same for security questions as for mailNonce module. cannot live on i…

…t own. There need to be focusIdentification module before security questions module, so we have a knowledge about the user.

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageSecurityQuestions.html

@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!--
-  ~ Copyright (c) 2010-2013 Evolveum
+  ~ Copyright (c) 2010-2023 Evolveum
   ~
   ~ This work is dual-licensed under the Apache License 2.0
   ~ and European Union Public License. See LICENSE file for details.
@@ -12,29 +12,6 @@
 <body>
 <wicket:extend>
     <form class="form-horizontal" action="ignore" wicket:id="form">
-<!--        <wicket:enclosure child="username">-->
-<!--            <label class="control-label">-->
-<!--                <wicket:message key="PageLogin.username"/>-->
-<!--            </label>-->
-
-<!--&lt;!&ndash;            <input name="username" type="text" class="form-control form-control-sm focus-username login-panel-control"&ndash;&gt;-->
-<!--&lt;!&ndash;                        wicket:message="placeholder:PageLogin.username" wicket:id="username">&ndash;&gt;-->
-
-<!--&lt;!&ndash;            <div wicket:id="dynamicLayout">&ndash;&gt;-->
-<!--&lt;!&ndash;                <div wicket:id="dynamicForm"/>&ndash;&gt;-->
-<!--&lt;!&ndash;            </div>&ndash;&gt;-->
-
-<!--&lt;!&ndash;            <div wicket:id="firstLevelButtons">&ndash;&gt;-->
-<!--&lt;!&ndash;                <a class="btn btn-primary login-panel-control mt-2" wicket:id="showQuestions">&ndash;&gt;-->
-<!--&lt;!&ndash;                    <wicket:message key="PageSecurityQuestions.showQuestions"/>&ndash;&gt;-->
-<!--&lt;!&ndash;                </a>&ndash;&gt;-->
-<!--&lt;!&ndash;&lt;!&ndash;                <a class="text-center login-panel-control mt-2" style="display: inline-block;"  wicket:id="back1">&ndash;&gt;&ndash;&gt;-->
-<!--&lt;!&ndash;&lt;!&ndash;                    <i class="fas fa-arrow-left mr-2"></i>&ndash;&gt;&ndash;&gt;-->
-<!--&lt;!&ndash;&lt;!&ndash;                    <wicket:message key="PageEmailNonce.backButtonLabel"/>&ndash;&gt;&ndash;&gt;-->
-<!--&lt;!&ndash;&lt;!&ndash;                </a>&ndash;&gt;&ndash;&gt;-->
-<!--&lt;!&ndash;            </div>&ndash;&gt;-->
-<!--        </wicket:enclosure>-->
-
         <div wicket:id="csrfField"/>
         <input type="hidden" wicket:id="answer"/>
         <input type="hidden" wicket:id="user"/>

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/impl/page/login/module/PageSecurityQuestions.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2019 Evolveum and contributors
+ * Copyright (c) 2010-2023 Evolveum and contributors
  *
  * This work is dual-licensed under the Apache License 2.0
  * and European Union Public License. See LICENSE file for details.
@@ -24,7 +24,6 @@
 import org.apache.wicket.markup.html.list.ListItem;
 import org.apache.wicket.markup.html.list.ListView;
 import org.apache.wicket.model.IModel;
-import org.apache.wicket.model.LoadableDetachableModel;
 import org.apache.wicket.model.Model;
 import org.apache.wicket.model.PropertyModel;
 import org.springframework.security.authentication.BadCredentialsException;
@@ -33,18 +32,14 @@
 import com.evolveum.midpoint.authentication.api.authorization.Url;
 import com.evolveum.midpoint.authentication.api.config.CredentialModuleAuthentication;
 import com.evolveum.midpoint.authentication.api.util.AuthConstants;
-import com.evolveum.midpoint.authentication.api.util.AuthUtil;
 import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants;
 import com.evolveum.midpoint.gui.api.model.LoadableModel;
 import com.evolveum.midpoint.gui.api.page.PageBase;
-import com.evolveum.midpoint.security.api.MidPointPrincipal;
+import com.evolveum.midpoint.security.api.SecurityUtil;
 import com.evolveum.midpoint.util.logging.Trace;
 import com.evolveum.midpoint.util.logging.TraceManager;
-import com.evolveum.midpoint.web.component.AjaxButton;
 import com.evolveum.midpoint.web.component.form.MidpointForm;
 import com.evolveum.midpoint.web.component.util.VisibleBehaviour;
-import com.evolveum.midpoint.web.page.admin.configuration.component.EmptyOnBlurAjaxFormUpdatingBehaviour;
-import com.evolveum.midpoint.web.page.error.PageError;
 import com.evolveum.midpoint.web.security.util.SecurityQuestionDto;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
@@ -59,36 +54,22 @@ public class PageSecurityQuestions extends PageAbstractAuthenticationModule<Cred
 
     private static final Trace LOGGER = TraceManager.getTrace(PageSecurityQuestions.class);
 
-    private static final String ID_USERNAME = "username";
     private static final String ID_USER = "user";
     private static final String ID_ANSWER_FIELD = "answer";
-    private static final String ID_MAIN_FORM = "mainForm";
     private static final String ID_INSIDE_FORM = "insideForm";
-    private static final String ID_FIRST_LEVEL_BUTTONS = "firstLevelButtons";
-    private static final String ID_SHOW_QUESTIONS_BUTTON = "showQuestions";
     private static final String ID_QUESTIONS = "questions";
     private static final String ID_QUESTION_TEXT = "questionText";
     private static final String ID_QUESTION_ANSWER = "questionAnswer";
 
     private IModel<String> answerModel;
     private LoadableModel<List<SecurityQuestionDto>> questionsModel;
-//    private LoadableDetachableModel<UserType> userModel;
-
 
     public PageSecurityQuestions() {
         initModels();
     }
 
-//    @Override
     protected void initModels() {
         answerModel = Model.of();
-//        userModel = new LoadableDetachableModel<>() {
-//            @Override
-//            protected UserType load() {
-//                MidPointPrincipal principal = AuthUtil.getPrincipalUser();
-//                return principal != null ? (UserType) principal.getFocus() : PageSecurityQuestions.this.searchUser();
-//            }
-//        };
         questionsModel = new LoadableModel<>(false) {
             @Override
             protected List<SecurityQuestionDto> load() {
@@ -103,24 +84,10 @@ protected List<SecurityQuestionDto> load() {
         };
     }
 
-//    @Override
-//    protected UserType searchUser() {
-//        if (StringUtils.isEmpty(getUsernameFieldValue())) {
-//            return null;
-//        }
-//        return super.searchUser();
-//    }
-
     @Override
     protected void initModuleLayout(MidpointForm form) {
-//        initStaticLayout(form);
-
-//        initButtons(form);
-
         initQuestionsSection(form);
-
         initSendingInformation(form);
-
     }
 
 
@@ -129,6 +96,7 @@ private void initSendingInformation(MidpointForm<?> form) {
         answer.setOutputMarkupId(true);
         form.add(answer);
 
+        //TODO do we need this? user was identifier before, so we already know
         HiddenField<String> username = new HiddenField<>(ID_USER, new Model<> ());
         username.setOutputMarkupId(true);
         form.add(username);
@@ -182,47 +150,11 @@ private String generateAnswer() {
         return answers.toString();
     }
 
-    private void initButtons(MidpointForm<?> form) {
-        WebMarkupContainer firstLevelButtonContainer = new WebMarkupContainer(ID_FIRST_LEVEL_BUTTONS);
-        firstLevelButtonContainer.setOutputMarkupId(true);
-        form.add(firstLevelButtonContainer);
-
-        AjaxButton showQuestion = new AjaxButton(ID_SHOW_QUESTIONS_BUTTON) {
-
-            @Serial private static final long serialVersionUID = 1L;
-
-            @Override
-            public void onClick(AjaxRequestTarget target) {
-                showQuestions(target);
-            }
-        };
-        firstLevelButtonContainer.add(showQuestion);
-    }
-
-    private void initStaticLayout(MidpointForm<?> form) {
-        RequiredTextField<String> visibleUsername = new RequiredTextField<>(ID_USERNAME, Model.of());
-        visibleUsername.setOutputMarkupId(true);
-        visibleUsername.add(new EmptyOnBlurAjaxFormUpdatingBehaviour());
-        form.add(visibleUsername);
-    }
-
-    private void showQuestions(AjaxRequestTarget target) {
-//        userModel.detach();
-//        UserType user = userModel.getObject();
-        UserType user = searchUser();
-        if (user == null) {
-            getSession().error(getString("pageForgetPassword.message.user.not.found"));
-            throw new RestartResponseException(PageSecurityQuestions.class);
-        }
-        LOGGER.trace("Reset Password user: {}", user);
-        getHiddenUsername().getModel().setObject(user.getName().getOrig());
-        target.add(getForm());
-    }
-
     private List<SecurityQuestionDto> createUsersSecurityQuestionsList() throws BadCredentialsException {
-        UserType user = searchUser();//userModel.getObject();
+        UserType user = searchUser();
 
         if (user == null) {
+            //TODO probably we should throw an exception
             return new ArrayList<>();
         }
 
@@ -239,22 +171,8 @@ private List<SecurityQuestionDto> createUsersSecurityQuestionsList() throws BadC
         List<SecurityQuestionAnswerType> secQuestAnsList = credentialsPolicyType.getQuestionAnswer();
 
         SecurityPolicyType securityPolicy = resolveSecurityPolicy(user.asPrismObject());
-        LOGGER.trace("Found security policy: {}", securityPolicy);
-
-        if (securityPolicy == null) {
-            LOGGER.error("No security policy, cannot process security questions");
-            // Just log the error, but do not display it. We are still in unprivileged part of the web
-            // we do not want to provide any information to the attacker.
-            throw new RestartResponseException(PageError.class);
-        }
-        if (securityPolicy.getCredentials() == null) {
-            LOGGER.error("No credential for security policy, cannot process security questions");
-            // Just log the error, but do not display it. We are still in unprivileged part of the web
-            // we do not want to provide any information to the attacker.
-            throw new RestartResponseException(PageError.class);
-        }
-
-        SecurityQuestionsCredentialsPolicyType secQuestionsPolicy = securityPolicy.getCredentials().getSecurityQuestions();
+        SecurityQuestionsCredentialsPolicyType secQuestionsPolicy = SecurityUtil.getEffectiveSecurityQuestionsCredentialsPolicy(securityPolicy);
+        LOGGER.trace("Found security questions policy: {}", secQuestionsPolicy);
 
         List<SecurityQuestionDefinitionType> questionList = secQuestionsPolicy != null ? secQuestionsPolicy.getQuestion() : new ArrayList<>();
 
@@ -287,27 +205,11 @@ public PageBase getPageBase() {
         return (PageBase) getPage();
     }
 
-    private String getUsernameFieldValue() {
-        RequiredTextField<String> usernameTextFiled = getVisibleUsername();
-        return usernameTextFiled != null ? usernameTextFiled.getModelObject() : null;
-    }
-
-//    private MidpointForm<?> getMainForm() {
-//        return (MidpointForm) get(ID_MAIN_FORM);
-//    }
-
-    private HiddenField<String> getHiddenUsername(){
-        return (HiddenField) getForm().get(ID_USER);
-    }
 
     private HiddenField<String> getHiddenAnswer(){
         return (HiddenField) getForm().get(ID_ANSWER_FIELD);
     }
 
-    private RequiredTextField getVisibleUsername(){
-        return (RequiredTextField) getForm().get(ID_USERNAME);
-    }
-
     @Override
     protected IModel<String> getLoginPanelTitleModel() {
         return createStringResource("PageSecurityQuestions.questions");