From 0ea85da6714049677fa9b984376617e2c912daf9 Mon Sep 17 00:00:00 2001
From: Lars Grefer <github@larsgrefer.de>
Date: Thu, 6 Dec 2018 17:03:12 +0100
Subject: [PATCH 1/5] Allow CAS to authenticate itself at the REST password
 management endpoints

---
 .../pm/PasswordManagementProperties.java      | 10 +++++++++
 .../RestPasswordManagementConfiguration.java  | 22 ++++++++++++++-----
 2 files changed, 26 insertions(+), 6 deletions(-)

diff --git a/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/pm/PasswordManagementProperties.java b/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/pm/PasswordManagementProperties.java
index d9fe6c782123..692e0e831a81 100644
--- a/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/pm/PasswordManagementProperties.java
+++ b/api/cas-server-core-api-configuration-model/src/main/java/org/apereo/cas/configuration/model/support/pm/PasswordManagementProperties.java
@@ -144,6 +144,16 @@ public static class Rest implements Serializable {
          * Endpoint URL to use when updating passwords..
          */
         private String endpointUrlChange;
+
+        /**
+         * Username for Basic-Auth at the password management endpoints.
+         */
+        private String endpointUsername;
+
+        /**
+         * Password for Basic-Auth at the password management endpoints.
+         */
+        private String endpointPassword;
     }
 
     @RequiresModule(name = "cas-server-support-pm-ldap")
diff --git a/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java b/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
index 573b5862e200..902d40c570a6 100644
--- a/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
+++ b/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
@@ -2,17 +2,18 @@
 
 import org.apereo.cas.CipherExecutor;
 import org.apereo.cas.configuration.CasConfigurationProperties;
+import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
 import org.apereo.cas.pm.PasswordManagementService;
 import org.apereo.cas.pm.rest.RestPasswordManagementService;
-
 import org.springframework.beans.factory.ObjectProvider;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.boot.web.client.RestTemplateBuilder;
 import org.springframework.cloud.context.config.annotation.RefreshScope;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.web.client.RestTemplate;
+import org.springframework.util.StringUtils;
 
 /**
  * This is {@link RestPasswordManagementConfiguration}.
@@ -32,10 +33,19 @@ public class RestPasswordManagementConfiguration {
 
     @RefreshScope
     @Bean
-    public PasswordManagementService passwordChangeService() {
+    public PasswordManagementService passwordChangeService(RestTemplateBuilder restTemplateBuilder) {
+        PasswordManagementProperties pm = casProperties.getAuthn().getPm();
+        String username = pm.getRest().getEndpointUsername();
+        String password = pm.getRest().getEndpointPassword();
+
+        if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
+            restTemplateBuilder = restTemplateBuilder
+                    .basicAuthentication(username, password);
+        }
+
         return new RestPasswordManagementService(passwordManagementCipherExecutor.getIfAvailable(),
-            casProperties.getServer().getPrefix(),
-            new RestTemplate(),
-            casProperties.getAuthn().getPm());
+                casProperties.getServer().getPrefix(),
+                restTemplateBuilder.build(),
+                pm);
     }
 }

From 139fb370fc6edef5dbff89f058f4486dc7ee30e0 Mon Sep 17 00:00:00 2001
From: Lars Grefer <github@larsgrefer.de>
Date: Thu, 6 Dec 2018 17:16:40 +0100
Subject: [PATCH 2/5] add documentation

---
 .../configuration/Configuration-Properties.md                | 2 ++
 .../password_management/Password-Management-REST.md          | 5 +++++
 2 files changed, 7 insertions(+)

diff --git a/docs/cas-server-documentation/configuration/Configuration-Properties.md b/docs/cas-server-documentation/configuration/Configuration-Properties.md
index 1140e68e95ce..84a9c38f0842 100644
--- a/docs/cas-server-documentation/configuration/Configuration-Properties.md
+++ b/docs/cas-server-documentation/configuration/Configuration-Properties.md
@@ -4567,4 +4567,6 @@ feature are available [here](Configuration-Properties-Common.html#password-encod
 # cas.authn.pm.rest.endpointUrlUser=
 # cas.authn.pm.rest.endpointUrlSecurityQuestions=
 # cas.authn.pm.rest.endpointUrlChange=
+# cas.authn.pm.rest.endpointUsername=
+# cas.authn.pm.rest.endpointPassword=
 ```
diff --git a/docs/cas-server-documentation/password_management/Password-Management-REST.md b/docs/cas-server-documentation/password_management/Password-Management-REST.md
index 68af937dd038..318fd768eccb 100644
--- a/docs/cas-server-documentation/password_management/Password-Management-REST.md
+++ b/docs/cas-server-documentation/password_management/Password-Management-REST.md
@@ -26,3 +26,8 @@ To see the relevant list of CAS properties, please [review this guide](../config
 | Get Email Address         | `GET`     | `username`          | `200`. Email address in the body.
 | Get Security Questions    | `GET`     | `username`          | `200`. Security questions map in the body.
 | Update Password           | `POST`    | `username`, `password`, `oldPassword` | `200`. `true/false` in the body.
+
+## Authentication
+
+If the endpoints are secured, CAS supports Basic authentication when calling them.
+Just set the corresponding password for the username and password.

From 593b4bfa9f6d6a7f25fc70ffbfa3a983c5580b9e Mon Sep 17 00:00:00 2001
From: Lars Grefer <github@larsgrefer.de>
Date: Thu, 6 Dec 2018 19:39:15 +0100
Subject: [PATCH 3/5] cleanup

---
 .../password_management/Password-Management-REST.md        | 2 +-
 .../cas/config/pm/RestPasswordManagementConfiguration.java | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/cas-server-documentation/password_management/Password-Management-REST.md b/docs/cas-server-documentation/password_management/Password-Management-REST.md
index 318fd768eccb..73f6146a30ec 100644
--- a/docs/cas-server-documentation/password_management/Password-Management-REST.md
+++ b/docs/cas-server-documentation/password_management/Password-Management-REST.md
@@ -30,4 +30,4 @@ To see the relevant list of CAS properties, please [review this guide](../config
 ## Authentication
 
 If the endpoints are secured, CAS supports Basic authentication when calling them.
-Just set the corresponding password for the username and password.
+Just set the corresponding property for the username and password.
diff --git a/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java b/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
index 902d40c570a6..d52caee77292 100644
--- a/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
+++ b/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
@@ -38,14 +38,15 @@ public PasswordManagementService passwordChangeService(RestTemplateBuilder restT
         String username = pm.getRest().getEndpointUsername();
         String password = pm.getRest().getEndpointPassword();
 
+        RestTemplateBuilder templateBuilder = restTemplateBuilder;
+
         if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
-            restTemplateBuilder = restTemplateBuilder
-                    .basicAuthentication(username, password);
+            templateBuilder = restTemplateBuilder.basicAuthentication(username, password);
         }
 
         return new RestPasswordManagementService(passwordManagementCipherExecutor.getIfAvailable(),
                 casProperties.getServer().getPrefix(),
-                restTemplateBuilder.build(),
+                templateBuilder.build(),
                 pm);
     }
 }

From 0229209a9fa7fc811878fae767368398b1fb702b Mon Sep 17 00:00:00 2001
From: Lars Grefer <github@larsgrefer.de>
Date: Thu, 6 Dec 2018 19:49:50 +0100
Subject: [PATCH 4/5] fix checkstyle

---
 .../pm/RestPasswordManagementConfiguration.java       | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java b/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
index d52caee77292..4f032c3a8d81 100644
--- a/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
+++ b/support/cas-server-support-pm-rest/src/main/java/org/apereo/cas/config/pm/RestPasswordManagementConfiguration.java
@@ -2,7 +2,6 @@
 
 import org.apereo.cas.CipherExecutor;
 import org.apereo.cas.configuration.CasConfigurationProperties;
-import org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties;
 import org.apereo.cas.pm.PasswordManagementService;
 import org.apereo.cas.pm.rest.RestPasswordManagementService;
 import org.springframework.beans.factory.ObjectProvider;
@@ -33,12 +32,12 @@ public class RestPasswordManagementConfiguration {
 
     @RefreshScope
     @Bean
-    public PasswordManagementService passwordChangeService(RestTemplateBuilder restTemplateBuilder) {
-        PasswordManagementProperties pm = casProperties.getAuthn().getPm();
-        String username = pm.getRest().getEndpointUsername();
-        String password = pm.getRest().getEndpointPassword();
+    public PasswordManagementService passwordChangeService(final RestTemplateBuilder restTemplateBuilder) {
+        var pm = casProperties.getAuthn().getPm();
+        var username = pm.getRest().getEndpointUsername();
+        var password = pm.getRest().getEndpointPassword();
 
-        RestTemplateBuilder templateBuilder = restTemplateBuilder;
+        var templateBuilder = restTemplateBuilder;
 
         if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
             templateBuilder = restTemplateBuilder.basicAuthentication(username, password);

From 17888aa2b17c6af44dfcea604ba7c3e395df0059 Mon Sep 17 00:00:00 2001
From: Misagh Moayyed <mm1844@gmail.com>
Date: Sun, 30 Dec 2018 12:35:14 -0700
Subject: [PATCH 5/5] Update Password-Management-REST.md

---
 .../password_management/Password-Management-REST.md          | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/docs/cas-server-documentation/password_management/Password-Management-REST.md b/docs/cas-server-documentation/password_management/Password-Management-REST.md
index 73f6146a30ec..68af937dd038 100644
--- a/docs/cas-server-documentation/password_management/Password-Management-REST.md
+++ b/docs/cas-server-documentation/password_management/Password-Management-REST.md
@@ -26,8 +26,3 @@ To see the relevant list of CAS properties, please [review this guide](../config
 | Get Email Address         | `GET`     | `username`          | `200`. Email address in the body.
 | Get Security Questions    | `GET`     | `username`          | `200`. Security questions map in the body.
 | Update Password           | `POST`    | `username`, `password`, `oldPassword` | `200`. `true/false` in the body.
-
-## Authentication
-
-If the endpoints are secured, CAS supports Basic authentication when calling them.
-Just set the corresponding property for the username and password.