Mockito.doReturn(userVoIdMock).when(otherUserMock).getId();
-
-        Ternary<User, Account, ApiKeyPair> pairUserAccountMock = new Ternary<>(otherUserMock, Mockito.mock(Account.class), apiKeyPairVOMock);
-        Mockito.doReturn(pairUserAccountMock).when(accountManagerImpl).findUserByApiKey(apiKey);
-        Mockito.doReturn(accountVoMock).when(_accountDao).findById(Mockito.anyLong());
+        Mockito.doReturn(1L).when(userVoMock).getId();
+        Mockito.doReturn(apiKeyPairVOMock).when(apiKeyPairDaoMock).getLastApiKeyCreatedByUser(1L);
 
         accountManagerImpl.validateAndUpdateApiAndSecretKeyIfNeeded(UpdateUserCmdMock, userVoMock);
 
@@ -623,7 +629,7 @@ public void validateAndUpdateApiAndSecretKeyIfNeededTest() {
     }
 
     @Test
-    public void validateAndUpdatUserApiKeyAccess() {
+    public void validateAndUpdateUserApiKeyAccess() {
         Mockito.doReturn("Enabled").when(UpdateUserCmdMock).getApiKeyAccess();
         try (MockedStatic<ActionEventUtils> eventUtils = Mockito.mockStatic(ActionEventUtils.class)) {
             Mockito.when(ActionEventUtils.onActionEvent(Mockito.anyLong(), Mockito.anyLong(),
@@ -643,7 +649,7 @@ public void validateAndUpdatUserApiKeyAccessInvalidParameter() {
     }
 
     @Test
-    public void validateAndUpdatAccountApiKeyAccess() {
+    public void validateAndUpdateAccountApiKeyAccess() {
         Mockito.doReturn("Inherit").when(UpdateAccountCmdMock).getApiKeyAccess();
         try (MockedStatic<ActionEventUtils> eventUtils = Mockito.mockStatic(ActionEventUtils.class)) {
             Mockito.when(ActionEventUtils.onActionEvent(Mockito.anyLong(), Mockito.anyLong(),
@@ -657,7 +663,7 @@ public void validateAndUpdatAccountApiKeyAccess() {
     }
 
     @Test(expected = InvalidParameterValueException.class)
-    public void validateAndUpdatAccountApiKeyAccessInvalidParameter() {
+    public void validateAndUpdateAccountApiKeyAccessInvalidParameter() {
         Mockito.doReturn("False").when(UpdateAccountCmdMock).getApiKeyAccess();
         accountManagerImpl.validateAndUpdateAccountApiKeyAccess(UpdateAccountCmdMock, accountVoMock);
     }
