account activation minor fixes

Evolveum · Apr 27, 2017 · f2d676d · f2d676d
1 parent 5b45811
commit f2d676d
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 10 deletions.
diff --git a/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAccountActivation.java b/gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/self/PageAccountActivation.java
@@ -273,14 +273,20 @@ private void propagatePassword(AjaxRequestTarget target,
 		Collection<ObjectDelta<ShadowType>> passwordDeltas = new ArrayList<>(shadowsToActivate.size());
 		for (ShadowType shadow : shadowsToActivate) {
 			ObjectDelta<ShadowType> shadowDelta = ObjectDelta.createModificationReplaceProperty(ShadowType.class, shadow.getOid(), SchemaConstants.PATH_PASSWORD_VALUE, getPrismContext(), passwordValue);
+			shadowDelta.addModificationReplaceProperty(ShadowType.F_LIFECYCLE_STATE, SchemaConstants.LIFECYCLE_PROPOSED);
 			passwordDeltas.add(shadowDelta);
 		}
 
-		try {
-		SecurityContextHolder.getContext().setAuthentication(token);
-		OperationResult result = new OperationResult(OPERATION_ACTIVATE_SHADOWS);
-		Task task = createSimpleTask(OPERATION_ACTIVATE_SHADOWS);
-		WebModelServiceUtils.save((Collection)passwordDeltas, null, result, task, this);
+		OperationResult result = runPrivileged(new Producer<OperationResult>() {
+
+			@Override
+			public OperationResult run() {
+				OperationResult result = new OperationResult(OPERATION_ACTIVATE_SHADOWS);
+				Task task = createAnonymousTask(OPERATION_ACTIVATE_SHADOWS);
+				WebModelServiceUtils.save((Collection) passwordDeltas, null, result, task, PageAccountActivation.this);
+				return result;
+			}
+		});
 
 		result.recomputeStatus();
 
@@ -293,9 +299,6 @@ private void propagatePassword(AjaxRequestTarget target,
 			target.add(getFeedbackPanel());
 			activated = true;
 		}
-		} finally {
-			SecurityContextHolder.getContext().setAuthentication(null);
-		}
 
 		target.add(PageAccountActivation.this);
 

diff --git a/.../src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java b/.../src/main/java/com/evolveum/midpoint/model/impl/security/AuthenticationEvaluatorImpl.java
@@ -339,8 +339,14 @@ protected boolean matchDecryptedValue(ConnectionEnvironment connEnv, @NotNull Mi
 
 	protected boolean decryptAndMatch(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString,
 			String enteredPassword) {
-		String decryptedPassword = getDecryptedValue(connEnv, principal, protectedString);
-		return enteredPassword.equals(decryptedPassword);
+		ProtectedStringType entered = new ProtectedStringType();
+		entered.setClearValue(enteredPassword);
+		try {
+			return protector.compare(entered, protectedString);
+		} catch (SchemaException | EncryptionException e) {
+			recordAuthenticationFailure(principal, connEnv, "error decrypting password: "+e.getMessage());
+			throw new AuthenticationServiceException("web.security.provider.unavailable", e);
+		}
 	}
 
 	protected String getDecryptedValue(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString) {