syncope-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ilgro...@apache.org
Subject svn commit: r1629153 - in /syncope/trunk: ./ client/src/main/java/org/apache/syncope/client/ common/src/main/java/org/apache/syncope/common/types/ console/src/main/java/org/apache/syncope/console/ console/src/main/java/org/apache/syncope/console/pages/...
Date Fri, 03 Oct 2014 09:06:53 GMT
Author: ilgrosso
Date: Fri Oct  3 09:06:52 2014
New Revision: 1629153

URL: http://svn.apache.org/r1629153
Log:
[SYNCOPE-135] Merge from 1_2_X

Modified:
    syncope/trunk/   (props changed)
    syncope/trunk/client/src/main/java/org/apache/syncope/client/SyncopeClient.java
    syncope/trunk/common/src/main/java/org/apache/syncope/common/types/RESTHeaders.java
    syncope/trunk/console/src/main/java/org/apache/syncope/console/SyncopeSession.java
    syncope/trunk/console/src/main/java/org/apache/syncope/console/pages/RequestPasswordResetModalPage.java
    syncope/trunk/console/src/main/java/org/apache/syncope/console/rest/UserSelfRestClient.java
    syncope/trunk/console/src/main/resources/org/apache/syncope/console/pages/RequestPasswordResetModalPage.html
    syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
    syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
    syncope/trunk/core/src/main/java/org/apache/syncope/core/services/UserSelfServiceImpl.java
    syncope/trunk/core/src/main/resources/content.xml
    syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserSelfTestITCase.java
    syncope/trunk/core/src/test/resources/content.xml

Propchange: syncope/trunk/
------------------------------------------------------------------------------
  Merged /syncope/branches/1_2_X:r1629034-1629151
  Merged /syncope/branches/1_1_X:r1628381-1629004

Modified: syncope/trunk/client/src/main/java/org/apache/syncope/client/SyncopeClient.java
URL: http://svn.apache.org/viewvc/syncope/trunk/client/src/main/java/org/apache/syncope/client/SyncopeClient.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/client/src/main/java/org/apache/syncope/client/SyncopeClient.java (original)
+++ syncope/trunk/client/src/main/java/org/apache/syncope/client/SyncopeClient.java Fri Oct
 3 09:06:52 2014
@@ -214,9 +214,9 @@ public class SyncopeClient {
      * @return whether self-registration is allowed
      * @see UserSelfService#getOptions()
      */
-    public boolean isSelfRegistrationAllowed() {
+    public boolean isSelfRegAllowed() {
         return Boolean.valueOf(restClientFactory.createServiceInstance(UserSelfService.class,
mediaType, null, null).
-                getOptions().getHeaderString(RESTHeaders.SELFREGISTRATION_ALLOWED));
+                getOptions().getHeaderString(RESTHeaders.SELFREG_ALLOWED));
     }
 
     /**
@@ -225,9 +225,20 @@ public class SyncopeClient {
      * @return whether password reset is allowed
      * @see UserSelfService#getOptions()
      */
-    public boolean isPasswordResetAllowed() {
+    public boolean isPwdResetAllowed() {
         return Boolean.valueOf(restClientFactory.createServiceInstance(UserSelfService.class,
mediaType, null, null).
-                getOptions().getHeaderString(RESTHeaders.PASSWORDRESET_ALLOWED));
+                getOptions().getHeaderString(RESTHeaders.PWDRESET_ALLOWED));
+    }
+
+    /**
+     * Checks whether password reset requires security question by calling <tt>UserSelfService</tt>'s
options.
+     *
+     * @return whether password reset requires security question
+     * @see UserSelfService#getOptions()
+     */
+    public boolean isPwdResetRequiringSecurityQuestions() {
+        return Boolean.valueOf(restClientFactory.createServiceInstance(UserSelfService.class,
mediaType, null, null).
+                getOptions().getHeaderString(RESTHeaders.PWDRESET_NEEDS_SECURITYQUESTIONS));
     }
 
     /**

Modified: syncope/trunk/common/src/main/java/org/apache/syncope/common/types/RESTHeaders.java
URL: http://svn.apache.org/viewvc/syncope/trunk/common/src/main/java/org/apache/syncope/common/types/RESTHeaders.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/common/src/main/java/org/apache/syncope/common/types/RESTHeaders.java (original)
+++ syncope/trunk/common/src/main/java/org/apache/syncope/common/types/RESTHeaders.java Fri
Oct  3 09:06:52 2014
@@ -36,12 +36,17 @@ public final class RESTHeaders {
     /**
      * Option key stating if user request create is allowed or not.
      */
-    public static final String SELFREGISTRATION_ALLOWED = "Syncope.SelfRegistration.Allowed";
+    public static final String SELFREG_ALLOWED = "Syncope.SelfRegistration.Allowed";
 
     /**
-     * Option key stating if user request create is allowed or not.
+     * Option key stating if password reset is allowed or not.
+     */
+    public static final String PWDRESET_ALLOWED = "Syncope.PasswordReset.Allowed";
+
+    /**
+     * Option key stating if password reset requires security question or not.
      */
-    public static final String PASSWORDRESET_ALLOWED = "Syncope.PasswordReset.Allowed";
+    public static final String PWDRESET_NEEDS_SECURITYQUESTIONS = "Syncope.PasswordReset.SecurityQuestions";
 
     /**
      * Option key stating if Activiti workflow adapter is in use for users.

Modified: syncope/trunk/console/src/main/java/org/apache/syncope/console/SyncopeSession.java
URL: http://svn.apache.org/viewvc/syncope/trunk/console/src/main/java/org/apache/syncope/console/SyncopeSession.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/console/src/main/java/org/apache/syncope/console/SyncopeSession.java (original)
+++ syncope/trunk/console/src/main/java/org/apache/syncope/console/SyncopeSession.java Fri
Oct  3 09:06:52 2014
@@ -87,18 +87,25 @@ public class SyncopeSession extends WebS
         clients.clear();
     }
 
-    public boolean isSelfRegistrationAllowed() {
+    public boolean isSelfRegAllowed() {
         SyncopeClient client = clients.isEmpty()
                 ? clientFactory.createAnonymous()
                 : clients.values().iterator().next();
-        return client.isSelfRegistrationAllowed();
+        return client.isSelfRegAllowed();
     }
 
-    public boolean isPasswordResetAllowed() {
+    public boolean isPwdResetAllowed() {
         SyncopeClient client = clients.isEmpty()
                 ? clientFactory.createAnonymous()
                 : clients.values().iterator().next();
-        return client.isPasswordResetAllowed();
+        return client.isPwdResetAllowed();
+    }
+
+    public boolean isPwdResetRequiringSecurityQuestions() {
+        SyncopeClient client = clients.isEmpty()
+                ? clientFactory.createAnonymous()
+                : clients.values().iterator().next();
+        return client.isPwdResetRequiringSecurityQuestions();
     }
 
     public boolean isActivitiEnabledFor(final SubjectType type) {

Modified: syncope/trunk/console/src/main/java/org/apache/syncope/console/pages/RequestPasswordResetModalPage.java
URL: http://svn.apache.org/viewvc/syncope/trunk/console/src/main/java/org/apache/syncope/console/pages/RequestPasswordResetModalPage.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/console/src/main/java/org/apache/syncope/console/pages/RequestPasswordResetModalPage.java
(original)
+++ syncope/trunk/console/src/main/java/org/apache/syncope/console/pages/RequestPasswordResetModalPage.java
Fri Oct  3 09:06:52 2014
@@ -28,6 +28,7 @@ import org.apache.wicket.ajax.form.AjaxF
 import org.apache.wicket.ajax.markup.html.form.AjaxButton;
 import org.apache.wicket.extensions.ajax.markup.html.IndicatingAjaxButton;
 import org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow;
+import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.form.Form;
 import org.apache.wicket.markup.html.form.StatelessForm;
 import org.apache.wicket.model.Model;
@@ -45,42 +46,58 @@ public class RequestPasswordResetModalPa
         super();
         setOutputMarkupId(true);
 
+        final boolean handleSecurityQuestion = userSelfRestClient.isPwdResetRequiringSecurityQuestions();
+
         final StatelessForm<?> form = new StatelessForm<Object>(FORM);
         form.setOutputMarkupId(true);
 
+        final Label securityQuestionLabel = new Label("securityQuestionLabel", getString("securityQuestion"));
+        securityQuestionLabel.setOutputMarkupPlaceholderTag(true);
+        securityQuestionLabel.setVisible(handleSecurityQuestion);
+        form.add(securityQuestionLabel);
         final AjaxTextFieldPanel securityQuestion =
                 new AjaxTextFieldPanel("securityQuestion", "securityQuestion", new Model<String>());
         securityQuestion.setReadOnly(true);
         securityQuestion.setRequired(true);
         securityQuestion.getField().setOutputMarkupId(true);
+        securityQuestion.setOutputMarkupPlaceholderTag(true);
+        securityQuestion.setVisible(handleSecurityQuestion);
         form.add(securityQuestion);
 
         final AjaxTextFieldPanel username =
                 new AjaxTextFieldPanel("username", "username", new Model<String>());
         username.setRequired(true);
         username.getField().setOutputMarkupId(true);
-        username.getField().add(new AjaxFormComponentUpdatingBehavior(Constants.ON_CHANGE)
{
+        if (handleSecurityQuestion) {
+            username.getField().add(new AjaxFormComponentUpdatingBehavior(Constants.ON_CHANGE)
{
 
-            private static final long serialVersionUID = -1107858522700306810L;
+                private static final long serialVersionUID = -1107858522700306810L;
 
-            @Override
-            protected void onUpdate(final AjaxRequestTarget target) {
-                try {
-                    SecurityQuestionTO read = securityQuestionRestClient.readByUser(username.getModelObject());
-                    securityQuestion.setModelObject(read.getContent());
-                    target.add(securityQuestion);
-                } catch (Exception e) {
-                    LOG.error("While fetching security question for {}", username.getModelObject(),
e);
-                    error(getString(Constants.ERROR) + ": " + e.getMessage());
-                    feedbackPanel.refresh(target);
+                @Override
+                protected void onUpdate(final AjaxRequestTarget target) {
+                    try {
+                        SecurityQuestionTO read = securityQuestionRestClient.readByUser(username.getModelObject());
+                        securityQuestion.setModelObject(read.getContent());
+                        target.add(securityQuestion);
+                    } catch (Exception e) {
+                        LOG.error("While fetching security question for {}", username.getModelObject(),
e);
+                        error(getString(Constants.ERROR) + ": " + e.getMessage());
+                        feedbackPanel.refresh(target);
+                    }
                 }
-            }
-        });
+            });
+        }
         form.add(username);
 
+        final Label securityAnswerLabel = new Label("securityAnswerLabel", getString("securityAnswer"));
+        securityAnswerLabel.setOutputMarkupPlaceholderTag(true);
+        securityAnswerLabel.setVisible(handleSecurityQuestion);
+        form.add(securityAnswerLabel);
         final AjaxTextFieldPanel securityAnswer =
                 new AjaxTextFieldPanel("securityAnswer", "securityAnswer", new Model<String>());
-        securityAnswer.setRequired(true);
+        securityAnswer.setRequired(handleSecurityQuestion);
+        securityAnswer.setOutputMarkupPlaceholderTag(true);
+        securityAnswer.setVisible(handleSecurityQuestion);
         form.add(securityAnswer);
 
         final AjaxButton submit = new IndicatingAjaxButton(APPLY, new ResourceModel(SUBMIT,
SUBMIT)) {

Modified: syncope/trunk/console/src/main/java/org/apache/syncope/console/rest/UserSelfRestClient.java
URL: http://svn.apache.org/viewvc/syncope/trunk/console/src/main/java/org/apache/syncope/console/rest/UserSelfRestClient.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/console/src/main/java/org/apache/syncope/console/rest/UserSelfRestClient.java
(original)
+++ syncope/trunk/console/src/main/java/org/apache/syncope/console/rest/UserSelfRestClient.java
Fri Oct  3 09:06:52 2014
@@ -33,7 +33,7 @@ public class UserSelfRestClient extends 
     public boolean isSelfRegistrationAllowed() {
         Boolean result = null;
         try {
-            result = SyncopeSession.get().isSelfRegistrationAllowed();
+            result = SyncopeSession.get().isSelfRegAllowed();
         } catch (SyncopeClientException e) {
             LOG.error("While seeking if self registration is allowed", e);
         }
@@ -62,7 +62,7 @@ public class UserSelfRestClient extends 
     public boolean isPasswordResetAllowed() {
         Boolean result = null;
         try {
-            result = SyncopeSession.get().isPasswordResetAllowed();
+            result = SyncopeSession.get().isPwdResetAllowed();
         } catch (SyncopeClientException e) {
             LOG.error("While seeking if password reset is allowed", e);
         }
@@ -72,6 +72,19 @@ public class UserSelfRestClient extends 
                 : result.booleanValue();
     }
 
+    public boolean isPwdResetRequiringSecurityQuestions() {
+        Boolean result = null;
+        try {
+            result = SyncopeSession.get().isPwdResetRequiringSecurityQuestions();
+        } catch (SyncopeClientException e) {
+            LOG.error("While seeking if password reset requires security question", e);
+        }
+
+        return result == null
+                ? false
+                : result.booleanValue();
+    }
+
     public void requestPasswordReset(final String username, final String securityAnswer)
{
         getService(UserSelfService.class).requestPasswordReset(username, securityAnswer);
     }

Modified: syncope/trunk/console/src/main/resources/org/apache/syncope/console/pages/RequestPasswordResetModalPage.html
URL: http://svn.apache.org/viewvc/syncope/trunk/console/src/main/resources/org/apache/syncope/console/pages/RequestPasswordResetModalPage.html?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/console/src/main/resources/org/apache/syncope/console/pages/RequestPasswordResetModalPage.html
(original)
+++ syncope/trunk/console/src/main/resources/org/apache/syncope/console/pages/RequestPasswordResetModalPage.html
Fri Oct  3 09:06:52 2014
@@ -33,7 +33,7 @@ under the License.
 
           <div class="tablerow">
             <div class="tablecolumn_label medium_fixedsize">
-              <label for="securityQuestion"><wicket:message key="securityQuestion"/></label>
+              <label for="securityQuestion"><span wicket:id="securityQuestionLabel"/></label>
             </div>
             <div class="tablecolumn_field medium_dynamicsize">
               <span wicket:id="securityQuestion">[securityQuestion]</span>
@@ -42,7 +42,7 @@ under the License.
 
           <div class="tablerow">
             <div class="tablecolumn_label medium_fixedsize">
-              <label for="securityAnswer"><wicket:message key="securityAnswer"/></label>
+              <label for="securityAnswer"><span wicket:id="securityAnswerLabel"/></label>
             </div>
             <div class="tablecolumn_field medium_dynamicsize">
               <span wicket:id="securityAnswer">[securityAnswer]</span>

Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java (original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/connid/ConnObjectUtil.java Fri
Oct  3 09:06:52 2014
@@ -278,8 +278,8 @@ public class ConnObjectUtil {
                     if (subjectTO instanceof UserTO) {
                         ((UserTO) subjectTO).setUsername(attribute == null || attribute.getValue().isEmpty()
                                 || attribute.getValue().get(0) == null
-                                ? null
-                                : attribute.getValue().get(0).toString());
+                                        ? null
+                                        : attribute.getValue().get(0).toString());
                     }
                     break;
 
@@ -287,8 +287,8 @@ public class ConnObjectUtil {
                     if (subjectTO instanceof RoleTO) {
                         ((RoleTO) subjectTO).setName(attribute == null || attribute.getValue().isEmpty()
                                 || attribute.getValue().get(0) == null
-                                ? null
-                                : attribute.getValue().get(0).toString());
+                                        ? null
+                                        : attribute.getValue().get(0).toString());
                     }
                     break;
 
@@ -319,22 +319,28 @@ public class ConnObjectUtil {
                             ? Collections.emptyList()
                             : attribute.getValue()) {
 
+                        AttributeSchemaType schemaType = schema == null ? AttributeSchemaType.String
: schema.getType();
                         if (value != null) {
                             final AbstractAttrValue attrValue = attrUtil.newAttrValue();
-                            if (schema == null) {
-                                attrValue.setStringValue(value.toString());
-                            } else if (schema.getType() == AttributeSchemaType.Binary) {
-                                attrValue.setBinaryValue((byte[]) value);
-                            } else {
-                                try {
-                                    attrValue.parseValue(schema, value.toString());
-                                } catch (ParsingValidationException e) {
-                                    LOG.error("While parsing provided value {}", value, e);
+                            switch (schemaType) {
+                                case String:
                                     attrValue.setStringValue(value.toString());
-                                }
+                                    break;
+
+                                case Binary:
+                                    attrValue.setBinaryValue((byte[]) value);
+                                    break;
+
+                                default:
+                                    try {
+                                        attrValue.parseValue(schema, value.toString());
+                                    } catch (ParsingValidationException e) {
+                                        LOG.error("While parsing provided value {}", value,
e);
+                                        attrValue.setStringValue(value.toString());
+                                        schemaType = AttributeSchemaType.String;
+                                    }
                             }
-                            attributeTO.getValues().add(attrValue.getValueAsString(
-                                    schema == null ? AttributeSchemaType.String : schema.getType()));
+                            attributeTO.getValues().add(attrValue.getValueAsString(schemaType));
                         }
                     }
 
@@ -540,7 +546,7 @@ public class ConnObjectUtil {
 
         final IntMappingType type = attrUtil.getType() == AttributableType.USER
                 ? IntMappingType.UserVirtualSchema : attrUtil.getType() == AttributableType.ROLE
-                ? IntMappingType.RoleVirtualSchema : IntMappingType.MembershipVirtualSchema;
+                        ? IntMappingType.RoleVirtualSchema : IntMappingType.MembershipVirtualSchema;
 
         final Map<String, ConnectorObject> externalResources = new HashMap<String,
ConnectorObject>();
 

Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
(original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/rest/controller/UserController.java
Fri Oct  3 09:06:52 2014
@@ -104,15 +104,20 @@ public class UserController extends Abst
     protected AttributableTransformer attrTransformer;
 
     @Transactional(readOnly = true)
-    public boolean isSelfRegistrationAllowed() {
+    public boolean isSelfRegAllowed() {
         return confDAO.find("selfRegistration.allowed", "false").getValues().get(0).getBooleanValue();
     }
 
     @Transactional(readOnly = true)
-    public boolean isPasswordResetAllowed() {
+    public boolean isPwdResetAllowed() {
         return confDAO.find("passwordReset.allowed", "false").getValues().get(0).getBooleanValue();
     }
 
+    @Transactional(readOnly = true)
+    public boolean isPwdResetRequiringSecurityQuestions() {
+        return confDAO.find("passwordReset.securityQuestion", "true").getValues().get(0).getBooleanValue();
+    }
+
     @PreAuthorize("hasRole('USER_READ')")
     public String getUsername(final Long userId) {
         return binder.getUserTO(userId).getUsername();
@@ -377,7 +382,9 @@ public class UserController extends Abst
             throw new NotFoundException("User " + username);
         }
 
-        if (securityAnswer == null || !securityAnswer.equals(user.getSecurityAnswer())) {
+        if (isPwdResetRequiringSecurityQuestions()
+                && (securityAnswer == null || !securityAnswer.equals(user.getSecurityAnswer())))
{
+
             throw SyncopeClientException.build(ClientExceptionType.InvalidSecurityAnswer);
         }
 

Modified: syncope/trunk/core/src/main/java/org/apache/syncope/core/services/UserSelfServiceImpl.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/java/org/apache/syncope/core/services/UserSelfServiceImpl.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/core/src/main/java/org/apache/syncope/core/services/UserSelfServiceImpl.java
(original)
+++ syncope/trunk/core/src/main/java/org/apache/syncope/core/services/UserSelfServiceImpl.java
Fri Oct  3 09:06:52 2014
@@ -39,14 +39,15 @@ public class UserSelfServiceImpl extends
     @Override
     public Response getOptions() {
         return Response.ok().header(HttpHeaders.ALLOW, OPTIONS_ALLOW).
-                header(RESTHeaders.SELFREGISTRATION_ALLOWED, controller.isSelfRegistrationAllowed()).
-                header(RESTHeaders.PASSWORDRESET_ALLOWED, controller.isPasswordResetAllowed()).
+                header(RESTHeaders.SELFREG_ALLOWED, controller.isSelfRegAllowed()).
+                header(RESTHeaders.PWDRESET_ALLOWED, controller.isPwdResetAllowed()).
+                header(RESTHeaders.PWDRESET_NEEDS_SECURITYQUESTIONS, controller.isPwdResetRequiringSecurityQuestions()).
                 build();
     }
 
     @Override
     public Response create(final UserTO userTO, final boolean storePassword) {
-        if (!controller.isSelfRegistrationAllowed()) {
+        if (!controller.isSelfRegAllowed()) {
             SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unauthorized);
             sce.getElements().add("Self registration forbidden by configuration");
             throw sce;
@@ -76,7 +77,7 @@ public class UserSelfServiceImpl extends
 
     @Override
     public void requestPasswordReset(final String username, final String securityAnswer)
{
-        if (!controller.isPasswordResetAllowed()) {
+        if (!controller.isPwdResetAllowed()) {
             SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unauthorized);
             sce.getElements().add("Password reset forbidden by configuration");
             throw sce;
@@ -87,7 +88,7 @@ public class UserSelfServiceImpl extends
 
     @Override
     public void confirmPasswordReset(final String token, final String password) {
-        if (!controller.isPasswordResetAllowed()) {
+        if (!controller.isPwdResetAllowed()) {
             SyncopeClientException sce = SyncopeClientException.build(ClientExceptionType.Unauthorized);
             sce.getElements().add("Password reset forbidden by configuration");
             throw sce;

Modified: syncope/trunk/core/src/main/resources/content.xml
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/main/resources/content.xml?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/core/src/main/resources/content.xml (original)
+++ syncope/trunk/core/src/main/resources/content.xml Fri Oct  3 09:06:52 2014
@@ -61,17 +61,22 @@ under the License.
   <CAttr id="7" owner_id="1" schema_name="passwordReset.allowed"/>
   <CAttrValue id="7" attribute_id="7" booleanValue="1"/>
 
+  <CSchema name="passwordReset.securityQuestion" type="Boolean"
+           mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
+  <CAttr id="8" owner_id="1" schema_name="passwordReset.securityQuestion"/>
+  <CAttrValue id="8" attribute_id="8" booleanValue="1"/>
+
   <CSchema name="authentication.statuses" type="String"
            mandatoryCondition="true" multivalue="1" uniqueConstraint="0" readonly="0"/>
-  <CAttr id="8" owner_id="1" schema_name="authentication.statuses"/>
-  <CAttrValue id="8" attribute_id="8" stringValue="created"/>
-  <CAttrValue id="9" attribute_id="8" stringValue="active"/>
+  <CAttr id="9" owner_id="1" schema_name="authentication.statuses"/>
+  <CAttrValue id="9" attribute_id="9" stringValue="created"/>
+  <CAttrValue id="10" attribute_id="9" stringValue="active"/>
 
   <!-- Save user login date upon successful authentication -->
   <CSchema name="log.lastlogindate" type="Boolean"
            mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-  <CAttr id="10" owner_id="1" schema_name="log.lastlogindate"/>
-  <CAttrValue id="10" attribute_id="10" booleanValue="1"/>
+  <CAttr id="11" owner_id="1" schema_name="log.lastlogindate"/>
+  <CAttrValue id="11" attribute_id="11" booleanValue="1"/>
     
   <!-- User pre-defined schemas -->
   <USchema name="email" type="String"

Modified: syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserSelfTestITCase.java
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserSelfTestITCase.java?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserSelfTestITCase.java
(original)
+++ syncope/trunk/core/src/test/java/org/apache/syncope/core/rest/UserSelfTestITCase.java
Fri Oct  3 09:06:52 2014
@@ -59,7 +59,7 @@ public class UserSelfTestITCase extends 
 
     @Test
     public void selfRegistrationAllowed() {
-        assertTrue(clientFactory.createAnonymous().isSelfRegistrationAllowed());
+        assertTrue(clientFactory.createAnonymous().isSelfRegAllowed());
     }
 
     @Test
@@ -293,4 +293,49 @@ public class UserSelfTestITCase extends 
         assertNotNull(read);
         assertNull(read.getToken());
     }
+
+    @Test
+    public void passwordResetWithoutSecurityQuestion() {
+        // 0. disable security question for password reset
+        configurationService.set("passwordReset.securityQuestion",
+                attributeTO("passwordReset.securityQuestion", "false"));
+
+        // 1. create an user with security question and answer
+        UserTO user = UserTestITCase.getUniqueSampleTO("pwdResetNoSecurityQuestion@syncope.apache.org");
+        createUser(user);
+
+        // 2. verify that new user is able to authenticate
+        SyncopeClient authClient = clientFactory.create(user.getUsername(), "password123");
+        UserTO read = authClient.getService(UserSelfService.class).read();
+        assertNotNull(read);
+
+        // 3. request password reset (as anonymous) with no security answer
+        SyncopeClient anonClient = clientFactory.createAnonymous();
+        anonClient.getService(UserSelfService.class).requestPasswordReset(user.getUsername(),
null);
+
+        // 4. get token (normally sent via e-mail, now reading as admin)
+        String token = userService.read(read.getId()).getToken();
+        assertNotNull(token);
+
+        // 5. confirm password reset
+        try {
+            anonClient.getService(UserSelfService.class).confirmPasswordReset("WRONG TOKEN",
"newPassword");
+            fail();
+        } catch (SyncopeClientException e) {
+            assertEquals(ClientExceptionType.NotFound, e.getType());
+            assertTrue(e.getMessage().contains("WRONG TOKEN"));
+        }
+        anonClient.getService(UserSelfService.class).confirmPasswordReset(token, "newPassword");
+
+        // 6. verify that password was reset and token removed
+        authClient = clientFactory.create(user.getUsername(), "newPassword");
+        read = authClient.getService(UserSelfService.class).read();
+        assertNotNull(read);
+        assertNull(read.getToken());
+
+        // 7. re-enable security question for password reset
+        configurationService.set("passwordReset.securityQuestion",
+                attributeTO("passwordReset.securityQuestion", "true"));
+    }
+
 }

Modified: syncope/trunk/core/src/test/resources/content.xml
URL: http://svn.apache.org/viewvc/syncope/trunk/core/src/test/resources/content.xml?rev=1629153&r1=1629152&r2=1629153&view=diff
==============================================================================
--- syncope/trunk/core/src/test/resources/content.xml (original)
+++ syncope/trunk/core/src/test/resources/content.xml Fri Oct  3 09:06:52 2014
@@ -59,17 +59,22 @@ under the License.
   <CAttr id="7" owner_id="1" schema_name="passwordReset.allowed"/>
   <CAttrValue id="7" attribute_id="7" booleanValue="1"/>
 
+  <CSchema name="passwordReset.securityQuestion" type="Boolean"
+           mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
+  <CAttr id="8" owner_id="1" schema_name="passwordReset.securityQuestion"/>
+  <CAttrValue id="8" attribute_id="8" booleanValue="1"/>
+
   <CSchema name="authentication.statuses" type="String"
            mandatoryCondition="true" multivalue="1" uniqueConstraint="0" readonly="0"/>
-  <CAttr id="8" owner_id="1" schema_name="authentication.statuses"/>
-  <CAttrValue id="8" attribute_id="8" stringValue="created"/>
-  <CAttrValue id="9" attribute_id="8" stringValue="active"/>
+  <CAttr id="9" owner_id="1" schema_name="authentication.statuses"/>
+  <CAttrValue id="9" attribute_id="9" stringValue="created"/>
+  <CAttrValue id="10" attribute_id="9" stringValue="active"/>
 
   <!-- Save user login date upon successful authentication -->
   <CSchema name="log.lastlogindate" type="Boolean"
            mandatoryCondition="true" multivalue="0" uniqueConstraint="0" readonly="0"/>
-  <CAttr id="10" owner_id="1" schema_name="log.lastlogindate"/>
-  <CAttrValue id="10" attribute_id="10" booleanValue="1"/>
+  <CAttr id="11" owner_id="1" schema_name="log.lastlogindate"/>
+  <CAttrValue id="11" attribute_id="11" booleanValue="1"/>
 
   <!-- sample policies -->
   <Policy DTYPE="SyncPolicy" id="1" description="global sync policy" type="GLOBAL_SYNC"




Mime
View raw message