// session api isn't typically exposed to the user, as it is implicit
SessionApi sessionApi = context.utils().injector().getInstance(SessionApi.class);
// Check the user can really login with the changed password
// NOTE: the password is NOT returned in the User object returned from the server
SessionWithToken sessionWithToken = sessionApi.loginUserInOrgWithPassword(URI.create(endpoint + "/sessions"), user.getName(), org.getName(), "newPassword");
assertNotNull(sessionWithToken.getToken());
sessionApi.logoutSessionWithToken(sessionWithToken.getSession().getHref(), sessionWithToken.getToken());
}
@Test(description = "POST /admin/user/{id}/action/unlock", dependsOnMethods = { "testEditUser" })