very first schema and impelemntation for reset password

infra/schema/src/main/java/com/evolveum/midpoint/schema/constants/SchemaConstants.java

@@ -205,6 +205,8 @@ public abstract class SchemaConstants {
 	public static final ItemPath PATH_PASSWORD = new ItemPath(C_CREDENTIALS, CredentialsType.F_PASSWORD);
 	public static final ItemPath PATH_PASSWORD_VALUE = new ItemPath(C_CREDENTIALS, CredentialsType.F_PASSWORD,
 			PasswordType.F_VALUE);
+	public static final ItemPath PATH_PASSWORD_FORCE_CHANGE = new ItemPath(C_CREDENTIALS, CredentialsType.F_PASSWORD,
+			PasswordType.F_FORCE_CHANGE);
 	public static final ItemPath PATH_PASSWORD_METADATA = new ItemPath(C_CREDENTIALS, CredentialsType.F_PASSWORD,
 			PasswordType.F_METADATA);
 	public static final ItemPath PATH_NONCE = new ItemPath(C_CREDENTIALS, CredentialsType.F_NONCE);

infra/schema/src/main/resources/xml/ns/public/common/common-core-3.xsd

@@ -14586,7 +14586,15 @@
 			</xsd:appinfo>
 		</xsd:annotation>
 		<xsd:sequence>
-		<xsd:element name="name" type="xsd:string" minOccurs="0">
+			<xsd:element name="name" type="xsd:string" minOccurs="0">
+			</xsd:element>
+			<xsd:element name="forceChange" type="xsd:boolean" minOccurs="0" maxOccurs="1" default="false">
+			</xsd:element>
+			<xsd:element name="authenticationName" type="xsd:string" minOccurs="0">
+			</xsd:element>
+			<xsd:element name="deliveryType" type="tns:DeliveryType" minOccurs="0">
+			</xsd:element>
+			<xsd:element name="newCredentialSource" type="tns:CredentialSourceType" minOccurs="0">
 			</xsd:element>
 			<xsd:element name="securityQuestionReset" type="tns:SecurityQuestionsResetPolicyType" minOccurs="0">
 			</xsd:element>
@@ -14598,6 +14606,79 @@
 		</xsd:sequence>
 	</xsd:complexType>
 
+	<xsd:complexType name="CredentialSourceType">
+		<xsd:annotation>
+			<xsd:documentation>
+			</xsd:documentation>
+			<xsd:appinfo>
+			<a:container/>
+		</xsd:appinfo>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="credentialSource" type="tns:CredentialSourceTypeType" minOccurs="0" maxOccurs="1">
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+
+	<xsd:simpleType name="CredentialSourceTypeType">
+        <xsd:annotation>
+            <xsd:documentation>
+                TODO
+            </xsd:documentation>
+            <xsd:appinfo>
+                <jaxb:typesafeEnumClass/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="generate">
+                <xsd:annotation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="GENERATE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+		</xsd:restriction>
+	</xsd:simpleType>
+
+
+	<xsd:simpleType name="DeliveryType">
+        <xsd:annotation>
+            <xsd:documentation>
+                TODO
+            </xsd:documentation>
+            <xsd:appinfo>
+                <jaxb:typesafeEnumClass/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="gui">
+                <xsd:annotation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="GUI"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+		</xsd:restriction>
+	</xsd:simpleType>
+
+	<xsd:complexType name="CredentialResetResponseType">
+		<xsd:annotation>
+			<xsd:documentation>
+			</xsd:documentation>
+			<xsd:appinfo>
+				<a:container/>
+			</xsd:appinfo>
+		</xsd:annotation>
+		<xsd:sequence>
+			<xsd:element name="message" type="tns:LocalizableMessageType" minOccurs="0">
+			</xsd:element>
+			<xsd:element name="newCredential" type="xsd:string" minOccurs="0">
+			</xsd:element>
+		</xsd:sequence>
+	</xsd:complexType>
+
+
+
 	<xsd:complexType name="AbstractAuthenticationPolicyType">
 		<xsd:annotation>
 			<xsd:documentation>

model/model-api/src/main/java/com/evolveum/midpoint/model/api/ModelInteractionService.java

@@ -327,4 +327,9 @@ LocalizableMessageType createLocalizableMessageType(LocalizableMessageTemplateTy
 			Map<QName, Object> variables, Task task, OperationResult result)
 			throws ObjectNotFoundException, SchemaException, ExpressionEvaluationException, CommunicationException,
 			ConfigurationException, SecurityViolationException;
+
+	public CredentialResetResponseType requestCredentialsReset(PrismObject<UserType> focus, String credentialsId,
+			CredentialsResetPolicyType resetMethod, Task task, OperationResult result)
+			throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException,
+			SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException;
 }

model/model-impl/src/main/java/com/evolveum/midpoint/model/impl/controller/ModelInteractionServiceImpl.java

@@ -52,7 +52,9 @@
 import com.evolveum.midpoint.repo.common.expression.ObjectDeltaObject;
 import com.evolveum.midpoint.schema.*;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
+import com.evolveum.midpoint.schema.util.LocalizationUtil;
 import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
+import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
 import com.evolveum.midpoint.security.api.MidPointPrincipal;
 import com.evolveum.midpoint.security.api.SecurityContextManager;
 import com.evolveum.midpoint.security.api.UserProfileService;
@@ -106,7 +108,11 @@
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.DebugUtil;
 import com.evolveum.midpoint.util.DisplayableValue;
+import com.evolveum.midpoint.util.LocalizableMessage;
+import com.evolveum.midpoint.util.LocalizableMessageBuilder;
+import com.evolveum.midpoint.util.MiscUtil;
 import com.evolveum.midpoint.util.QNameUtil;
+import com.evolveum.midpoint.util.SingleLocalizableMessage;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
 import com.evolveum.prism.xml.ns._public.types_3.ItemPathType;
@@ -1464,4 +1470,72 @@ public LocalizableMessageType createLocalizableMessageType(LocalizableMessageTem
 		vars.addVariableDefinitions(variables);
 		return LensUtil.interpretLocalizableMessageTemplate(template, vars, expressionFactory, prismContext, task, result);
 	}
+
+	@Override
+	public CredentialResetResponseType requestCredentialsReset(PrismObject<UserType> user, String credentialsId,
+			CredentialsResetPolicyType resetMethod, Task task, OperationResult parentResult)
+			throws ObjectNotFoundException, SchemaException, CommunicationException, ConfigurationException,
+			SecurityViolationException, ExpressionEvaluationException, ObjectAlreadyExistsException, PolicyViolationException {
+
+//		CredentialSourceType credentialSource = resetMethod.getNewCredentialSource();
+//		
+//		CredentialSourceTypeType credentialSourceType = null;
+//		if (credentialSource != null) {
+//		 credentialSourceType = credentialSource.getCredentialSource();
+//		}
+
+//		SecurityPolicyType securityPolicyType = getSecurityPolicy(user, task, parentResult);
+//		
+//		String authenticationName = resetMethod.getAuthenticationName();
+//		if (authenticationName != null) {
+//			AbstractAuthenticationPolicyType authPolicy = SecurityPolicyUtil
+//					.getAuthenticationPolicy(authenticationName, securityPolicyType);
+//		}
+
+
+		ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
+		String newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);		
+//		if (credentialSourceType == null) {
+//			ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
+//			newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);			
+//		} else {
+//			switch(credentialSourceType) {
+//				case GENERATE: 
+//					ValuePolicyType valuePolicyType = getValuePolicy(user, task, parentResult);
+//					newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
+//					break;
+//				default:
+//					valuePolicyType = getValuePolicy(user, task, parentResult);
+//					newPassword = generateValue(valuePolicyType, 8, false, user, "generate password for user", task, parentResult);
+//					break;
+//			}
+//		}
+
+		ProtectedStringType newProtectedPassword = new ProtectedStringType();
+		newProtectedPassword.setClearValue(newPassword);
+		ObjectDelta<UserType> passwordObjectDelta = ObjectDelta.createModificationReplaceProperty(UserType.class, user.getOid(),
+				SchemaConstants.PATH_PASSWORD_VALUE, prismContext, newPassword);
+
+		if (BooleanUtils.isTrue(resetMethod.isForceChange())) {
+			passwordObjectDelta.addModificationReplaceProperty(SchemaConstants.PATH_PASSWORD_FORCE_CHANGE, Boolean.TRUE);
+		}
+
+		Collection<ObjectDeltaOperation<? extends ObjectType>> result = modelService.executeChanges(
+				MiscUtil.createCollection(passwordObjectDelta), ModelExecuteOptions.createRaw(), task, parentResult);
+
+		parentResult.recomputeStatus();
+
+		CredentialResetResponseType response = new CredentialResetResponseType();
+		response.setNewCredential(newPassword);
+		// TODO work with the result
+		LocalizableMessage message = LocalizableMessageBuilder.buildFallbackMessage("Reset password successfull.");
+
+		response.setMessage(LocalizationUtil.createLocalizableMessageType(message));
+
+
+
+
+//		cacheRepositoryService.modifyObject(type, oid, modifications, parentResult);
+		return response;
+	}
 }