reset password api method

infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd

@@ -532,5 +532,39 @@
 	</xsd:complexType>
 	<xsd:element name="policyItemTarget" type="tns:PolicyItemTargetType"/>
 
+
+	<xsd:complexType name="ExecuteCredentialResetRequestType">
+		<xsd:annotation>
+			<xsd:documentation>
+			</xsd:documentation>
+			<xsd:appinfo>
+				<a:container/>
+			</xsd:appinfo>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="resetMethod" type="xsd:string" minOccurs="0">
+			</xsd:element>
+			<xsd:element name="password" type="xsd:string" minOccurs="0">
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="executeCredentialResetRequest" type="tns:ExecuteCredentialResetRequestType"/>
+
+	<xsd:complexType name="ExecuteCredentialResetResponseType">
+		<xsd:annotation>
+			<xsd:documentation>
+			</xsd:documentation>
+			<xsd:appinfo>
+				<a:container/>
+			</xsd:appinfo>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="message" type="c:LocalizableMessageType" minOccurs="0">
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+	<xsd:element name="executeCredentialResetResponse" type="tns:ExecuteCredentialResetResponseType"/>
+
+
 </xsd:schema>
 

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -14590,12 +14590,6 @@
 			</xsd:element>
 			<xsd:element name="forceChange" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
 			</xsd:element>
-			<xsd:element name="authenticationName" type="xsd:string" minOccurs="0">
-			</xsd:element>
-			<xsd:element name="deliveryType" type="tns:DeliveryType" minOccurs="0">
-			</xsd:element>
-			<xsd:element name="newCredentialSource" type="tns:CredentialSourceType" minOccurs="0">
-			</xsd:element>
 			<xsd:element name="securityQuestionReset" type="tns:SecurityQuestionsResetPolicyType" minOccurs="0">
 			</xsd:element>
 			<xsd:element name="mailReset" type="tns:MailResetPolicyType" minOccurs="0">
@@ -14606,79 +14600,6 @@
 		</xsd:sequence>
 	</xsd:complexType>
 
-	<xsd:complexType name="CredentialSourceType">
-		<xsd:annotation>
-			<xsd:documentation>
-			</xsd:documentation>
-			<xsd:appinfo>
-			<a:container/>
-		</xsd:appinfo>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="credentialSource" type="tns:CredentialSourceTypeType" minOccurs="0" maxOccurs="1">
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-
-	<xsd:simpleType name="CredentialSourceTypeType">
-        <xsd:annotation>
-            <xsd:documentation>
-                TODO
-            </xsd:documentation>
-            <xsd:appinfo>
-                <jaxb:typesafeEnumClass/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="generate">
-                <xsd:annotation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="GENERATE"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-		</xsd:restriction>
-	</xsd:simpleType>
-
-
-	<xsd:simpleType name="DeliveryType">
-        <xsd:annotation>
-            <xsd:documentation>
-                TODO
-            </xsd:documentation>
-            <xsd:appinfo>
-                <jaxb:typesafeEnumClass/>
-            </xsd:appinfo>
-        </xsd:annotation>
-        <xsd:restriction base="xsd:string">
-            <xsd:enumeration value="gui">
-                <xsd:annotation>
-                    <xsd:appinfo>
-                        <jaxb:typesafeEnumMember name="GUI"/>
-                    </xsd:appinfo>
-                </xsd:annotation>
-            </xsd:enumeration>
-		</xsd:restriction>
-	</xsd:simpleType>
-
-	<xsd:complexType name="CredentialResetResponseType">
-		<xsd:annotation>
-			<xsd:documentation>
-			</xsd:documentation>
-			<xsd:appinfo>
-				<a:container/>
-			</xsd:appinfo>
-		</xsd:annotation>
-		<xsd:sequence>
-			<xsd:element name="message" type="tns:LocalizableMessageType" minOccurs="0">
-			</xsd:element>
-			<xsd:element name="newCredential" type="xsd:string" minOccurs="0">
-			</xsd:element>
-		</xsd:sequence>
-	</xsd:complexType>
-
-
-
 	<xsd:complexType name="AbstractAuthenticationPolicyType">
 		<xsd:annotation>
 			<xsd:documentation>

model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java

@@ -33,6 +33,8 @@
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.DisplayableValue;
 import com.evolveum.midpoint.util.exception.*;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetRequestType;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetResponseType;
 import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemsDefinitionType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
@@ -328,8 +330,8 @@ LocalizableMessageType createLocalizableMessageType(LocalizableMessageTemplateTy
 			throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException,
 			ConfigurationException, SecurityViolationException;
 
-	public CredentialResetResponseType requestCredentialsReset(PrismObject<UserType> focus, String credentialsId,
-			CredentialsResetPolicyType resetMethod, Task task, OperationResult result)
+	public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject<UserType> user, 
+			ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult result)
 			throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException,
 			SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException;
 }

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java

@@ -1036,6 +1036,29 @@ public Response getLog(@QueryParam("fromPosition") Long fromPosition, @QueryPara
 		return response;
 	}
 
+	@POST
+	@Path("/users/{oid}/credential")
+	@Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, "application/yaml"})
+	@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, "application/yaml"})
+	public Response executeCredentialReset(@PathParam("oid") String oid, ExecuteCredentialResetRequestType executeCredentialResetRequest, @Context MessageContext mc) {
+		Task task = RestServiceUtil.initRequest(mc);
+		OperationResult result = task.getResult().createSubresult(OPERATION_GET_LOG_FILE_CONTENT);
+
+		Response response;
+		try {
+			PrismObject<UserType> user = modelService.getObject(UserType.class, oid, null, task, result);
+
+			ExecuteCredentialResetResponseType executeCredentialResetResponse = modelInteraction.executeCredentialsReset(user, executeCredentialResetRequest, task, result);
+			response = RestServiceUtil.createResponse(Response.Status.OK, executeCredentialResetResponse, result);
+		} catch (Exception ex) {
+			response = RestServiceUtil.handleException(result, ex);
+		}
+
+		result.computeStatus();
+		finishRequest(task);
+		return response;
+
+	}
 
 	//    @GET
 //    @Path("tasks/{oid}")

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java

@@ -64,6 +64,8 @@
 import com.evolveum.midpoint.util.DOMUtil;
 import com.evolveum.midpoint.util.exception.*;
 import com.evolveum.midpoint.util.logging.LoggingUtils;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetRequestType;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetResponseType;
 import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemDefinitionType;
 import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemTargetType;
 import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemsDefinitionType;
@@ -73,6 +75,7 @@
 
 import org.apache.commons.lang.BooleanUtils;
 import org.apache.commons.lang.Validate;
+import org.apache.commons.lang3.StringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -1472,70 +1475,64 @@ public LocalizableMessageType createLocalizableMessageType(LocalizableMessageTem
 	}
 
 	@Override
-	public CredentialResetResponseType requestCredentialsReset(PrismObject<UserType> user, String credentialsId,
-			CredentialsResetPolicyType resetMethod, Task task, OperationResult parentResult)
+	public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject<UserType> user,
+			ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult parentResult)
 			throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException,
 			SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException {
-
-//		CredentialSourceType credentialSource = resetMethod.getNewCredentialSource();
-//		
-//		CredentialSourceTypeType credentialSourceType = null;
-//		if (credentialSource != null) {
-//		 credentialSourceType = credentialSource.getCredentialSource();
-//		}
 
-//		SecurityPolicyType securityPolicyType = getSecurityPolicy(user, task, parentResult);
-//		
-//		String authenticationName = resetMethod.getAuthenticationName();
-//		if (authenticationName != null) {
-//			AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil
-//					.getAuthenticationPolicy(authenticationName, securityPolicyType);
-//		}
 
+		ExecuteCredentialResetResponseType response = new ExecuteCredentialResetResponseType();
 
-		ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
-		String newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);		
-//		if (credentialSourceType == null) {
-//			ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
-//			newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);			
-//		} else {
-//			switch(credentialSourceType) {
-//				case GENERATE: 
-//					ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
-//					newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
-//					break;
-//				default:
-//					valuePolicyType = getValuePolicy(user, task, parentResult);
-//					newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
-//					break;
-//			}
-//		}
+		String resetMethod = executeCredentialResetRequest.getResetMethod();
+		if (StringUtils.isBlank(resetMethod)) {
+			SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.request", null, "Failed to execute reset password. Bad request.");
+			response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+			throw new SchemaException(localizableMessage);
+
+		}
+
+		SecurityPolicyType securityPolicy = getSecurityPolicy(user, task, parentResult);
+		CredentialsResetPolicyType resetPolicyType = securityPolicy.getCredentialsReset();
+		//TODO: search according tot he credentialID and others
+		if (resetPolicyType == null) {
+			SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.configuration", null, "Failed to execute reset password. Bad configuration.");
+			response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+			throw new SchemaException(localizableMessage);
+		}
+
+		if (!resetMethod.equals(resetPolicyType.getName())) {
+			SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.methid", null, "Failed to execute reset password. Bad method.");
+			response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+			throw new SchemaException(localizableMessage);
+		}
 
 		ProtectedStringType newProtectedPassword = new ProtectedStringType();
-		newProtectedPassword.setClearValue(newPassword);
+		newProtectedPassword.setClearValue(executeCredentialResetRequest.getPassword());
 		ObjectDelta<UserType> passwordObjectDelta = ObjectDelta.createModificationReplaceProperty(UserType.class, user.getOid(),
-				SchemaConstants.PATH_PASSWORD_VALUE, prismContext, newPassword);
+				SchemaConstants.PATH_PASSWORD_VALUE, prismContext, newProtectedPassword);
 
-		if (BooleanUtils.isTrue(resetMethod.isForceChange())) {
+		if (BooleanUtils.isTrue(resetPolicyType.isForceChange())) {
 			passwordObjectDelta.addModificationReplaceProperty(SchemaConstants.PATH_PASSWORD_FORCE_CHANGE, Boolean.TRUE);
 		}
 
+		try {
 		Collection<ObjectDeltaOperation<? extends ObjectType>> result = modelService.executeChanges(
 				MiscUtil.createCollection(passwordObjectDelta), ModelExecuteOptions.createRaw(), task, parentResult);
+		} catch (ObjectNotFoundException | SchemaException | CommunicationException | ConfigurationException 
+			| SecurityViolationException | ExpressionEvaluationException | ObjectAlreadyExistsException | PolicyViolationException e) {
+//			SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.failed", null, "Failed to execute reset password. Bad method.");
+//			response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+			response.message(LocalizationUtil.createForFallbackMessage("Failed to reset credential: " + e.getMessage()));
+			throw e;
+		}
 
 		parentResult.recomputeStatus();
-
-		CredentialResetResponseType response = new CredentialResetResponseType();
-		response.setNewCredential(newPassword);
-		// TODO work with the result
-		LocalizableMessage message = LocalizableMessageBuilder.buildFallbackMessage("Reset password successfull.");
-
+		LocalizableMessage message = new SingleLocalizableMessage("execute.reset.credential.successful", null, "Reset password was successful");
 		response.setMessage(LocalizationUtil.createLocalizableMessageType(message));
 
-
-
-
-//		cacheRepositoryService.modifyObject(type, oid, modifications, parentResult);
 		return response;
 	}
+
+
+
 }