fix for old reset password and creating schrodinger tests

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPasswordConfirmation.java

@@ -6,16 +6,23 @@
  */
 package com.evolveum.midpoint.web.page.forgetpassword;
 
-import java.util.Collection;
-import java.util.Iterator;
+import java.util.*;
 
-import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+import com.evolveum.midpoint.model.api.authentication.*;
+import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
+import com.evolveum.midpoint.web.security.factory.channel.ResetPasswordChannelFactory;
+import com.evolveum.midpoint.web.security.factory.module.AbstractModuleFactory;
+import com.evolveum.midpoint.web.security.factory.module.LoginFormModuleFactory;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
 import org.apache.commons.lang.Validate;
+import org.apache.wicket.Session;
 import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
+import org.apache.wicket.spring.injection.annot.SpringBean;
 import org.apache.wicket.util.string.StringValue;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -36,7 +43,6 @@
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
 import com.evolveum.midpoint.web.page.login.PageRegistrationBase;
 import com.evolveum.midpoint.web.page.login.PageRegistrationConfirmation;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
 
 @PageDescriptor(urls = {@Url(mountUrl = SchemaConstants.PASSWORD_RESET_CONFIRMATION_PREFIX)}, permitAll = true)
 public class PageResetPasswordConfirmation extends PageRegistrationBase{
@@ -46,6 +52,11 @@ public class PageResetPasswordConfirmation extends PageRegistrationBase{
 
     private static final String DOT_CLASS = PageRegistrationConfirmation.class.getName() + ".";
 
+    @SpringBean(name = "loginFormModuleFactory")
+    private LoginFormModuleFactory moduleFactory;
+
+    @SpringBean(name = "resetPasswordChannelFactory")
+    private ResetPasswordChannelFactory channelFactory;
 
     private static final String ID_LABEL_ERROR = "errorLabel";
     private static final String ID_ERROR_PANEL = "errorPanel";
@@ -116,7 +127,34 @@ private void init(final PageParameters pageParameters) {
             authorizationType.getAction().add(AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL);
             Authorization selfServiceCredentialsAuthz = new Authorization(authorizationType);
             authz.add(selfServiceCredentialsAuthz);
-            SecurityContextHolder.getContext().setAuthentication(token);
+            AuthenticationSequenceType sequence = SecurityPolicyUtil.createPaswordResetSequence();
+            Map<Class<? extends Object>, Object> sharedObjects = new HashMap<>();
+            AuthenticationModulesType modules = new AuthenticationModulesType();
+            AuthenticationModuleLoginFormType loginForm = new AuthenticationModuleLoginFormType();
+            loginForm.name(SecurityPolicyUtil.DEFAULT_MODULE_NAME);
+            modules.loginForm(loginForm);
+            AuthModule authModule = null;
+            AuthenticationChannel channel = null;
+            try {
+                channel = channelFactory.createAuthChannel(sequence.getChannel());
+                authModule = moduleFactory.createModuleFilter(loginForm, sequence.getChannel().getUrlSuffix(), null,
+                        sharedObjects, modules, null, channel);
+            } catch (Exception e) {
+                LOGGER.error("Couldn't build filter for module moduleFactory", e);
+            }
+            MidpointAuthentication mpAuthentication = new MidpointAuthentication(sequence);
+            List<AuthModule> authModules = new ArrayList<AuthModule>();
+            authModules.add(authModule);
+            mpAuthentication.setAuthModules(authModules);
+            mpAuthentication.setSessionId(Session.get().getId());
+            ModuleAuthentication moduleAuthentication = authModule.getBaseModuleAuthentication();
+            moduleAuthentication.setAuthentication(token);
+            moduleAuthentication.setState(StateOfModule.SUCCESSFULLY);
+            mpAuthentication.addAuthentications(moduleAuthentication);
+            mpAuthentication.setPrincipal(principal);
+            mpAuthentication.setAuthorities(token.getAuthorities());
+            mpAuthentication.setAuthenticationChannel(channel);
+            SecurityContextHolder.getContext().setAuthentication(mpAuthentication);
             setResponsePage(PageResetPassword.class);
         }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageShowPassword.java

@@ -16,6 +16,11 @@ public class PageShowPassword extends PageBase {
     public final static String URL = "/resetpasswordsuccess";
 
     public PageShowPassword() {
+    }
+
+    @Override
+    protected void onInitialize() {
+        super.onInitialize();
         add(new Label("pass", getSession().getAttribute("pwdReset")));
         getSession().removeAttribute("pwdReset");
 

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SecurityPolicyUtil.java

@@ -21,6 +21,7 @@ public class SecurityPolicyUtil {
     public static final String DEFAULT_SEQUENCE_NAME = "admin-gui-default";
     public static final String REST_SEQUENCE_NAME = "rest-default";
     public static final String ACTUATOR_SEQUENCE_NAME = "actuator-default";
+    public static final String PASSWORD_RESET_SEQUENCE_NAME = "password-reset-default";
     private static final List<String> IGNORED_LOCAL_PATH;
     static {
         List<String> list = new ArrayList<String>();
@@ -195,6 +196,7 @@ public static AuthenticationsPolicyType createDefaultAuthenticationPolicy() {
         authenticationPolicy.sequence(createDefaultSequence());
         authenticationPolicy.sequence(createRestSequence());
         authenticationPolicy.sequence(createActuatorSequence());
+        authenticationPolicy.sequence(createPaswordResetSequence());
         for (String ignoredPath : IGNORED_LOCAL_PATH) {
             authenticationPolicy.ignoredLocalPath(ignoredPath);
         }
@@ -249,4 +251,20 @@ public static AuthenticationSequenceType createActuatorSequence() {
         return sequence;
     }
 
+    public static AuthenticationSequenceType createPaswordResetSequence() {
+        AuthenticationSequenceType sequence = new AuthenticationSequenceType();
+        sequence.name(PASSWORD_RESET_SEQUENCE_NAME);
+        AuthenticationSequenceChannelType channel = new AuthenticationSequenceChannelType();
+        channel.setDefault(true);
+        channel.channelId(SchemaConstants.CHANNEL_GUI_RESET_PASSWORD_URI);
+        channel.setUrlSuffix("resetPassword");
+        sequence.channel(channel);
+        AuthenticationSequenceModuleType module = new AuthenticationSequenceModuleType();
+        module.name(DEFAULT_MODULE_NAME);
+        module.order(1);
+        module.necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT);
+        sequence.module(module);
+        return sequence;
+    }
+
 }

testing/schrodingertest/src/test/java/com/evolveum/midpoint/testing/schrodinger/page/AbstractLoginPageTest.java

@@ -7,7 +7,11 @@
 package com.evolveum.midpoint.testing.schrodinger.page;
 
 import com.evolveum.midpoint.schrodinger.component.common.FeedbackBox;
+import com.evolveum.midpoint.schrodinger.component.common.PrismForm;
+import com.evolveum.midpoint.schrodinger.component.configuration.InfrastructureTab;
+import com.evolveum.midpoint.schrodinger.component.configuration.NotificationsTab;
 import com.evolveum.midpoint.schrodinger.component.report.AuditRecordTable;
+import com.evolveum.midpoint.schrodinger.page.configuration.SystemPage;
 import com.evolveum.midpoint.schrodinger.page.login.FormLoginPage;
 import com.evolveum.midpoint.schrodinger.page.report.AuditLogViewerPage;
 import com.evolveum.midpoint.testing.schrodinger.AbstractSchrodingerTest;
@@ -17,14 +21,26 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.charset.Charset;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import static com.codeborne.selenide.Selenide.*;
 
 /**
  * @author skublik
  */
 
-public class AbstractLoginPageTest extends AbstractSchrodingerTest {
+public abstract class AbstractLoginPageTest extends AbstractSchrodingerTest {
+
+    protected static final File MAIL_NONCE_VALUE_POLICY = new File("src/test/resources/configuration/objects/valuepolicies/mail-nonce.xml");
+    protected static final File USER_WITHOUT_SUPERUSER = new File("src/test/resources/configuration/objects/users/user-without-superuser.xml");
+    protected static final File SYSTEM_CONFIG_WITH_NOTIFICATION = new File("src/test/resources/configuration/objects/systemconfig/system-configuration-notification.xml");
+    protected static final File CREATE_NAME_OBJECT_TEMPLATE = new File("src/test/resources/configuration/objects/objecttemplate/create-name-after-self-reg.xml");
+    protected static final File NOTIFICATION_FILE = new File("./target/notification.txt");
+
+    protected static final String NAME_OF_ENABLED_USER = "enabled_user";
+    protected static final String MAIL_OF_ENABLED_USER = "enabled_user@evolveum.com";
 
     private static final File ENABLED_USER = new File("src/test/resources/configuration/objects/users/enabled-user.xml");
     private static final File DISABLED_USER = new File("src/test/resources/configuration/objects/users/disabled-user.xml");
@@ -37,6 +53,26 @@ public void beforeClass() throws IOException{
         importObject(ENABLED_USER, true);
         importObject(DISABLED_USER, true);
         importObject(ENABLED_USER_WITHOUT_AUTHORIZATIONS, true);
+        importObject(MAIL_NONCE_VALUE_POLICY, true);
+        importObject(getSecurityPolicyMailNonceResetPass(), true);
+        importObject(USER_WITHOUT_SUPERUSER, true);
+        importObject(CREATE_NAME_OBJECT_TEMPLATE, true);
+        importObject(SYSTEM_CONFIG_WITH_NOTIFICATION, true);
+        basicPage.infrastructure();
+        SystemPage systemPage = new SystemPage();
+        PrismForm<InfrastructureTab> infrastructureForm = systemPage.infrastructureTab().form();
+        infrastructureForm.showEmptyAttributes("Infrastructure");
+        infrastructureForm.addAttributeValue("publicHttpUrlPattern", getConfiguration().getBaseUrl());
+        File notificationFile = NOTIFICATION_FILE;
+        try {
+            notificationFile.createNewFile();
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        NotificationsTab notificationTab = systemPage.notificationsTab();
+        notificationTab.setRedirectToFile(notificationFile.getAbsolutePath());
+        systemPage.save();
+        Assert.assertTrue(systemPage.feedback().isSuccess());
     }
 
     @Test
@@ -113,4 +149,13 @@ public void test012auditingSuccessfulLogout() {
         auditRecordsTable.checkEventType(2, "Terminate session");
         auditRecordsTable.checkOutcome(2, "Success");
     }
+
+    protected String readLastNotification() throws IOException {
+        String separator = "============================================";
+        byte[] encoded = Files.readAllBytes(Paths.get(NOTIFICATION_FILE.getAbsolutePath()));
+        String notifications = new String(encoded, Charset.defaultCharset());
+        return notifications.substring(notifications.lastIndexOf(separator) + separator.length(), notifications.length()-1);
+    }
+
+    protected abstract File getSecurityPolicyMailNonceResetPass();
 }

testing/schrodingertest/src/test/java/com/evolveum/midpoint/testing/schrodinger/page/LoginPageTest.java

@@ -9,30 +9,91 @@
 
 import com.codeborne.selenide.Condition;
 
+import com.codeborne.selenide.Selenide;
+
+import com.evolveum.midpoint.schrodinger.MidPoint;
+import com.evolveum.midpoint.schrodinger.component.common.PrismForm;
+import com.evolveum.midpoint.schrodinger.component.configuration.InfrastructureTab;
+import com.evolveum.midpoint.schrodinger.component.configuration.NotificationsTab;
+import com.evolveum.midpoint.schrodinger.page.configuration.SystemPage;
 import com.evolveum.midpoint.schrodinger.page.login.FormLoginPage;
+import com.evolveum.midpoint.schrodinger.page.login.MailNoncePage;
 import com.evolveum.midpoint.schrodinger.page.login.SamlSelectPage;
+import com.evolveum.midpoint.schrodinger.page.login.SecurityQuestionsPage;
+import com.evolveum.midpoint.schrodinger.util.Schrodinger;
+
 import org.openqa.selenium.By;
+import org.testng.Assert;
+import org.testng.annotations.BeforeClass;
 import org.testng.annotations.Test;
 
+import java.io.File;
+import java.io.IOException;
+import java.util.concurrent.TimeUnit;
+
 import static com.codeborne.selenide.Selenide.*;
 
 /**
  * Created by Viliam Repan (lazyman).
  */
 public class LoginPageTest extends AbstractLoginPageTest {
 
+    private static final File SEC_QUES_RESET_PASS_SECURITY_POLICY = new File("src/test/resources/configuration/objects/securitypolicies/policy-secururity-question-reset-pass.xml");
+    private static final File MAIL_NONCE_RESET_PASS_SECURITY_POLICY = new File("src/test/resources/configuration/objects/securitypolicies/policy-nonce-reset-pass.xml");
+
+    @Test
+    public void test030resetPassowordMailNonce() throws IOException, InterruptedException {
+        basicPage.loggedUser().logoutIfUserIsLogin();
+        Selenide.sleep(MidPoint.TIMEOUT_DEFAULT_2_S);
+        FormLoginPage login = midPoint.formLogin();
+        login.forgotPassword();
+        $(Schrodinger.byDataId("email")).waitUntil(Condition.visible, MidPoint.TIMEOUT_DEFAULT_2_S).setValue(MAIL_OF_ENABLED_USER);
+        $(Schrodinger.byDataId("submitButton")).click();
+        TimeUnit.SECONDS.sleep(6);
+        String notification = readLastNotification();
+        String bodyTag = "body='";
+        String link = notification.substring(notification.indexOf(bodyTag) + bodyTag.length(), notification.lastIndexOf("'"));
+        open(link);
+        String actualUrl = basicPage.getCurrentUrl();
+        Assert.assertTrue(actualUrl.endsWith("/resetPassword"));
+    }
+
     @Test
-    public void test020changeLanguageFormPage() {
+    public void test031resetPassowordSecurityQuestion() {
         basicPage.loggedUser().logoutIfUserIsLogin();
         FormLoginPage login = midPoint.formLogin();
+        open("/login");
+        Selenide.sleep(MidPoint.TIMEOUT_DEFAULT_2_S);
+        open("/");
+        login.loginWithReloadLoginPage("administrator", "5ecr3t");
+        importObject(SEC_QUES_RESET_PASS_SECURITY_POLICY, true);
+        basicPage.loggedUser().logoutIfUserIsLogin();
+        login.forgotPassword();
+        $(Schrodinger.byDataId("username")).waitUntil(Condition.visible, MidPoint.TIMEOUT_DEFAULT_2_S).setValue(NAME_OF_ENABLED_USER);
+        $(Schrodinger.byDataId("email")).waitUntil(Condition.visible, MidPoint.TIMEOUT_DEFAULT_2_S).setValue(MAIL_OF_ENABLED_USER);
+        $(Schrodinger.byDataId("submitButton")).click();
+        $(Schrodinger.byDataId("answerTF")).waitUntil(Condition.visible, MidPoint.TIMEOUT_DEFAULT_2_S).setValue("10");
+        $(Schrodinger.byDataId("send")).click();
+        Selenide.sleep(MidPoint.TIMEOUT_DEFAULT_2_S);
+        String actualUrl = basicPage.getCurrentUrl();
+        Assert.assertTrue(actualUrl.endsWith("/resetpasswordsuccess"));
+    }
+
+    @Test
+    public void test040changeLanguageFormPage() {
+        basicPage.loggedUser().logoutIfUserIsLogin();
+        FormLoginPage login = midPoint.formLogin();
+        open("/login");
+        Selenide.sleep(MidPoint.TIMEOUT_DEFAULT_2_S);
+        open("/");
 
         login.changeLanguage("de");
 
         $(By.cssSelector(".btn.btn-primary")).shouldHave(Condition.value("Anmelden"));
     }
 
     @Test
-    public void test021changeLanguageSamlSelectPage() {
+    public void test041changeLanguageSamlSelectPage() {
         basicPage.loggedUser().logoutIfUserIsLogin();
         SamlSelectPage login = midPoint.samlSelect();
         login.goToUrl();
@@ -43,6 +104,8 @@ public void test021changeLanguageSamlSelectPage() {
                 .shouldHave(Condition.text("Select an Identity Provider"));
     }
 
-
-
+    @Override
+    protected File getSecurityPolicyMailNonceResetPass() {
+        return MAIL_NONCE_RESET_PASS_SECURITY_POLICY;
+    }
 }