Skip to content

Commit

Permalink
attribute verification page update
Browse files Browse the repository at this point in the history
  • Loading branch information
@KaterynaHonchar
KaterynaHonchar committed Dec 9, 2022
1 parent 41ad158 commit 013c901
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 22 deletions.
2 changes: 1 addition & 1 deletion ...ui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageAttributeVerification.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
<h4>
<wicket:message key="PageAttributeVerification.attributeVerificationLabel"/>
</h4>
<hr>
<div wicket:id="csrfField"/>
<div wicket:id="attributes">
<label wicket:id="attributeName"></label>
<input type="text" class="form-control form-control-sm" wicket:id="attributeValue"/>
Expand Down
68 changes: 49 additions & 19 deletions ...ui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageAttributeVerification.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,19 @@
import com.evolveum.midpoint.web.component.AjaxSubmitButton;
import com.evolveum.midpoint.web.component.form.MidpointForm;
import com.evolveum.midpoint.web.component.prism.DynamicFormPanel;
import com.evolveum.midpoint.web.security.util.SecurityQuestionDto;
import com.evolveum.midpoint.web.page.error.PageError;
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AttributeVerificationAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;

import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;

import org.apache.commons.lang3.StringUtils;
import org.apache.wicket.RestartResponseException;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.basic.Label;
import org.apache.wicket.markup.html.form.RequiredTextField;
import org.apache.wicket.markup.html.list.ListItem;
Expand Down Expand Up @@ -54,6 +58,7 @@ public class PageAttributeVerification extends PageAuthenticationBase {
private static final String ID_ATTRIBUTE_VALUE = "attributeValue";
private static final String ID_SUBMIT_BUTTON = "submit";
private static final String ID_BACK_BUTTON = "back";
private static final String ID_CSRF_FIELD = "csrfField";

LoadableDetachableModel<List<ItemPathType>> attributesPathModel;
private LoadableDetachableModel<UserType> userModel;
Expand All @@ -76,39 +81,64 @@ protected UserType load() {

@Override
protected List<ItemPathType> load() {
UserType user = userModel.getObject();
if (user == null) {
getSession().error(getString("User not found"));
throw new RestartResponseException(PageAttributeVerification.class);
}
SecurityPolicyType securityPolicy = resolveSecurityPolicy(((UserType) user).asPrismObject());
if (securityPolicy == null) {
getSession().error(getString("Security policy not found"));
throw new RestartResponseException(PageAttributeVerification.class);
}
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (authentication instanceof MidpointAuthentication) {
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication != null
&& AuthenticationModuleNameConstants.ATTRIBUTE_VERIFICATION.equals(moduleAuthentication.getModuleTypeName())) {

}
getSession().error(getString("No midPoint authentication is found"));
throw new RestartResponseException(PageError.class);
}
MidpointAuthentication mpAuthentication = (MidpointAuthentication) authentication;
ModuleAuthentication moduleAuthentication = mpAuthentication.getProcessingModuleAuthentication();
if (moduleAuthentication == null
&& !AuthenticationModuleNameConstants.ATTRIBUTE_VERIFICATION.equals(moduleAuthentication.getModuleTypeName())) {
getSession().error(getString("No authentication module is found"));
throw new RestartResponseException(PageError.class);
}
if (StringUtils.isEmpty(moduleAuthentication.getModuleIdentifier())) {
getSession().error(getString("No module identifier is defined"));
throw new RestartResponseException(PageError.class);
}
AttributeVerificationAuthenticationModuleType module = getModuleByIdentifier(moduleAuthentication.getModuleIdentifier());
if (module == null) {
getSession().error(getString("No module with identifier \"" + moduleAuthentication.getModuleIdentifier() + "\" is found"));
throw new RestartResponseException(PageError.class);
}
return new ArrayList<>();
return module.getPath();
}
};
}

private AttributeVerificationAuthenticationModuleType getModuleByIdentifier(String moduleIdentifier) {
if (StringUtils.isEmpty(moduleIdentifier)) {
return null;
}
UserType user = userModel.getObject();
if (user == null) {
getSession().error(getString("User not found"));
throw new RestartResponseException(PageError.class);
}
SecurityPolicyType securityPolicy = resolveSecurityPolicy(((UserType) user).asPrismObject());
if (securityPolicy == null || securityPolicy.getAuthentication() == null) {
getSession().error(getString("Security policy not found"));
throw new RestartResponseException(PageError.class);
}
return securityPolicy.getAuthentication().getModules().getAttributeVerification()
.stream()
.filter(m -> moduleIdentifier.equals(m.getIdentifier()) || moduleIdentifier.equals(m.getName()))
.findFirst()
.orElse(null);
}

@Override
protected void initCustomLayout() {
MidpointForm<?> form = new MidpointForm<>(ID_MAIN_FORM);
add(form);

WebMarkupContainer csrfField = SecurityUtils.createHiddenInputForCsrf(ID_CSRF_FIELD);
form.add(csrfField);

initAttributesLayout(form);

initButtons(form);

}

private void initAttributesLayout(MidpointForm<?> form) {
Expand Down
12 changes: 10 additions & 2 deletions ...pl/src/main/java/com/evolveum/midpoint/authentication/impl/filter/MidpointAuthFilter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@

import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;

import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;

import org.apache.commons.collections4.CollectionUtils;
Expand Down Expand Up @@ -459,7 +460,7 @@ private AuthenticationsPolicyType getAuthenticationPolicy(
}

private PrismObject<SecurityPolicyType> resolveSecurityPolicy(MidpointAuthentication mpAuthentication) throws SchemaException {
if (!isPrincipalAuthenticated(mpAuthentication)) {
if (!principalExists(mpAuthentication)) {
return getGlobalSecurityPolicy();
}
PrismObject<SecurityPolicyType> securityPolicy = null;
Expand All @@ -472,7 +473,14 @@ private PrismObject<SecurityPolicyType> resolveSecurityPolicy(MidpointAuthentica

private boolean isPrincipalAuthenticated(MidpointAuthentication mpAuthentication) {
return mpAuthentication != null && mpAuthentication.isAuthenticated() && mpAuthentication.getPrincipal() != null && !mpAuthentication.isAnonymous();
}
}

private boolean principalExists(MidpointAuthentication mpAuthentication) {
return mpAuthentication != null && mpAuthentication.getPrincipal() != null
&& mpAuthentication.getPrincipal() instanceof MidPointPrincipal;
}



private PrismObject<SecurityPolicyType> getGlobalSecurityPolicy() throws SchemaException {
return systemObjectCache.getSecurityPolicy();
Expand Down

0 comments on commit 013c901

Please sign in to comment.