apache · ilgrosso · May 19, 2023 · May 19, 2023
diff --git a/...repo/console/src/main/java/org/apache/syncope/client/console/rest/UserSelfRestClient.java b/...repo/console/src/main/java/org/apache/syncope/client/console/rest/UserSelfRestClient.java
@@ -18,14 +18,14 @@
  */
 package org.apache.syncope.client.console.rest;
 
+import org.apache.syncope.common.lib.request.PasswordPatch;
 import org.apache.syncope.common.rest.api.service.UserSelfService;
 
 public class UserSelfRestClient extends BaseRestClient {
 
     private static final long serialVersionUID = 100731599744900931L;
 
     public static void changePassword(final String password) {
-        getService(UserSelfService.class).mustChangePassword(password);
+        getService(UserSelfService.class).mustChangePassword(new PasswordPatch.Builder().value(password).build());
     }
-
 }
diff --git a/...src/main/resources/org/apache/syncope/client/console/implementations/MyAccountRule.groovy b/...src/main/resources/org/apache/syncope/client/console/implementations/MyAccountRule.groovy
@@ -24,6 +24,9 @@ import org.apache.syncope.core.persistence.api.entity.user.User
 @CompileStatic
 class MyAccountRule implements AccountRule {
 
+  void enforce(String username) {
+  }
+
   void enforce(User user) {
   }
 

diff --git a/...rc/main/resources/org/apache/syncope/client/console/implementations/MyPasswordRule.groovy b/...rc/main/resources/org/apache/syncope/client/console/implementations/MyPasswordRule.groovy
@@ -24,6 +24,9 @@ import org.apache.syncope.core.persistence.api.entity.user.User
 @CompileStatic
 class MyPasswordRule implements PasswordRule {
 
+  void enforce(String username, String clearPassword) {
+  }
+
   void enforce(User user, String clearPassword) {
   }
 

diff --git a/...repo/enduser/src/main/java/org/apache/syncope/client/enduser/rest/UserSelfRestClient.java b/...repo/enduser/src/main/java/org/apache/syncope/client/enduser/rest/UserSelfRestClient.java
@@ -19,6 +19,7 @@
 package org.apache.syncope.client.enduser.rest;
 
 import javax.ws.rs.core.GenericType;
+import org.apache.syncope.common.lib.request.PasswordPatch;
 import org.apache.syncope.common.lib.request.UserCR;
 import org.apache.syncope.common.lib.request.UserUR;
 import org.apache.syncope.common.lib.to.ProvisioningResult;
@@ -30,7 +31,7 @@ public class UserSelfRestClient extends BaseRestClient {
     private static final long serialVersionUID = -1575748964398293968L;
 
     public static void mustChangePassword(final String password) {
-        getService(UserSelfService.class).mustChangePassword(password);
+        getService(UserSelfService.class).mustChangePassword(new PasswordPatch.Builder().value(password).build());
     }
 
     public static void requestPasswordReset(final String username, final String securityAnswer) {

diff --git a/common/idrepo/lib/src/main/java/org/apache/syncope/common/lib/request/PasswordPatch.java b/common/idrepo/lib/src/main/java/org/apache/syncope/common/lib/request/PasswordPatch.java
@@ -60,7 +60,6 @@ public Builder resources(final Collection<String> resources) {
             }
             return this;
         }
-
     }
 
     /**

diff --git a/...repo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ComplianceQuery.java b/...repo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ComplianceQuery.java
@@ -0,0 +1,155 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.syncope.common.rest.api.beans;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.lang3.builder.EqualsBuilder;
+import org.apache.commons.lang3.builder.HashCodeBuilder;
+
+public class ComplianceQuery implements Serializable {
+
+    private static final long serialVersionUID = -7324275079761880426L;
+
+    public static class Builder {
+
+        private final ComplianceQuery instance = new ComplianceQuery();
+
+        public Builder username(final String username) {
+            instance.setUsername(username);
+            return this;
+        }
+
+        public Builder password(final String password) {
+            instance.setPassword(password);
+            return this;
+        }
+
+        public Builder realm(final String realm) {
+            instance.setRealm(realm);
+            return this;
+        }
+
+        public ComplianceQuery build() {
+            return instance;
+        }
+
+        public Builder resource(final String resource) {
+            if (resource != null) {
+                instance.getResources().add(resource);
+            }
+            return this;
+        }
+
+        public Builder resources(final String... resources) {
+            instance.getResources().addAll(List.of(resources));
+            return this;
+        }
+
+        public Builder resources(final Collection<String> resources) {
+            if (resources != null) {
+                instance.getResources().addAll(resources);
+            }
+            return this;
+        }
+    }
+
+    private String username;
+
+    private String password;
+
+    private String realm;
+
+    private Set<String> resources = new HashSet<>();
+
+    public String getUsername() {
+        return username;
+    }
+
+    public void setUsername(final String username) {
+        this.username = username;
+    }
+
+    public String getPassword() {
+        return password;
+    }
+
+    public void setPassword(final String password) {
+        this.password = password;
+    }
+
+    public String getRealm() {
+        return realm;
+    }
+
+    public void setRealm(final String realm) {
+        this.realm = realm;
+    }
+
+    public Set<String> getResources() {
+        return resources;
+    }
+
+    public void setResources(final Set<String> resources) {
+        this.resources = resources;
+    }
+
+    @JsonIgnore
+    public boolean isEmpty() {
+        if (StringUtils.isBlank(username) && StringUtils.isBlank(password)) {
+            return true;
+        }
+        return StringUtils.isEmpty(realm) && resources.isEmpty();
+    }
+
+    @Override
+    public boolean equals(final Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj == null) {
+            return false;
+        }
+        if (getClass() != obj.getClass()) {
+            return false;
+        }
+        ComplianceQuery other = (ComplianceQuery) obj;
+        return new EqualsBuilder().
+                append(username, other.username).
+                append(password, other.password).
+                append(realm, other.realm).
+                append(resources, other.resources).
+                build();
+    }
+
+    @Override
+    public int hashCode() {
+        return new HashCodeBuilder().
+                append(username).
+                append(password).
+                append(realm).
+                append(resources).
+                build();
+    }
+}
diff --git a/...po/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/UserSelfService.java b/...po/rest-api/src/main/java/org/apache/syncope/common/rest/api/service/UserSelfService.java
@@ -41,12 +41,14 @@
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
+import org.apache.syncope.common.lib.request.PasswordPatch;
 import org.apache.syncope.common.lib.request.StatusR;
 import org.apache.syncope.common.lib.request.UserCR;
 import org.apache.syncope.common.lib.request.UserUR;
 import org.apache.syncope.common.lib.to.ProvisioningResult;
 import org.apache.syncope.common.lib.to.UserTO;
 import org.apache.syncope.common.rest.api.RESTHeaders;
+import org.apache.syncope.common.rest.api.beans.ComplianceQuery;
 
 /**
  * REST operations for user self-management.
@@ -236,7 +238,24 @@ public interface UserSelfService extends JAXRSService {
     @POST
     @Path("mustChangePassword")
     @Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
-    Response mustChangePassword(String password);
+    @Consumes({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
+    Response mustChangePassword(@NotNull PasswordPatch password);
+
+    /**
+     * Checks compliance of the given username and / or password with applicable policies.
+     * 
+     * @param query compliance query
+     */
+    @ApiResponses(
+            @ApiResponse(responseCode = "204", description = "Operation was successful"))
+    @Operation(security = {
+        @SecurityRequirement(name = "BasicAuthentication"),
+        @SecurityRequirement(name = "Bearer") })
+    @POST
+    @Path("compliance")
+    @Produces({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
+    @Consumes({ MediaType.APPLICATION_JSON, RESTHeaders.APPLICATION_YAML, MediaType.APPLICATION_XML })
+    void compliance(@NotNull ComplianceQuery query);
 
     /**
      * Provides answer for the security question configured for user matching the given username, if any.

diff --git a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/IdRepoLogicContext.java b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/IdRepoLogicContext.java
@@ -103,6 +103,7 @@
 import org.apache.syncope.core.provisioning.api.notification.NotificationManager;
 import org.apache.syncope.core.provisioning.api.propagation.PropagationManager;
 import org.apache.syncope.core.provisioning.api.propagation.PropagationTaskExecutor;
+import org.apache.syncope.core.provisioning.api.rules.RuleEnforcer;
 import org.apache.syncope.core.provisioning.java.utils.TemplateUtils;
 import org.apache.syncope.core.spring.security.SecurityProperties;
 import org.apache.syncope.core.workflow.api.AnyObjectWorkflowAdapter;
@@ -546,11 +547,13 @@ public UserLogic userLogic(
             final UserDAO userDAO,
             final GroupDAO groupDAO,
             final AnySearchDAO anySearchDAO,
+            final ExternalResourceDAO resourceDAO,
             final AccessTokenDAO accessTokenDAO,
             final DelegationDAO delegationDAO,
             final ConfParamOps confParamOps,
             final UserProvisioningManager provisioningManager,
-            final SyncopeLogic syncopeLogic) {
+            final SyncopeLogic syncopeLogic,
+            final RuleEnforcer ruleEnforcer) {
 
         return new UserLogic(
                 realmDAO,
@@ -559,11 +562,13 @@ public UserLogic userLogic(
                 userDAO,
                 groupDAO,
                 anySearchDAO,
+                resourceDAO,
                 accessTokenDAO,
                 delegationDAO,
                 confParamOps,
                 binder,
                 provisioningManager,
-                syncopeLogic);
+                syncopeLogic,
+                ruleEnforcer);
     }
 }
-Original file line number
+Diff line change
@@ Expand Up @@
                 }
                 return this;
             }
         }
         /**
@@ Expand Down @@