Create credential reset method, entities, and endpoint

console/core/src/main/java/org/eclipse/kapua/app/console/core/client/ChangePasswordDialog.java

@@ -12,6 +12,10 @@
  *******************************************************************************/
 package org.eclipse.kapua.app.console.core.client;
 
+import com.extjs.gxt.ui.client.widget.form.LabelField;
+import com.extjs.gxt.ui.client.widget.form.TextField;
+import com.google.gwt.core.client.GWT;
+import com.google.gwt.user.client.rpc.AsyncCallback;
 import org.eclipse.kapua.app.console.core.client.util.TokenCleaner;
 import org.eclipse.kapua.app.console.module.api.client.GwtKapuaErrorCode;
 import org.eclipse.kapua.app.console.module.api.client.GwtKapuaException;
@@ -29,18 +33,10 @@
 import org.eclipse.kapua.app.console.module.authentication.shared.model.GwtMfaCredentialOptions;
 import org.eclipse.kapua.app.console.module.authentication.shared.service.GwtCredentialService;
 import org.eclipse.kapua.app.console.module.authentication.shared.service.GwtCredentialServiceAsync;
-import org.eclipse.kapua.app.console.module.authentication.shared.service.GwtMfaCredentialOptionsService;
-import org.eclipse.kapua.app.console.module.authentication.shared.service.GwtMfaCredentialOptionsServiceAsync;
-
-import com.extjs.gxt.ui.client.widget.form.LabelField;
-import com.extjs.gxt.ui.client.widget.form.TextField;
-import com.google.gwt.core.client.GWT;
-import com.google.gwt.user.client.rpc.AsyncCallback;
 
 public class ChangePasswordDialog extends SimpleDialog {
 
     GwtCredentialServiceAsync credentialService = GWT.create(GwtCredentialService.class);
-    GwtMfaCredentialOptionsServiceAsync mfaCredentialOptionsService = GWT.create(GwtMfaCredentialOptionsService.class);
     private static final ConsoleMessages CONSOLE_MSGS = GWT.create(ConsoleMessages.class);
 
     private TextField<String> oldPassword;

rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/Credentials.java

@@ -14,10 +14,10 @@
 
 import org.eclipse.kapua.KapuaEntityNotFoundException;
 import org.eclipse.kapua.KapuaException;
-import org.eclipse.kapua.app.api.core.resources.AbstractKapuaResource;
 import org.eclipse.kapua.app.api.core.model.CountResult;
 import org.eclipse.kapua.app.api.core.model.EntityId;
 import org.eclipse.kapua.app.api.core.model.ScopeId;
+import org.eclipse.kapua.app.api.core.resources.AbstractKapuaResource;
 import org.eclipse.kapua.locator.KapuaLocator;
 import org.eclipse.kapua.model.query.predicate.AndPredicate;
 import org.eclipse.kapua.service.KapuaService;
@@ -28,6 +28,7 @@
 import org.eclipse.kapua.service.authentication.credential.CredentialListResult;
 import org.eclipse.kapua.service.authentication.credential.CredentialQuery;
 import org.eclipse.kapua.service.authentication.credential.CredentialService;
+import org.eclipse.kapua.service.authentication.user.UserCredentialsService;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.DELETE;
@@ -48,6 +49,7 @@ public class Credentials extends AbstractKapuaResource {
     private final KapuaLocator locator = KapuaLocator.getInstance();
     private final CredentialService credentialService = locator.getService(CredentialService.class);
     private final CredentialFactory credentialFactory = locator.getFactory(CredentialFactory.class);
+    private final UserCredentialsService userCredentialsService = locator.getService(UserCredentialsService.class);
 
     /**
      * Gets the {@link Credential} list in the scope.
@@ -207,9 +209,11 @@ public Response deleteCredential(
         return returnNoContent();
     }
 
+
     /**
-     * Unlocks a {@link Credential} that has been locked due to a lockout policy
+     * Unlocks a {@link Credential} that has been locked due to a lockout policy.
      *
+     * @param scopeId      The {@link ScopeId} of {@link Credential} to unlock.
      * @param credentialId The id of the Credential to be unlocked.
      * @return HTTP 200 if operation has completed successfully.
      * @throws KapuaException Whenever something bad happens. See specific {@link KapuaService} exceptions.
@@ -224,5 +228,4 @@ public Response unlockCredential(
 
         return returnNoContent();
     }
-
 }

rest-api/resources/src/main/java/org/eclipse/kapua/app/api/resources/v1/resources/UserCredential.java

@@ -13,11 +13,13 @@
 package org.eclipse.kapua.app.api.resources.v1.resources;
 
 import org.eclipse.kapua.KapuaException;
+import org.eclipse.kapua.app.api.core.model.EntityId;
 import org.eclipse.kapua.app.api.core.model.ScopeId;
 import org.eclipse.kapua.locator.KapuaLocator;
 import org.eclipse.kapua.service.KapuaService;
 import org.eclipse.kapua.service.authentication.credential.Credential;
 import org.eclipse.kapua.service.authentication.user.PasswordChangeRequest;
+import org.eclipse.kapua.service.authentication.user.PasswordResetRequest;
 import org.eclipse.kapua.service.authentication.user.UserCredentialsService;
 
 import javax.ws.rs.Consumes;
@@ -48,4 +50,24 @@ public class UserCredential {
     public Credential newPassword(@PathParam("scopeId") ScopeId scopeId, PasswordChangeRequest passwordChangeRequest) throws KapuaException {
         return userCredentialsService.changePasswordRequest(passwordChangeRequest);
     }
+
+
+    /**
+     * Reset the password of a {@link Credential}.
+     *
+     * @param scopeId              The {@link ScopeId} of the {@link Credential} to reset.
+     * @param credentialId         The id of the Credential to reset the password.
+     * @param passwordResetRequest Request for resetting credential password
+     * @return The updated credential.
+     * @throws KapuaException Whenever something bad happens. See specific {@link KapuaService} exceptions.
+     * @since 2.0.0
+     */
+    @POST
+    @Path("{credentialId}/_reset")
+    public Credential unlockCredential(
+        @PathParam("scopeId") ScopeId scopeId,
+        @PathParam("credentialId") EntityId credentialId,
+        PasswordResetRequest passwordResetRequest) throws KapuaException {
+        return userCredentialsService.resetPassword(scopeId, credentialId, passwordResetRequest);
+    }
 }

rest-api/resources/src/main/resources/openapi/openapi.yaml

@@ -423,7 +423,9 @@ paths:
     $ref: './user/user-scopeId-userId-mfa-disableTrust.yaml#/paths/~1{scopeId}~1users~1{userId}~1mfa~1disableTrust'
   ### User Credentials ###
   /{scopeId}/user/credentials/password:
-    $ref: './userCredentials/user-credentials-scopeId.yaml#/paths/~1{scopeId}~1user~1credentials~1password'
+    $ref: './userCredentials/userCredentials-scopeId.yaml#/paths/~1{scopeId}~1user~1credentials~1password'
+  /{scopeId}/user/credentials/{credentialId}/_reset:
+    $ref: './userCredentials/userCredentials-scopeId-credentialId-_reset.yaml#/paths/~1{scopeId}~1user~1credentials~1{credentialId}~1_reset'
 
 components:
   parameters:
@@ -935,6 +937,8 @@ components:
     ### User Credentials Entities ###
     passwordChangeRequest:
       $ref: './userCredentials/userCredentials.yaml#/components/schemas/passwordChangeRequest'
+    passwordResetRequest:
+      $ref: './userCredentials/userCredentials.yaml#/components/schemas/passwordResetRequest'
   requestBodies:
     kapuaQuery:
       description: An object to specify Query options

rest-api/resources/src/main/resources/openapi/userCredentials/userCredentials-scopeId-credentialId-_reset.yaml

@@ -0,0 +1,45 @@
+openapi: 3.0.2
+
+info:
+  title: Eclipse Kapua REST API - Credential
+  version: '1.0'
+  contact:
+    name: Eclipse Kapua Dev Team
+    url: https://eclipse.org/kapua
+    email: kapua-dev@eclipse.org
+  license:
+    name: Eclipse Public License 2.0
+    url: https://www.eclipse.org/legal/epl-2.0
+
+paths:
+  /{scopeId}/user/credentials/{credentialId}/_reset:
+    post:
+      tags:
+        - User Credentials
+      summary: Reset the password of a Credential
+      operationId: credentialPasswordReset
+      parameters:
+        - $ref: '../openapi.yaml#/components/parameters/scopeId'
+        - $ref: '../credential/credential.yaml#/components/parameters/credentialId'
+      requestBody:
+        description: The new password
+        content:
+          application/json:
+            schema:
+              $ref: './userCredentials.yaml#/components/schemas/passwordResetRequest'
+        required: true
+      responses:
+        204:
+          description: The updated Credential
+          content:
+            application/json:
+              schema:
+                $ref: '../credential/credential.yaml#/components/schemas/credential'
+        401:
+          $ref: '../openapi.yaml#/components/responses/unauthenticated'
+        403:
+          $ref: '../openapi.yaml#/components/responses/subjectUnauthorized'
+        404:
+          $ref: '../openapi.yaml#/components/responses/entityNotFound'
+        500:
+          $ref: '../openapi.yaml#/components/responses/kapuaError'

rest-api/resources/src/main/resources/openapi/userCredentials/userCredentials.yaml

@@ -22,4 +22,13 @@ components:
               type: string
           example:
             currentPassword: "Welcome1234!"
-            newPassword: "NewWelcome1234!"
+            newPassword: "NewWelcome1234!"
+    passwordResetRequest:
+      allOf:
+        - description: Represent a request for resetting a user password
+          type: object
+          properties:
+            newPassword:
+              type: string
+          example:
+            newPassword: newPassword42!

rest-api/web/src/main/java/org/eclipse/kapua/app/api/web/JaxbContextResolver.java

@@ -100,6 +100,7 @@
 import org.eclipse.kapua.service.authentication.token.AccessToken;
 import org.eclipse.kapua.service.authentication.token.LoginInfo;
 import org.eclipse.kapua.service.authentication.user.PasswordChangeRequest;
+import org.eclipse.kapua.service.authentication.user.PasswordResetRequest;
 import org.eclipse.kapua.service.authentication.user.UserCredentialsXmlRegistry;
 import org.eclipse.kapua.service.authorization.access.AccessInfo;
 import org.eclipse.kapua.service.authorization.access.AccessInfoCreator;
@@ -691,6 +692,7 @@ public JaxbContextResolver() {
 
                     // User Credentials
                     PasswordChangeRequest.class,
+                    PasswordResetRequest.class,
                     UserCredentialsXmlRegistry.class,
 
                     // KapuaEvent

service/security/authentication/api/src/main/java/org/eclipse/kapua/service/authentication/credential/CredentialFactory.java

@@ -52,5 +52,4 @@ public interface CredentialFactory extends KapuaEntityFactory<Credential, Creden
      * @since 1.0.0
      */
     CredentialCreator newCreator(KapuaId scopeId, KapuaId userId, CredentialType credentialType, String credentialKey, CredentialStatus credentialStatus, Date expirationDate);
-
 }

service/security/authentication/api/src/main/java/org/eclipse/kapua/service/authentication/credential/CredentialService.java

@@ -70,6 +70,7 @@ CredentialListResult query(KapuaQuery query)
 
     /**
      * Returns the minimum password length according to account setting and system default
+     *
      * @param scopeId           The id of the Account to check the setting
      * @return                  The minimum required password length
      * @throws KapuaException   When something goes wrong

service/security/authentication/api/src/main/java/org/eclipse/kapua/service/authentication/user/PasswordResetRequest.java

@@ -0,0 +1,31 @@
+/*******************************************************************************
+ * Copyright (c) 2023, 2022 Eurotech and/or its affiliates and others
+ *
+ * This program and the accompanying materials are made
+ * available under the terms of the Eclipse Public License 2.0
+ * which is available at https://www.eclipse.org/legal/epl-2.0/
+ *
+ * SPDX-License-Identifier: EPL-2.0
+ *
+ * Contributors:
+ *     Eurotech - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.kapua.service.authentication.user;
+
+
+import javax.xml.bind.annotation.XmlAccessType;
+import javax.xml.bind.annotation.XmlAccessorType;
+import javax.xml.bind.annotation.XmlElement;
+import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.XmlType;
+
+@XmlRootElement
+@XmlAccessorType(XmlAccessType.PROPERTY)
+@XmlType(factoryClass = UserCredentialsXmlRegistry.class, factoryMethod = "newPasswordResetRequest")
+public interface PasswordResetRequest {
+    @XmlElement(name = "newPassword")
+    String getNewPassword();
+
+
+    void setNewPassword(String newPassword);
+}

service/security/authentication/api/src/main/java/org/eclipse/kapua/service/authentication/user/UserCredentialsFactory.java

@@ -14,6 +14,27 @@
 
 import org.eclipse.kapua.model.KapuaObjectFactory;
 
+/**
+ * {@link UserCredentialsFactory} definition.
+ *
+ * @see org.eclipse.kapua.model.KapuaEntityFactory
+ * @since 2.0.0
+ */
 public interface UserCredentialsFactory extends KapuaObjectFactory {
+    /**
+     * Instantiates a new {@link PasswordChangeRequest}.
+     *
+     * @return The newly instantiated {@link PasswordChangeRequest}
+     * @since 2.0.0
+     */
     PasswordChangeRequest newPasswordChangeRequest();
+
+
+    /**
+     * Instantiates a new {@link PasswordResetRequest}.
+     *
+     * @return The newly instantiated {@link PasswordResetRequest}
+     * @since 2.0.0
+     */
+    PasswordResetRequest newPasswordResetRequest();
 }

service/security/authentication/api/src/main/java/org/eclipse/kapua/service/authentication/user/UserCredentialsService.java

@@ -13,6 +13,7 @@
 package org.eclipse.kapua.service.authentication.user;
 
 import org.eclipse.kapua.KapuaException;
+import org.eclipse.kapua.model.id.KapuaId;
 import org.eclipse.kapua.service.KapuaService;
 import org.eclipse.kapua.service.authentication.credential.Credential;
 
@@ -23,5 +24,23 @@
  */
 public interface UserCredentialsService extends KapuaService {
 
+    /**
+     * Change the password of the authenticated user, according to the given {@link PasswordChangeRequest}
+     *
+     * @param passwordChangeRequest request for change the password
+     * @return The updated credential
+     * @throws KapuaException
+     */
     Credential changePasswordRequest(PasswordChangeRequest passwordChangeRequest) throws KapuaException;
+
+
+    /**
+     * Reset the password of a user, according to the given {@link PasswordResetRequest}
+     *
+     * @param scopeId              scope of the {@link Credential} in which to change the password
+     * @param credentialId         id of the {@link Credential} to change the password
+     * @param passwordResetRequest request for resetting password
+     * @return The updated credential
+     */
+    Credential resetPassword(KapuaId scopeId, KapuaId credentialId, PasswordResetRequest passwordResetRequest) throws KapuaException;
 }

service/security/authentication/api/src/main/java/org/eclipse/kapua/service/authentication/user/UserCredentialsXmlRegistry.java

@@ -32,4 +32,13 @@ public PasswordChangeRequest newPasswordChangeRequest() {
         return USER_CREDENTIAL_FACTORY.newPasswordChangeRequest();
     }
 
+
+    /**
+     * Creates a new reset password request
+     * @return
+     */
+    public PasswordResetRequest newPasswordResetRequest() {
+        return USER_CREDENTIAL_FACTORY.newPasswordResetRequest();
+    }
+
 }

service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/shiro/CredentialFactoryImpl.java

@@ -63,6 +63,7 @@ public CredentialCreator newCreator(KapuaId scopeId) {
         return new CredentialCreatorImpl(scopeId);
     }
 
+
     @Override
     public Credential clone(Credential credential) {
         try {

service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/shiro/CredentialImpl.java

@@ -60,7 +60,7 @@ public class CredentialImpl extends AbstractKapuaUpdatableEntity implements Cred
     private CredentialType credentialType;
 
     @Basic
-    @Column(name = "credential_key", nullable = false)
+    @Column(name = "credential_key", nullable = false, updatable = false)
     private String credentialKey;
 
     @Temporal(TemporalType.TIMESTAMP)

service/security/shiro/src/main/java/org/eclipse/kapua/service/authentication/credential/shiro/CredentialServiceImpl.java

@@ -172,7 +172,7 @@ public Credential create(CredentialCreator credentialCreator)
                     break;
                 case PASSWORD:
                 default:
-                    // Don't do nothing special
+                    // Don't do anything special
                     break;
 
             }
@@ -254,6 +254,7 @@ public Credential update(Credential credential)
         });
     }
 
+
     @Override
     public Credential find(KapuaId scopeId, KapuaId credentialId)
             throws KapuaException {