Merge remote-tracking branch 'origin/master' into tmp/internet2

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAssignmentShoppingCart.java

@@ -49,7 +49,7 @@
         @AuthorizationAction(actionUri = PageSelf.AUTH_SELF_ALL_URI,
                 label = PageSelf.AUTH_SELF_ALL_LABEL,
                 description = PageSelf.AUTH_SELF_ALL_DESCRIPTION),
-        @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_ASSIGNMENT_SHOP_KART_URL,
+        @AuthorizationAction(actionUri = AuthorizationConstants.AUTZ_UI_SELF_REQUESTS_ASSIGNMENTS_URL,
                 label = "PageAssignmentShoppingCart.auth.requestAssignment.label",
                 description = "PageAssignmentShoppingCart.auth.requestAssignment.description")})
 public class PageAssignmentShoppingCart<R extends AbstractRoleType> extends PageSelf {

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/ShadowUtil.java

@@ -775,6 +775,21 @@ private static <T> void validateAttribute(ResourceAttribute<T> attribute,
 		}
 	}
 
+	public static ProtectedStringType getPasswordValue(ShadowType shadowType) {
+		if (shadowType == null) {
+			return null;
+		}
+		CredentialsType creds = shadowType.getCredentials();
+		if (creds == null) {
+			return null;
+		}
+		PasswordType passwd = creds.getPassword();
+		if (passwd == null) {
+			return null;
+		}
+		return passwd.getValue();
+	}
+
 	public static String shortDumpShadow(PrismObject<ShadowType> shadow) {
 		if (shadow == null) {
 			return "null";

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/expr/MidpointFunctionsImpl.java

@@ -1414,8 +1414,8 @@ public <F extends FocusType> String computeProjectionLifecycle(F focus, ShadowTy
 		if (shadow.getKind() != null && shadow.getKind() != ShadowKindType.ACCOUNT) {
 			return null;
 		}
-		ProtectedStringType passwordPs = FocusTypeUtil.getPasswordValue((UserType) focus);
-		if (passwordPs != null && passwordPs.canGetCleartext()) {
+		ProtectedStringType focusPasswordPs = FocusTypeUtil.getPasswordValue((UserType) focus);
+		if (focusPasswordPs != null && focusPasswordPs.canGetCleartext()) {
 			return null;
 		}
 		CredentialsCapabilityType credentialsCapabilityType = ResourceTypeUtil

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/AbstractConfiguredModelIntegrationTest.java

@@ -364,6 +364,7 @@ public class AbstractConfiguredModelIntegrationTest extends AbstractModelIntegra
 	protected static final File USER_DRAKE_FILE = new File(COMMON_DIR, "user-drake.xml");
 	protected static final String USER_DRAKE_OID = "c0c010c0-d34d-b33f-f00d-11d1d1d1d1d1";
 	protected static final String USER_DRAKE_USERNAME = "drake";
+	protected static final String USER_DRAKE_FULLNAME = "Francis Drake";
 
 	public static final File ACCOUNT_JACK_DUMMY_FILE = new File(COMMON_DIR, "account-jack-dummy.xml");
 	public static final File ACCOUNT_JACK_DUMMY_RED_FILE = new File(COMMON_DIR, "account-jack-dummy-red.xml");

model/model-intest/src/test/java/com/evolveum/midpoint/model/intest/password/AbstractPasswordTest.java

@@ -332,8 +332,7 @@ public void test070AddUserHerman() throws Exception {
 
 		// THEN
         displayThen(TEST_NAME);
-		result.computeStatus();
-        TestUtil.assertSuccess("executeChanges result", result);
+		assertSuccess(result);
 
         XMLGregorianCalendar endCal = clock.currentTimeXMLGregorianCalendar();
 
@@ -2433,8 +2432,7 @@ public void test400AddUserRappWithAssignment() throws Exception {
 
 		// THEN
 		displayThen(TEST_NAME);
-		result.computeStatus();
-		TestUtil.assertSuccess(result);
+		assertSuccess(result);
 
 		PrismObject<UserType> userAfter = getUser(USER_RAPP_OID);
 		display("User after", userAfter);
@@ -3027,8 +3025,52 @@ public void test416UserRappSubtypeWreck() throws Exception {
 		assertNoUserPasswordNotifications();
 
 	}
-	// TODO: employeeType->WRECK
-
+
+	/**
+	 * Add user without a password, but with an assignment. Check that the account is provisioned.
+	 * The account will always be in a proposed state, even if password encryption is used.
+	 * The default lifecycle algorithm does not consider generated password to be good enough for the account to be active.
+	 * MID-5629
+	 */
+	@Test
+	public void test420AddUserDrakeWithAssignment() throws Exception {
+		final String TEST_NAME = "test420AddUserDrakeWithAssignment";
+		displayTestTitle(TEST_NAME);
+
+		// GIVEN
+		Task task = createTask(TEST_NAME);
+		OperationResult result = task.getResult();
+
+		PrismObject<UserType> userBefore = PrismTestUtil.parseObject(USER_DRAKE_FILE);
+		UserType userBeforeType = userBefore.asObjectable();
+		userBeforeType.getAssignment().add(createConstructionAssignment(RESOURCE_DUMMY_ORANGE_OID, null, null));
+		assertNull("Unexpected credentials", userBeforeType.getCredentials());
+		display("User before", userBefore);
+
+		// WHEN
+		displayWhen(TEST_NAME);
+		addObject(userBefore, task, result);
+
+		// THEN
+		displayThen(TEST_NAME);
+		assertSuccess(result);
+
+		String accountOid = assertUserAfter(USER_DRAKE_OID)
+				.singleLink()
+					.getOid();
+
+		assertRepoShadow(accountOid)
+				// Lifecycle state is always proposed, even for encrypted passwords.
+				// The default lifecycle algorithm does not consider generated password to be good enough for the account to be active.
+				.assertLifecycleState(SchemaConstants.LIFECYCLE_PROPOSED);
+
+		assertModelShadow(accountOid)
+				.assertLifecycleState(SchemaConstants.LIFECYCLE_PROPOSED);
+
+		// Check account in dummy resource
+		assertDummyAccount(RESOURCE_DUMMY_ORANGE_NAME, USER_DRAKE_USERNAME, USER_DRAKE_FULLNAME, true);
+	}
+
 	/**
 	 * MID-4397
 	 */

model/model-intest/src/test/resources/common/resource-dummy-orange.xml

@@ -9,7 +9,7 @@
 
 <!-- Orange dummy resource for testing associations with resource-provided referential integrity.
      It also have very little outbound expressions and it has some strange inbound expressions.
-     Also, it has schema exetended with the "mate" attribute, which is used for account-account association. -->
+     Also, it has schema extended with the "mate" attribute, which is used for account-account association. -->
 
 <resource oid="10000000-0000-0000-0000-000000001104"
 		  xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
@@ -414,7 +414,17 @@
 
             <credentials>
                 <password>
-                    <outbound/>
+                    <outbound>
+						<expression>
+							<asIs/>
+						</expression>
+					</outbound>
+					<outbound>
+						<strength>weak</strength>
+						<expression>
+							<generate/>
+						</expression>
+					</outbound>
                 </password>
             </credentials>
 

repo/security-api/src/main/java/com/evolveum/midpoint/security/api/AuthorizationConstants.java

@@ -355,9 +355,6 @@ public class AuthorizationConstants {
 	public static final QName AUTZ_UI_SELF_PROFILE_QNAME = new QName(NS_AUTHORIZATION_UI, "selfProfile");
 	public static final String AUTZ_UI_SELF_PROFILE_URL = NS_AUTHORIZATION_UI + "#selfProfile";
 
-	public static final QName AUTZ_UI_SELF_ASSIGNMENT_SHOP_KART_QNAME = new QName(NS_AUTHORIZATION_UI, "selfRequestAssignment");
-	public static final String AUTZ_UI_SELF_ASSIGNMENT_SHOP_KART_URL = NS_AUTHORIZATION_UI + "#selfRequestAssignment";
-
 	public static final QName AUTZ_UI_SELF_ASSIGNMENT_DETAILS_QNAME = new QName(NS_AUTHORIZATION_UI, "assignmentDetails");
 	public static final String AUTZ_UI_SELF_ASSIGNMENT_DETAILS_URL = NS_AUTHORIZATION_UI + "#assignmentDetails";