ChangePasswordPanel & PasswordPanel cleanup

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java

@@ -11,7 +11,6 @@
 import java.util.List;
 import java.util.Objects;
 
-import com.evolveum.midpoint.gui.api.component.BasePanel;
 import com.evolveum.midpoint.gui.api.page.PageAdminLTE;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
 import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
@@ -39,12 +38,10 @@
 
 import com.evolveum.midpoint.authentication.api.util.AuthUtil;
 import com.evolveum.midpoint.gui.api.page.PageBase;
-import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
 import com.evolveum.midpoint.model.api.validator.StringLimitationResult;
 import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
 import com.evolveum.midpoint.task.api.Task;
-import com.evolveum.midpoint.util.Producer;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.midpoint.web.component.prism.InputPanel;
@@ -58,6 +55,9 @@ public class PasswordPanel extends InputPanel {
     private static final long serialVersionUID = 1L;
 
     private static final Trace LOGGER = TraceManager.getTrace(PasswordPanel.class);
+    private static final String DOT_CLASS = PasswordPanel.class.getName() + ".";
+    private static final String OPERATION_LOAD_CREDENTIALS_POLICY = DOT_CLASS + "loadCredentialsPolicy";
+    private static final String OPERATION_LOAD_PASSWORD_VALUE_POLICY = DOT_CLASS + "loadPasswordValuePolicy";
 
     private static final String ID_INPUT_CONTAINER = "inputContainer";
     private static final String ID_PASSWORD_ONE = "password1";
@@ -103,12 +103,7 @@ protected  <F extends FocusType> void initLayout() {
         LoadableDetachableModel<List<StringLimitationResult>> limitationsModel = new LoadableDetachableModel<>() {
             @Override
             protected List<StringLimitationResult> load() {
-                ValuePolicyType valuePolicy = null;
-                if (prismObject == null || !prismObject.canRepresent(ResourceType.class)) {
-                    //we skip getting value policy for ResourceType because it is some protected string from connector configuration
-                    valuePolicy = getValuePolicy(prismObject);
-                }
-                return getLimitationsForActualPassword(valuePolicy, prismObject);
+                return getLimitationsForActualPassword();
             }
         };
 
@@ -222,46 +217,11 @@ private String getPasswordMatched(String password1, String password2) {
         return "";
     }
 
-    protected <F extends FocusType> ValuePolicyType getValuePolicy(PrismObject<F> object) {
-        ValuePolicyType valuePolicyType = null;
-        try {
-            MidPointPrincipal user = AuthUtil.getPrincipalUser();
-            if (user != null) {
-                Task task = getParentPage().createSimpleTask("load value policy");
-                valuePolicyType = searchValuePolicy(object, task);
-            } else {
-                valuePolicyType = getParentPage().getSecurityContextManager().runPrivileged((Producer<ValuePolicyType>) () -> {
-                    Task task = getParentPage().createAnonymousTask("load value policy");
-                    return searchValuePolicy(object, task);
-                });
-            }
-        } catch (Exception e) {
-            LOGGER.warn("Couldn't load security policy for focus " + object, e);
-        }
-        return valuePolicyType;
-    }
 
     protected boolean canEditPassword() {
         return true;
     }
 
-    private <F extends FocusType> ValuePolicyType searchValuePolicy(PrismObject<F> object, Task task) {
-        try {
-            CredentialsPolicyType credentials = getParentPage().getModelInteractionService().getCredentialsPolicy(object, task, task.getResult());
-            if (credentials != null && credentials.getPassword() != null
-                    && credentials.getPassword().getValuePolicyRef() != null) {
-                PrismObject<ValuePolicyType> valuePolicy = WebModelServiceUtils.resolveReferenceNoFetch(
-                        credentials.getPassword().getValuePolicyRef(), getParentPage(), task, task.getResult());
-                if (valuePolicy != null) {
-                    return valuePolicy.asObjectable();
-                }
-            }
-        } catch (Exception e) {
-            LOGGER.warn("Couldn't load security policy for focus " + object, e);
-        }
-        return null;
-    }
-
     @Override
     public List<FormComponent> getFormComponents() {
         List<FormComponent> list = new ArrayList<>();
@@ -285,20 +245,48 @@ public FormComponent getBaseFormComponent() {
         return (FormComponent) get(ID_INPUT_CONTAINER + ":" + ID_PASSWORD_ONE);
     }
 
-    public List<StringLimitationResult> getLimitationsForActualPassword(ValuePolicyType valuePolicy, PrismObject<? extends ObjectType> object) {
+    public List<StringLimitationResult> getLimitationsForActualPassword() {
+        ValuePolicyType valuePolicy = getValuePolicy();
         if (valuePolicy != null) {
             Task task = getParentPage().createAnonymousTask("validation of password");
             try {
                 ProtectedStringType newValue = passwordModel == null ? new ProtectedStringType() : passwordModel.getObject();
                 return getParentPage().getModelInteractionService().validateValue(
-                        newValue, valuePolicy, object, task, task.getResult());
+                        newValue, valuePolicy, prismObject, task, task.getResult());
             } catch (Exception e) {
                 LOGGER.error("Couldn't validate password security policy", e);
             }
         }
         return new ArrayList<>();
     }
 
+    protected <F extends FocusType> ValuePolicyType getValuePolicy() {
+        ValuePolicyType valuePolicy = null;
+        if (prismObject == null || !prismObject.canRepresent(ResourceType.class)) {
+            //we skip getting value policy for ResourceType because it is some protected string from connector configuration
+            Task task = createTask(OPERATION_LOAD_CREDENTIALS_POLICY);
+            CredentialsPolicyType credentials = null;
+            try {
+                credentials = getParentPage().getModelInteractionService().getCredentialsPolicy(prismObject, task, task.getResult());
+            } catch (Exception e) {
+                LOGGER.warn("Couldn't load credentials policy for focus " + prismObject, e);
+            }
+            valuePolicy = WebComponentUtil.getPasswordValuePolicy(credentials, OPERATION_LOAD_PASSWORD_VALUE_POLICY, getParentPage());
+        }
+        return valuePolicy;
+    }
+
+    protected Task createTask(String operation) {
+        MidPointPrincipal user = AuthUtil.getPrincipalUser();
+        Task task = null;
+        if (user != null) {
+            task = getParentPage().createSimpleTask(operation);
+        } else {
+            task = getParentPage().createAnonymousTask(operation);
+        }
+        return task;
+    }
+
     private static class PasswordValidator implements IValidator<String> {
 
         private final PasswordTextField p1;

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/util/WebComponentUtil.java

@@ -5137,6 +5137,38 @@ public static CredentialsPolicyType getPasswordCredentialsPolicy(PrismObject<? e
         return credentialsPolicyType;
     }
 
+    public static  <F extends FocusType> ValuePolicyType getPasswordValuePolicy(CredentialsPolicyType credentialsPolicy,
+            String operation, PageAdminLTE parentPage) {
+        ValuePolicyType valuePolicyType = null;
+        MidPointPrincipal user = AuthUtil.getPrincipalUser();
+        try {
+            if (user != null) {
+                Task task = parentPage.createSimpleTask(operation);
+                valuePolicyType = resolvePasswordValuePolicy(credentialsPolicy, task, parentPage);
+            } else {
+                valuePolicyType = parentPage.getSecurityContextManager().runPrivileged((Producer<ValuePolicyType>) () -> {
+                    Task task = parentPage.createAnonymousTask(operation);
+                    return resolvePasswordValuePolicy(credentialsPolicy, task, parentPage);
+                });
+            }
+        } catch (Exception e) {
+            LOGGER.warn("Couldn't load password value policy for focus " + (user != null ? user.getFocus().asPrismObject() : null), e);
+        }
+        return valuePolicyType;
+    }
+
+    private static ValuePolicyType resolvePasswordValuePolicy(CredentialsPolicyType credentialsPolicy, Task task, PageAdminLTE parentPage) {
+        if (credentialsPolicy != null && credentialsPolicy.getPassword() != null
+                && credentialsPolicy.getPassword().getValuePolicyRef() != null) {
+            PrismObject<ValuePolicyType> valuePolicy = WebModelServiceUtils.resolveReferenceNoFetch(
+                    credentialsPolicy.getPassword().getValuePolicyRef(), parentPage, task, task.getResult());
+            if (valuePolicy != null) {
+                return valuePolicy.asObjectable();
+            }
+        }
+        return null;
+    }
+
     @Contract("_,true->!null")
     public static Long getTimestampAsLong(XMLGregorianCalendar cal, boolean currentIfNull) {
         Long calAsLong = MiscUtil.asMillis(cal);

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/forgotpassword/PageResetPassword.java

@@ -16,7 +16,6 @@
 import com.evolveum.midpoint.web.component.form.MidpointForm;
 
 import org.apache.wicket.ajax.AjaxRequestTarget;
-import org.apache.wicket.markup.html.pages.RedirectPage;
 
 import com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction;
 import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
@@ -74,7 +73,7 @@ protected FocusType load() {
         }) {
 
             @Override
-            protected boolean isCheckOldPassword() {
+            protected boolean shouldCheckOldPassword() {
                 return false;
             }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel.java

@@ -6,14 +6,11 @@
  */
 package com.evolveum.midpoint.gui.impl.page.self.credentials;
 
-import com.evolveum.midpoint.authentication.api.util.AuthUtil;
 import com.evolveum.midpoint.gui.api.component.BasePanel;
 import com.evolveum.midpoint.gui.api.component.password.*;
 import com.evolveum.midpoint.gui.api.component.result.Toast;
 import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
-import com.evolveum.midpoint.gui.api.util.WebModelServiceUtils;
 import com.evolveum.midpoint.model.api.validator.StringLimitationResult;
-import com.evolveum.midpoint.prism.PrismObject;
 import com.evolveum.midpoint.prism.PrismObjectDefinition;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.prism.delta.PropertyDelta;
@@ -22,9 +19,7 @@
 import com.evolveum.midpoint.schema.SchemaConstantsGenerated;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.result.OperationResult;
-import com.evolveum.midpoint.security.api.MidPointPrincipal;
 import com.evolveum.midpoint.task.api.Task;
-import com.evolveum.midpoint.util.Producer;
 import com.evolveum.midpoint.util.logging.LoggingUtils;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
@@ -70,6 +65,7 @@ public class ChangePasswordPanel<F extends FocusType> extends BasePanel<F> {
     private static final String OPERATION_VALIDATE_PASSWORD = DOT_CLASS + "validatePassword";
     private static final String OPERATION_LOAD_CREDENTIALS_POLICY = DOT_CLASS + "loadCredentialsPolicy";
     protected static final String OPERATION_CHECK_PASSWORD = DOT_CLASS + "checkPassword";
+    private static final String OPERATION_LOAD_PASSWORD_VALUE_POLICY = DOT_CLASS + "loadPasswordValuePolicy";
     private static final String OPERATION_SAVE_PASSWORD = DOT_CLASS + "savePassword";
 
    protected String currentPasswordValue = null;
@@ -119,7 +115,7 @@ public void setObject(String value) {
 
             @Override
             public boolean isVisible() {
-                return isCheckOldPassword();
+                return shouldCheckOldPassword();
             }
 
             @Override
@@ -217,7 +213,8 @@ protected void updateNewPasswordValuePerformed(AjaxRequestTarget target) {
     }
 
     private List<StringLimitationResult> getLimitationsForActualPassword(ProtectedStringType passwordValue) {
-        ValuePolicyType valuePolicy = getValuePolicy();
+        ValuePolicyType valuePolicy = WebComponentUtil.getPasswordValuePolicy(credentialsPolicyModel.getObject(),
+                OPERATION_LOAD_PASSWORD_VALUE_POLICY, getParentPage());
         if (valuePolicy != null) {
             Task task = getParentPage().createAnonymousTask(OPERATION_VALIDATE_PASSWORD);
             try {
@@ -230,46 +227,14 @@ private List<StringLimitationResult> getLimitationsForActualPassword(ProtectedSt
         return new ArrayList<>();
     }
 
-    protected boolean isCheckOldPassword() {
+    protected boolean shouldCheckOldPassword() {
         return (getPasswordChangeSecurity() == null) ||
                 (getPasswordChangeSecurity().equals(PasswordChangeSecurityType.OLD_PASSWORD) ||
                         (getPasswordChangeSecurity().equals(PasswordChangeSecurityType.OLD_PASSWORD_IF_EXISTS) &&
                                 getModelObject().asPrismObject()
                                 .findProperty(ItemPath.create(FocusType.F_CREDENTIALS, CredentialsType.F_PASSWORD, PasswordType.F_VALUE)) != null));
     }
 
-    protected <F extends FocusType> ValuePolicyType getValuePolicy() {
-        ValuePolicyType valuePolicyType = null;
-        try {
-            MidPointPrincipal user = AuthUtil.getPrincipalUser();
-            if (user != null) {
-                Task task = getParentPage().createSimpleTask("load value policy");
-                valuePolicyType = getSearchValuePolicy(task);
-            } else {
-                valuePolicyType = getParentPage().getSecurityContextManager().runPrivileged((Producer<ValuePolicyType>) () -> {
-                    Task task = getParentPage().createAnonymousTask("load value policy");
-                    return getSearchValuePolicy(task);
-                });
-            }
-        } catch (Exception e) {
-            LOGGER.warn("Couldn't load security policy for focus " + getModelObject().asPrismObject(), e);
-        }
-        return valuePolicyType;
-    }
-
-    private ValuePolicyType getSearchValuePolicy(Task task) {
-        CredentialsPolicyType credentialsPolicy = credentialsPolicyModel.getObject();
-        if (credentialsPolicy != null && credentialsPolicy.getPassword() != null
-                && credentialsPolicy.getPassword().getValuePolicyRef() != null) {
-            PrismObject<ValuePolicyType> valuePolicy = WebModelServiceUtils.resolveReferenceNoFetch(
-                    credentialsPolicy.getPassword().getValuePolicyRef(), getParentPage(), task, task.getResult());
-            if (valuePolicy != null) {
-                return valuePolicy.asObjectable();
-            }
-        }
-        return null;
-    }
-
     private PasswordChangeSecurityType getPasswordChangeSecurity() {
         CredentialsPolicyType credentialsPolicy = credentialsPolicyModel.getObject();
         return credentialsPolicy != null && credentialsPolicy.getPassword() != null ?
@@ -279,7 +244,7 @@ private PasswordChangeSecurityType getPasswordChangeSecurity() {
 
     private void changePasswordPerformed(AjaxRequestTarget target) {
         ProtectedStringType currentPassword = null;
-        if (isCheckOldPassword()) {
+        if (shouldCheckOldPassword()) {
             LOGGER.debug("Check old password");
             if (currentPasswordValue == null || currentPasswordValue.trim().equals("")) {
                 new Toast()