Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/master' into feature/forgot-user…
Browse files Browse the repository at this point in the history 
…name

* origin/master:
  MID-8842 ninja - disabled tests because of jenkins having panic attacks or something on master-quick build
  Audit runAs/runPrivileged properly
  Add forgotten dependency
  MID-8842 ninja - actions and ninja now can return custom system.exit code
  Add "privileges" item to expression/scripting rule
  MID-8842 ninja - ninja now can output non-zer error code in some cases, actions still need to be updated
  MID-8842 ninja - attempt to fix ninja tests
  MID-8842 ninja - removed obsolete test files
  MID-8842 ninja - enabled import test for ninja
  MID-8842 ninja - verification dump to csv fixed (was dumping xml delta in some cases between records)
  MID-8842 ninja - bugfixing distribution upgrade, more options for download distribution action
  • Loading branch information
@katkav
katkav committed Jul 31, 2023
2 parents 30ed46a + 6d6c41b commit 27beed1
Show file tree
Hide file tree
Showing 102 changed files with 1,611 additions and 6,202 deletions.
8 changes: 6 additions & 2 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/page/PageAdminLTE.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@

import com.evolveum.midpoint.schema.result.OperationResultStatus;

import com.evolveum.midpoint.security.api.SecurityContextManager.ResultAwareCheckedProducer;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.apache.wicket.Component;
Expand Down Expand Up @@ -749,8 +750,11 @@ public <T> T runPrivileged(Producer<T> producer) {
return securityContextManager.runPrivileged(producer);
}

public <T> T runAsChecked(CheckedProducer<T> producer, PrismObject<UserType> user) throws CommonException {
return securityContextManager.runAsChecked(producer, user);
public <T> T runAsChecked(
ResultAwareCheckedProducer<T> producer,
PrismObject<UserType> user,
OperationResult result) throws CommonException {
return securityContextManager.runAsChecked(producer, user, result);
}

@NotNull
Expand Down
69 changes: 39 additions & 30 deletions ...src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageRegistrationConfirmation.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -154,11 +154,14 @@ private void assignDefaultRoles(String userOid, PrismObject<UserType> administra
ObjectDelta<Objectable> delta = prismContext.deltaFor(UserType.class)
.item(UserType.F_ASSIGNMENT).addRealValues(assignmentsToCreate)
.asObjectDelta(userOid);
runAsChecked(() -> {
Task task = createSimpleTask(OPERATION_ASSIGN_DEFAULT_ROLES);
WebModelServiceUtils.save(delta, result, task, PageRegistrationConfirmation.this);
return null;
}, administrator);
runAsChecked(
(lResult) -> {
Task task = createSimpleTask(OPERATION_ASSIGN_DEFAULT_ROLES);
WebModelServiceUtils.save(delta, lResult, task, PageRegistrationConfirmation.this);
return null;
},
administrator,
result);
} catch (CommonException | RuntimeException e) {
result.recordFatalError(getString("PageRegistrationConfirmation.message.assignDefaultRoles.fatalError"), e);
throw e;
Expand All @@ -171,16 +174,19 @@ private void removeNonceAndSetLifecycleState(String userOid, NonceType nonce, Pr
OperationResult parentResult) throws CommonException {
OperationResult result = parentResult.createSubresult(OPERATION_REMOVE_NONCE_AND_SET_LIFECYCLE_STATE);
try {
runAsChecked(() -> {
Task task = createSimpleTask(OPERATION_REMOVE_NONCE_AND_SET_LIFECYCLE_STATE);
ObjectDelta<UserType> delta = getPrismContext().deltaFactory().object()
.createModificationDeleteContainer(UserType.class, userOid,
ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_NONCE),
nonce);
delta.addModificationReplaceProperty(UserType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_ACTIVE);
WebModelServiceUtils.save(delta, result, task, PageRegistrationConfirmation.this);
return null;
}, administrator);
runAsChecked(
(lResult) -> {
Task task = createSimpleTask(OPERATION_REMOVE_NONCE_AND_SET_LIFECYCLE_STATE);
ObjectDelta<UserType> delta = getPrismContext().deltaFactory().object()
.createModificationDeleteContainer(UserType.class, userOid,
ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_NONCE),
nonce);
delta.addModificationReplaceProperty(UserType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_ACTIVE);
WebModelServiceUtils.save(delta, lResult, task, PageRegistrationConfirmation.this);
return null;
},
administrator,
result);
} catch (CommonException | RuntimeException e) {
result.recordFatalError(getString("PageRegistrationConfirmation.message.removeNonceAndSetLifecycleState.fatalError"), e);
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't remove nonce and set lifecycle state", e);
Expand All @@ -197,21 +203,24 @@ private void assignAdditionalRoleIfPresent(String userOid, NonceType nonceType,
}
OperationResult result = parentResult.createSubresult(OPERATION_ASSIGN_ADDITIONAL_ROLE);
try {
runAsChecked(() -> {
Task task = createAnonymousTask(OPERATION_ASSIGN_ADDITIONAL_ROLE);
ObjectDelta<UserType> assignRoleDelta;
AssignmentType assignment = new AssignmentType();
assignment.setTargetRef(ObjectTypeUtil.createObjectRef(nonceType.getName(), ObjectTypes.ABSTRACT_ROLE));
getPrismContext().adopt(assignment);
List<ItemDelta> userDeltas = new ArrayList<>();
userDeltas.add(getPrismContext().deltaFactory().container().createModificationAdd(UserType.F_ASSIGNMENT,
UserType.class, assignment));
assignRoleDelta = getPrismContext().deltaFactory().object().createModifyDelta(userOid, userDeltas, UserType.class
);
assignRoleDelta.setPrismContext(getPrismContext());
WebModelServiceUtils.save(assignRoleDelta, result, task, PageRegistrationConfirmation.this);
return null;
}, administrator);
runAsChecked(
(lResult) -> {
Task task = createAnonymousTask(OPERATION_ASSIGN_ADDITIONAL_ROLE);
ObjectDelta<UserType> assignRoleDelta;
AssignmentType assignment = new AssignmentType();
assignment.setTargetRef(ObjectTypeUtil.createObjectRef(nonceType.getName(), ObjectTypes.ABSTRACT_ROLE));
getPrismContext().adopt(assignment);
List<ItemDelta> userDeltas = new ArrayList<>();
userDeltas.add(getPrismContext().deltaFactory().container().createModificationAdd(UserType.F_ASSIGNMENT,
UserType.class, assignment));
assignRoleDelta = getPrismContext().deltaFactory().object().createModifyDelta(userOid, userDeltas, UserType.class
);
assignRoleDelta.setPrismContext(getPrismContext());
WebModelServiceUtils.save(assignRoleDelta, lResult, task, PageRegistrationConfirmation.this);
return null;
},
administrator,
result);
} catch (CommonException | RuntimeException e) {
result.recordFatalError(getString("PageRegistrationConfirmation.message.assignAdditionalRoleIfPresent.fatalError"), e);
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't assign additional role", e);
Expand Down
66 changes: 36 additions & 30 deletions ...n-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageRegistrationFinish.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,11 +125,13 @@ private void assignDefaultRoles(String userOid, PrismObject<UserType> administra
ObjectDelta<Objectable> delta = prismContext.deltaFor(UserType.class)
.item(UserType.F_ASSIGNMENT).addRealValues(assignmentsToCreate)
.asObjectDelta(userOid);
runAsChecked(() -> {
Task task = createSimpleTask(OPERATION_ASSIGN_DEFAULT_ROLES);
WebModelServiceUtils.save(delta, result, task, PageRegistrationFinish.this);
return null;
}, administrator);
runAsChecked(
(lResult) -> {
Task task = createSimpleTask(OPERATION_ASSIGN_DEFAULT_ROLES);
WebModelServiceUtils.save(delta, lResult, task, PageRegistrationFinish.this);
return null;
},
administrator, result);
} catch (CommonException|RuntimeException e) {
result.recordFatalError(getString("PageRegistrationConfirmation.message.assignDefaultRoles.fatalError"), e);
throw e;
Expand All @@ -142,16 +144,18 @@ private void removeNonceAndSetLifecycleState(String userOid, NonceType nonce, Pr
OperationResult parentResult) throws CommonException {
OperationResult result = parentResult.createSubresult(OPERATION_REMOVE_NONCE_AND_SET_LIFECYCLE_STATE);
try {
runAsChecked(() -> {
Task task = createSimpleTask(OPERATION_REMOVE_NONCE_AND_SET_LIFECYCLE_STATE);
ObjectDelta<UserType> delta = getPrismContext().deltaFactory().object()
.createModificationDeleteContainer(UserType.class, userOid,
ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_NONCE),
nonce);
delta.addModificationReplaceProperty(UserType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_ACTIVE);
WebModelServiceUtils.save(delta, result, task, PageRegistrationFinish.this);
return null;
}, administrator);
runAsChecked(
(lResult) -> {
Task task = createSimpleTask(OPERATION_REMOVE_NONCE_AND_SET_LIFECYCLE_STATE);
ObjectDelta<UserType> delta = getPrismContext().deltaFactory().object()
.createModificationDeleteContainer(UserType.class, userOid,
ItemPath.create(UserType.F_CREDENTIALS, CredentialsType.F_NONCE),
nonce);
delta.addModificationReplaceProperty(UserType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_ACTIVE);
WebModelServiceUtils.save(delta, lResult, task, PageRegistrationFinish.this);
return null;
},
administrator, result);
} catch (CommonException|RuntimeException e) {
result.recordFatalError(getString("PageRegistrationConfirmation.message.removeNonceAndSetLifecycleState.fatalError"), e);
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't remove nonce and set lifecycle state", e);
Expand All @@ -168,21 +172,23 @@ private void assignAdditionalRoleIfPresent(String userOid, NonceType nonceType,
}
OperationResult result = parentResult.createSubresult(OPERATION_ASSIGN_ADDITIONAL_ROLE);
try {
runAsChecked(() -> {
Task task = createAnonymousTask(OPERATION_ASSIGN_ADDITIONAL_ROLE);
ObjectDelta<UserType> assignRoleDelta;
AssignmentType assignment = new AssignmentType();
assignment.setTargetRef(ObjectTypeUtil.createObjectRef(nonceType.getName(), ObjectTypes.ABSTRACT_ROLE));
getPrismContext().adopt(assignment);
List<ItemDelta> userDeltas = new ArrayList<>();
userDeltas.add(getPrismContext().deltaFactory().container().createModificationAdd(UserType.F_ASSIGNMENT,
UserType.class, assignment));
assignRoleDelta = getPrismContext().deltaFactory().object().createModifyDelta(userOid, userDeltas, UserType.class
);
assignRoleDelta.setPrismContext(getPrismContext());
WebModelServiceUtils.save(assignRoleDelta, result, task, PageRegistrationFinish.this);
return null;
}, administrator);
runAsChecked(
(lResult) -> {
Task task = createAnonymousTask(OPERATION_ASSIGN_ADDITIONAL_ROLE);
ObjectDelta<UserType> assignRoleDelta;
AssignmentType assignment = new AssignmentType();
assignment.setTargetRef(ObjectTypeUtil.createObjectRef(nonceType.getName(), ObjectTypes.ABSTRACT_ROLE));
getPrismContext().adopt(assignment);
List<ItemDelta> userDeltas = new ArrayList<>();
userDeltas.add(getPrismContext().deltaFactory().container().createModificationAdd(UserType.F_ASSIGNMENT,
UserType.class, assignment));
assignRoleDelta = getPrismContext().deltaFactory().object().createModifyDelta(userOid, userDeltas, UserType.class
);
assignRoleDelta.setPrismContext(getPrismContext());
WebModelServiceUtils.save(assignRoleDelta, lResult, task, PageRegistrationFinish.this);
return null;
},
administrator, result);
} catch (CommonException|RuntimeException e) {
result.recordFatalError(getString("PageRegistrationConfirmation.message.assignAdditionalRoleIfPresent.fatalError"), e);
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't assign additional role", e);
Expand Down
30 changes: 16 additions & 14 deletions ...min-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/PageSelfRegistration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -247,20 +247,22 @@ private void saveUser(OperationResult result) {
try {
PrismObject<UserType> administrator = getAdministratorPrivileged(result);

runAsChecked(() -> {
ObjectDelta<UserType> userDelta;
Task task = createSimpleTask(OPERATION_SAVE_USER, null);
task.setChannel(SchemaConstants.CHANNEL_SELF_REGISTRATION_URI);
try {
userDelta = prepareUserDelta(task, result);
userDelta.setPrismContext(getPrismContext());
} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException e) {
result.recordFatalError(getString("PageSelfRegistration.message.createDelta.fatalError", e.getMessage()), e);
return result;
}
WebModelServiceUtils.save(userDelta, executeOptions().overwrite(), result, task, PageSelfRegistration.this);
return result;
}, administrator);
runAsChecked(
(lResult) -> {
ObjectDelta<UserType> userDelta;
Task task = createSimpleTask(OPERATION_SAVE_USER, null);
task.setChannel(SchemaConstants.CHANNEL_SELF_REGISTRATION_URI);
try {
userDelta = prepareUserDelta(task, lResult);
userDelta.setPrismContext(getPrismContext());
} catch (SchemaException | ExpressionEvaluationException | ObjectNotFoundException | CommunicationException | ConfigurationException | SecurityViolationException e) {
lResult.recordFatalError(getString("PageSelfRegistration.message.createDelta.fatalError", e.getMessage()), e);
return null;
}
WebModelServiceUtils.save(userDelta, executeOptions().overwrite(), lResult, task, PageSelfRegistration.this);
return null;
},
administrator, result);
} catch (CommonException | RuntimeException e) {
result.recordFatalError(getString("PageSelfRegistration.message.saveUser.fatalError"), e);
} finally {
Expand Down
6 changes: 2 additions & 4 deletions gui/admin-gui/src/main/java/com/evolveum/midpoint/init/DataImport.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
Expand Down Expand Up @@ -71,16 +70,15 @@ public void setConfiguration(MidpointConfiguration configuration) {

public abstract void init() throws SchemaException;

protected SecurityContext provideFakeSecurityContext() throws SchemaException {
protected SecurityContext provideFakeSecurityContext() {
// We need to provide a fake Spring security context here.
// We have to fake it because we do not have anything in the repository yet. And to get
// something to the repository we need a context. Chicken and egg. So we fake the egg.
SecurityContext securityContext = SecurityContextHolder.getContext();
MidPointPrincipal principal = new MidPointPrincipal(
MidPointPrincipal principal = MidPointPrincipal.privileged(
new UserType()
.oid(SystemObjectsType.USER_ADMINISTRATOR.value())
.name("initAdmin"));
principal.addAuthorization(SecurityUtil.createPrivilegedAuthorization());
Authentication authentication = new PreAuthenticatedAuthenticationToken(principal, null);
securityContext.setAuthentication(authentication);
return securityContext;
Expand Down
2 changes: 2 additions & 0 deletions infra/schema/src/main/java/com/evolveum/midpoint/schema/config/ConfigurationItemable.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,6 @@ interface ConfigurationItemable<T extends Serializable> {
@NotNull ConfigurationItemOrigin origin();

<X extends ConfigurationItem<T>> @NotNull X as(@NotNull Class<X> clazz);

@NotNull String fullDescription();
}
73 changes: 73 additions & 0 deletions infra/schema/src/main/java/com/evolveum/midpoint/schema/config/ExpressionConfigItem.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
/*
* Copyright (C) 2010-2023 Evolveum and contributors
*
* This work is dual-licensed under the Apache License 2.0
* and European Union Public License. See LICENSE file for details.
*/

package com.evolveum.midpoint.schema.config;

import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExecutionPrivilegesSpecificationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ExpressionType;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

public class ExpressionConfigItem
extends ConfigurationItem<ExpressionType>
implements PrivilegesMixin<ExpressionType> {

@SuppressWarnings("unused") // called dynamically
public ExpressionConfigItem(@NotNull ConfigurationItem<ExpressionType> original) {
super(original);
}

private ExpressionConfigItem(@NotNull ExpressionType value, @NotNull ConfigurationItemOrigin origin) {
super(value, origin);
}

public static ExpressionConfigItem embedded(@NotNull ExpressionType bean) {
return of(bean, ConfigurationItemOrigin.embedded(bean));
}

public static ExpressionConfigItem of(@NotNull ExpressionType bean, @NotNull ConfigurationItemOrigin origin) {
return new ExpressionConfigItem(bean, origin);
}

public static ExpressionConfigItem of(
@NotNull ExpressionType bean,
@NotNull OriginProvider<? super ExpressionType> originProvider) {
return new ExpressionConfigItem(bean, originProvider.origin(bean));
}

// TODO remove
// public @Nullable ObjectReferenceType getRunAsRef() throws ConfigurationException {
// var value = value();
// var privileges = value.getPrivileges();
// var legacyRunAsRef = value.getRunAsRef();
// if (privileges != null) {
// if (legacyRunAsRef != null) {
// throw new ConfigurationException(
// "Both privileges and legacy runAsRef are present in " + fullDescription());
// } else {
// return privileges.getRunAsRef();
// }
// } else {
// return legacyRunAsRef;
// }
// }

public @Nullable ExecutionPrivilegesSpecificationType getPrivileges() throws ConfigurationException {
return getPrivileges(
value().getRunAsRef(),
value().getPrivileges());
}

public boolean isAllowEmptyValues() {
return Boolean.TRUE.equals(value().isAllowEmptyValues());
}

public boolean isTrace() {
return Boolean.TRUE.equals(value().isTrace());
}
}

0 comments on commit 27beed1

Please sign in to comment.