Hi Francesco,
just to keep you updated, I've attached my workflow.
I'm able to send a token and call my own activate/{userId} REST method
with the token from the mail.
I'm unable to delete the user when the token has expired. I noticed
that the Delete.java is nearly empty. I tried a userDAO.delete(user)
in a custom delete class but the user stays visible in console (and is
still in the database).
I also started working on a password reset mechanism also based on the
token approach but I'm still looking for the best way.
For the moment I added a "pwreset" task which I also put into the
workflow java classes and an additional rest-method to launch the
task.
regards
Bob
> Hi Bob,
> I don't have time today, but I'll take a look at this tomorrow and I
> hope I'll come back to you with something meaningful about workflow,
> token and activate.
>
> Regards.
>
> --
> Francesco Chicchiriccò
>
> ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member
> http://people.apache.org/~ilgrosso/
>
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<definitions id="definitions"
targetNamespace="http://activiti.org/bpmn20";
xmlns="http://www.omg.org/spec/BPMN/20100524/MODEL";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:activiti="http://activiti.org/bpmn";
xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI";
xmlns:omgdc="http://www.omg.org/spec/DD/20100524/DC";
xmlns:omgdi="http://www.omg.org/spec/DD/20100524/DI";
xsi:schemaLocation="http://www.omg.org/spec/BPMN/20100524/MODEL
http://www.omg.org/spec/BPMN/2.0/20100501/BPMN20.xsd";>
<process id="userWorkflow" name="User Workflow">
<startEvent id="theStart"/>
<!-- Create an user -->
<sequenceFlow id="flow1" sourceRef="theStart" targetRef="create"/>
<serviceTask id="create" name="Create" activiti:class="org.apache.syncope.core.workflow.activiti.Create"/>
<sequenceFlow id="flow2" sourceRef="create" targetRef="createGW"/>
<exclusiveGateway id="createGW"/>
<sequenceFlow id="create2Activate" sourceRef="createGW" targetRef="enableGW">
<conditionExpression xsi:type="tFormalExpression">${!syncopeUser.getRoleIds().contains(4)}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="create2GenerateToken" sourceRef="createGW" targetRef="generateToken">
<conditionExpression xsi:type="tFormalExpression">${syncopeUser.getRoleIds().contains(4)}</conditionExpression>
</sequenceFlow>
<!-- activate user if suspension is not required -->
<exclusiveGateway id="enableGW"/>
<sequenceFlow id="createApprovalGW2Activate" sourceRef="enableGW" targetRef="autoActivate">
<conditionExpression xsi:type="tFormalExpression">${enabled==null}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="createApprovalGW2Active" sourceRef="enableGW" targetRef="active">
<conditionExpression xsi:type="tFormalExpression">${enabled}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="createApprovalGW2Suspended" sourceRef="enableGW" targetRef="suspend">
<conditionExpression xsi:type="tFormalExpression">${!enabled}</conditionExpression>
</sequenceFlow>
<serviceTask id="autoActivate" name="Activate" activiti:class="org.apache.syncope.core.workflow.activiti.AutoActivate"/>
<sequenceFlow id="flow4" sourceRef="autoActivate" targetRef="active"/>
<serviceTask id="generateToken" name="Generate token" activiti:class="org.apache.syncope.core.workflow.activiti.GenerateToken"/>
<sequenceFlow id="flow5" sourceRef="generateToken" targetRef="activate"/>
<userTask id="activate" name="Activate"/>
<sequenceFlow id="flow6" sourceRef="activate" targetRef="activateGw"/>
<!--NOTE: this gateway makes sense when the token to be checked (i.e. the 'token' variable below) is provided as input
from external to this workflow instance (a link provided in an notification e-mail, for example)-->
<exclusiveGateway id="activateGw"/>
<sequenceFlow id="created2Activate" sourceRef="activateGw" targetRef="removeToken">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.checkToken(token)}]]>
</conditionExpression>
</sequenceFlow>
<sequenceFlow id="created2Created" sourceRef="activateGw" targetRef="activate">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${!syncopeUser.getToken().equals(token)&&!syncopeUser.hasTokenExpired()}]]>
</conditionExpression>
</sequenceFlow>
<sequenceFlow id="created2Delete" sourceRef="activateGw" targetRef="deleteExpiredUser">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.hasTokenExpired()}]]>
</conditionExpression>
</sequenceFlow>
<serviceTask id="removeToken" name="Removetoken" activiti:class="org.apache.syncope.core.workflow.activiti.DeleteToken"/>
<sequenceFlow id="flow62" sourceRef="removeToken" targetRef="active"/>
<serviceTask id="deleteExpiredUser" name="Delete expired user" activiti:class="org.apache.syncope.core.workflow.activiti.ExpiredTokenUserDelete"/>
<sequenceFlow id="expiredflow" sourceRef="deleteExpiredUser" targetRef="toBeRemoved"/>
<userTask id="toBeRemoved" name="Status of user to be removed"/>
<userTask id="active" name="Active"/>
<sequenceFlow id="flow7" sourceRef="active" targetRef="activeGw"/>
<exclusiveGateway id="activeGw"/>
<sequenceFlow id="active2Update" sourceRef="activeGw" targetRef="update">
<conditionExpression xsi:type="tFormalExpression">${task == 'update'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="active2Suspend" sourceRef="activeGw" targetRef="suspend">
<conditionExpression xsi:type="tFormalExpression">${task == 'suspend'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="active2Delete" sourceRef="activeGw" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="active2PasswordReset" sourceRef="activeGw" targetRef="generatePWToken">
<conditionExpression xsi:type="tFormalExpression">${task == 'pwreset'}</conditionExpression>
</sequenceFlow>
<!-- Update an active user -->
<serviceTask id="update" name="Update" activiti:class="org.apache.syncope.core.workflow.activiti.Update"/>
<!-- remove trailing tokens -->
<sequenceFlow id="flow81" sourceRef="update" targetRef="removePWToken"/>
<serviceTask id="removePWToken" name="Removetoken" activiti:class="org.apache.syncope.core.workflow.activiti.DeleteToken"/>
<sequenceFlow id="flow82" sourceRef="removePWToken" targetRef="active"/>
<!-- Suspend an active user -->
<serviceTask id="suspend" name="Suspend" activiti:class="org.apache.syncope.core.workflow.activiti.Suspend"/>
<sequenceFlow id="flow9" sourceRef="suspend" targetRef="suspended"/>
<userTask id="suspended" name="Suspended"/>
<sequenceFlow id="flow10" sourceRef="suspended" targetRef="suspendedGw"/>
<exclusiveGateway id="suspendedGw"/>
<sequenceFlow id="suspended2Reactivate" sourceRef="suspendedGw" targetRef="reactivate">
<conditionExpression xsi:type="tFormalExpression">${task == 'reactivate'}</conditionExpression>
</sequenceFlow>
<sequenceFlow id="suspended2Delete" sourceRef="suspendedGw" targetRef="delete">
<conditionExpression xsi:type="tFormalExpression">${task == 'delete'}</conditionExpression>
</sequenceFlow>
<!-- Reactivate a suspended user -->
<serviceTask id="reactivate" name ="Reactivate" activiti:class="org.apache.syncope.core.workflow.activiti.Reactivate"/>
<sequenceFlow id="flow11" sourceRef="reactivate" targetRef="active"/>
<!-- Password reset -->
<!-- will generate token and redirect to active -->
<serviceTask id="generatePWToken" name="Generate token" activiti:class="org.apache.syncope.core.workflow.activiti.GenerateToken"/>
<sequenceFlow id="PWRflow1" sourceRef="generatePWToken" targetRef="active"/>
<!--<sequenceFlow id="PWRflow1" sourceRef="generatePWToken" targetRef="activatePWChange"/>
<userTask id="activatePWChange" name="Activate"/>
<sequenceFlow id="PWRflow2" sourceRef="activatePWChange" targetRef="activatePWGw"/>
<exclusiveGateway id="activatePWGw"/>
<sequenceFlow id="activatePW2Active" sourceRef="activatePWGw" targetRef="removePWToken">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${syncopeUser.checkToken(token)}]]>
</conditionExpression>
</sequenceFlow>
<sequenceFlow id="activatePW2activatePW" sourceRef="activatePWGw" targetRef="activatePWChange">
<conditionExpression xsi:type="tFormalExpression">
<![CDATA[${!syncopeUser.checkToken(token)}]]>
</conditionExpression>
</sequenceFlow>
<serviceTask id="removePWToken" name="Removetoken" activiti:class="org.apache.syncope.core.workflow.activiti.DeleteToken"/>
<sequenceFlow id="PWRflow3" sourceRef="removePWToken" targetRef="update"/> -->
<!-- Reject an user -->
<scriptTask id="reject" name="Reject" scriptFormat="groovy">
<!-- Do something with rejectReason -->
<script>
def scriptVar = rejectReason
</script>
</scriptTask>
<sequenceFlow id="flow12" sourceRef="reject" targetRef="rejected"/>
<userTask id="rejected" name="Rejected"/>
<sequenceFlow id="flow13" sourceRef="rejected" targetRef="delete"/>
<!-- Delete an user (created, active or suspended) -->
<serviceTask id="delete" name="Delete" activiti:class="org.apache.syncope.core.workflow.activiti.Delete"/>
<sequenceFlow id="flow99" sourceRef="delete" targetRef="theEnd"/>
<endEvent id="theEnd"/>
</process>
</definitions>
