From 357f7a5d4a0a0ecbd3ab5e031ae7d90e4dad1b4a Mon Sep 17 00:00:00 2001 From: Katarina Valalikova Date: Thu, 2 Apr 2020 12:17:31 +0200 Subject: [PATCH] cleaup + iprovmeents for self credentatials panel. added possibility to override account loading in case of reset password --- .../page/admin/home/dto/MyPasswordsDto.java | 17 +++ .../forgetpassword/PageResetPassword.java | 28 ++-- .../self/PageAbstractSelfCredentials.java | 141 ++++++++++-------- .../web/page/self/PageSelfCredentials.java | 2 +- 4 files changed, 113 insertions(+), 75 deletions(-) diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/MyPasswordsDto.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/MyPasswordsDto.java index e5c6f22a6f7..b73c7b18ed2 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/MyPasswordsDto.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/admin/home/dto/MyPasswordsDto.java @@ -11,7 +11,9 @@ import java.util.ArrayList; import java.util.List; +import com.evolveum.midpoint.prism.PrismObject; import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPropagationUserControlType; +import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType; import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordChangeSecurityType; import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType; @@ -24,6 +26,9 @@ public class MyPasswordsDto implements Serializable { public static final String F_PASSWORD = "password"; public static final String F_OLD_PASSWORD = "oldPassword"; + + private PrismObject focus; + private List accounts; private ProtectedStringType password; private CredentialsPropagationUserControlType propagation; @@ -68,4 +73,16 @@ public String getOldPassword() { public void setOldPassword(String oldPassword) { this.oldPassword = oldPassword; } + + public PrismObject getFocus() { + return focus; + } + + public void setFocus(PrismObject focus) { + this.focus = focus; + } + + public String getFocusOid() { + return focus.getOid(); + } } diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPassword.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPassword.java index b07a2aa27ca..290ba9ebe31 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPassword.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPassword.java @@ -6,6 +6,8 @@ */ package com.evolveum.midpoint.web.page.forgetpassword; +import com.evolveum.midpoint.web.application.Url; +import com.evolveum.midpoint.web.page.admin.home.dto.MyPasswordsDto; import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType; import org.apache.wicket.ajax.AjaxRequestTarget; @@ -26,13 +28,17 @@ import com.evolveum.midpoint.web.page.self.PageSelf; import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType; -@PageDescriptor(url = PageResetPassword.URL, action = { - @AuthorizationAction(actionUri = PageSelf.AUTH_SELF_ALL_URI, - label = PageSelf.AUTH_SELF_ALL_LABEL, - description = PageSelf.AUTH_SELF_ALL_DESCRIPTION), - @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL, - label = "PageSelfCredentials.auth.credentials.label", - description = "PageSelfCredentials.auth.credentials.description")}) +@PageDescriptor( + urls = { + @Url(mountUrl = PageResetPassword.URL, matchUrlForSecurity = PageResetPassword.URL) + }, + action = { + @AuthorizationAction(actionUri = PageSelf.AUTH_SELF_ALL_URI, + label = PageSelf.AUTH_SELF_ALL_LABEL, + description = PageSelf.AUTH_SELF_ALL_DESCRIPTION), + @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL, + label = "PageSelfCredentials.auth.credentials.label", + description = "PageSelfCredentials.auth.credentials.description")}) public class PageResetPassword extends PageAbstractSelfCredentials{ private static final long serialVersionUID = 1L; @@ -62,7 +68,8 @@ protected void finishChangePassword(final OperationResult result, AjaxRequestTar result.setMessage(getString("PageResetPassword.reset.successful")); setResponsePage(PageLogin.class); - PrismObject focus = getFocus(); + MyPasswordsDto passwords = getModelObject(); + PrismObject focus = passwords.getFocus(); if (focus == null) { SecurityContextHolder.getContext().setAuthentication(null); return; @@ -97,5 +104,8 @@ protected void createBreadcrumb() { // we don't want breadcrumbs here } - + @Override + protected boolean shouldLoadAccounts(MyPasswordsDto dto) { + return false; + } } diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAbstractSelfCredentials.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAbstractSelfCredentials.java index 310312d205d..bc08468e480 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAbstractSelfCredentials.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAbstractSelfCredentials.java @@ -11,6 +11,7 @@ import java.util.Collections; import java.util.List; +import org.apache.commons.collections.CollectionUtils; import org.apache.wicket.ajax.AjaxRequestTarget; import org.apache.wicket.extensions.markup.html.tabs.AbstractTab; import org.apache.wicket.extensions.markup.html.tabs.ITab; @@ -50,7 +51,6 @@ import com.evolveum.midpoint.web.security.util.SecurityUtils; import com.evolveum.midpoint.xml.ns._public.common.common_3.*; import com.evolveum.midpoint.xml.ns._public.resource.capabilities_3.CredentialsCapabilityType; -import com.evolveum.prism.xml.ns._public.types_3.EncryptedDataType; import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType; /** @@ -77,7 +77,6 @@ public abstract class PageAbstractSelfCredentials extends PageSelf { private LoadableModel model; - private PrismObject focus; public PageAbstractSelfCredentials() { model = new LoadableModel(false) { @@ -102,70 +101,36 @@ protected void createBreadcrumb() { private MyPasswordsDto loadPageModel() { LOGGER.debug("Loading user and accounts."); - MyPasswordsDto dto = new MyPasswordsDto(); + + MyPasswordsDto dto; OperationResult result = new OperationResult(OPERATION_LOAD_USER_WITH_ACCOUNTS); try { String focusOid = SecurityUtils.getPrincipalUser().getOid(); Task task = createSimpleTask(OPERATION_LOAD_USER); OperationResult subResult = result.createSubresult(OPERATION_LOAD_USER); - focus = getModelService().getObject(FocusType.class, focusOid, null, task, subResult); + PrismObject focus = getModelService().getObject(FocusType.class, focusOid, null, task, subResult); + dto = createMyPasswordsDto(focus); subResult.recordSuccessIfUnknown(); - dto.getAccounts().add(createDefaultPasswordAccountDto(focus)); - - CredentialsPolicyType credentialsPolicyType = getPasswordCredentialsPolicy(); - if (credentialsPolicyType != null) { - PasswordCredentialsPolicyType passwordCredentialsPolicy = credentialsPolicyType.getPassword(); - if (passwordCredentialsPolicy != null) { - CredentialsPropagationUserControlType propagationUserControl = passwordCredentialsPolicy.getPropagationUserControl(); - if (propagationUserControl != null) { - dto.setPropagation(propagationUserControl); - } - PasswordChangeSecurityType passwordChangeSecurity = passwordCredentialsPolicy.getPasswordChangeSecurity(); - if (passwordChangeSecurity != null) { - dto.setPasswordChangeSecurity(passwordChangeSecurity); - } - - } - + if (!shouldLoadAccounts(dto)) { + LOGGER.debug("Skip loading account, because policy said so (enabled {} propagation).", dto.getPropagation()); + return dto; } - if (dto.getPropagation() == null || dto.getPropagation().equals(CredentialsPropagationUserControlType.USER_CHOICE)) { - PrismReference reference = focus.findReference(FocusType.F_LINK_REF); - if (reference == null || reference.getValues() == null) { - LOGGER.debug("No accounts found for user {}.", new Object[]{focusOid}); - return dto; - } - - final Collection> options = getOperationOptionsBuilder() - .noFetch() - .item(ShadowType.F_RESOURCE_REF).resolve() - .build(); - List values = reference.getValues(); - for (PrismReferenceValue value : values) { - subResult = result.createSubresult(OPERATION_LOAD_ACCOUNT); - try { - String accountOid = value.getOid(); - task = createSimpleTask(OPERATION_LOAD_ACCOUNT); - - PrismObject account = getModelService().getObject(ShadowType.class, - accountOid, options, task, subResult); - - - dto.getAccounts().add(createPasswordAccountDto(account, task, subResult)); - subResult.recordSuccessIfUnknown(); - } catch (Exception ex) { - LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load account", ex); - subResult.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccount.fatalError"), ex); - } - } + PrismReference reference = focus.findReference(FocusType.F_LINK_REF); + if (reference == null || CollectionUtils.isEmpty(reference.getValues())) { + LOGGER.debug("No accounts found for user {}.", new Object[]{focusOid}); + return dto; } + + addAccountsToMyPasswordsDto(dto, reference.getValues(), task, result); result.recordSuccessIfUnknown(); } catch (Exception ex) { LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load accounts", ex); result.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccounts.fatalError"), ex); } finally { result.recomputeStatus(); + dto = new MyPasswordsDto(); } Collections.sort(dto.getAccounts()); @@ -177,6 +142,55 @@ private MyPasswordsDto loadPageModel() { return dto; } + private MyPasswordsDto createMyPasswordsDto(PrismObject focus) { + MyPasswordsDto dto = new MyPasswordsDto(); + dto.setFocus(focus); + dto.getAccounts().add(createDefaultPasswordAccountDto(focus)); + + CredentialsPolicyType credentialsPolicyType = getPasswordCredentialsPolicy(focus); + if (credentialsPolicyType != null) { + PasswordCredentialsPolicyType passwordCredentialsPolicy = credentialsPolicyType.getPassword(); + if (passwordCredentialsPolicy != null) { + CredentialsPropagationUserControlType propagationUserControl = passwordCredentialsPolicy.getPropagationUserControl(); + if (propagationUserControl != null) { + dto.setPropagation(propagationUserControl); + } + PasswordChangeSecurityType passwordChangeSecurity = passwordCredentialsPolicy.getPasswordChangeSecurity(); + if (passwordChangeSecurity != null) { + dto.setPasswordChangeSecurity(passwordChangeSecurity); + } + + } + } + return dto; + } + + protected boolean shouldLoadAccounts(MyPasswordsDto dto) { + return dto.getPropagation() == null || CredentialsPropagationUserControlType.USER_CHOICE == dto.getPropagation(); + } + + private void addAccountsToMyPasswordsDto(MyPasswordsDto dto, List linkReferences, Task task, OperationResult result) { + final Collection> options = getOperationOptionsBuilder() + .noFetch() + .item(ShadowType.F_RESOURCE_REF).resolve() + .build(); + for (PrismReferenceValue value : linkReferences) { + OperationResult subResult = result.createSubresult(OPERATION_LOAD_ACCOUNT); + try { + String accountOid = value.getOid(); + PrismObject account = getModelService().getObject(ShadowType.class, + accountOid, options, task, subResult); + + + dto.getAccounts().add(createPasswordAccountDto(account, task, subResult)); + subResult.recordSuccessIfUnknown(); + } catch (Exception ex) { + LoggingUtils.logUnexpectedException(LOGGER, "Couldn't load account", ex); + subResult.recordFatalError(getString("PageAbstractSelfCredentials.message.couldntLoadAccount.fatalError"), ex); + } + } + } + private void initLayout() { Form mainForm = new com.evolveum.midpoint.web.component.form.Form<>(ID_MAIN_FORM); @@ -225,12 +239,12 @@ protected void onSubmit(AjaxRequestTarget target) { @Override protected void onError(AjaxRequestTarget target) { - onCancelPerformed(target); + onCancelPerformed(); } @Override protected void onSubmit(AjaxRequestTarget target) { - onCancelPerformed(target); + onCancelPerformed(); } }; mainForm.add(cancel); @@ -266,8 +280,9 @@ protected void onSavePerformed(AjaxRequestTarget target) { ProtectedStringType oldPassword = null; if (isCheckOldPassword()) { LOGGER.debug("Check old password"); - if (model.getObject().getOldPassword() == null - || model.getObject().getOldPassword().trim().equals("")){ + MyPasswordsDto modelObject = getModelObject(); + if (modelObject.getOldPassword() == null + || modelObject.getOldPassword().trim().equals("")){ warn(getString("PageSelfCredentials.specifyOldPasswordMessage")); target.add(getFeedbackPanel()); return; @@ -276,8 +291,8 @@ protected void onSavePerformed(AjaxRequestTarget target) { Task checkPasswordTask = createSimpleTask(OPERATION_CHECK_PASSWORD); try { oldPassword = new ProtectedStringType(); - oldPassword.setClearValue(model.getObject().getOldPassword()); - boolean isCorrectPassword = getModelInteractionService().checkPassword(focus.getOid(), oldPassword, + oldPassword.setClearValue(modelObject.getOldPassword()); + boolean isCorrectPassword = getModelInteractionService().checkPassword(modelObject.getFocusOid(), oldPassword, checkPasswordTask, checkPasswordResult); if (!isCorrectPassword) { error(getString("PageSelfCredentials.incorrectOldPassword")); @@ -339,7 +354,7 @@ protected void onSavePerformed(AjaxRequestTarget target) { result.computeStatus(); } catch (Exception ex) { - setEncryptedPasswordData(null); + setNullEncryptedPasswordData(); LoggingUtils.logUnexpectedException(LOGGER, "Couldn't save password changes", ex); result.recordFatalError(getString("PageAbstractSelfCredentials.save.password.failed", ex.getMessage()), ex); } finally { @@ -349,11 +364,11 @@ protected void onSavePerformed(AjaxRequestTarget target) { finishChangePassword(result, target); } - protected void setEncryptedPasswordData(EncryptedDataType data) { + protected void setNullEncryptedPasswordData() { MyPasswordsDto dto = model.getObject(); ProtectedStringType password = dto.getPassword(); if (password != null){ - password.setEncryptedData(data); + password.setEncryptedData(null); } } @@ -376,7 +391,7 @@ private List getSelectedAccountsList(){ } return selectedAccountList; } - private void onCancelPerformed(AjaxRequestTarget target) { + private void onCancelPerformed() { redirectBack(); } @@ -423,11 +438,7 @@ private boolean hasPasswordCapability(PrismObject shadow) { } - public PrismObject getFocus() { - return focus; - } - - private CredentialsPolicyType getPasswordCredentialsPolicy (){ + private CredentialsPolicyType getPasswordCredentialsPolicy (PrismObject focus){ LOGGER.debug("Getting credentials policy"); Task task = createSimpleTask(OPERATION_GET_CREDENTIALS_POLICY); OperationResult result = new OperationResult(OPERATION_GET_CREDENTIALS_POLICY); diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java index b19b05d1b7c..846a751b0a6 100644 --- a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java +++ b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageSelfCredentials.java @@ -35,7 +35,7 @@ protected boolean isCheckOldPassword() { @Override protected void finishChangePassword(OperationResult result, AjaxRequestTarget target) { if (!WebComponentUtil.isSuccessOrHandledError(result)) { - setEncryptedPasswordData(null); + setNullEncryptedPasswordData(); showResult(result); target.add(getFeedbackPanel()); } else {