Merge branch 'master' of github.com:Evolveum/midpoint

Evolveum · May 18, 2018 · 9ba411e · 9ba411e
2 parents 64f99a9 + 2fc7006
commit 9ba411e
Show file tree

Hide file tree

Showing 11 changed files with 288 additions and 82 deletions.
diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/Definition.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/Definition.java
@@ -59,22 +59,8 @@ public interface Definition extends Serializable, DebugDumpable, Revivable {
 	QName getTypeName();
 
 	/**
-	 * This means that the entities described by this schema (items, complex types) or their content
-	 * is not defined by fixed (compile-time) schema. I.e. it is known only at run time.
-	 *
-	 * Some examples for "false" value:
-	 *  - c:user, c:UserType - statically defined type with statically defined content.
-	 *
-	 * Some examples for "true" value:
-	 *  - c:extension, c:ExtensionType - although the entity itself (item, type) are defined in
-	 *       the static schema, their content is not known at compile time;
-	 *  - c:attributes, c:ShadowAttributeType - the same as extension/ExtensionType;
-	 *  - ext:weapon (of type xsd:string) - even if the content is statically defined,
-	 *       the definition of the item itself is not known at compile time;
-	 *  - ri:inetOrgPerson, ext:LocationsType, ext:locations - both the entity
-	 *       and their content are known at run time only.
-	 *
-	 *  TODO clarify the third point; provide some tests for the 3rd and 4th point
+	 * This means that this particular definition (of an item or of a type) is part of the runtime schema, e.g.
+	 * extension schema, resource schema or connector schema or something like that. I.e. it is not defined statically.
 	 */
 	boolean isRuntimeSchema();
 

diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/DefinitionImpl.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/DefinitionImpl.java
@@ -68,9 +68,8 @@ public abstract class DefinitionImpl implements Definition {
     protected boolean inherited = false;
 
 	/**
-     * This means that the item container is not defined by fixed (compile-time) schema.
-     * This in fact means that we need to use getAny in a JAXB types. It does not influence the
-     * processing of DOM that much, as that does not really depend on compile-time/run-time distinction.
+	 * This means that this particular definition (of an item or of a type) is part of the runtime schema, e.g.
+	 * extension schema, resource schema or connector schema or something like that. I.e. it is not defined statically.
      */
     protected boolean isRuntimeSchema;
 

diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismObjectDefinitionImpl.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/PrismObjectDefinitionImpl.java
@@ -91,40 +91,40 @@ public PrismContainerDefinition<?> getExtensionDefinition() {
 		return findContainerDefinition(getExtensionQName());
 	}
 
-	public void setExtensionDefinition(ComplexTypeDefinition extensionComplexTypeDefinition) {
-		QName extensionQName = getExtensionQName();
-
-		PrismContainerDefinition<Containerable> oldExtensionDef = findContainerDefinition(extensionQName);
-
-		PrismContainerDefinitionImpl<?> newExtensionDef = new PrismContainerDefinitionImpl<>(extensionQName,
-				extensionComplexTypeDefinition, prismContext);
-		newExtensionDef.setRuntimeSchema(true);
-		if (oldExtensionDef != null) {
-			if (newExtensionDef.getDisplayName() == null) {
-				newExtensionDef.setDisplayName(oldExtensionDef.getDisplayName());
-			}
-			if (newExtensionDef.getDisplayOrder() == null) {
-				newExtensionDef.setDisplayOrder(oldExtensionDef.getDisplayOrder());
-			}
-			if (newExtensionDef.getHelp() == null) {
-				newExtensionDef.setHelp(oldExtensionDef.getHelp());
-			}
-		}
-
-		ComplexTypeDefinitionImpl newCtd = (ComplexTypeDefinitionImpl) this.complexTypeDefinition.clone();
-		newCtd.replaceDefinition(extensionQName, newExtensionDef);
-		if (newCtd.getDisplayName() == null) {
-			newCtd.setDisplayName(this.complexTypeDefinition.getDisplayName());
-		}
-		if (newCtd.getDisplayOrder() == null) {
-			newCtd.setDisplayOrder(this.complexTypeDefinition.getDisplayOrder());
-		}
-		if (newCtd.getHelp() == null) {
-			newCtd.setHelp(this.complexTypeDefinition.getHelp());
-		}
-
-		this.complexTypeDefinition = newCtd;
-	}
+//	public void setExtensionDefinition(ComplexTypeDefinition extensionComplexTypeDefinition) {
+//		QName extensionQName = getExtensionQName();
+//
+//		PrismContainerDefinition<Containerable> oldExtensionDef = findContainerDefinition(extensionQName);
+//
+//		PrismContainerDefinitionImpl<?> newExtensionDef = new PrismContainerDefinitionImpl<>(extensionQName,
+//				extensionComplexTypeDefinition, prismContext);
+//		newExtensionDef.setRuntimeSchema(true);
+//		if (oldExtensionDef != null) {
+//			if (newExtensionDef.getDisplayName() == null) {
+//				newExtensionDef.setDisplayName(oldExtensionDef.getDisplayName());
+//			}
+//			if (newExtensionDef.getDisplayOrder() == null) {
+//				newExtensionDef.setDisplayOrder(oldExtensionDef.getDisplayOrder());
+//			}
+//			if (newExtensionDef.getHelp() == null) {
+//				newExtensionDef.setHelp(oldExtensionDef.getHelp());
+//			}
+//		}
+//
+//		ComplexTypeDefinitionImpl newCtd = (ComplexTypeDefinitionImpl) this.complexTypeDefinition.clone();
+//		newCtd.replaceDefinition(extensionQName, newExtensionDef);
+//		if (newCtd.getDisplayName() == null) {
+//			newCtd.setDisplayName(this.complexTypeDefinition.getDisplayName());
+//		}
+//		if (newCtd.getDisplayOrder() == null) {
+//			newCtd.setDisplayOrder(this.complexTypeDefinition.getDisplayOrder());
+//		}
+//		if (newCtd.getHelp() == null) {
+//			newCtd.setHelp(this.complexTypeDefinition.getHelp());
+//		}
+//
+//		this.complexTypeDefinition = newCtd;
+//	}
 
 	@Override
 	public PrismObjectValue<O> createValue() {

diff --git a/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/DomToSchemaPostProcessor.java b/infra/prism/src/main/java/com/evolveum/midpoint/prism/schema/DomToSchemaPostProcessor.java
@@ -388,9 +388,8 @@ private void addPropertyDefinitionListFromGroup(XSModelGroup group, ComplexTypeD
 					// Create an inner PropertyContainer. It is assumed that
 					// this is a XSD complex type
 					XSComplexType complexType = (XSComplexType) xsType;
-					ComplexTypeDefinition complexTypeDefinition = null;
-					if (typeFromAnnotation != null && complexType != null
-							&& !typeFromAnnotation.equals(getType(xsType))) {
+					ComplexTypeDefinition complexTypeDefinition;
+					if (typeFromAnnotation != null && !typeFromAnnotation.equals(getType(xsType))) {
 						// There is a type override annotation. The type that
 						// the schema parser determined is useless
 						// We need to locate our own complex type definition
@@ -411,10 +410,10 @@ private void addPropertyDefinitionListFromGroup(XSModelGroup group, ComplexTypeD
 					XSAnnotation containerAnnotation = complexType.getAnnotation();
 					PrismContainerDefinition<?> containerDefinition = createPropertyContainerDefinition(
 							xsType, p, complexTypeDefinition, containerAnnotation, false);
-					if (isAny(xsType)) {
-						((PrismContainerDefinitionImpl) containerDefinition).setRuntimeSchema(true);
-						((PrismContainerDefinitionImpl) containerDefinition).setDynamic(true);
-					}
+//					if (isAny(xsType)) {
+//						((PrismContainerDefinitionImpl) containerDefinition).setRuntimeSchema(true);
+//						((PrismContainerDefinitionImpl) containerDefinition).setDynamic(true);
+//					}
 					((PrismContainerDefinitionImpl) containerDefinition).setInherited(particleInherited);
 					((ComplexTypeDefinitionImpl) ctd).add(containerDefinition);
 

diff --git a/...va/com/evolveum/midpoint/model/api/authentication/MidPointLdapAuthenticationProvider.java b/...va/com/evolveum/midpoint/model/api/authentication/MidPointLdapAuthenticationProvider.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2017 Evolveum
+ * Copyright (c) 2010-2018 Evolveum
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -26,6 +26,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.ldap.core.DirContextOperations;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -48,14 +49,36 @@ protected DirContextOperations doAuthentication(UsernamePasswordAuthenticationTo
 
         try {
             return super.doAuthentication(authentication);
+        } catch (InternalAuthenticationServiceException e) {
+        	// This sometimes happens ... for unknown reasons the underlying libraries cannot
+        	// figure out correct exception. Which results to wrong error message (MID-4518)
+        	// So, be smart here and try to figure out correct error.
+        	throw processInternalAuthenticationException(e, e);
+
         } catch (RuntimeException e) {
             LOGGER.error("Failed to authenticate user {}. Error: {}", authentication.getName(), e.getMessage(), e);
             auditProvider.auditLoginFailure(authentication.getName(), null, ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI), "bad credentials");
             throw e;
         }
     }
 
-    @Override
+    private RuntimeException processInternalAuthenticationException(InternalAuthenticationServiceException rootExeption, Throwable currentException) {
+    	if (currentException instanceof javax.naming.AuthenticationException) {
+    		String message = ((javax.naming.AuthenticationException)currentException).getMessage();
+    		if (message.contains("error code 49")) {
+    			// JNDI and Active Directory strike again
+    			return new BadCredentialsException("Invalid username and/or password.", rootExeption);
+    		}
+    	}
+    	Throwable cause = currentException.getCause();
+    	if (cause == null) {
+    		return rootExeption;
+    	} else {
+    		return processInternalAuthenticationException(rootExeption, cause);
+    	}
+	}
+
+	@Override
     protected Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken authentication,
                                                             UserDetails user) {
         Authentication authNCtx = super.createSuccessfulAuthentication(authentication, user);

diff --git a/testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestAbstractRestService.java b/testing/rest/src/test/java/com/evolveum/midpoint/testing/rest/TestAbstractRestService.java
@@ -1176,24 +1176,6 @@ public void test516validatePasswordHistoryConflict() throws Exception {
 
 		assertEquals("Expected 409 but got " + response.getStatus(), 409, response.getStatus());
 
-//		
-//		
-//		PolicyItemsDefinitionType policyItemsDefinitionType = response.readEntity(PolicyItemsDefinitionType.class);
-//		List<PolicyItemDefinitionType> policyItemDefinitions = policyItemsDefinitionType.getPolicyItemDefinition();
-//		for (PolicyItemDefinitionType policyItemDefinition : policyItemDefinitions) {
-//			OperationResultType result = policyItemDefinition.getResult();
-//			OperationResult opResult = OperationResult.createOperationResult(result);
-//			LOGGER.info("opresult: {}", opResult.debugDump());
-//			assertNotNull("Expected localized message, but no one present", result.getMessage());
-//			LocalizableMessageType localizableMessage = result.getUserFriendlyMessage();
-//			assertTrue("Not a single localiable message", localizableMessage instanceof SingleLocalizableMessageType);
-//			SingleLocalizableMessageType singelLocalizableMessage = (SingleLocalizableMessageType) localizableMessage;
-//			assertNotNull("Expected localized message for single localizable message, but no one present", singelLocalizableMessage.getFallbackMessage());
-//			assertNotNull("Expected key in single localizable message, but no one present", singelLocalizableMessage.getKey());
-//			
-//		}
-//
-
 		display("Audit", getDummyAuditService());
 		getDummyAuditService().assertRecords(2);
 		getDummyAuditService().assertLoginLogout(SchemaConstants.CHANNEL_REST_URI);

diff --git a/testing/rest/src/test/resources/repo/xml/policy-validate-password-history-conflict.xml b/testing/rest/src/test/resources/repo/xml/policy-validate-password-history-conflict.xml
@@ -9,7 +9,6 @@
 		<target>
 			<path>credentials/password/value</path>
 		</target>
-<!-- 		<valuePolicyRef oid="81818181-76e0-0000-8888-3d4f02d3fffb" type="c:ValuePolicyType"/> -->
 		<value>iamyouruncle</value>
 	</policyItemDefinition>
 

diff --git a/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestMapleLeaf.java b/testing/story/src/test/java/com/evolveum/midpoint/testing/story/TestMapleLeaf.java
@@ -17,8 +17,11 @@
 
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertFalse;
+import static org.testng.Assert.assertNotEquals;
+import static org.testng.Assert.assertNull;
 import static org.testng.Assert.assertTrue;
 import static org.testng.AssertJUnit.assertNotNull;
+import static org.testng.AssertJUnit.assertNull;
 
 import java.io.File;
 import java.util.Collection;
@@ -30,21 +33,28 @@
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.annotation.DirtiesContext.ClassMode;
 import org.springframework.test.context.ContextConfiguration;
+import org.testng.AssertJUnit;
 import org.testng.annotations.AfterClass;
 import org.testng.annotations.Test;
 
+import com.evolveum.midpoint.prism.PrismConstants;
 import com.evolveum.midpoint.prism.PrismObject;
+import com.evolveum.midpoint.prism.PrismProperty;
 import com.evolveum.midpoint.prism.PrismReference;
 import com.evolveum.midpoint.prism.delta.ObjectDelta;
 import com.evolveum.midpoint.prism.path.ItemPath;
+import com.evolveum.midpoint.schema.constants.ObjectTypes;
 import com.evolveum.midpoint.schema.constants.SchemaConstants;
 import com.evolveum.midpoint.schema.processor.ResourceAttribute;
 import com.evolveum.midpoint.schema.processor.ResourceAttributeContainer;
 import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.schema.util.ObjectTypeUtil;
 import com.evolveum.midpoint.schema.util.ShadowUtil;
 import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.test.util.MidPointTestConstants;
 import com.evolveum.midpoint.xml.ns._public.common.api_types_3.ExecuteCredentialResetRequestType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationStatusType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
@@ -62,6 +72,8 @@ public class TestMapleLeaf extends AbstractStoryTest {
 
 	public static final File TEST_DIR = new File(MidPointTestConstants.TEST_RESOURCES_DIR, "mapleLeaf");
 
+	public static final String NS_EXT = "http://midpoint.evolveum.com/xml/ns/story/mapleLeaf/ext";
+
 	private static final File SYSTEM_CONFIGURATION_FILE = new File(TEST_DIR, "system-configuration.xml");
 
 	private static final File SECURITY_POLICY_FILE = new File(TEST_DIR, "security-policy.xml");
@@ -84,11 +96,15 @@ public class TestMapleLeaf extends AbstractStoryTest {
 	private static final File ROLE_MAPLE_LEAF_GRADUATE = new File(TEST_DIR, "role-maple-leaf-graduate.xml");
 	private static final String ROLE_MAPLE_LEAF_GRADUATE_OID = "00000000-role-0000-0000-000011113333";
 
+	private static final File OBJECT_TEMPLATE_USER = new File(TEST_DIR, "object-template-user.xml");
+	private static final String OBJECT_TEMPLATE_USER_OID = "10000000-0000-0000-0000-000000000222";
+
 	private static final String LDIF_GROUPS =  TEST_DIR + "/mapleLeafGroups.ldif";
 
 	private static final String NS_RESOURCE = "http://midpoint.evolveum.com/xml/ns/public/resource/instance-3";
 
-
+	protected static final ItemPath ACTIVATION_EFFECTIVE_STATUS_PATH = new ItemPath(UserType.F_ACTIVATION,
+			ActivationType.F_EFFECTIVE_STATUS);	
 
 	protected ResourceType resourceOpenDjType;
 	protected PrismObject<ResourceType> resourceOpenDj;
@@ -126,6 +142,7 @@ public void initSystem(Task initTask, OperationResult initResult) throws Excepti
 		importObjectFromFile(ROLE_META_MONKEY_DONKEY);
 		importObjectFromFile(ROLE_SQUIRREL_FILE);
 		importObjectFromFile(SECURITY_POLICY_FILE);
+		importObjectFromFile(OBJECT_TEMPLATE_USER);
 
 	}
 
@@ -372,6 +389,13 @@ public void test100changePasswordForceChange() throws Exception {
 		executeChanges(userDelta, null, task, result);
 
 		openDJController.assertPassword("uid=jack,ou=People,dc=example,dc=com", "oldValue");
+		PrismObject<UserType> userJackBefore = getUser(USER_JACK_OID);
+		String accountOid = assertAccount(userJackBefore, RESOURCE_OPENDJ_OID);
+		PrismObject<ShadowType> shadowBefore = getShadowModel(accountOid);
+		display("Shadow before: ", shadowBefore.asObjectable());
+		PrismProperty<String> carLicenseBefore = shadowBefore.findProperty(new ItemPath(ShadowType.F_ATTRIBUTES, new QName(NS_RESOURCE, "carLicense")));
+		assertNotNull("Unexpected car license: " + carLicenseBefore, carLicenseBefore);
+		AssertJUnit.assertNotNull("Unexpected value in car license: " + carLicenseBefore.getRealValue(), carLicenseBefore.getRealValue());
 
 		//when
 		displayWhen(TEST_NAME);
@@ -398,6 +422,12 @@ public void test100changePasswordForceChange() throws Exception {
 		assertTrue(BooleanUtils.isTrue(password.isForceChange()), "Expected force change set to true, but was: " + BooleanUtils.isTrue(password.isForceChange()));
 
 		openDJController.assertPassword("uid=jack,ou=People,dc=example,dc=com", "oldValue");
+		PrismObject<ShadowType> shadowAfter = getShadowModel(accountOid);
+		display("Shadow after: ", shadowAfter.asObjectable());
+		PrismProperty<String> carLicenseAfter = shadowAfter.findProperty(new ItemPath(ShadowType.F_ATTRIBUTES, new QName(NS_RESOURCE, "carLicense")));
+		assertNotNull("Unexpected car license: " + carLicenseAfter, carLicenseAfter);
+		AssertJUnit.assertNotNull("Unexpected value in car license: " + carLicenseAfter.getRealValue(), carLicenseAfter.getRealValue());
+		assertNotEquals(carLicenseBefore.getRealValue(), carLicenseAfter.getRealValue(), "Unexpected values. Before: " + carLicenseBefore.getRealValue() + ", after: " + carLicenseAfter.getRealValue());
 	}
 
 	@Test
@@ -434,4 +464,54 @@ public void test101resetPassword() throws Exception {
 
 		openDJController.assertPassword("uid=jack,ou=People,dc=example,dc=com", "oldValue");
 	}
+
+	@Test
+	public void test200setArchivedAdministrativeStatus() throws Exception {
+		final String TEST_NAME = "test200setArchivedAdministrativeStatus";
+		displayTestTitle(TEST_NAME);
+
+		Task task = taskManager.createTaskInstance(TEST_NAME);
+		OperationResult result = task.getResult();
+
+		modifyUserReplace(USER_JACK_OID, ACTIVATION_ADMINISTRATIVE_STATUS_PATH, null, task, result, ActivationStatusType.ARCHIVED);
+
+		PrismObject<UserType> user = getUser(USER_JACK_OID);
+		PrismProperty<ActivationStatusType> administrativeStatus = user.findProperty(ACTIVATION_ADMINISTRATIVE_STATUS_PATH);
+		assertNotNull("No administrative status property present.", administrativeStatus);
+		assertEquals(administrativeStatus.getRealValue(), ActivationStatusType.ARCHIVED, "Unexpected administrative status");
+		PrismProperty<ActivationStatusType> effectiveStatus = user.findProperty(ACTIVATION_EFFECTIVE_STATUS_PATH);
+		assertNotNull("No effective status property present.", effectiveStatus);
+		assertEquals(effectiveStatus.getRealValue(), ActivationStatusType.ARCHIVED, "Unexpected effective status");
+
+	}
+
+	@Test
+	public void test201setUndefinedAdministrativeStatus() throws Exception {
+		final String TEST_NAME = "test201setUndefinedAdministrativeStatus";
+		displayTestTitle(TEST_NAME);
+
+		Task task = taskManager.createTaskInstance(TEST_NAME);
+		OperationResult result = task.getResult();
+
+		//WHEN
+		PrismObject<UserType> userBefore = getUser(USER_JACK_OID);
+		String accountOid = assertAccount(userBefore, RESOURCE_OPENDJ_OID);
+		recomputeUser(USER_JACK_OID, task, result);
+
+		ObjectDelta<UserType> unlinkDelta = createModifyUserUnlinkAccount(USER_JACK_OID, resourceOpenDj);
+		executeChanges(unlinkDelta, null, task, result);
+		assertNotLinked(USER_JACK_OID, accountOid);
+
+		//THEN
+		displayThen(TEST_NAME);
+		modelService.importFromResource(accountOid, task, result);
+
+		PrismObject<UserType> userAfter = getUser(USER_JACK_OID);
+		PrismProperty<ActivationStatusType> administrativeStatus = userAfter.findProperty(ACTIVATION_ADMINISTRATIVE_STATUS_PATH);
+		assertNull("Administrative status still set.", administrativeStatus);
+		PrismProperty<ActivationStatusType> effectiveStatus = userAfter.findProperty(ACTIVATION_EFFECTIVE_STATUS_PATH);
+		assertNotNull("No effective status property present.", effectiveStatus);
+		assertEquals(effectiveStatus.getRealValue(), ActivationStatusType.ENABLED, "Unexpected effective status");
+
+	}
 }