diff --git a/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd
index 5d0056f273c..0f62d0c5230 100644
--- a/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd
+++ b/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd
@@ -532,5 +532,39 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
index 72693f5df5d..99350d184a2 100755
--- a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
+++ b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd
@@ -14590,12 +14590,6 @@
-
-
-
-
-
-
@@ -14606,79 +14600,6 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- TODO
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- TODO
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
index 7c801f5ab0d..de6bb17e118 100644
--- a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
+++ b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java
@@ -33,6 +33,8 @@
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.DisplayableValue;
import com.evolveum.midpoint.util.exception.*;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetRequestType;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetResponseType;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemsDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
@@ -328,8 +330,8 @@ LocalizableMessageType createLocalizableMessageType(LocalizableMessageTemplateTy
throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException,
ConfigurationException, SecurityViolationException;
- public CredentialResetResponseType requestCredentialsReset(PrismObject focus, String credentialsId,
- CredentialsResetPolicyType resetMethod, Task task, OperationResult result)
+ public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject user,
+ ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult result)
throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException,
SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException;
}
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java
index 47363914140..94967534db7 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java
@@ -1036,6 +1036,29 @@ public Response getLog(@QueryParam("fromPosition") Long fromPosition, @QueryPara
return response;
}
+ @POST
+ @Path("/users/{oid}/credential")
+ @Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, "application/yaml"})
+ @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, "application/yaml"})
+ public Response executeCredentialReset(@PathParam("oid") String oid, ExecuteCredentialResetRequestType executeCredentialResetRequest, @Context MessageContext mc) {
+ Task task = RestServiceUtil.initRequest(mc);
+ OperationResult result = task.getResult().createSubresult(OPERATION_GET_LOG_FILE_CONTENT);
+
+ Response response;
+ try {
+ PrismObject user = modelService.getObject(UserType.class, oid, null, task, result);
+
+ ExecuteCredentialResetResponseType executeCredentialResetResponse = modelInteraction.executeCredentialsReset(user, executeCredentialResetRequest, task, result);
+ response = RestServiceUtil.createResponse(Response.Status.OK, executeCredentialResetResponse, result);
+ } catch (Exception ex) {
+ response = RestServiceUtil.handleException(result, ex);
+ }
+
+ result.computeStatus();
+ finishRequest(task);
+ return response;
+
+ }
// @GET
// @Path("tasks/{oid}")
diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
index 0dd21f4b9f0..d1f61a7b172 100644
--- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
+++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java
@@ -64,6 +64,8 @@
import com.evolveum.midpoint.util.DOMUtil;
import com.evolveum.midpoint.util.exception.*;
import com.evolveum.midpoint.util.logging.LoggingUtils;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetRequestType;
+import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetResponseType;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemTargetType;
import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemsDefinitionType;
@@ -73,6 +75,7 @@
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.Validate;
+import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
@@ -1472,70 +1475,64 @@ public LocalizableMessageType createLocalizableMessageType(LocalizableMessageTem
}
@Override
- public CredentialResetResponseType requestCredentialsReset(PrismObject user, String credentialsId,
- CredentialsResetPolicyType resetMethod, Task task, OperationResult parentResult)
+ public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject user,
+ ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult parentResult)
throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException,
SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException {
-
-// CredentialSourceType credentialSource = resetMethod.getNewCredentialSource();
-//
-// CredentialSourceTypeType credentialSourceType = null;
-// if (credentialSource != null) {
-// credentialSourceType = credentialSource.getCredentialSource();
-// }
-// SecurityPolicyType securityPolicyType = getSecurityPolicy(user, task, parentResult);
-//
-// String authenticationName = resetMethod.getAuthenticationName();
-// if (authenticationName != null) {
-// AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil
-// .getAuthenticationPolicy(authenticationName, securityPolicyType);
-// }
+ ExecuteCredentialResetResponseType response = new ExecuteCredentialResetResponseType();
- ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
- String newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
-// if (credentialSourceType == null) {
-// ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
-// newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
-// } else {
-// switch(credentialSourceType) {
-// case GENERATE:
-// ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
-// newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
-// break;
-// default:
-// valuePolicyType = getValuePolicy(user, task, parentResult);
-// newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
-// break;
-// }
-// }
+ String resetMethod = executeCredentialResetRequest.getResetMethod();
+ if (StringUtils.isBlank(resetMethod)) {
+ SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.request", null, "Failed to execute reset password. Bad request.");
+ response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+ throw new SchemaException(localizableMessage);
+
+ }
+
+ SecurityPolicyType securityPolicy = getSecurityPolicy(user, task, parentResult);
+ CredentialsResetPolicyType resetPolicyType = securityPolicy.getCredentialsReset();
+ //TODO: search according tot he credentialID and others
+ if (resetPolicyType == null) {
+ SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.configuration", null, "Failed to execute reset password. Bad configuration.");
+ response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+ throw new SchemaException(localizableMessage);
+ }
+
+ if (!resetMethod.equals(resetPolicyType.getName())) {
+ SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.methid", null, "Failed to execute reset password. Bad method.");
+ response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+ throw new SchemaException(localizableMessage);
+ }
ProtectedStringType newProtectedPassword = new ProtectedStringType();
- newProtectedPassword.setClearValue(newPassword);
+ newProtectedPassword.setClearValue(executeCredentialResetRequest.getPassword());
ObjectDelta passwordObjectDelta = ObjectDelta.createModificationReplaceProperty(UserType.class, user.getOid(),
- SchemaConstants.PATH_PASSWORD_VALUE, prismContext, newPassword);
+ SchemaConstants.PATH_PASSWORD_VALUE, prismContext, newProtectedPassword);
- if (BooleanUtils.isTrue(resetMethod.isForceChange())) {
+ if (BooleanUtils.isTrue(resetPolicyType.isForceChange())) {
passwordObjectDelta.addModificationReplaceProperty(SchemaConstants.PATH_PASSWORD_FORCE_CHANGE, Boolean.TRUE);
}
+ try {
Collection> result = modelService.executeChanges(
MiscUtil.createCollection(passwordObjectDelta), ModelExecuteOptions.createRaw(), task, parentResult);
+ } catch (ObjectNotFoundException | SchemaException | CommunicationException | ConfigurationException
+ | SecurityViolationException | ExpressionEvaluationException | ObjectAlreadyExistsException | PolicyViolationException e) {
+// SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.failed", null, "Failed to execute reset password. Bad method.");
+// response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage));
+ response.message(LocalizationUtil.createForFallbackMessage("Failed to reset credential: " + e.getMessage()));
+ throw e;
+ }
parentResult.recomputeStatus();
-
- CredentialResetResponseType response = new CredentialResetResponseType();
- response.setNewCredential(newPassword);
- // TODO work with the result
- LocalizableMessage message = LocalizableMessageBuilder.buildFallbackMessage("Reset password successfull.");
-
+ LocalizableMessage message = new SingleLocalizableMessage("execute.reset.credential.successful", null, "Reset password was successful");
response.setMessage(LocalizationUtil.createLocalizableMessageType(message));
-
-
-
-// cacheRepositoryService.modifyObject(type, oid, modifications, parentResult);
return response;
}
+
+
+
}