From 2cdcf84e913c5d2cbf997a69b769b14ed163633f Mon Sep 17 00:00:00 2001 From: Katarina Valalikova Date: Wed, 21 Feb 2018 16:10:31 +0100 Subject: [PATCH] reset password api method --- .../xml/ns/public/common/api-types-3.xsd | 34 +++++++ .../xml/ns/public/common/common-core-3.xsd | 79 ---------------- .../model/api/ModelInteractionService.java | 6 +- .../midpoint/model/impl/ModelRestService.java | 23 +++++ .../ModelInteractionServiceImpl.java | 89 +++++++++---------- 5 files changed, 104 insertions(+), 127 deletions(-) diff --git a/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd index 5d0056f273c..0f62d0c5230 100644 --- a/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/api-types-3.xsd @@ -532,5 +532,39 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd index 72693f5df5d..99350d184a2 100755 --- a/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd +++ b/infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd @@ -14590,12 +14590,6 @@ - - - - - - @@ -14606,79 +14600,6 @@ - - - - - - - - - - - - - - - - - - TODO - - - - - - - - - - - - - - - - - - - - - TODO - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java index 7c801f5ab0d..de6bb17e118 100644 --- a/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java +++ b/model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java @@ -33,6 +33,8 @@ import com.evolveum.midpoint.task.api.Task; import com.evolveum.midpoint.util.DisplayableValue; import com.evolveum.midpoint.util.exception.*; +import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetRequestType; +import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetResponseType; import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemsDefinitionType; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType; @@ -328,8 +330,8 @@ LocalizableMessageType createLocalizableMessageType(LocalizableMessageTemplateTy throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException, ConfigurationException, SecurityViolationException; - public CredentialResetResponseType requestCredentialsReset(PrismObject focus, String credentialsId, - CredentialsResetPolicyType resetMethod, Task task, OperationResult result) + public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject user, + ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult result) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException; } diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java index 47363914140..94967534db7 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/ModelRestService.java @@ -1036,6 +1036,29 @@ public Response getLog(@QueryParam("fromPosition") Long fromPosition, @QueryPara return response; } + @POST + @Path("/users/{oid}/credential") + @Consumes({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, "application/yaml"}) + @Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON, "application/yaml"}) + public Response executeCredentialReset(@PathParam("oid") String oid, ExecuteCredentialResetRequestType executeCredentialResetRequest, @Context MessageContext mc) { + Task task = RestServiceUtil.initRequest(mc); + OperationResult result = task.getResult().createSubresult(OPERATION_GET_LOG_FILE_CONTENT); + + Response response; + try { + PrismObject user = modelService.getObject(UserType.class, oid, null, task, result); + + ExecuteCredentialResetResponseType executeCredentialResetResponse = modelInteraction.executeCredentialsReset(user, executeCredentialResetRequest, task, result); + response = RestServiceUtil.createResponse(Response.Status.OK, executeCredentialResetResponse, result); + } catch (Exception ex) { + response = RestServiceUtil.handleException(result, ex); + } + + result.computeStatus(); + finishRequest(task); + return response; + + } // @GET // @Path("tasks/{oid}") diff --git a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java index 0dd21f4b9f0..d1f61a7b172 100644 --- a/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java +++ b/model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java @@ -64,6 +64,8 @@ import com.evolveum.midpoint.util.DOMUtil; import com.evolveum.midpoint.util.exception.*; import com.evolveum.midpoint.util.logging.LoggingUtils; +import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetRequestType; +import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetResponseType; import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemDefinitionType; import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemTargetType; import com.evolveum.midpoint.xml.ns._public.common.api_types_3.PolicyItemsDefinitionType; @@ -73,6 +75,7 @@ import org.apache.commons.lang.BooleanUtils; import org.apache.commons.lang.Validate; +import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; import org.springframework.beans.factory.annotation.Autowired; @@ -1472,70 +1475,64 @@ public LocalizableMessageType createLocalizableMessageType(LocalizableMessageTem } @Override - public CredentialResetResponseType requestCredentialsReset(PrismObject user, String credentialsId, - CredentialsResetPolicyType resetMethod, Task task, OperationResult parentResult) + public ExecuteCredentialResetResponseType executeCredentialsReset(PrismObject user, + ExecuteCredentialResetRequestType executeCredentialResetRequest, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException, SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException { - -// CredentialSourceType credentialSource = resetMethod.getNewCredentialSource(); -// -// CredentialSourceTypeType credentialSourceType = null; -// if (credentialSource != null) { -// credentialSourceType = credentialSource.getCredentialSource(); -// } -// SecurityPolicyType securityPolicyType = getSecurityPolicy(user, task, parentResult); -// -// String authenticationName = resetMethod.getAuthenticationName(); -// if (authenticationName != null) { -// AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil -// .getAuthenticationPolicy(authenticationName, securityPolicyType); -// } + ExecuteCredentialResetResponseType response = new ExecuteCredentialResetResponseType(); - ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult); - String newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult); -// if (credentialSourceType == null) { -// ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult); -// newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult); -// } else { -// switch(credentialSourceType) { -// case GENERATE: -// ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult); -// newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult); -// break; -// default: -// valuePolicyType = getValuePolicy(user, task, parentResult); -// newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult); -// break; -// } -// } + String resetMethod = executeCredentialResetRequest.getResetMethod(); + if (StringUtils.isBlank(resetMethod)) { + SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.request", null, "Failed to execute reset password. Bad request."); + response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage)); + throw new SchemaException(localizableMessage); + + } + + SecurityPolicyType securityPolicy = getSecurityPolicy(user, task, parentResult); + CredentialsResetPolicyType resetPolicyType = securityPolicy.getCredentialsReset(); + //TODO: search according tot he credentialID and others + if (resetPolicyType == null) { + SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.configuration", null, "Failed to execute reset password. Bad configuration."); + response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage)); + throw new SchemaException(localizableMessage); + } + + if (!resetMethod.equals(resetPolicyType.getName())) { + SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.bad.methid", null, "Failed to execute reset password. Bad method."); + response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage)); + throw new SchemaException(localizableMessage); + } ProtectedStringType newProtectedPassword = new ProtectedStringType(); - newProtectedPassword.setClearValue(newPassword); + newProtectedPassword.setClearValue(executeCredentialResetRequest.getPassword()); ObjectDelta passwordObjectDelta = ObjectDelta.createModificationReplaceProperty(UserType.class, user.getOid(), - SchemaConstants.PATH_PASSWORD_VALUE, prismContext, newPassword); + SchemaConstants.PATH_PASSWORD_VALUE, prismContext, newProtectedPassword); - if (BooleanUtils.isTrue(resetMethod.isForceChange())) { + if (BooleanUtils.isTrue(resetPolicyType.isForceChange())) { passwordObjectDelta.addModificationReplaceProperty(SchemaConstants.PATH_PASSWORD_FORCE_CHANGE, Boolean.TRUE); } + try { Collection> result = modelService.executeChanges( MiscUtil.createCollection(passwordObjectDelta), ModelExecuteOptions.createRaw(), task, parentResult); + } catch (ObjectNotFoundException | SchemaException | CommunicationException | ConfigurationException + | SecurityViolationException | ExpressionEvaluationException | ObjectAlreadyExistsException | PolicyViolationException e) { +// SingleLocalizableMessage localizableMessage = new SingleLocalizableMessage("execute.reset.credential.failed", null, "Failed to execute reset password. Bad method."); +// response = response.message(LocalizationUtil.createLocalizableMessageType(localizableMessage)); + response.message(LocalizationUtil.createForFallbackMessage("Failed to reset credential: " + e.getMessage())); + throw e; + } parentResult.recomputeStatus(); - - CredentialResetResponseType response = new CredentialResetResponseType(); - response.setNewCredential(newPassword); - // TODO work with the result - LocalizableMessage message = LocalizableMessageBuilder.buildFallbackMessage("Reset password successfull."); - + LocalizableMessage message = new SingleLocalizableMessage("execute.reset.credential.successful", null, "Reset password was successful"); response.setMessage(LocalizationUtil.createLocalizableMessageType(message)); - - - -// cacheRepositoryService.modifyObject(type, oid, modifications, parentResult); return response; } + + + }