Merge branch 'master' of https://github.com/Evolveum/midpoint

Conflicts:
	gui/admin-gui/src/main/resources/localization/Midpoint.properties

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/captcha/CaptchaPanel.html

@@ -0,0 +1,35 @@
+<!--
+  ~ Copyright (c) 2010-2016 Evolveum
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<!DOCTYPE html>
+<html xmlns:wicket="http://wicket.apache.org">
+<body>
+
+    <wicket:panel>
+            <p>
+                <img wicket:id="image" />
+                <a wicket:id="changeLink">change</a>
+            </p>
+            <p>
+                Please replicate the text you see above
+                <br />
+                <input wicket:id="text" type="text" size="40" />	
+            </p>
+
+            <div wicket:id="feedback"></div>
+    </wicket:panel>
+
+</body>
+</html>

gui/admin-gui/src/main/java/com/evolveum/midpoint/gui/api/component/captcha/CaptchaPanel.java

@@ -0,0 +1,112 @@
+package com.evolveum.midpoint.gui.api.component.captcha;
+
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.ajax.markup.html.AjaxLink;
+import org.apache.wicket.extensions.markup.html.captcha.CaptchaImageResource;
+import org.apache.wicket.feedback.ContainerFeedbackMessageFilter;
+import org.apache.wicket.markup.ComponentTag;
+import org.apache.wicket.markup.html.form.RequiredTextField;
+import org.apache.wicket.markup.html.image.Image;
+import org.apache.wicket.markup.html.panel.FeedbackPanel;
+import org.apache.wicket.model.PropertyModel;
+
+import com.evolveum.midpoint.gui.api.component.BasePanel;
+
+public class CaptchaPanel extends BasePanel<Void> {
+
+	private static final long serialVersionUID = 1L;
+
+	/**
+	 * The generated random text;
+	 */
+	protected String randomText;
+
+	/**
+	 * The text provided by the user
+	 */
+	private String captchaText;
+
+	private final CaptchaImageResource captchaImageResource;
+
+	/**
+	 * Constructor.
+	 *
+	 * @param id
+	 *            The component id
+	 */
+	public CaptchaPanel(String id) {
+		super(id);
+
+		FeedbackPanel feedback = new FeedbackPanel("feedback",
+				new ContainerFeedbackMessageFilter(CaptchaPanel.this));
+		add(feedback);
+
+		captchaImageResource = createCaptchImageResource();
+		final Image captchaImage = new Image("image", captchaImageResource);
+		captchaImage.setOutputMarkupId(true);
+		add(captchaImage);
+
+		AjaxLink<Void> changeCaptchaLink = new AjaxLink<Void>("changeLink") {
+					private static final long serialVersionUID = 1L;
+
+			@Override
+			public void onClick(AjaxRequestTarget target) {
+				captchaImageResource.invalidate();
+				target.add(captchaImage);
+			}
+		};
+		add(changeCaptchaLink);
+
+		add(new RequiredTextField<String>("text",
+				new PropertyModel<String>(CaptchaPanel.this, "captchaText"), String.class) {
+								private static final long serialVersionUID = 1L;
+
+			@Override
+			protected final void onComponentTag(final ComponentTag tag) {
+				super.onComponentTag(tag);
+				// clear the field after each render
+				tag.put("value", "");
+			}
+		});
+	}
+
+	protected CaptchaImageResource createCaptchImageResource() {
+		return new CaptchaImageResource() {
+			private static final long serialVersionUID = 1L;
+
+			@Override
+			protected byte[] render() {
+				randomText = randomString(6, 8);
+				getChallengeIdModel().setObject(randomText);
+				return super.render();
+			}
+		};
+	}
+
+	public void invalidateCaptcha() {
+		captchaImageResource.invalidate();
+	}
+
+	static int randomInt(int min, int max)
+    {
+        return (int)(Math.random() * (max - min) + min);
+    }
+
+    static String randomString(int min, int max)
+    {
+        int num = randomInt(min, max);
+        byte b[] = new byte[num];
+        for (int i = 0; i < num; i++)
+            b[i] = (byte)randomInt('a', 'z');
+        return new String(b);
+    }
+
+    public String getCaptchaText() {
+		return captchaText;
+	}
+
+    public String getRandomText() {
+		return randomText;
+	}
+
+}

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageLogin.html

@@ -50,6 +50,9 @@
                         <input type="submit" class="btn btn-primary pull-right" wicket:message="value:PageLogin.signIn"/>
                     </form>
 
+					<a class="btn btn-default" wicket:id="selfRegistration">
+						<wicket:message key="PageLogin.selfRegistration"/>
+					</a>
                     <wicket:link>
                         <a href="forgetpassword" wicket:id="forgetpassword">
                             <wicket:message key="PageLogin.forgetPassword"/>

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageLogin.java

@@ -18,6 +18,7 @@
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
 import com.evolveum.midpoint.schema.result.OperationResult;
+import com.evolveum.midpoint.task.api.Task;
 import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
 import com.evolveum.midpoint.util.exception.SchemaException;
 import com.evolveum.midpoint.util.logging.Trace;
@@ -28,6 +29,10 @@
 import com.evolveum.midpoint.web.security.MidPointApplication;
 import com.evolveum.midpoint.web.security.SecurityUtils;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.RegistrationsPolicyType;
+
+import org.apache.wicket.ajax.AjaxRequestTarget;
+import org.apache.wicket.ajax.markup.html.AjaxLink;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
 import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
 import org.apache.wicket.request.cycle.RequestCycle;
@@ -46,10 +51,12 @@ public class PageLogin extends PageBase {
 	private static final Trace LOGGER = TraceManager.getTrace(PageLogin.class);
 
     private static final String ID_FORGET_PASSWORD = "forgetpassword";
+    private static final String ID_SELF_REGISTRATION = "selfRegistration";
 
     private static final String DOT_CLASS = PageLogin.class.getName() + ".";
     protected static final String OPERATION_LOAD_RESET_PASSWORD_POLICY = DOT_CLASS + "loadPasswordResetPolicy";
-
+    private static final String OPERATION_LOAD_REGISTRATION_POLICY = DOT_CLASS + "loadRegistrationPolicy";
+
     public PageLogin() {
         if (SecurityUtils.getPrincipalUser() != null) {
             MidPointApplication app = getMidpointApplication();
@@ -82,6 +89,39 @@ public boolean isVisible() {
             }
         });
         add(link);
+
+        AjaxLink<String> registration = new AjaxLink<String>(ID_SELF_REGISTRATION) {
+
+        	@Override
+        	public void onClick(AjaxRequestTarget target) {
+        		setResponsePage(PageSelfRegistration.class);
+        	}
+        };
+        registration.add(new VisibleEnableBehaviour() {
+        	private static final long serialVersionUID = 1L;
+
+            @Override
+            public boolean isVisible() {
+                OperationResult parentResult = new OperationResult(OPERATION_LOAD_REGISTRATION_POLICY);
+
+                RegistrationsPolicyType registrationPolicies = null;
+                try {
+                	Task task = createAnonymousTask(OPERATION_LOAD_REGISTRATION_POLICY);
+                	registrationPolicies = getModelInteractionService().getRegistrationPolicy(null, task, parentResult);
+                } catch (ObjectNotFoundException | SchemaException e) {
+                    LOGGER.warn("Cannot read credentials policy: " + e.getMessage(), e);
+                }
+
+                boolean linkIsVisible = false;
+                if (registrationPolicies != null
+                        && registrationPolicies.getSelfRegistration() != null) {
+                    linkIsVisible = true;
+                }
+
+                return linkIsVisible;
+            }
+        });
+        add(registration);
     }
 
     @Override

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageRegistrationConfirmation.java

@@ -35,6 +35,7 @@
 import com.evolveum.midpoint.xml.ns._public.common.common_3.AssignmentType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
 import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
 
 //CONFIRMATION_LINK = "http://localhost:8080/midpoint/confirm/registration/";
@@ -48,7 +49,8 @@ public class PageRegistrationConfirmation extends PageRegistrationBase {
 	private static final String ID_LINK_LOGIN = "linkToLogin";
 	private static final String ID_SUCCESS_PANEL = "successPanel";
 	private static final String ID_ERROR_PANEL = "errorPanel";
-
+
+	private static final String OPERATION_ASSIGN_DEFAULT_ROLES = DOT_CLASS + ".assignDefaultRoles";
 	private static final String OPERATION_FINISH_REGISTRATION = DOT_CLASS + "finishRegistration";
 
 	private static final long serialVersionUID = 1L;
@@ -84,6 +86,12 @@ private void init(final PageParameters pageParameters) {
 		}
 
 		final MidPointPrincipal principal = (MidPointPrincipal) token.getPrincipal();
+		result = assignDefaultRoles(principal.getOid());
+		if (result.getStatus() == OperationResultStatus.FATAL_ERROR) {
+			initLayout(result);
+			return;
+		}
+
 		final NonceType nonceClone = principal.getUser().getCredentials().getNonce().clone();
 
 		result = removeNonce(principal.getOid(), nonceClone);
@@ -106,6 +114,37 @@ private UsernamePasswordAuthenticationToken authenticateUser(String username, St
 		}
 	}
 
+	private OperationResult assignDefaultRoles(final String userOid){
+		List<ContainerDelta<AssignmentType>> assignments = new ArrayList<>();
+		for (ObjectReferenceType defaultRole : getSelfRegistrationConfiguration().getDefaultRoles()) {
+			AssignmentType assignment = new AssignmentType();
+			assignment.setTargetRef(defaultRole);
+			try {
+				getPrismContext().adopt(assignment);
+				assignments.add(ContainerDelta.createModificationAdd(UserType.F_ASSIGNMENT, UserType.class, getPrismContext(), assignment));
+			} catch (SchemaException e) {
+				//nothing to do
+			}
+		}
+
+		final ObjectDelta<UserType> delta = ObjectDelta.createModifyDelta(userOid, assignments, UserType.class, getPrismContext());
+
+		return runPrivileged(new Producer<OperationResult>() {
+
+			@Override
+			public OperationResult run() {
+				OperationResult result = new OperationResult(OPERATION_ASSIGN_DEFAULT_ROLES);
+				Task task = createAnonymousTask(OPERATION_ASSIGN_DEFAULT_ROLES);
+				WebModelServiceUtils.save(delta, result, task, PageRegistrationConfirmation.this);
+				result.computeStatusIfUnknown();
+
+				return result;
+			}
+		});
+
+
+	}
+
 	private OperationResult removeNonce(final String userOid, final NonceType nonce){
 		return runPrivileged(new Producer<OperationResult>() {
 
@@ -117,6 +156,7 @@ public OperationResult run() {
 				ObjectDelta<UserType> userAssignmentsDelta;
 				try {
 					userAssignmentsDelta = ObjectDelta.createModificationDeleteContainer(UserType.class, userOid, new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_NONCE),  getPrismContext(), nonce);
+					userAssignmentsDelta.addModificationReplaceProperty(UserType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_ACTIVE);
 				} catch (SchemaException e) {
 					result.recordFatalError("Could not create delta");
 					return result;
@@ -131,7 +171,7 @@ public OperationResult run() {
 	private void assignAdditionalRoleIfPresent(String userOid, UsernamePasswordAuthenticationToken token, NonceType nonceType, OperationResult result){
 		SecurityContextHolder.getContext().setAuthentication(token);
 		List<ItemDelta> userDeltas = new ArrayList<>();
-		if (nonceType.getResetType() != null) {
+		if (nonceType.getName() != null) {
 
 			Task task = createSimpleTask(OPERATION_FINISH_REGISTRATION);
 
@@ -140,7 +180,7 @@ private void assignAdditionalRoleIfPresent(String userOid, UsernamePasswordAuthe
 			try {
 				AssignmentType assignment = new AssignmentType();
 				assignment.setTargetRef(
-						ObjectTypeUtil.createObjectRef(nonceType.getResetType(), ObjectTypes.ABSTRACT_ROLE));
+						ObjectTypeUtil.createObjectRef(nonceType.getName(), ObjectTypes.ABSTRACT_ROLE));
 				getPrismContext().adopt(assignment);
 				userDeltas.add((ItemDelta) ContainerDelta.createModificationAdd(UserType.F_ASSIGNMENT,
 						UserType.class, getPrismContext(), assignment));

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/login/PageSelfRegistration.html

@@ -86,30 +86,22 @@
 		                            </div>
     			  				</td>
     			  			</tr>
-    			  			<tr>
-    			  				<td>
-    			  					<p>
-                						<img wicket:id="image" />
-                					</p>
-                					<p>
-                						<input wicket:id="text" type="text" size="40" />
-                					</p>
-
-    			  				</td>
-    			  				<td>
-    			  					<a wicket:id="changeLink"><wicket:message key="PageSelfRegistration.reload"/></a>
-    			  				</td>
-    			  			</tr>
+
     			  		</table>
 
+    			        <div wicket:id="captcha" />
+
 						<div class="btn btn-primary">
                         	<a wicket:id="submitRegistration">
                         		 <label class="col-md-4 col-lg-4 control-label">
 		                             <wicket:message key="PageSelfRegistration.register"/>
 		                         </label>
                         	</a>
                         </div>
+                        <div wicket:id="feedback" />
                     </form>
+
+
 
 	<div style="text-align: center">
 		<h2 wicket:id="registrationInfo"></h2>