Skip to content

Commit

Permalink
cleaup + iprovmeents for self credentatials panel. added possibility …
Browse files Browse the repository at this point in the history 
…to override account loading in case of reset password
  • Loading branch information
@katkav
katkav committed Apr 2, 2020
1 parent 7e95c81 commit 357f7a5
Show file tree
Hide file tree
Showing 4 changed files with 113 additions and 75 deletions.
17 changes: 17 additions & 0 deletions ...admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/MyPasswordsDto.java
View file
Expand Up @@ -11,7 +11,9 @@
import java.util.ArrayList;
import java.util.List;

import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPropagationUserControlType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;

Expand All @@ -24,6 +26,9 @@ public class MyPasswordsDto implements Serializable {
public static final String F_PASSWORD = "password";
public static final String F_OLD_PASSWORD = "oldPassword";


private PrismObject<? extends FocusType> focus;

private List<PasswordAccountDto> accounts;
private ProtectedStringType password;
private CredentialsPropagationUserControlType propagation;
Expand Down Expand Up @@ -68,4 +73,16 @@ public String getOldPassword() {
public void setOldPassword(String oldPassword) {
this.oldPassword = oldPassword;
}

public PrismObject<? extends FocusType> getFocus() {
return focus;
}

public void setFocus(PrismObject<? extends FocusType> focus) {
this.focus = focus;
}

public String getFocusOid() {
return focus.getOid();
}
}
28 changes: 19 additions & 9 deletions ...in-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPassword.java
View file
Expand Up @@ -6,6 +6,8 @@
*/
package com.evolveum.midpoint.web.page.forgetpassword;

import com.evolveum.midpoint.web.application.Url;
import com.evolveum.midpoint.web.page.admin.home.dto.MyPasswordsDto;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;

import org.apache.wicket.ajax.AjaxRequestTarget;
Expand All @@ -26,13 +28,17 @@
import com.evolveum.midpoint.web.page.self.PageSelf;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;

@PageDescriptor(url = PageResetPassword.URL, action = {
@AuthorizationAction(actionUri = PageSelf.AUTH_SELF_ALL_URI,
label = PageSelf.AUTH_SELF_ALL_LABEL,
description = PageSelf.AUTH_SELF_ALL_DESCRIPTION),
@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL,
label = "PageSelfCredentials.auth.credentials.label",
description = "PageSelfCredentials.auth.credentials.description")})
@PageDescriptor(
urls = {
@Url(mountUrl = PageResetPassword.URL, matchUrlForSecurity = PageResetPassword.URL)
},
action = {
@AuthorizationAction(actionUri = PageSelf.AUTH_SELF_ALL_URI,
label = PageSelf.AUTH_SELF_ALL_LABEL,
description = PageSelf.AUTH_SELF_ALL_DESCRIPTION),
@AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL,
label = "PageSelfCredentials.auth.credentials.label",
description = "PageSelfCredentials.auth.credentials.description")})
public class PageResetPassword extends PageAbstractSelfCredentials{

private static final long serialVersionUID = 1L;
Expand Down Expand Up @@ -62,7 +68,8 @@ protected void finishChangePassword(final OperationResult result, AjaxRequestTar
result.setMessage(getString("PageResetPassword.reset.successful"));
setResponsePage(PageLogin.class);

PrismObject<? extends FocusType> focus = getFocus();
MyPasswordsDto passwords = getModelObject();
PrismObject<? extends FocusType> focus = passwords.getFocus();
if (focus == null) {
SecurityContextHolder.getContext().setAuthentication(null);
return;
Expand Down Expand Up @@ -97,5 +104,8 @@ protected void createBreadcrumb() {
// we don't want breadcrumbs here
}


@Override
protected boolean shouldLoadAccounts(MyPasswordsDto dto) {
return false;
}
}
141 changes: 76 additions & 65 deletions ...in-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAbstractSelfCredentials.java
View file
Expand Up @@ -11,6 +11,7 @@
import java.util.Collections;
import java.util.List;

import org.apache.commons.collections.CollectionUtils;
import org.apache.wicket.ajax.AjaxRequestTarget;
import org.apache.wicket.extensions.markup.html.tabs.AbstractTab;
import org.apache.wicket.extensions.markup.html.tabs.ITab;
Expand Down Expand Up @@ -50,7 +51,6 @@
import com.evolveum.midpoint.web.security.util.SecurityUtils;
import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType;
import com.evolveum.prism.xml.ns._public.types_3.EncryptedDataType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;

/**
Expand All @@ -77,7 +77,6 @@ public abstract class PageAbstractSelfCredentials extends PageSelf {


private LoadableModel<MyPasswordsDto> model;
private PrismObject<? extends FocusType> focus;

public PageAbstractSelfCredentials() {
model = new LoadableModel<MyPasswordsDto>(false) {
Expand All @@ -102,70 +101,36 @@ protected void createBreadcrumb() {

private MyPasswordsDto loadPageModel() {
LOGGER.debug("Loading user and accounts.");
MyPasswordsDto dto = new MyPasswordsDto();

MyPasswordsDto dto;
OperationResult result = new OperationResult(OPERATION_LOAD_USER_WITH_ACCOUNTS);
try {
String focusOid = SecurityUtils.getPrincipalUser().getOid();
Task task = createSimpleTask(OPERATION_LOAD_USER);
OperationResult subResult = result.createSubresult(OPERATION_LOAD_USER);
focus = getModelService().getObject(FocusType.class, focusOid, null, task, subResult);
PrismObject<? extends FocusType> focus = getModelService().getObject(FocusType.class, focusOid, null, task, subResult);
dto = createMyPasswordsDto(focus);
subResult.recordSuccessIfUnknown();

dto.getAccounts().add(createDefaultPasswordAccountDto(focus));

CredentialsPolicyType credentialsPolicyType = getPasswordCredentialsPolicy();
if (credentialsPolicyType != null) {
PasswordCredentialsPolicyType passwordCredentialsPolicy = credentialsPolicyType.getPassword();
if (passwordCredentialsPolicy != null) {
CredentialsPropagationUserControlType propagationUserControl = passwordCredentialsPolicy.getPropagationUserControl();
if (propagationUserControl != null) {
dto.setPropagation(propagationUserControl);
}
PasswordChangeSecurityType passwordChangeSecurity = passwordCredentialsPolicy.getPasswordChangeSecurity();
if (passwordChangeSecurity != null) {
dto.setPasswordChangeSecurity(passwordChangeSecurity);
}

}

if (!shouldLoadAccounts(dto)) {
LOGGER.debug("Skip loading account, because policy said so (enabled {} propagation).", dto.getPropagation());
return dto;
}

if (dto.getPropagation() == null || dto.getPropagation().equals(CredentialsPropagationUserControlType.USER_CHOICE)) {
PrismReference reference = focus.findReference(FocusType.F_LINK_REF);
if (reference == null || reference.getValues() == null) {
LOGGER.debug("No accounts found for user {}.", new Object[]{focusOid});
return dto;
}

final Collection<SelectorOptions<GetOperationOptions>> options = getOperationOptionsBuilder()
.noFetch()
.item(ShadowType.F_RESOURCE_REF).resolve()
.build();
List<PrismReferenceValue> values = reference.getValues();
for (PrismReferenceValue value : values) {
subResult = result.createSubresult(OPERATION_LOAD_ACCOUNT);
try {
String accountOid = value.getOid();
task = createSimpleTask(OPERATION_LOAD_ACCOUNT);

PrismObject<ShadowType> account = getModelService().getObject(ShadowType.class,
accountOid, options, task, subResult);


dto.getAccounts().add(createPasswordAccountDto(account, task, subResult));
subResult.recordSuccessIfUnknown();
} catch (Exception ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load account", ex);
subResult.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccount.fatalError"), ex);
}
}
PrismReference reference = focus.findReference(FocusType.F_LINK_REF);
if (reference == null || CollectionUtils.isEmpty(reference.getValues())) {
LOGGER.debug("No accounts found for user {}.", new Object[]{focusOid});
return dto;
}

addAccountsToMyPasswordsDto(dto, reference.getValues(), task, result);
result.recordSuccessIfUnknown();
} catch (Exception ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load accounts", ex);
result.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccounts.fatalError"), ex);
} finally {
result.recomputeStatus();
dto = new MyPasswordsDto();
}

Collections.sort(dto.getAccounts());
Expand All @@ -177,6 +142,55 @@ private MyPasswordsDto loadPageModel() {
return dto;
}

private MyPasswordsDto createMyPasswordsDto(PrismObject<? extends FocusType> focus) {
MyPasswordsDto dto = new MyPasswordsDto();
dto.setFocus(focus);
dto.getAccounts().add(createDefaultPasswordAccountDto(focus));

CredentialsPolicyType credentialsPolicyType = getPasswordCredentialsPolicy(focus);
if (credentialsPolicyType != null) {
PasswordCredentialsPolicyType passwordCredentialsPolicy = credentialsPolicyType.getPassword();
if (passwordCredentialsPolicy != null) {
CredentialsPropagationUserControlType propagationUserControl = passwordCredentialsPolicy.getPropagationUserControl();
if (propagationUserControl != null) {
dto.setPropagation(propagationUserControl);
}
PasswordChangeSecurityType passwordChangeSecurity = passwordCredentialsPolicy.getPasswordChangeSecurity();
if (passwordChangeSecurity != null) {
dto.setPasswordChangeSecurity(passwordChangeSecurity);
}

}
}
return dto;
}

protected boolean shouldLoadAccounts(MyPasswordsDto dto) {
return dto.getPropagation() == null || CredentialsPropagationUserControlType.USER_CHOICE == dto.getPropagation();
}

private void addAccountsToMyPasswordsDto(MyPasswordsDto dto, List<PrismReferenceValue> linkReferences, Task task, OperationResult result) {
final Collection<SelectorOptions<GetOperationOptions>> options = getOperationOptionsBuilder()
.noFetch()
.item(ShadowType.F_RESOURCE_REF).resolve()
.build();
for (PrismReferenceValue value : linkReferences) {
OperationResult subResult = result.createSubresult(OPERATION_LOAD_ACCOUNT);
try {
String accountOid = value.getOid();
PrismObject<ShadowType> account = getModelService().getObject(ShadowType.class,
accountOid, options, task, subResult);


dto.getAccounts().add(createPasswordAccountDto(account, task, subResult));
subResult.recordSuccessIfUnknown();
} catch (Exception ex) {
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load account", ex);
subResult.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccount.fatalError"), ex);
}
}
}


private void initLayout() {
Form<?> mainForm = new com.evolveum.midpoint.web.component.form.Form<>(ID_MAIN_FORM);
Expand Down Expand Up @@ -225,12 +239,12 @@ protected void onSubmit(AjaxRequestTarget target) {

@Override
protected void onError(AjaxRequestTarget target) {
onCancelPerformed(target);
onCancelPerformed();
}

@Override
protected void onSubmit(AjaxRequestTarget target) {
onCancelPerformed(target);
onCancelPerformed();
}
};
mainForm.add(cancel);
Expand Down Expand Up @@ -266,8 +280,9 @@ protected void onSavePerformed(AjaxRequestTarget target) {
ProtectedStringType oldPassword = null;
if (isCheckOldPassword()) {
LOGGER.debug("Check old password");
if (model.getObject().getOldPassword() == null
|| model.getObject().getOldPassword().trim().equals("")){
MyPasswordsDto modelObject = getModelObject();
if (modelObject.getOldPassword() == null
|| modelObject.getOldPassword().trim().equals("")){
warn(getString("PageSelfCredentials.specifyOldPasswordMessage"));
target.add(getFeedbackPanel());
return;
Expand All @@ -276,8 +291,8 @@ protected void onSavePerformed(AjaxRequestTarget target) {
Task checkPasswordTask = createSimpleTask(OPERATION_CHECK_PASSWORD);
try {
oldPassword = new ProtectedStringType();
oldPassword.setClearValue(model.getObject().getOldPassword());
boolean isCorrectPassword = getModelInteractionService().checkPassword(focus.getOid(), oldPassword,
oldPassword.setClearValue(modelObject.getOldPassword());
boolean isCorrectPassword = getModelInteractionService().checkPassword(modelObject.getFocusOid(), oldPassword,
checkPasswordTask, checkPasswordResult);
if (!isCorrectPassword) {
error(getString("PageSelfCredentials.incorrectOldPassword"));
Expand Down Expand Up @@ -339,7 +354,7 @@ protected void onSavePerformed(AjaxRequestTarget target) {

result.computeStatus();
} catch (Exception ex) {
setEncryptedPasswordData(null);
setNullEncryptedPasswordData();
LoggingUtils.logUnexpectedException(LOGGER, "Couldn't save password changes", ex);
result.recordFatalError(getString("PageAbstractSelfCredentials.save.password.failed", ex.getMessage()), ex);
} finally {
Expand All @@ -349,11 +364,11 @@ protected void onSavePerformed(AjaxRequestTarget target) {
finishChangePassword(result, target);
}

protected void setEncryptedPasswordData(EncryptedDataType data) {
protected void setNullEncryptedPasswordData() {
MyPasswordsDto dto = model.getObject();
ProtectedStringType password = dto.getPassword();
if (password != null){
password.setEncryptedData(data);
password.setEncryptedData(null);
}
}

Expand All @@ -376,7 +391,7 @@ private List<PasswordAccountDto> getSelectedAccountsList(){
}
return selectedAccountList;
}
private void onCancelPerformed(AjaxRequestTarget target) {
private void onCancelPerformed() {
redirectBack();
}

Expand Down Expand Up @@ -423,11 +438,7 @@ private boolean hasPasswordCapability(PrismObject<ShadowType> shadow) {

}

public PrismObject<? extends FocusType> getFocus() {
return focus;
}

private CredentialsPolicyType getPasswordCredentialsPolicy (){
private CredentialsPolicyType getPasswordCredentialsPolicy (PrismObject<? extends FocusType> focus){
LOGGER.debug("Getting credentials policy");
Task task = createSimpleTask(OPERATION_GET_CREDENTIALS_POLICY);
OperationResult result = new OperationResult(OPERATION_GET_CREDENTIALS_POLICY);
Expand Down
2 changes: 1 addition & 1 deletion gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java
View file
Expand Up @@ -35,7 +35,7 @@ protected boolean isCheckOldPassword() {
@Override
protected void finishChangePassword(OperationResult result, AjaxRequestTarget target) {
if (!WebComponentUtil.isSuccessOrHandledError(result)) {
setEncryptedPasswordData(null);
setNullEncryptedPasswordData();
showResult(result);
target.add(getFeedbackPanel());
} else {
Expand Down

0 comments on commit 357f7a5

Please sign in to comment.