MID-9424: adding configuration property for show/hide password hint

Evolveum · Jan 25, 2024 · d24d507 · d24d507
1 parent b1716c4
commit d24d507
Show file tree

Hide file tree

Showing 6 changed files with 113 additions and 13 deletions.
diff --git a/docs/admin-gui/self-service/index.adoc b/docs/admin-gui/self-service/index.adoc
@@ -228,22 +228,40 @@ Old password field and Password propagation section can be configured (can be hi
 <password>
     <propagationUserControl>mapping</propagationUserControl>
     <passwordChangeSecurity>oldPassword</passwordChangeSecurity>
+    <passwordHintConfigurability>alwaysConfigure</passwordHintConfigurability>
 </password>
 ----
 
 [%autowidth]
 |===
 | Attribute | Description | Possible values
 
-| propagationUserControl
+| *propagationUserControl*
 | Constraints that define how propagation of the credentials can be controlled by the +
 user. E.g. if user can choose where the password change will be propagated.
-| _mapping_ (Credentials propagation will be determined by the mappings. User cannot choose where the credentials will be propagated.The credentials propagation dialog will not be shown.)_userChoice_ (The user can choose where the credentials will be propagated.The propagation dialog will be shown.)onlyMapping(Credentials propagation will be determined by the mappings. User cannot choose where the credentials will be propagated. But the propagation dialog will be shown.)identityManagerMandatory(Identity Manager Repository will be propagated always. The user can choose where the other credentials will be propagated. The propagation dialog will be shown.)
+| _**mapping**_ (Credentials propagation will be determined by the mappings. User cannot choose where the credentials will be propagated.The credentials propagation dialog will not be shown.)
 
+_**userChoice**_ (The user can choose where the credentials will be propagated.The propagation dialog will be shown.)
+
+_**onlyMapping**_(Credentials propagation will be determined by the mappings. User cannot choose where the credentials will be propagated. But the propagation dialog will be shown.)
+
+_**identityManagerMandatory**_(Identity Manager Repository will be propagated always. The user can choose where the other credentials will be propagated. The propagation dialog will be shown.)
 
 | passwordChangeSecurity
-| Additional security applied when changing a password.This applies when user is changing his own password. It does NOT applywhen administrator changes password of other user.
-| _none_ (No additional security. Password can be changed by supplying new value.)_oldPassword_ (User must supply old password to change the password.)
+| Additional security applied when changing a password.This applies when user is changing his own password. It does NOT apply when administrator changes password of other user.
+| _**none**_ (No additional security. Password can be changed by supplying new value.)
+
+_**oldPassword**_ (User must supply old password to change the password.)
+
+_**oldPasswordIfExists**_ (User must supply old password, if exists, to change the password.)
+
+| *passwordHintConfigurability*
+| Additional configurability applied when changing or resetting a password.
+This applies when user is changing or resetting his own password. It does NOT apply
+when administrator changes password of other user. Default value is _**alwaysConfigure**_.
+| _**alwaysConfigure**_ (Always configurable password hint, during changing and resetting password.)
+
+_**neverConfigure**_ (Never configurable password hint, during changing and resetting password.)
 
 |===
 
@@ -284,4 +302,4 @@ image::image2017-1-16-1-34-10.png[]
 
 The view also can be switched to All organizations view - to see all available organizatoins, All roles view - to see all available roles and All services view - to see all available services.
 
-Only requestable items should be displayed on the Request a role page. Requestable is a status which is computed according to Requestable field of the assignable item and according to the authorizations of the user (for now, this requestable status is computed only for Role type objects).
+Only requestable items should be displayed on the Request a role page. Requestable is a status which is computed according to Requestable field of the assignable item and according to the authorizations of the user (for now, this requestable status is computed only for Role type objects).
diff --git a/...i/src/main/java/com/evolveum/midpoint/gui/impl/page/forgotpassword/PageResetPassword.java b/...i/src/main/java/com/evolveum/midpoint/gui/impl/page/forgotpassword/PageResetPassword.java
@@ -8,6 +8,8 @@
 
 import java.io.Serial;
 
+import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordHintConfigurabilityType;
+
 import org.apache.wicket.RestartResponseException;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.model.IModel;
@@ -129,6 +131,11 @@ protected boolean isPasswordLimitationPopupVisible() {
             protected String getChangePasswordButtonStyle() {
                 return CHANGE_PASSWORD_BUTTON_STYLE;
             }
+
+            @Override
+            protected boolean isHintPanelVisible() {
+                return getPasswordHintConfigurability() == PasswordHintConfigurabilityType.ALWAYS_CONFIGURE;
+            }
         };
         changePasswordPanel.setOutputMarkupId(true);
         form.add(changePasswordPanel);

diff --git a/...c/main/java/com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel.html b/...c/main/java/com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel.html
@@ -18,20 +18,22 @@
                         <input class="form-control form-control-sm" type="password" autocomplete="new-password" wicket:id="currentPassword" autofocus style="padding-right: 26px;" aria-labelledby="currentPasswordId"/>
                     </div>
                     <div style="position: absolute; right: 8px; top: 8px; z-index: 5;">
-                        <i wicket:message="aria-label:PasswordPanel.showPassword" tabindex="0" class="fa fa-eye showPasswordButton" style="float:right;cursor: pointer; color: #555555;" ></i>
+                        <i wicket:message="aria-label:PasswordPanel.showPassword" tabindex="0" class="fa fa-eye showPasswordButton" style="float:right;cursor: pointer; color: #555555;"></i>
                     </div>
                 </div>
             </wicket:enclosure>
             <label class="col-form-label" wicket:id="passwordLabel"/>
             <div class="">
                 <div class="password-panel" wicket:id="passwordPanel"/>
             </div>
-            <label class="col-form-label">
-                <wicket:message key="PasswordPanel.hintLabel"/>
-            </label>
-            <div class="password-parent" style="height:30px; position: relative;">
-                <div class="password-panel" wicket:id="passwordHintPanel"/>
-            </div>
+            <wicket:enclosure child="passwordHintPanel">
+                <label class="col-form-label">
+                    <wicket:message key="PasswordPanel.hintLabel"/>
+                </label>
+                <div class="password-parent" style="height:30px; position: relative;">
+                    <div class="password-panel" wicket:id="passwordHintPanel"/>
+                </div>
+            </wicket:enclosure>
         </div>
         <wicket:enclosure child="passwordValidationPanel">
             <div class="col" role="alert" tabindex="0">

diff --git a/...c/main/java/com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel.java b/...c/main/java/com/evolveum/midpoint/gui/impl/page/self/credentials/ChangePasswordPanel.java
@@ -54,6 +54,8 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
 
+import org.jetbrains.annotations.NotNull;
+
 public class ChangePasswordPanel<F extends FocusType> extends BasePanel<F> {
 
     private static final long serialVersionUID = 1L;
@@ -188,6 +190,7 @@ protected boolean hideHintValue() {
         };
         hint.setOutputMarkupId(true);
         hint.add(new EnableBehaviour(() -> !savedPassword));
+        hint.add(new VisibleBehaviour(this::isHintPanelVisible));
         add(hint);
 
         AjaxSubmitButton changePasswordButton = new AjaxSubmitButton(ID_CHANGE_PASSWORD) {
@@ -222,6 +225,10 @@ public void onSubmit(AjaxRequestTarget target) {
 
     }
 
+    protected boolean isHintPanelVisible() {
+        return true;
+    }
+
     protected PasswordLimitationsPanel createLimitationPanel(String id, IModel<List<StringLimitationResult>> limitationsModel) {
         return new PasswordLimitationsPanel(id, limitationsModel);
     }
@@ -419,4 +426,16 @@ protected boolean isPasswordLimitationPopupVisible() {
         return false;
     }
 
+    @NotNull
+    protected PasswordHintConfigurabilityType getPasswordHintConfigurability() {
+        CredentialsPolicyType credentialsPolicy = credentialsPolicyModel.getObject();
+
+        if (credentialsPolicy != null
+                && credentialsPolicy.getPassword() != null
+                && credentialsPolicy.getPassword().getPasswordHintConfigurability() != null) {
+            return credentialsPolicy.getPassword().getPasswordHintConfigurability();
+        }
+        return PasswordHintConfigurabilityType.ALWAYS_CONFIGURE;
+    }
+
 }
diff --git a/...ain/java/com/evolveum/midpoint/gui/impl/page/self/credentials/PropagatePasswordPanel.java b/...ain/java/com/evolveum/midpoint/gui/impl/page/self/credentials/PropagatePasswordPanel.java
@@ -62,6 +62,7 @@
 import org.apache.wicket.model.LoadableDetachableModel;
 import org.apache.wicket.model.Model;
 import org.apache.wicket.util.visit.IVisitor;
+import org.jetbrains.annotations.NotNull;
 
 import java.util.*;
 
@@ -631,8 +632,16 @@ protected PasswordLimitationsPanel createLimitationPanel(String id, IModel<List<
         return new PasswordLimitationsPanel(id, limitationsModel) {
             @Override
             protected boolean showInTwoColumns() {
-                return true;
+                if (getModelObject().size() > 5) {
+                    return true;
+                }
+                return super.showInTwoColumns();
             }
         };
     }
+
+    @Override
+    protected boolean isHintPanelVisible() {
+        return getPasswordHintConfigurability() == PasswordHintConfigurabilityType.ALWAYS_CONFIGURE;
+    }
 }
diff --git a/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd b/infra/schema/src/main/resources/xml/ns/public/common/common-security-3.xsd
@@ -3008,6 +3008,18 @@
                             </xsd:documentation>
                         </xsd:annotation>
                     </xsd:element>
+                    <xsd:element name="passwordHintConfigurability" type="c:PasswordHintConfigurabilityType" minOccurs="0" default="alwaysConfigure">
+                        <xsd:annotation>
+                            <xsd:documentation>
+                                Additional configurability applied when changing or resetting a password.
+                                This applies when user is changing or resetting his own password. It does NOT apply
+                                when administrator changes password of other user.
+                            </xsd:documentation>
+                            <xsd:appinfo>
+                                <a:since>4.8.1</a:since>
+                            </xsd:appinfo>
+                        </xsd:annotation>
+                    </xsd:element>
                 </xsd:sequence>
             </xsd:extension>
         </xsd:complexContent>
@@ -3056,6 +3068,39 @@
         </xsd:restriction>
     </xsd:simpleType>
 
+    <xsd:simpleType name="PasswordHintConfigurabilityType">
+        <xsd:annotation>
+            <xsd:documentation>
+                Additional options for configuring the password hint when changing or resetting the password.
+            </xsd:documentation>
+            <xsd:appinfo>
+                <jaxb:typesafeEnumClass/>
+            </xsd:appinfo>
+        </xsd:annotation>
+        <xsd:restriction base="xsd:string">
+            <xsd:enumeration value="alwaysConfigure">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Always configurable password hint, during changing and resetting password.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="ALWAYS_CONFIGURE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+            <xsd:enumeration value="neverConfigure">
+                <xsd:annotation>
+                    <xsd:documentation>
+                        Never configurable password hint, during changing and resetting password.
+                    </xsd:documentation>
+                    <xsd:appinfo>
+                        <jaxb:typesafeEnumMember name="NEVER_CONFIGURE"/>
+                    </xsd:appinfo>
+                </xsd:annotation>
+            </xsd:enumeration>
+        </xsd:restriction>
+    </xsd:simpleType>
+
     <xsd:complexType name="SecurityQuestionsCredentialsPolicyType">
         <xsd:annotation>
             <xsd:documentation>