Merge branch 'master' of github.com:Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageForgotPassword.java

@@ -290,7 +290,7 @@ private void processResetPassword(AjaxRequestTarget target, Form<?> form) {
 					target.add(PageForgotPassword.this);
 				} else {
 					getSession().error(getString("PageForgotPassword.send.nonce.failed"));
-					LOGGER.error("Failed to sent none to user: {} ", result.getMessage());
+					LOGGER.error("Failed to send nonce to user: {} ", result.getMessage());
 					throw new RestartResponseException(PageForgotPassword.this);
 				}
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/util/MidPointProfilingServletFilter.java

@@ -62,13 +62,13 @@ public void init(FilterConfig config) throws ServletException {
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
             throws IOException, ServletException {
 
-        if(LOGGER.isTraceEnabled()){
+        if (LOGGER.isTraceEnabled()) {
             long startTime = System.nanoTime();
 
             try {
             	chain.doFilter(request, response);
         	} catch (IOException | ServletException | RuntimeException | Error e) {
-        		LOGGER.error("Encountered exception: {}: {}", e.getClass().getName(), e.getMessage(), e);
+        		LOGGER.debug("Encountered exception: {}: {}", e.getClass().getName(), e.getMessage(), e);
         		throw e;
         	}
 
@@ -85,7 +85,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
         	try {
         		chain.doFilter(request, response);
         	} catch (IOException | ServletException | RuntimeException | Error e) {
-        		LOGGER.error("Encountered exception: {}: {}", e.getClass().getName(), e.getMessage(), e);
+        		LOGGER.debug("Encountered exception: {}: {}", e.getClass().getName(), e.getMessage(), e);
         		throw e;
         	}
          }

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -6636,6 +6636,36 @@
                     </xsd:appinfo>
                 </xsd:annotation>
             </xsd:element>
+            <xsd:element name="deprecated" type="xsd:boolean" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        This setting can be used to control the value of "deprecated" flag determined from
+                        the schema. I.e. it can be used to override the value taken from the schema.
+                        E.g. it can be used to "unmark" a deprecated item, so it will behave as normal,
+                        non-deprecated item. This may be used as a temporary measure during the period of
+                        migrating the configuration to non-deprecated setting.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                    	<a:since>3.8</a:since>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
+            <xsd:element name="experimental" type="xsd:boolean" minOccurs="0">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        This setting can be used to control the value of "experimental" flag determined from
+                        the schema. I.e. it can be used to override the value taken from the schema.
+                        E.g. it can be used to "unmark" an experimental item, so it will behave as normal,
+                        non-experimental item.
+                        USE WITH CARE. Experimental items are marked as experimental for a reason.
+                        When those items are "unmarked", they will not get any less experimental.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                    	<a:since>3.8</a:since>
+                    	<a:experimental>true</a:experimental>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:element>
         </xsd:sequence>
     </xsd:complexType>
 

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/SchemaTransformer.java

@@ -562,6 +562,16 @@ private <IV extends PrismValue,ID extends ItemDefinition> void applyObjectTempla
 		if (emphasized != null) {
 			((ItemDefinitionImpl) itemDef).setEmphasized(emphasized);
 		}
+
+		Boolean deprecated = templateItemDefType.isDeprecated();
+		if (deprecated != null) {
+			((ItemDefinitionImpl) itemDef).setDeprecated(deprecated);
+		}
+
+		Boolean experimental = templateItemDefType.isExperimental();
+		if (experimental != null) {
+			((ItemDefinitionImpl) itemDef).setExperimental(experimental);
+		}
 
 		List<PropertyLimitationsType> limitations = templateItemDefType.getLimitations();
 		if (limitations != null) {

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java

@@ -343,8 +343,11 @@ public class AbstractConfiguredModelIntegrationTest extends AbstractModelIntegra
 	protected static final Date USER_HERMAN_VALID_TO_DATE = MiscUtil.asDate(2233, 3, 23, 18, 30, 00);
 
 	// Has null name, doesn not have given name, no employeeType
-	protected static final String USER_THREE_HEADED_MONKEY_FILENAME = COMMON_DIR + "/user-three-headed-monkey.xml";
+	protected static final File USER_THREE_HEADED_MONKEY_FILE = new File(COMMON_DIR, "/user-three-headed-monkey.xml");
 	protected static final String USER_THREE_HEADED_MONKEY_OID = "c0c010c0-d34d-b33f-f00d-110011001133";
+	protected static final String USER_THREE_HEADED_MONKEY_NAME = "monkey";
+	protected static final String USER_THREE_HEADED_MONKEY_FULL_NAME = "Three-Headed Monkey";
+
 
 	// Elaine has account on the dummy resources (default, red, blue)
 	// The accounts are also assigned
@@ -427,6 +430,7 @@ public class AbstractConfiguredModelIntegrationTest extends AbstractModelIntegra
 	protected static final String ORG_SCUMM_BAR_DISPLAY_NAME = "Scumm Bar";
 	protected static final String ORG_MINISTRY_OF_OFFENSE_OID = "00000000-8888-6666-0000-100000000003";
     protected static final String ORG_MINISTRY_OF_DEFENSE_OID = "00000000-8888-6666-0000-100000000002";
+    protected static final String ORG_MINISTRY_OF_DEFENSE_NAME = "F0002";
 	protected static final String ORG_MINISTRY_OF_RUM_OID = "00000000-8888-6666-0000-100000000004";
 	protected static final String ORG_MINISTRY_OF_RUM_NAME = "F0004";
 	protected static final String ORG_SWASHBUCKLER_SECTION_OID = "00000000-8888-6666-0000-100000000005";

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractInitializedModelIntegrationTest.java

@@ -368,6 +368,11 @@ protected void setDefaultUserTemplate(String userTemplateOid)
 		setDefaultObjectTemplate(UserType.COMPLEX_TYPE, userTemplateOid);
 	}
 
+	@Override
+	protected String getTopOrgOid() {
+		return ORG_GOVERNOR_OFFICE_OID;
+	}
+
 	protected void assertMonkeyIslandOrgSanity() throws ObjectNotFoundException, SchemaException, SecurityViolationException, CommunicationException, ConfigurationException, ExpressionEvaluationException {
 		assertMonkeyIslandOrgSanity(0);
 	}

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/TestUserTemplate.java

@@ -1995,7 +1995,7 @@ public void test202AddUserMonkey() throws Exception {
         Task task = taskManager.createTaskInstance(TestUserTemplate.class.getName() + ".test202AddUserMonkey");
         OperationResult result = task.getResult();
 
-        PrismObject<UserType> user = PrismTestUtil.parseObject(new File(USER_THREE_HEADED_MONKEY_FILENAME));
+        PrismObject<UserType> user = PrismTestUtil.parseObject(USER_THREE_HEADED_MONKEY_FILE);
         Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<>();
         ObjectDelta<UserType> userDelta = ObjectDelta.createAddDelta(user);
         deltas.add(userDelta);

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/gensync/TestEditSchema.java

@@ -1045,6 +1045,11 @@ public void test200EditSchemaUser() throws Exception {
 		valueEnumerationRef = timezoneDef.getValueEnumerationRef();
 		assertNotNull("No valueEnumerationRef for timezone", valueEnumerationRef);
 		assertEquals("Wrong valueEnumerationRef OID for timezone", SystemObjectsType.LOOKUP_TIMEZONES.value(), valueEnumerationRef.getOid());
+
+		// Deprecated. But deprecation flag in overridden in object template (MID-4680)
+		PrismPropertyDefinition<String> employeeTypeDef = editDef.findPropertyDefinition(UserType.F_EMPLOYEE_TYPE);
+		assertNotNull("No definition for employeeType in user", employeeTypeDef);
+		assertEquals("Wrong deprecation flag for employeeType", false, employeeTypeDef.isDeprecated());
 
 		PrismContainerDefinition<CredentialsType> credentialsDef = editDef.findContainerDefinition(UserType.F_CREDENTIALS);
 		assertNotNull("No definition for credentials in user", credentialsDef);

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java

@@ -144,6 +144,8 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		initDummyResourcePirate(RESOURCE_DUMMY_LIFECYCLE_NAME, RESOURCE_DUMMY_LIFECYCLE_FILE, RESOURCE_DUMMY_LIFECYCLE_OID, initTask, initResult);
 		initDummyResourcePirate(RESOURCE_DUMMY_SOUVENIR_NAME, RESOURCE_DUMMY_SOUVENIR_FILE, RESOURCE_DUMMY_SOUVENIR_OID, initTask, initResult);
 
+		repoAddObjectFromFile(USER_THREE_HEADED_MONKEY_FILE, UserType.class, true, initResult);
+
 		importObjectFromFile(PASSWORD_POLICY_MAVERICK_FILE);
 		initDummyResourcePirate(RESOURCE_DUMMY_MAVERICK_NAME, RESOURCE_DUMMY_MAVERICK_FILE, RESOURCE_DUMMY_MAVERICK_OID, initTask, initResult);
 
@@ -391,8 +393,7 @@ public void test110ModifyUserJackPassword() throws Exception {
         modifyUserChangePassword(USER_JACK_OID, USER_PASSWORD_2_CLEAR, task, result);
 
 		// THEN
-		result.computeStatus();
-        TestUtil.assertSuccess(result);
+		assertSuccess(result);
 
         lastPasswordChangeEnd = clock.currentTimeXMLGregorianCalendar();
 
@@ -528,8 +529,7 @@ public void test120JackAssignAccountDummyRedAndUgly() throws Exception {
         assignAccount(USER_JACK_OID, RESOURCE_DUMMY_UGLY_OID, null, task, result);
 
 		// THEN
-		result.computeStatus();
-        TestUtil.assertSuccess(result);
+		assertSuccess(result);
 
 		PrismObject<UserType> userJack = getUser(USER_JACK_OID);
 		display("User after change execution", userJack);
@@ -952,6 +952,66 @@ public void test142ModifyUserJackPasswordAA() throws Exception {
      	assertHasAccountPasswordNotification(RESOURCE_DUMMY_RED_NAME, USER_JACK_USERNAME, USER_PASSWORD_AA_CLEAR);
 		assertSingleUserPasswordNotification(USER_JACK_USERNAME, USER_PASSWORD_AA_CLEAR);
 	}
+
+	/**
+	 * Three headed monkey has no credentials. No password, nothing.
+	 * Just three heads.
+	 * MID-4631
+	 */
+	@Test
+    public void test150AssignMonkeyDummyAccount() throws Exception {
+		final String TEST_NAME = "test150AssignMonkeyDummyAccount";
+        displayTestTitle(TEST_NAME);
+
+        // GIVEN
+        Task task = createTask(TEST_NAME);
+        OperationResult result = task.getResult();
+        prepareTest();
+
+		// WHEN
+        assignAccount(USER_THREE_HEADED_MONKEY_OID, RESOURCE_DUMMY_OID, null, task, result);
+
+		// THEN
+		assertSuccess(result);
+
+		PrismObject<UserType> userAfter = getUser(USER_THREE_HEADED_MONKEY_OID);
+		display("User after", userAfter);
+		String accountOid = getSingleLinkOid(userAfter);
+
+        // Check account in dummy resource
+        assertDummyAccount(null, USER_THREE_HEADED_MONKEY_NAME, USER_THREE_HEADED_MONKEY_FULL_NAME, true);
+	}
+
+	/**
+	 * Three headed monkey has no credentials. No password, nothing.
+	 * Just three heads.
+	 * MID-4631
+	 */
+	@Test
+    public void test152ModifyUserMonkeyPassword() throws Exception {
+		final String TEST_NAME = "test152ModifyUserMonkeyPassword";
+        displayTestTitle(TEST_NAME);
+
+        // GIVEN
+        Task task = createTask(TEST_NAME);
+        OperationResult result = task.getResult();
+        prepareTest();
+
+        lastPasswordChangeStart = clock.currentTimeXMLGregorianCalendar();
+
+		// WHEN
+        modifyUserChangePassword(USER_THREE_HEADED_MONKEY_OID, USER_PASSWORD_1_CLEAR, task, result);
+
+		// THEN
+		assertSuccess(result);
+
+        lastPasswordChangeEnd = clock.currentTimeXMLGregorianCalendar();
+
+        PrismObject<UserType> userAfter = getUser(USER_THREE_HEADED_MONKEY_OID);
+		display("User after", userAfter);
+
+		assertUserPassword(userAfter, USER_PASSWORD_1_CLEAR);
+	}
 
 	@Test
     public void test200ApplyPasswordPolicyHistoryLength() throws Exception {

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/AbstractSecurityTest.java

@@ -136,6 +136,9 @@ public abstract class AbstractSecurityTest extends AbstractInitializedModelInteg
 
 	protected static final File USER_ESTEVAN_FILE = new File(TEST_DIR, "user-estevan.xml");
 	protected static final String USER_ESTEVAN_OID = "00000000-0000-0000-0000-110000000012";
+
+	protected static final File USER_CAPSIZE_FILE = new File(TEST_DIR, "user-capsize.xml");
+	protected static final String USER_CAPSIZE_OID = "bab2c6a8-5f2a-11e8-97d2-4fc12ba39043";
 
 	protected static final File USER_ANGELICA_FILE = new File(TEST_DIR, "user-angelica.xml");
 	protected static final String USER_ANGELICA_NAME = "angelika";
@@ -624,6 +627,7 @@ protected void cleanupAutzTest(String userOid, int expectedAssignments) throws O
         cleanupDelete(UserType.class, USER_DRAKE_OID, task, result);
         cleanupDelete(UserType.class, USER_RAPP_OID, task, result);
         cleanupDelete(UserType.class, USER_MANCOMB_OID, task, result);
+        cleanupDelete(UserType.class, USER_CAPSIZE_OID, task, result);
         cleanupAdd(USER_LARGO_FILE, task, result);
         cleanupAdd(USER_LECHUCK_FILE, task, result);
         cleanupAdd(USER_ESTEVAN_FILE, task, result);

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/security/TestSecurityBasic.java

@@ -986,7 +986,7 @@ public void test242AutzJackManagerFullControlManagerMinistryOfRum() throws Excep
 	}
 
 	/**
-	 * MID-3874
+	 * MID-3874, MID-3780
 	 */
 	@Test
     public void test243AutzJackManagerFullControlManagerMinistryOfRumAndDefense() throws Exception {
@@ -999,6 +999,8 @@ public void test243AutzJackManagerFullControlManagerMinistryOfRumAndDefense() th
         assignOrg(USER_JACK_OID, ORG_MINISTRY_OF_RUM_OID, SchemaConstants.ORG_MANAGER);
         assignOrg(USER_JACK_OID, ORG_MINISTRY_OF_DEFENSE_OID, SchemaConstants.ORG_MANAGER);
         assignAccount(USER_JACK_OID, RESOURCE_DUMMY_OID, null);
+
+        dumpOrgTreeAndUsers();
 
         // precondition
         PrismObject<ShadowType> elaineShadow = getObject(ShadowType.class, ACCOUNT_SHADOW_ELAINE_DUMMY_OID);
@@ -1011,7 +1013,7 @@ public void test243AutzJackManagerFullControlManagerMinistryOfRumAndDefense() th
         displayWhen(TEST_NAME);
 
         assertJack24xManagerDefense(TEST_NAME, true);
-
+        
         assertGlobalStateUntouched();
 	}
 
@@ -1300,11 +1302,21 @@ private void assertJack24xManagerDefense(String TEST_NAME, boolean fullControl)
 			// This is expected. The authorizations will mix on-resource and off-resource search.
 			display("Expected exception", e);
 		}
-        result.computeStatus();
-		TestUtil.assertFailure(result);
+        assertFailure(result);
+
+        assertSearch(UserType.class, null, 5);
 
+        assertAddAllow(USER_CAPSIZE_FILE); // MID-3780
+
+        assertSearch(UserType.class, null, 6);
 
         assertDeleteAllow(UserType.class, USER_ESTEVAN_OID);
+
+        assertSearch(UserType.class, null, 5);
+
+        assertDeleteAllow(UserType.class, USER_CAPSIZE_OID);
+
+        assertSearch(UserType.class, null, 4);
 
         assertVisibleUsers(4);
 	}

model/model-intest/src/test/resources/common/user-template-complex.xml

@@ -120,6 +120,11 @@
 	    	</expression>
 	    </mapping>
     </item>
+
+    <item>
+    	<ref>employeeType</ref>
+    	<deprecated>false</deprecated>
+    </item>
 
 	<item>
 		<ref>extension/badLuck</ref>

model/model-intest/src/test/resources/logback-test.xml

@@ -80,11 +80,11 @@
  	<logger name="com.evolveum.midpoint.model.impl.util" level="DEBUG" />
 	<logger name="com.evolveum.midpoint.model.impl.sync" level="DEBUG" />
  	<logger name="com.evolveum.midpoint.model.impl.sync.CorrelationConfirmationEvaluator" level="DEBUG" />
-    <logger name="com.evolveum.midpoint.provisioning" level="TRACE" />
+    <logger name="com.evolveum.midpoint.provisioning" level="DEBUG" />
     <logger name="com.evolveum.midpoint.provisioning.impl.ResourceManager" level="DEBUG" />
-    <logger name="com.evolveum.midpoint.provisioning.impl.ShadowCache" level="TRACE" />
-    <logger name="com.evolveum.midpoint.provisioning.impl.ShadowManager" level="TRACE" />
-    <logger name="com.evolveum.midpoint.provisioning.impl.task" level="TRACE" />
+    <logger name="com.evolveum.midpoint.provisioning.impl.ShadowCache" level="DEBUG" />
+    <logger name="com.evolveum.midpoint.provisioning.impl.ShadowManager" level="DEBUG" />
+    <logger name="com.evolveum.midpoint.provisioning.impl.task" level="DEBUG" />
     <logger name="com.evolveum.midpoint.provisioning.consistency" level="DEBUG" />
 	<logger name="com.evolveum.midpoint.expression" level="DEBUG" />
 	<logger name="com.evolveum.midpoint.model.common.expression" level="DEBUG" />

model/model-intest/src/test/resources/security/user-capsize.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright (c) 2018 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<user oid="bab2c6a8-5f2a-11e8-97d2-4fc12ba39043" 
+		xmlns='http://midpoint.evolveum.com/xml/ns/public/common/common-3'
+		xmlns:t='http://prism.evolveum.com/xml/ns/public/types-3'
+		xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
+		xmlns:xsd='http://www.w3.org/2001/XMLSchema'
+		xmlns:piracy='http://midpoint.evolveum.com/xml/ns/samples/piracy'>
+    <name>capsize</name>
+
+    <assignment>
+    	<targetRef oid="00000000-8888-6666-0000-100000000002">
+    		<!-- ministry of defense -->
+    	</targetRef>
+    </assignment>
+
+    <fullName>Kate Capsize</fullName>
+    <givenName>Kate</givenName>
+    <familyName>Capsize</familyName>
+
+</user>