This is an automated email from the ASF dual-hosted git repository.
ilgrosso pushed a commit to branch 4_1_X
in repository https://gitbox.apache.org/repos/asf/syncope.git
The following commit(s) were added to refs/heads/4_1_X by this push:
new b2888c2a60 [SYNCOPE-1972] set security answer in enduser and fix for
password reset (#1415)
b2888c2a60 is described below
commit b2888c2a605024a3c349cf52bd447b16c9dce469
Author: Samuel Garofalo <[email protected]>
AuthorDate: Tue Jun 9 08:50:38 2026 +0200
[SYNCOPE-1972] set security answer in enduser and fix for password reset
(#1415)
---
.../client/ui/commons/wizards/any/PasswordPanel.java | 2 ++
.../client/console/status/ChangePasswordModal.java | 3 ++-
.../client/console/wizards/any/UserDetails.java | 2 +-
.../client/enduser/pages/EditSecurityQuestion.java | 17 ++++++++---------
.../enduser/pages/SelfConfirmPasswordReset.java | 3 ++-
.../client/enduser/panels/any/UserDetails.java | 1 +
.../common/rest/api/beans/ComplianceQuery.java | 19 ++++++++++++++++++-
.../org/apache/syncope/core/logic/UserSelfLogic.java | 20 +++++++++++++++-----
8 files changed, 49 insertions(+), 18 deletions(-)
diff --git
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/wizards/any/PasswordPanel.java
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/wizards/any/PasswordPanel.java
index f822414b2e..a252ed4807 100644
---
a/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/wizards/any/PasswordPanel.java
+++
b/client/idrepo/common-ui/src/main/java/org/apache/syncope/client/ui/commons/wizards/any/PasswordPanel.java
@@ -44,6 +44,7 @@ public class PasswordPanel extends Panel {
final UserWrapper wrapper,
final Boolean storePasswordInSyncope,
final boolean templateMode,
+ final String token,
final AnonymousRestClient restClient) {
super(id);
@@ -95,6 +96,7 @@ public class PasswordPanel extends Panel {
ComplianceQuery quey = new ComplianceQuery.Builder().
realm(wrapper.getInnerObject().getRealm()).
password(password.getField().getInput()).
+ token(token).
resources(wrapper.getInnerObject().getResources()).
build();
try {
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/status/ChangePasswordModal.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/status/ChangePasswordModal.java
index 31682cf793..49c42543db 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/status/ChangePasswordModal.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/status/ChangePasswordModal.java
@@ -64,7 +64,8 @@ public class ChangePasswordModal extends
AbstractModalPanel<AnyWrapper<UserTO>>
super(baseModal, pageRefer);
this.wrapper = wrapper;
- PasswordPanel passwordPanel = new PasswordPanel("passwordPanel",
wrapper, false, false, anonymousRestClient);
+ PasswordPanel passwordPanel = new PasswordPanel(
+ "passwordPanel", wrapper, false, false, null,
anonymousRestClient);
passwordPanel.setOutputMarkupId(true);
add(passwordPanel);
diff --git
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wizards/any/UserDetails.java
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wizards/any/UserDetails.java
index 47493d2226..3492d5ff6d 100644
---
a/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wizards/any/UserDetails.java
+++
b/client/idrepo/console/src/main/java/org/apache/syncope/client/console/wizards/any/UserDetails.java
@@ -176,7 +176,7 @@ public class UserDetails extends Details<UserTO> {
super(id);
setOutputMarkupId(true);
add(new Label("warning", new
ResourceModel("password.change.warning")));
- add(new PasswordPanel("passwordPanel", wrapper, false,
templateMode, anonymousRestClient));
+ add(new PasswordPanel("passwordPanel", wrapper, false,
templateMode, null, anonymousRestClient));
}
}
}
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/EditSecurityQuestion.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/EditSecurityQuestion.java
index 08809c6284..db15c18002 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/EditSecurityQuestion.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/EditSecurityQuestion.java
@@ -70,10 +70,15 @@ public class EditSecurityQuestion extends BaseReauthPage {
protected final UserTO userTO;
+ protected final UserUR userUR;
+
public EditSecurityQuestion(final PageParameters parameters) {
super(parameters, EDIT_SECURITY_QUESTION);
userTO = SyncopeEnduserSession.get().getSelfTO(true);
+ userUR = new UserUR.Builder(userTO.getKey()).
+ securityQuestion(new
StringReplacePatchItem.Builder().value(userTO.getSecurityQuestion()).build()).
+ build();
WebMarkupContainer content = new WebMarkupContainer("content");
content.setOutputMarkupId(true);
@@ -84,7 +89,7 @@ public class EditSecurityQuestion extends BaseReauthPage {
content.add(form);
securityQuestion = new AjaxDropDownChoicePanel<>("securityQuestion",
- "securityQuestion", new PropertyModel<>(userTO,
"securityQuestion"));
+ "securityQuestion", new PropertyModel<>(userUR,
"securityQuestion.value"));
securityQuestion.setNullValid(true);
securityQuestion.setRequired(true);
@@ -126,7 +131,7 @@ public class EditSecurityQuestion extends BaseReauthPage {
form.add(securityQuestion);
securityAnswer = new AjaxTextFieldPanel("securityAnswer",
"securityAnswer",
- new PropertyModel<>(userTO, "securityAnswer"), false);
+ new PropertyModel<>(userUR, "securityAnswer.value"), false);
form.add(securityAnswer.setOutputMarkupId(true).setOutputMarkupPlaceholderTag(true).
setEnabled(StringUtils.isNotBlank(securityQuestion.getModelObject())));
securityAnswer.setRequired(true);
@@ -151,13 +156,7 @@ public class EditSecurityQuestion extends BaseReauthPage {
} else {
try {
ProvisioningResult<UserTO> provisioningResult =
- userSelfRestClient.update(
- userTO.getETagValue(),
- new UserUR.Builder(userTO.getKey())
- .securityQuestion(new
StringReplacePatchItem.Builder().
-
value(securityQuestion.getModelObject()).build())
- .securityAnswer(new
StringReplacePatchItem.Builder().
-
value(securityAnswer.getModelObject()).build()).build());
+
userSelfRestClient.update(userTO.getETagValue(), userUR);
setResponsePage(new SelfResult(provisioningResult,
ProvisioningUtils.managePageParams(EditSecurityQuestion.this,
"securityquestion.change",
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/SelfConfirmPasswordReset.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/SelfConfirmPasswordReset.java
index 1263a00b6c..5617fc7dc6 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/SelfConfirmPasswordReset.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/pages/SelfConfirmPasswordReset.java
@@ -49,7 +49,7 @@ public class SelfConfirmPasswordReset extends BasePage {
setDomain(parameters);
disableSidebarAndNavbar();
- if (parameters == null || parameters.get("token").isEmpty()) {
+ if (parameters.get("token").isEmpty()) {
LOG.error("No token parameter found in the request url");
PageParameters homeParameters = new PageParameters();
@@ -72,6 +72,7 @@ public class SelfConfirmPasswordReset extends BasePage {
new UserWrapper(fakeUserTO),
false,
false,
+ parameters.get("token").toString(),
anonymousRestClient);
passwordPanel.setOutputMarkupId(true);
diff --git
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/UserDetails.java
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/UserDetails.java
index 9261f8d300..a5f05a0cab 100644
---
a/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/UserDetails.java
+++
b/client/idrepo/enduser/src/main/java/org/apache/syncope/client/enduser/panels/any/UserDetails.java
@@ -124,6 +124,7 @@ public class UserDetails extends Details<UserTO> {
wrapper,
wrapper.getInnerObject().getKey() == null,
false,
+ null,
restClient));
}
}
diff --git
a/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ComplianceQuery.java
b/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ComplianceQuery.java
index 15bf953482..69810d58c8 100644
---
a/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ComplianceQuery.java
+++
b/common/idrepo/rest-api/src/main/java/org/apache/syncope/common/rest/api/beans/ComplianceQuery.java
@@ -46,6 +46,11 @@ public class ComplianceQuery implements Serializable {
return this;
}
+ public Builder token(final String token) {
+ instance.setToken(token);
+ return this;
+ }
+
public Builder realm(final String realm) {
instance.setRealm(realm);
return this;
@@ -79,6 +84,8 @@ public class ComplianceQuery implements Serializable {
private String password;
+ private String token;
+
private String realm;
private Set<String> resources = new HashSet<>();
@@ -99,6 +106,14 @@ public class ComplianceQuery implements Serializable {
this.password = password;
}
+ public String getToken() {
+ return token;
+ }
+
+ public void setToken(final String token) {
+ this.token = token;
+ }
+
public String getRealm() {
return realm;
}
@@ -120,7 +135,7 @@ public class ComplianceQuery implements Serializable {
if (StringUtils.isBlank(username) && StringUtils.isBlank(password)) {
return true;
}
- return StringUtils.isEmpty(realm) && resources.isEmpty();
+ return StringUtils.isEmpty(token) && StringUtils.isEmpty(realm) &&
resources.isEmpty();
}
@Override
@@ -138,6 +153,7 @@ public class ComplianceQuery implements Serializable {
return new EqualsBuilder().
append(username, other.username).
append(password, other.password).
+ append(token, other.token).
append(realm, other.realm).
append(resources, other.resources).
build();
@@ -148,6 +164,7 @@ public class ComplianceQuery implements Serializable {
return new HashCodeBuilder().
append(username).
append(password).
+ append(token).
append(realm).
append(resources).
build();
diff --git
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserSelfLogic.java
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserSelfLogic.java
index 379c8498aa..81bc0333ed 100644
---
a/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserSelfLogic.java
+++
b/core/idrepo/logic/src/main/java/org/apache/syncope/core/logic/UserSelfLogic.java
@@ -19,6 +19,7 @@
package org.apache.syncope.core.logic;
import java.time.OffsetDateTime;
+import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
@@ -212,12 +213,21 @@ public class UserSelfLogic extends AbstractUserLogic {
}
Realm realm = null;
- if (StringUtils.isNotBlank(query.getRealm())) {
- realm = realmSearchDAO.findByFullPath(query.getRealm()).
- orElseThrow(() -> new NotFoundException("Realm " +
query.getRealm()));
+ Set<ExternalResource> resources;
+ if (StringUtils.isNotBlank(query.getToken())) {
+ User user = userDAO.findByToken(query.getToken()).
+ orElseThrow(() -> new NotFoundException("User with token "
+ query.getToken()));
+ realm = user.getRealm();
+ resources = new HashSet<>(user.getResources());
+ } else {
+ if (StringUtils.isNotBlank(query.getRealm())) {
+ realm = realmSearchDAO.findByFullPath(query.getRealm()).
+ orElseThrow(() -> new NotFoundException("Realm " +
query.getRealm()));
+ }
+ resources = query.getResources().stream().
+
map(resourceDAO::findById).flatMap(Optional::stream).collect(Collectors.toSet());
}
- Set<ExternalResource> resources = query.getResources().stream().
-
map(resourceDAO::findById).flatMap(Optional::stream).collect(Collectors.toSet());
+
if (realm == null && resources.isEmpty()) {
sce.getElements().add("Nothing to check");
throw sce;