Merge branch 'master' of https://github.com/Evolveum/midpoint

Evolveum · May 24, 2019 · fd1f8b3 · fd1f8b3
2 parents 0f55728 + de8b654
commit fd1f8b3
Show file tree

Hide file tree

Showing 170 changed files with 5,252 additions and 898 deletions.
diff --git a/...min-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java b/...min-gui/src/main/java/com/evolveum/midpoint/gui/api/component/password/PasswordPanel.java
@@ -18,12 +18,17 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Objects;
 
 import com.evolveum.midpoint.gui.api.page.PageBase;
+import com.evolveum.midpoint.prism.crypto.EncryptionException;
+import com.evolveum.midpoint.prism.crypto.Protector;
+import com.evolveum.midpoint.util.exception.SystemException;
 import com.evolveum.midpoint.web.page.admin.users.PageUser;
 import com.evolveum.midpoint.web.page.self.PageSelfProfile;
+import com.evolveum.midpoint.web.security.MidPointApplication;
 import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang.Validate;
+import org.apache.wicket.Application;
 import org.apache.wicket.ajax.AjaxRequestTarget;
 import org.apache.wicket.ajax.form.AjaxFormComponentUpdatingBehavior;
 import org.apache.wicket.ajax.markup.html.AjaxLink;
@@ -43,6 +48,7 @@
 import com.evolveum.midpoint.web.component.prism.InputPanel;
 import com.evolveum.midpoint.web.component.util.VisibleEnableBehaviour;
 import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
+import org.jetbrains.annotations.NotNull;
 
 /**
  * @author lazyman
@@ -91,31 +97,28 @@ public boolean isVisible() {
 		inputContainer.setOutputMarkupId(true);
 		add(inputContainer);
 
-        final PasswordTextField password1 = new PasswordTextField(ID_PASSWORD_ONE, new PasswordModel(model));
+	    final PasswordTextField password1 = new SecureModelPasswordTextField(ID_PASSWORD_ONE, new PasswordModel(model));
         password1.setRequired(false);
-        password1.setResetPassword(false);
         password1.setOutputMarkupId(true);
         password1.add(new EmptyOnBlurAjaxFormUpdatingBehaviour());
         inputContainer.add(password1);
 
-        final PasswordTextField password2 = new PasswordTextField(ID_PASSWORD_TWO, new Model<>());
+        final PasswordTextField password2 = new SecureModelPasswordTextField(ID_PASSWORD_TWO, new PasswordModel(Model.of(new ProtectedStringType())));
         password2.setRequired(false);
-        password2.setResetPassword(false);
         password2.setOutputMarkupId(true);
-        password2.add(new EmptyOnBlurAjaxFormUpdatingBehaviour());
         inputContainer.add(password2);
 
         password1.add(new AjaxFormComponentUpdatingBehavior("change") {
 			@Override
 			protected void onUpdate(AjaxRequestTarget target) {
-				boolean required = !StringUtils.isEmpty(password1.getModel().getObject());
+				boolean required = !StringUtils.isEmpty(password1.getModelObject());
 				password2.setRequired(required);
                 //fix of MID-2463
 //				target.add(password2);
 //				target.appendJavaScript("$(\"#"+ password2.getMarkupId() +"\").focus()");
 			}
 		});
-        password2.add(new PasswordValidator(password1, password2));
+        password2.add(new PasswordValidator(password1));
 
         final WebMarkupContainer linkContainer = new WebMarkupContainer(ID_LINK_CONTAINER) {
 			@Override
@@ -217,26 +220,21 @@ public FormComponent getBaseFormComponent() {
     private static class PasswordValidator implements IValidator<String> {
 
         private PasswordTextField p1;
-        private PasswordTextField p2;
 
-        private PasswordValidator(PasswordTextField p1, PasswordTextField p2) {
-            Validate.notNull(p1, "Password field one must not be null.");
-            Validate.notNull(p2, "Password field two must not be null.");
+        private PasswordValidator(@NotNull PasswordTextField p1) {
             this.p1 = p1;
-            this.p2 = p2;
         }
 
         @Override
         public void validate(IValidatable<String> validatable) {
-            String s1 = p1.getValue();
-            String s2 = p2.getValue();
+            String s1 = p1.getModelObject();
+            String s2 = validatable.getValue();
 
             if (StringUtils.isEmpty(s1) && StringUtils.isEmpty(s2)) {
                 return;
             }
 
-            boolean equal = s1 != null ? s1.equals(s2) : s2 == null;
-            if (!equal) {
+	        if (!Objects.equals(s1, s2)) {
             	validatable = p1.newValidatable();
             	ValidationError err = new ValidationError();
     			err.addKey("passwordPanel.error");
@@ -260,21 +258,30 @@ private static class PasswordModel implements IModel<String> {
 
     	IModel<ProtectedStringType> psModel;
 
-    	PasswordModel(IModel<ProtectedStringType> psModel) {
+	    PasswordModel(IModel<ProtectedStringType> psModel) {
     		this.psModel = psModel;
-    	}
+	    }
 
 		@Override
 		public void detach() {
 			// Nothing to do
 		}
 
+		private Protector getProtector() {
+	    	return ((MidPointApplication) Application.get()).getProtector();
+		}
+
 		@Override
 		public String getObject() {
-			if (psModel.getObject() == null) {
+			ProtectedStringType ps = psModel.getObject();
+			if (ps == null) {
 				return null;
 			} else {
-				return psModel.getObject().getClearValue();
+				try {
+					return getProtector().decryptString(ps);
+				} catch (EncryptionException e) {
+					throw new SystemException(e.getMessage(), e);   // todo handle somewhat better
+				}
 			}
 		}
 
@@ -289,8 +296,12 @@ public void setObject(String object) {
 					psModel.getObject().clear();
 				}
 				psModel.getObject().setClearValue(object);
+				try {
+					getProtector().encrypt(psModel.getObject());
+				} catch (EncryptionException e) {
+					throw new SystemException(e.getMessage(), e);   // todo handle somewhat better
+				}
 			}
 		}
-
     }
 }
diff --git a/...n/java/com/evolveum/midpoint/gui/api/component/password/SecureModelPasswordTextField.java b/...n/java/com/evolveum/midpoint/gui/api/component/password/SecureModelPasswordTextField.java
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2010-2019 Evolveum
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.evolveum.midpoint.gui.api.component.password;
+
+import org.apache.wicket.markup.html.form.PasswordTextField;
+import org.apache.wicket.model.IModel;
+
+/**
+ * PasswordTextField that assumes its underlying model is secure enough to be serialized.
+ *
+ * Therefore we can disable "reset password" security feature and - when detaching - clear only our input.
+ * The model is preserved, because it's considered secure enough.
+ */
+public class SecureModelPasswordTextField extends PasswordTextField {
+
+	public SecureModelPasswordTextField(String id, IModel<String> model) {
+		super(id, model);
+		setResetPassword(false);
+	}
+
+	@Override
+	protected void onDetach() {
+		clearInput();
+		super.onDetach();
+	}
+}
diff --git a/...-gui/src/main/java/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.java b/...-gui/src/main/java/com/evolveum/midpoint/web/page/self/component/ChangePasswordPanel.java
@@ -114,7 +114,6 @@ public boolean isVisible() {
         PasswordTextField oldPasswordField =
                 new PasswordTextField(ID_OLD_PASSWORD_FIELD, new PropertyModel<>(model, MyPasswordsDto.F_OLD_PASSWORD));
         oldPasswordField.setRequired(false);
-        oldPasswordField.setResetPassword(false);
         add(oldPasswordField);
         oldPasswordField.add(new VisibleEnableBehaviour() {
 
@@ -227,7 +226,7 @@ protected void onEvent(final AjaxRequestTarget target) {
 
 					@Override
                 	public boolean isEnabled() {
-                		return passwordAccountDto.getCssClass() != NO_CAPABILITY_ICON_CSS;
+                		return !passwordAccountDto.getCssClass().equals(NO_CAPABILITY_ICON_CSS);
                 	}
                 });
             }

diff --git a/gui/admin-gui/src/main/resources/application.yml b/gui/admin-gui/src/main/resources/application.yml
@@ -5,6 +5,7 @@ spring:
     multipart:
       max-file-size: 100Mb
       max-request-size: 100Mb
+      file-size-threshold: 256Kb
 
 server:
   tomcat:

diff --git a/gui/admin-gui/src/main/resources/initial-objects/022-archetype-business-role.xml b/gui/admin-gui/src/main/resources/initial-objects/022-archetype-business-role.xml
@@ -13,6 +13,23 @@
   ~ See the License for the specific language governing permissions and
   ~ limitations under the License.
   -->
+
+<!--
+  Activate view for this archetype in adminGuiConfiguration like this:
+  
+  <adminGuiConfiguration>
+    <objectCollectionViews>
+        <objectCollectionView>
+            <identifier>business-roles</identifier>
+            <type>RoleType</type>
+            <collection>
+                <collectionRef oid="00000000-0000-0000-0000-000000000321" type="ArchetypeType"/>
+            </collection>
+        </objectCollectionView>
+    </objectCollectionViews>
+  </adminGuiConfiguration>
+  
+-->
 <archetype oid="00000000-0000-0000-0000-000000000321"
         xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
         xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"

diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint_cs.properties b/gui/admin-gui/src/main/resources/localization/Midpoint_cs.properties
@@ -306,7 +306,7 @@ EmptyProcessDetailsPanel.message=Podrobnosti procesu nejsou k dispozici.
 ExecuteChangeOptionsPanel.label.executeAfterAllApprovals=Spustit po všech schváleních
 ExecuteChangeOptionsPanel.label.executeAfterAllApprovals.help=Pokud je zaškrtnuto, je provádění změn pozastaveno až do chvíle, dokud nebudou shromážděna všechna schválení. \nPokud není zaškrtnuto, jsou všechny částečné změny prováděny tak, jak jsou schváleny, nebo ihned, pokud není třeba žádné schválení.
 ExecuteChangeOptionsPanel.label.force=Autoritativně
-ExecuteChangeOptionsPanel.label.force.help=Vynutit operaci, i když by jinak neuspěla kvůli vnějšímu selhání. Například, pokus smazat účet, který již neexistuje na aplikaci, může bez této volby neuspět. Pokud je však tato volba použita, potom operace bude dokončena i když účet již neexistuje (což znamená, že se minimálně smaže stínový účet z repozitáře systému {0}).
+ExecuteChangeOptionsPanel.label.force.help=Vynutit operaci, i když by jinak neuspěla kvůli vnějšímu selhání. Například, pokus smazat účet, který již neexistuje na aplikaci, nemusí bez této volby uspět. Pokud je však tato volba použita, potom operace bude dokončena i když účet již neexistuje (což znamená, že se minimálně smaže stínový účet z repozitáře systému {0}).
 ExecuteChangeOptionsPanel.label.keepDisplayingResults=Nechat zobrazené výsledky
 ExecuteChangeOptionsPanel.label.keepDisplayingResults.help=Měly by být výsledky vykonávání a operační statistiky zobrazeny i po dokončení operace? Pokud není zaškrtnuto, stránka s výsledky a statistikami automaticky zmizí po dokončení operace.
 ExecuteChangeOptionsPanel.label.reconcileAffected=Rekonciliovat dotčené objekty
@@ -701,14 +701,14 @@ ObjectTypeGuiDescriptor.objectCollection=Sbírka objektů
 ObjectTypeGuiDescriptor.archetype=Pravzor
 ObjectTypeGuiDescriptor.dashboard=Nástěnka
 ObjectTypeGuiDescriptor.unknown=Není nastaveno
-operation.com.evolveum.midpoint.common.crypto.CryptoUtil.securitySelfTest=Bezpečnostní samotest
+operation.com.evolveum.midpoint.common.crypto.CryptoUtil.securitySelfTest=Bezpečnostní sebetest
 operation.com.evolveum.midpoint.common.operation.import.object=Importovat objekt
 operation.com.evolveum.midpoint.common.policy.PasswordPolicyUtils.passwordValidation=Validace hesla proti politice hesel
 operation.com.evolveum.midpoint.common.validator.Validator.objectBasicsCheck=Základní kontroly
 operation.com.evolveum.midpoint.common.validator.Validator.resourceNamespaceCheck=Kontrola jmenného prostoru aplikace
 operation.com.evolveum.midpoint.common.validator.Validator.validateSchema=Validace schématu
-operation.com.evolveum.midpoint.model.api.ModelDiagnosticService.provisioningSelfTest=Samotest provisioningu (Model)
-operation.com.evolveum.midpoint.model.api.ModelDiagnosticService.repositorySelfTest=Samotest repozitáře (Model)
+operation.com.evolveum.midpoint.model.api.ModelDiagnosticService.provisioningSelfTest=Sebetest provisioningu (Model)
+operation.com.evolveum.midpoint.model.api.ModelDiagnosticService.repositorySelfTest=Sebetest repozitáře (Model)
 operation.com.evolveum.midpoint.model.api.ModelInteractionService.previewChanges=Náhled změn (Model)
 operation.com.evolveum.midpoint.model.api.ModelService.addObject=Přidat objekt (Model)
 operation.com.evolveum.midpoint.model.api.ModelService.addUser=Přidat uživatele (Model)
@@ -753,8 +753,8 @@ operation.com.evolveum.midpoint.model.controller.SchemaHandler.processInboundHan
 operation.com.evolveum.midpoint.model.controller.SchemaHandler.processOutboundHandling=Zpracovat odchozí manipulaci se schématem
 operation.com.evolveum.midpoint.model.controller.SchemaHandler.processPropertyConstruction=Zpracovat sestavení schopnosti
 operation.com.evolveum.midpoint.model.controller.SchemaHandler.processPropertyConstructions=Zpracovat sestavení schopností
-operation.com.evolveum.midpoint.model.impl.controller.ModelDiagController.repositorySelfTest.user=Samotest repozitáře - uživatel (Model)
-operation.com.evolveum.midpoint.model.impl.controller.ModelDiagController.repositorySelfTest.lookupTable=Samotest repozitáře, překladová tabulka (Model)
+operation.com.evolveum.midpoint.model.impl.controller.ModelDiagController.repositorySelfTest.user=Sebetest repozitáře - uživatel (Model)
+operation.com.evolveum.midpoint.model.impl.controller.ModelDiagController.repositorySelfTest.lookupTable=Sebetest repozitáře, překladová tabulka (Model)
 operation.com.evolveum.midpoint.model.importer.ImportAccountsFromResourceTaskHandler.launch=Importovat účty z aplikace
 operation.com.evolveum.midpoint.model.importer.ObjectImporter.checkResourceSchema=Zkontrolovat schéma aplikace
 operation.com.evolveum.midpoint.model.importer.ObjectImporter.encryptValues=Šifrování
@@ -1010,11 +1010,11 @@ OrgUnitBrowser.message.queryError=Chyba při překladu vyhledávacího dotazu do
 OrgUnitBrowser.search=Hledat
 OrgUnitBrowser.title=Vyberte novou nadřazenou org. jednotku
 PageAbout.allRightsReserved=&copy;2016 Evolveum.
-PageAbout.button.testProvisioning=Samotest provisioningu
+PageAbout.button.testProvisioning=Sebetest provisioningu
 PageAbout.button.cleanupActivitiProcesses=Vyčistit Activiti procesy
 PageAbout.button.testRepositoryCheckOrgClosure=Zkontrolovat a opravit konzistenci org. struktury
-PageAbout.button.reindexRepositoryObjects=Přeindexuj objekty v repozitáři
-PageAbout.button.testRepository=Samotest repozitáře
+PageAbout.button.reindexRepositoryObjects=Přeindexovat objekty v repozitáři
+PageAbout.button.testRepository=Sebetest repozitáře
 PageAbout.button.clearCssJsCache=Vyčistit mezipaměť CSS/JS
 PageAbout.button.factoryDefault=Přepnout na tovární nastavení
 PageAbout.message.deleteAllObjects=Opravdu chcete smazat všechny objekty? Může to trvat delší dobu, i několik minut.
@@ -2294,6 +2294,7 @@ pageTasks.category.Utility=Utilita
 pageTasks.category.Workflow=Workflow
 pageTasks.category.Custom=Vlastní
 pageTasks.category.ExecuteChanges=Provést změny
+pageTasks.category.DeleteNotUpdatedShadows=Odstranit neaktualizované stínové účty
 pageTasks.message.suspendAction=pozastavit
 pageTasks.message.resumeAction=pokračovat v provádění 
 pageTasks.message.runNowAction=spustit teď
@@ -3491,7 +3492,7 @@ mainForm.uploadFailed = Chyba při nahrávání souboru: ${exception.localizedMe
 PageSelfCredentials.couldntResolve=Nepodařilo se kontaktovat aplikaci.
 roleMemberPanel.type=Typ:
 roleMemberPanel.tenant=Klient:
-roleMemberPanel.project=Org. jednotka/Projekt:
+roleMemberPanel.project=Org/Projekt:
 roleMemberPanel.indirectMembers=Včetně nepřímých členů
 roleMemberPanel.allRelations=Zobrazit všechny vztahy
 roleMemberPanel.menu.createOwner=Vytvořit vlastníka
@@ -3509,7 +3510,7 @@ chooseMemberForOrgPopup.otherTypesLabel=Ostatní
 AssignmentPanel.newAssignmentParameters=Parametry
 AssignmentPanel.allLabel=Vše
 AssignmentPanel.viewTargetObject=Zobrazit cílový objekt
-AssignmentPanel.newAssignmentTitle=Nové přiřazení
+AssignmentPanel.newAssignmentTitle=New {0} assignment {1}
 AssignmentPanel.newInducementTitle=Nová indukce
 SearchPanel.more=Více...
 SearchPanel.add=Vložit
@@ -4248,8 +4249,10 @@ chooseFocusTypeAndRelationDialogPanel.relation=Vazba:
 chooseFocusTypeAndRelationDialogPanel.type=Typ
 chooseFocusTypeAndRelationDialogPanel.tooltip.type=Příjemce přiřazení/Typ cílového objektu
 abstractRoleMemberPanel.menu.assign=Přiřadit
-abstractRoleMemberPanel.menu.assignMember=Přiřadit člena
-abstractRoleMemberPanel.menu.createMember=Vytvořit člena
+abstractRoleMemberPanel.menu.assignMember=Assign {0} member {1}
+abstractRoleMemberPanel.menu.createMember=Create {0} member {1}
+abstractRoleMemberPanel.withRelation=with {0} relation
+abstractRoleMemberPanel.withType={0} type
 abstractRoleMemberPanel.menu.unassign=Odebrat přiřazení
 abstractRoleMemberPanel.menu.recompute=Přepočítat
 abstractRoleMemberPanel.menu.create=Vytvořit

diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint_de.properties b/gui/admin-gui/src/main/resources/localization/Midpoint_de.properties
@@ -2294,6 +2294,7 @@ pageTasks.category.Utility=Hilfsprogramm
 pageTasks.category.Workflow=Arbeitsablauf
 pageTasks.category.Custom=Angepasst
 pageTasks.category.ExecuteChanges=Änderungen ausführen
+pageTasks.category.DeleteNotUpdatedShadows=Delete not updated shadows
 pageTasks.message.suspendAction=anhalten
 pageTasks.message.resumeAction=forsetzen
 pageTasks.message.runNowAction=sofort ausführen
@@ -3509,7 +3510,7 @@ chooseMemberForOrgPopup.otherTypesLabel=Others
 AssignmentPanel.newAssignmentParameters=Parameter
 AssignmentPanel.allLabel=alle
 AssignmentPanel.viewTargetObject=View target object
-AssignmentPanel.newAssignmentTitle=New assignment
+AssignmentPanel.newAssignmentTitle=New {0} assignment {1}
 AssignmentPanel.newInducementTitle=New inducement
 SearchPanel.more=mehr...
 SearchPanel.add=hinzufügen
@@ -4248,8 +4249,10 @@ chooseFocusTypeAndRelationDialogPanel.relation=Relation:
 chooseFocusTypeAndRelationDialogPanel.type=Typ
 chooseFocusTypeAndRelationDialogPanel.tooltip.type=Assignment holder/target object type
 abstractRoleMemberPanel.menu.assign=Ressource zuweisen
-abstractRoleMemberPanel.menu.assignMember=Assign member
-abstractRoleMemberPanel.menu.createMember=Benutzer anlegen
+abstractRoleMemberPanel.menu.assignMember=Assign {0} member {1}
+abstractRoleMemberPanel.menu.createMember=Create {0} member {1}
+abstractRoleMemberPanel.withRelation=with {0} relation
+abstractRoleMemberPanel.withType={0} type
 abstractRoleMemberPanel.menu.unassign=Entziehen
 abstractRoleMemberPanel.menu.recompute=Neu berechnen
 abstractRoleMemberPanel.menu.create=Erstellen

diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint_en.properties b/gui/admin-gui/src/main/resources/localization/Midpoint_en.properties
@@ -2294,6 +2294,7 @@ pageTasks.category.Utility=Utility
 pageTasks.category.Workflow=Workflow
 pageTasks.category.Custom=Custom
 pageTasks.category.ExecuteChanges=Execute changes
+pageTasks.category.DeleteNotUpdatedShadows=Delete not updated shadows
 pageTasks.message.suspendAction=suspend
 pageTasks.message.resumeAction=resume
 pageTasks.message.runNowAction=run now

diff --git a/gui/admin-gui/src/main/resources/localization/Midpoint_es.properties b/gui/admin-gui/src/main/resources/localization/Midpoint_es.properties
@@ -2294,6 +2294,7 @@ pageTasks.category.Utility=Utility
 pageTasks.category.Workflow=Workflow
 pageTasks.category.Custom=Custom
 pageTasks.category.ExecuteChanges=Ejecutar cambios
+pageTasks.category.DeleteNotUpdatedShadows=Delete not updated shadows
 pageTasks.message.suspendAction=suspender
 pageTasks.message.resumeAction=Resumir
 pageTasks.message.runNowAction=ejecutar ahora
@@ -3509,7 +3510,7 @@ chooseMemberForOrgPopup.otherTypesLabel=Others
 AssignmentPanel.newAssignmentParameters=Parametros
 AssignmentPanel.allLabel=Todo
 AssignmentPanel.viewTargetObject=View target object
-AssignmentPanel.newAssignmentTitle=New assignment
+AssignmentPanel.newAssignmentTitle=New {0} assignment {1}
 AssignmentPanel.newInducementTitle=New inducement
 SearchPanel.more=Más...
 SearchPanel.add=Agregar
@@ -4248,8 +4249,10 @@ chooseFocusTypeAndRelationDialogPanel.relation=Relación:
 chooseFocusTypeAndRelationDialogPanel.type=Tipo
 chooseFocusTypeAndRelationDialogPanel.tooltip.type=Assignment holder/target object type
 abstractRoleMemberPanel.menu.assign=Asignar Recursos de la Cuenta
-abstractRoleMemberPanel.menu.assignMember=Assign member
-abstractRoleMemberPanel.menu.createMember=Crear miembro
+abstractRoleMemberPanel.menu.assignMember=Assign {0} member {1}
+abstractRoleMemberPanel.menu.createMember=Create {0} member {1}
+abstractRoleMemberPanel.withRelation=with {0} relation
+abstractRoleMemberPanel.withType={0} type
 abstractRoleMemberPanel.menu.unassign=Desasignar
 abstractRoleMemberPanel.menu.recompute=Re-procesar
 abstractRoleMemberPanel.menu.create=Crear