Merge branch 'release/v1.6.0-1'

Author: CloudFlo2312

CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v1.6.0-1] - 2022-04-27
+Note: CAS version >= 6.5.3-2 is required for this version.
+
+### Added
+- Possibility to set the attribute that the user has to change his password at the next login (#51)
+
 ## [v1.5.0-3] - 2022-04-26
 ### Removed
 - remove unused source of `/etc/ces/functions.sh` in `startup.sh` (#52)

Dockerfile

@@ -8,7 +8,7 @@ RUN set -x \
 FROM registry.cloudogu.com/official/java:8u302-1
 
 LABEL NAME="official/usermgt" \
-   VERSION="1.5.0-3" \
+   VERSION="1.6.0-1" \
    maintainer="[email protected]"
 
 # mark as webapp for nginx

Jenkinsfile

@@ -132,12 +132,12 @@ node('docker') {
       }
 
       stage('Integration Tests') {
-          echo "No integration test exists."
-//          ecoSystem.runCypressIntegrationTests([
-//                  cypressImage: "cypress/included:8.6.0",
-//                  enableVideo: params.EnableVideoRecording,
-//                  enableScreenshots    : params.EnableScreenshotRecording,
-//          ])
+         echo "run integration tests."
+         ecoSystem.runCypressIntegrationTests([
+                 cypressImage: "cypress/included:8.6.0",
+                 enableVideo: params.EnableVideoRecording,
+                 enableScreenshots    : params.EnableScreenshotRecording,
+          ])
       }
 
       if (params.TestDoguUpgrade != null && params.TestDoguUpgrade){
@@ -161,12 +161,12 @@ node('docker') {
         }
 
         stage('Integration Tests - After Upgrade') {
-          echo "No integration test exists."
-//          ecoSystem.runCypressIntegrationTests([
-//                  cypressImage: "cypress/included:8.6.0",
-//                  enableVideo: params.EnableVideoRecording,
-//                  enableScreenshots    : params.EnableScreenshotRecording,
-//          ])
+         echo "run integration tests."
+         ecoSystem.runCypressIntegrationTests([
+                 cypressImage: "cypress/included:8.6.0",
+                 enableVideo: params.EnableVideoRecording,
+                 enableScreenshots    : params.EnableScreenshotRecording,
+         ])
         }
       }
 

Makefile

@@ -1,6 +1,6 @@
 # Set these to the desired values
 ARTIFACT_ID=usermgt
-VERSION=1.5.0-3
+VERSION=1.6.0-1
 # overwrite ADDITIONAL_LDFLAGS to disable static compilation
 # this should fix https://github.com/golang/go/issues/13470
 ADDITIONAL_LDFLAGS=""

app/env/data/mapping/user.xml

@@ -29,6 +29,8 @@ and open the template in the editor.
       in-search="false">
       password
     </attribute>
+    <attribute decoder="de.triology.universeadm.mapping.LDAPBooleanConverter"
+               encoder="de.triology.universeadm.mapping.LDAPBooleanConverter">pwdReset</attribute>
     <attribute ldap-name="memberOf" is-multi-value="true" in-modify="false" 
       in-create="false"
                decoder="de.triology.universeadm.mapping.MemberOfMappingConverter"

app/src/main/java/de/triology/universeadm/CasSecurityModule.java

@@ -114,6 +114,8 @@ protected void configureRealm() {
     addFilterChain("/api/users/*", API, config(ROLES, Roles.ADMINISTRATOR));
     addFilterChain("/api/groups", API, config(ROLES, Roles.ADMINISTRATOR));
     addFilterChain("/api/groups/*", API, config(ROLES, Roles.ADMINISTRATOR));
+    addFilterChain("/api/account", API);
+    addFilterChain("/api/account/*", API);
     addFilterChain("/**", AUTHC);
   }
 

app/src/main/java/de/triology/universeadm/account/AccountResource.java

@@ -86,7 +86,25 @@ public Response getConfig()
       final Configuration conf = Configuration.getInstance();
       builder = Response.ok(conf.getContent(), MediaType.APPLICATION_JSON);
     } else {
-      logger.error("call /api/conf/passwordpolicy without prior authentication");
+      logger.error("call /api/account/passwordpolicy without prior authentication");
+      builder = Response.status(Response.Status.FORBIDDEN);
+    }
+
+    return builder.build();
+  }
+
+  @GET
+  @Path("gui_config")
+  @Produces(MediaType.APPLICATION_JSON)
+  public Response getGuiConfig()
+  {
+    Response.ResponseBuilder builder;
+    User account = accountManager.getCurrentUser();
+    if ( account != null ){
+      final Configuration conf = Configuration.getInstance();
+      builder = Response.ok(conf.getGuiContent(), MediaType.APPLICATION_JSON);
+    } else {
+      logger.error("call /api/account/gui_config without prior authentication");
       builder = Response.status(Response.Status.FORBIDDEN);
     }
 

app/src/main/java/de/triology/universeadm/account/Configuration.java

@@ -12,11 +12,14 @@ public class Configuration {
   private static final Logger logger = LoggerFactory.getLogger(Configuration.class);
   private static final String defaultPath = "/var/lib/usermgt/conf";
   private static final String configFilePath = defaultPath + "/optional.conf";
+  private static final String guiConfigFilePath = defaultPath + "/gui.conf";
   private static Configuration instance;
   private final String content;
+  private final String guiContent;
 
   private Configuration() {
     this.content = this.readConfigurationFromFile(configFilePath);
+    this.guiContent = this.readConfigurationFromFile(guiConfigFilePath);
   }
 
   public static Configuration getInstance() {
@@ -30,6 +33,10 @@ public String getContent() {
     return this.content;
   }
 
+  public String getGuiContent() {
+    return this.guiContent;
+  }
+
   private String readConfigurationFromFile(final String path) {
     String configuration = "";
     try {

app/src/main/java/de/triology/universeadm/mapping/LDAPBooleanConverter.java

@@ -0,0 +1,32 @@
+package de.triology.universeadm.mapping;
+
+/**
+ * Converter for the conversion of a Java Boolean to an LDAP Boolean and vice versa.
+ *
+ * In LDAP, the boolean values are capitalised ("FALSE", "TRUE).
+ */
+public class LDAPBooleanConverter extends AbstractMappingConverter {
+
+    private static final String LDAP_FALSE = "FALSE";
+    private static final String LDAP_TRUE = "TRUE";
+
+    @Override
+    public String encodeAsString(Object object) {
+        if (object instanceof Boolean) {
+            Boolean bool = (Boolean) object;
+
+            if (Boolean.TRUE.equals(bool)) {
+                return LDAP_TRUE;
+            } else {
+                return LDAP_FALSE;
+            }
+        }
+
+        return LDAP_FALSE;
+    }
+
+    @Override
+    public <T> Object decodeFromString(FieldDescriptor<T> type, String string) {
+        return LDAP_TRUE.equals(string);
+    }
+}

app/src/main/java/de/triology/universeadm/user/User.java

@@ -84,14 +84,15 @@ public User(String username)
    * @param memberOf
    */
   public User(String username, String displayName, String givenname,
-    String surname, String mail, String password, List<String> memberOf)
+    String surname, String mail, String password, boolean pwdReset, List<String> memberOf)
   {
     this.username = username;
     this.displayName = displayName;
     this.givenname = givenname;
     this.surname = surname;
     this.mail = mail;
     this.password = password;
+    this.pwdReset = pwdReset;
     this.memberOf = memberOf;
   }
 
@@ -140,7 +141,8 @@ public boolean equals(Object obj)
       && Objects.equal(givenname, other.givenname)
       && Objects.equal(surname, other.surname)
       && Objects.equal(mail, other.mail)
-      && Objects.equal(memberOf, other.memberOf);
+      && Objects.equal(memberOf, other.memberOf)
+      && Objects.equal(pwdReset, other.pwdReset);
   }
 
   /**
@@ -153,7 +155,7 @@ public boolean equals(Object obj)
   public int hashCode()
   {
     return Objects.hashCode(username, displayName, givenname, surname, mail,
-      memberOf);
+      memberOf, pwdReset);
   }
 
   /**
@@ -168,7 +170,7 @@ public String toString()
     return MoreObjects.toStringHelper(this).add("username",
       username).add("displayName", displayName).add("givenname",
         givenname).add("surname", surname).add("mail", mail).add("memberOf",
-          memberOf).toString();
+          memberOf).add("pwdReset", pwdReset).toString();
   }
 
   //~--- get methods ----------------------------------------------------------
@@ -233,6 +235,16 @@ public String getPassword()
     return password;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @return
+   */
+  public boolean isPwdReset() {
+    return pwdReset;
+  }
+
   /**
    * Method description
    *
@@ -312,6 +324,16 @@ public void setPassword(String password)
     this.password = password;
   }
 
+  /**
+   * Method description
+   *
+   *
+   * @param pwdReset
+   */
+  public void setPwdReset(boolean pwdReset) {
+    this.pwdReset = pwdReset;
+  }
+
   /**
    * Method description
    *
@@ -363,6 +385,12 @@ public void setUsername(String username)
    */
   private String password;
 
+
+  /**
+   * Field description
+   */
+  private boolean pwdReset;
+
   /**
    * Field description
    */

app/src/main/webapp/index.html

@@ -111,6 +111,7 @@
     <script type="text/javascript" src="scripts/users/controllers.js"></script>
     <script type="text/javascript" src="scripts/passwordpolicy/services.js"></script>
     <script type="text/javascript" src="scripts/constrainthandling/services.js"></script>
+    <script type="text/javascript" src="scripts/passwordresethandling/services.js"></script>
     <script type="text/javascript" src="scripts/groups/config.js"></script>
     <script type="text/javascript" src="scripts/groups/services.js"></script>
     <script type="text/javascript" src="scripts/groups/controllers.js"></script>

app/src/main/webapp/scripts/account/controllers.js

@@ -28,12 +28,13 @@
 
 angular.module('universeadm.account.controllers', ['universeadm.validation.directives', 
   'universeadm.account.services', 'universeadm.groups.services', 'universeadm.passwordpolicy.services', 'universeadm.constrainthandling.services'])
-  .controller('accountController', function($scope, accountService, groupService, account, passwordPolicyService, constraintHandlingService) {
+  .controller('accountController', function($scope, $rootScope, accountService, groupService, account, passwordPolicyService, constraintHandlingService) {
 
     function setAccount(account) {
       $scope.user = account;
       $scope.master = angular.copy(account);
       $scope.confirmPassword = account.password;
+      $scope.userIsCurrentUser = $rootScope.username === account.username;
     }
 
     setAccount(account);

app/src/main/webapp/scripts/passwordresethandling/services.js

@@ -0,0 +1,19 @@
+'use strict';
+
+angular.module('universeadm.passwordresethandling.services', ['restangular'])
+    .factory('passwordResetHandlingService', function(Restangular){
+        return {
+            getPasswordResetDefaultValue: function (){
+                return new Promise(function (resolve) {
+                    Restangular.one('account/gui_config').withHttpConfig({ cache: true}).get().then(function (result) {
+                        // If result is undefined because of a failure in backend, make sure not to throw an error here
+                        if (!!result){
+                            resolve(result.pwdResetPreselected);
+                        } else {
+                            resolve(false);
+                        }
+                    });
+                });
+            }
+        };
+    });

app/src/main/webapp/scripts/universeadm.js

@@ -96,10 +96,11 @@ angular.module('universeadm', ['angular-loading-bar', 'ngAnimate', 'restangular'
         $state.go('error404');
       });
     })
-    .controller('navigationController', function ($scope, $location, $log, navigation) {
+    .controller('navigationController', function ($scope, $rootScope, $location, $log, navigation) {
       function setNavigation(subject) {
         $scope.navItems = _.filter(navigation.items, function (item) {
           $scope.username = subject.principal;
+          $rootScope.username = subject.principal;
           return !item.requireAdminPrivileges || subject.admin;
         });
       }