Merge branch 'master' of https://github.com/Evolveum/midpoint

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageResetPasswordConfirmation.java

@@ -6,16 +6,23 @@
  */
 package com.evolveum.midpoint.web.page.forgetpassword;
 
-import java.util.Collection;
-import java.util.Iterator;
+import java.util.*;
 
-import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
+import com.evolveum.midpoint.model.api.authentication.*;
+import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
+import com.evolveum.midpoint.web.security.factory.channel.ResetPasswordChannelFactory;
+import com.evolveum.midpoint.web.security.factory.module.AbstractModuleFactory;
+import com.evolveum.midpoint.web.security.factory.module.LoginFormModuleFactory;
+import com.evolveum.midpoint.xml.ns._public.common.common_3.*;
 
 import org.apache.commons.lang.Validate;
+import org.apache.wicket.Session;
 import org.apache.wicket.markup.html.WebMarkupContainer;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.request.mapper.parameter.PageParameters;
+import org.apache.wicket.spring.injection.annot.SpringBean;
 import org.apache.wicket.util.string.StringValue;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -36,7 +43,6 @@
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
 import com.evolveum.midpoint.web.page.login.PageRegistrationBase;
 import com.evolveum.midpoint.web.page.login.PageRegistrationConfirmation;
-import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthorizationType;
 
 @PageDescriptor(urls = {@Url(mountUrl = SchemaConstants.PASSWORD_RESET_CONFIRMATION_PREFIX)}, permitAll = true)
 public class PageResetPasswordConfirmation extends PageRegistrationBase{
@@ -46,6 +52,11 @@ public class PageResetPasswordConfirmation extends PageRegistrationBase{
 
     private static final String DOT_CLASS = PageRegistrationConfirmation.class.getName() + ".";
 
+    @SpringBean(name = "loginFormModuleFactory")
+    private LoginFormModuleFactory moduleFactory;
+
+    @SpringBean(name = "resetPasswordChannelFactory")
+    private ResetPasswordChannelFactory channelFactory;
 
     private static final String ID_LABEL_ERROR = "errorLabel";
     private static final String ID_ERROR_PANEL = "errorPanel";
@@ -116,7 +127,34 @@ private void init(final PageParameters pageParameters) {
             authorizationType.getAction().add(AuthorizationConstants.AUTZ_UI_SELF_CREDENTIALS_URL);
             Authorization selfServiceCredentialsAuthz = new Authorization(authorizationType);
             authz.add(selfServiceCredentialsAuthz);
-            SecurityContextHolder.getContext().setAuthentication(token);
+            AuthenticationSequenceType sequence = SecurityPolicyUtil.createPaswordResetSequence();
+            Map<Class<? extends Object>, Object> sharedObjects = new HashMap<>();
+            AuthenticationModulesType modules = new AuthenticationModulesType();
+            AuthenticationModuleLoginFormType loginForm = new AuthenticationModuleLoginFormType();
+            loginForm.name(SecurityPolicyUtil.DEFAULT_MODULE_NAME);
+            modules.loginForm(loginForm);
+            AuthModule authModule = null;
+            AuthenticationChannel channel = null;
+            try {
+                channel = channelFactory.createAuthChannel(sequence.getChannel());
+                authModule = moduleFactory.createModuleFilter(loginForm, sequence.getChannel().getUrlSuffix(), null,
+                        sharedObjects, modules, null, channel);
+            } catch (Exception e) {
+                LOGGER.error("Couldn't build filter for module moduleFactory", e);
+            }
+            MidpointAuthentication mpAuthentication = new MidpointAuthentication(sequence);
+            List<AuthModule> authModules = new ArrayList<AuthModule>();
+            authModules.add(authModule);
+            mpAuthentication.setAuthModules(authModules);
+            mpAuthentication.setSessionId(Session.get().getId());
+            ModuleAuthentication moduleAuthentication = authModule.getBaseModuleAuthentication();
+            moduleAuthentication.setAuthentication(token);
+            moduleAuthentication.setState(StateOfModule.SUCCESSFULLY);
+            mpAuthentication.addAuthentications(moduleAuthentication);
+            mpAuthentication.setPrincipal(principal);
+            mpAuthentication.setAuthorities(token.getAuthorities());
+            mpAuthentication.setAuthenticationChannel(channel);
+            SecurityContextHolder.getContext().setAuthentication(mpAuthentication);
             setResponsePage(PageResetPassword.class);
         }
 

gui/admin-gui/src/main/java/com/evolveum/midpoint/web/page/forgetpassword/PageShowPassword.java

@@ -16,6 +16,11 @@ public class PageShowPassword extends PageBase {
     public final static String URL = "/resetpasswordsuccess";
 
     public PageShowPassword() {
+    }
+
+    @Override
+    protected void onInitialize() {
+        super.onInitialize();
         add(new Label("pass", getSession().getAttribute("pwdReset")));
         getSession().removeAttribute("pwdReset");
 

infra/schema/src/main/java/com/evolveum/midpoint/schema/util/SecurityPolicyUtil.java

@@ -21,6 +21,7 @@ public class SecurityPolicyUtil {
     public static final String DEFAULT_SEQUENCE_NAME = "admin-gui-default";
     public static final String REST_SEQUENCE_NAME = "rest-default";
     public static final String ACTUATOR_SEQUENCE_NAME = "actuator-default";
+    public static final String PASSWORD_RESET_SEQUENCE_NAME = "password-reset-default";
     private static final List<String> IGNORED_LOCAL_PATH;
     static {
         List<String> list = new ArrayList<String>();
@@ -195,6 +196,7 @@ public static AuthenticationsPolicyType createDefaultAuthenticationPolicy() {
         authenticationPolicy.sequence(createDefaultSequence());
         authenticationPolicy.sequence(createRestSequence());
         authenticationPolicy.sequence(createActuatorSequence());
+        authenticationPolicy.sequence(createPaswordResetSequence());
         for (String ignoredPath : IGNORED_LOCAL_PATH) {
             authenticationPolicy.ignoredLocalPath(ignoredPath);
         }
@@ -249,4 +251,20 @@ public static AuthenticationSequenceType createActuatorSequence() {
         return sequence;
     }
 
+    public static AuthenticationSequenceType createPaswordResetSequence() {
+        AuthenticationSequenceType sequence = new AuthenticationSequenceType();
+        sequence.name(PASSWORD_RESET_SEQUENCE_NAME);
+        AuthenticationSequenceChannelType channel = new AuthenticationSequenceChannelType();
+        channel.setDefault(true);
+        channel.channelId(SchemaConstants.CHANNEL_GUI_RESET_PASSWORD_URI);
+        channel.setUrlSuffix("resetPassword");
+        sequence.channel(channel);
+        AuthenticationSequenceModuleType module = new AuthenticationSequenceModuleType();
+        module.name(DEFAULT_MODULE_NAME);
+        module.order(1);
+        module.necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT);
+        sequence.module(module);
+        return sequence;
+    }
+
 }

repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/data/common/enums/RTaskWaitingReason.java

@@ -18,6 +18,9 @@ public enum RTaskWaitingReason implements SchemaEnum<TaskWaitingReasonType> {
 
     OTHER_TASKS(TaskWaitingReasonType.OTHER_TASKS),
 
+    // See MID-6117.
+    PLACEHOLDER(null),
+
     OTHER(TaskWaitingReasonType.OTHER);
 
     private TaskWaitingReasonType reason;

repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query2/hqm/condition/InCondition.java

@@ -9,9 +9,11 @@
 
 import com.evolveum.midpoint.repo.sql.query2.hqm.HibernateQuery;
 import com.evolveum.midpoint.repo.sql.query2.hqm.RootHibernateQuery;
+
 import org.apache.commons.lang.Validate;
 
 import java.util.Collection;
+import java.util.Objects;
 
 /**
  * @author mederly
@@ -52,14 +54,14 @@ public void dumpToHql(StringBuilder sb, int indent) {
 
     @Override
     public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        if (!super.equals(o)) return false;
+        if (this == o) { return true; }
+        if (o == null || getClass() != o.getClass()) { return false; }
+        if (!super.equals(o)) { return false; }
 
         InCondition that = (InCondition) o;
 
-        if (values != null ? !values.equals(that.values) : that.values != null) return false;
-        return !(innerQueryText != null ? !innerQueryText.equals(that.innerQueryText) : that.innerQueryText != null);
+        return Objects.equals(values, that.values)
+                && Objects.equals(innerQueryText, that.innerQueryText);
 
     }
 

repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query2/hqm/condition/JunctionCondition.java

@@ -12,6 +12,7 @@
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 
 /**
@@ -23,9 +24,7 @@ public abstract class JunctionCondition extends Condition {
 
     public JunctionCondition(RootHibernateQuery rootHibernateQuery, Condition... conditions) {
         super(rootHibernateQuery);
-        for (Condition condition : conditions) {
-            components.add(condition);
-        }
+        Collections.addAll(components, conditions);
     }
 
     public JunctionCondition(RootHibernateQuery rootHibernateQuery, Collection<Condition> conditions) {
@@ -69,7 +68,6 @@ public boolean equals(Object o) {
         JunctionCondition that = (JunctionCondition) o;
 
         return components.equals(that.components);
-
     }
 
     @Override

repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/query2/hqm/condition/SimpleComparisonCondition.java

@@ -7,8 +7,11 @@
 
 package com.evolveum.midpoint.repo.sql.query2.hqm.condition;
 
+import java.util.Objects;
+
 import com.evolveum.midpoint.repo.sql.query2.hqm.HibernateQuery;
 import com.evolveum.midpoint.repo.sql.query2.hqm.RootHibernateQuery;
+
 import org.apache.commons.lang.Validate;
 
 /**
@@ -54,16 +57,15 @@ public void dumpToHql(StringBuilder sb, int indent) {
 
     @Override
     public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        if (!super.equals(o)) return false;
+        if (this == o) { return true; }
+        if (o == null || getClass() != o.getClass()) { return false; }
+        if (!super.equals(o)) { return false; }
 
         SimpleComparisonCondition that = (SimpleComparisonCondition) o;
 
-        if (ignoreCase != that.ignoreCase) return false;
-        if (value != null ? !value.equals(that.value) : that.value != null) return false;
-        return operator.equals(that.operator);
-
+        return ignoreCase == that.ignoreCase
+                && Objects.equals(value, that.value)
+                && operator.equals(that.operator);
     }
 
     @Override

repo/repo-sql-impl/src/main/java/com/evolveum/midpoint/repo/sql/util/RUtil.java

@@ -317,8 +317,9 @@ public static <T extends SchemaEnum> T getRepoEnumValue(Object object, Class<T>
         }
         Object[] values = type.getEnumConstants();
         for (Object value : values) {
+            //noinspection unchecked
             T schemaEnum = (T) value;
-            if (schemaEnum.getSchemaValue().equals(object)) {
+            if (object.equals(schemaEnum.getSchemaValue())) {
                 return schemaEnum;
             }
         }

testing/schrodingertest/src/test/java/com/evolveum/midpoint/testing/schrodinger/page/AbstractLoginPageTest.java

@@ -7,7 +7,11 @@
 package com.evolveum.midpoint.testing.schrodinger.page;
 
 import com.evolveum.midpoint.schrodinger.component.common.FeedbackBox;
+import com.evolveum.midpoint.schrodinger.component.common.PrismForm;
+import com.evolveum.midpoint.schrodinger.component.configuration.InfrastructureTab;
+import com.evolveum.midpoint.schrodinger.component.configuration.NotificationsTab;
 import com.evolveum.midpoint.schrodinger.component.report.AuditRecordTable;
+import com.evolveum.midpoint.schrodinger.page.configuration.SystemPage;
 import com.evolveum.midpoint.schrodinger.page.login.FormLoginPage;
 import com.evolveum.midpoint.schrodinger.page.report.AuditLogViewerPage;
 import com.evolveum.midpoint.testing.schrodinger.AbstractSchrodingerTest;
@@ -17,14 +21,26 @@
 
 import java.io.File;
 import java.io.IOException;
+import java.nio.charset.Charset;
+import java.nio.file.Files;
+import java.nio.file.Paths;
 
 import static com.codeborne.selenide.Selenide.*;
 
 /**
  * @author skublik
  */
 
-public class AbstractLoginPageTest extends AbstractSchrodingerTest {
+public abstract class AbstractLoginPageTest extends AbstractSchrodingerTest {
+
+    protected static final File MAIL_NONCE_VALUE_POLICY = new File("src/test/resources/configuration/objects/valuepolicies/mail-nonce.xml");
+    protected static final File USER_WITHOUT_SUPERUSER = new File("src/test/resources/configuration/objects/users/user-without-superuser.xml");
+    protected static final File SYSTEM_CONFIG_WITH_NOTIFICATION = new File("src/test/resources/configuration/objects/systemconfig/system-configuration-notification.xml");
+    protected static final File CREATE_NAME_OBJECT_TEMPLATE = new File("src/test/resources/configuration/objects/objecttemplate/create-name-after-self-reg.xml");
+    protected static final File NOTIFICATION_FILE = new File("./target/notification.txt");
+
+    protected static final String NAME_OF_ENABLED_USER = "enabled_user";
+    protected static final String MAIL_OF_ENABLED_USER = "enabled_user@evolveum.com";
 
     private static final File ENABLED_USER = new File("src/test/resources/configuration/objects/users/enabled-user.xml");
     private static final File DISABLED_USER = new File("src/test/resources/configuration/objects/users/disabled-user.xml");
@@ -37,6 +53,26 @@ public void beforeClass() throws IOException{
         importObject(ENABLED_USER, true);
         importObject(DISABLED_USER, true);
         importObject(ENABLED_USER_WITHOUT_AUTHORIZATIONS, true);
+        importObject(MAIL_NONCE_VALUE_POLICY, true);
+        importObject(getSecurityPolicyMailNonceResetPass(), true);
+        importObject(USER_WITHOUT_SUPERUSER, true);
+        importObject(CREATE_NAME_OBJECT_TEMPLATE, true);
+        importObject(SYSTEM_CONFIG_WITH_NOTIFICATION, true);
+        basicPage.infrastructure();
+        SystemPage systemPage = new SystemPage();
+        PrismForm<InfrastructureTab> infrastructureForm = systemPage.infrastructureTab().form();
+        infrastructureForm.showEmptyAttributes("Infrastructure");
+        infrastructureForm.addAttributeValue("publicHttpUrlPattern", getConfiguration().getBaseUrl());
+        File notificationFile = NOTIFICATION_FILE;
+        try {
+            notificationFile.createNewFile();
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        NotificationsTab notificationTab = systemPage.notificationsTab();
+        notificationTab.setRedirectToFile(notificationFile.getAbsolutePath());
+        systemPage.save();
+        Assert.assertTrue(systemPage.feedback().isSuccess());
     }
 
     @Test
@@ -113,4 +149,13 @@ public void test012auditingSuccessfulLogout() {
         auditRecordsTable.checkEventType(2, "Terminate session");
         auditRecordsTable.checkOutcome(2, "Success");
     }
+
+    protected String readLastNotification() throws IOException {
+        String separator = "============================================";
+        byte[] encoded = Files.readAllBytes(Paths.get(NOTIFICATION_FILE.getAbsolutePath()));
+        String notifications = new String(encoded, Charset.defaultCharset());
+        return notifications.substring(notifications.lastIndexOf(separator) + separator.length(), notifications.length()-1);
+    }
+
+    protected abstract File getSecurityPolicyMailNonceResetPass();
 }