2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.gui.pages;
24 import static org.onap.aaf.misc.xgen.html.HTMLGen.TABLE;
26 import java.io.IOException;
27 import java.net.ConnectException;
28 import java.util.GregorianCalendar;
30 import org.onap.aaf.auth.cmd.AAFcli;
31 import org.onap.aaf.auth.env.AuthzTrans;
32 import org.onap.aaf.auth.gui.AAF_GUI;
33 import org.onap.aaf.auth.gui.BreadCrumbs;
34 import org.onap.aaf.auth.gui.NamedCode;
35 import org.onap.aaf.auth.gui.Page;
36 import org.onap.aaf.auth.org.Organization;
37 import org.onap.aaf.auth.org.OrganizationException;
38 import org.onap.aaf.auth.org.OrganizationFactory;
39 import org.onap.aaf.auth.org.Organization.Identity;
40 import org.onap.aaf.cadi.CadiException;
41 import org.onap.aaf.cadi.LocatorException;
42 import org.onap.aaf.cadi.client.Future;
43 import org.onap.aaf.cadi.client.Rcli;
44 import org.onap.aaf.cadi.client.Retryable;
45 import org.onap.aaf.misc.env.APIException;
46 import org.onap.aaf.misc.env.Slot;
47 import org.onap.aaf.misc.xgen.Cache;
48 import org.onap.aaf.misc.xgen.DynamicCode;
49 import org.onap.aaf.misc.xgen.Mark;
50 import org.onap.aaf.misc.xgen.html.HTMLGen;
52 import aaf.v2_0.Users;
54 public class PassChangeForm extends Page {
56 static final String HREF = "/gui/passwd";
57 static final String NAME = "PassChange";
58 static final String fields[] = {"id","current","password","password2","startDate","ns"};
60 public PassChangeForm(final AAF_GUI gui, final Page ... breadcrumbs) throws APIException, IOException {
61 super(gui.env,NAME,HREF, fields,
62 new BreadCrumbs(breadcrumbs),
63 new NamedCode(true,NAME) {
64 private final Slot sID = gui.env.slot(PassChangeForm.NAME+'.'+PassChangeForm.fields[0]);
66 public void code(final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
68 // p tags not closing right using .p() - causes issues in IE8 password form - so using leaf for the moment
69 hgen.incr(HTMLGen.H4,true,"style=margin: 0em 0em .4em 0em")
70 .text("You are <i>adding</i> a New Password in the AAF System.")
73 Mark form = new Mark();
74 hgen.incr(form,"form","method=post");
76 Mark table = new Mark(TABLE);
79 cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() {
81 public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
82 String incomingID= trans.get(sID, "");
83 boolean skipCurrent = false;
84 if (incomingID.length()>0) {
86 Organization org = OrganizationFactory.obtain(trans.env(), incomingID);
88 hgen.incr(HTMLGen.H4,"style=color:red;").text("Error: There is no supported company for ").text(incomingID).end();
90 Identity user = org.getIdentity(trans, incomingID);
92 int at = incomingID.indexOf('@');
93 hgen.incr(HTMLGen.H4,"style=color:red;").text("Error: You are not the sponsor of '").text(at<0?incomingID:incomingID.substring(0,at))
94 .text("' defined at ").text(org.getName()).end();
97 // Owners/or the IDs themselves are allowed to reset password without previous one
98 skipCurrent=skipCurrent(trans, user);
101 final String id = incomingID;
103 skipCurrent=gui.clientAsUser(trans.getUserPrincipal(), new Retryable<Boolean>() {
105 public Boolean code(Rcli<?> client) throws CadiException, ConnectException, APIException {
106 Future<Users> fc = client.read("/authn/creds/id/"+id,gui.getDF(Users.class));
107 if (fc.get(AAFcli.timeout())) {
108 GregorianCalendar now = new GregorianCalendar();
109 for (aaf.v2_0.Users.User u : fc.value.getUser()) {
110 if (u.getType()<10 && u.getType()>=1 && u.getExpires().toGregorianCalendar().after(now)) {
111 return false; // an existing, non expired, password type exists
114 return true; // no existing, no expired password
116 if (fc.code()==404) { // not found...
119 trans.error().log(gui.aafCon.readableErrMsg(fc));
125 } catch (LocatorException | CadiException e) {
126 trans.error().log(e);
131 } catch (OrganizationException e) {
132 hgen.incr(HTMLGen.H4,"style=color:red;").text("Error: ")
133 .text(e.getMessage()).end();
137 hgen.input(fields[0],"ID*",true,"value="+incomingID,(incomingID.length()==0?"":"readonly"));
139 hgen.input(fields[1],"Current Password*",true,"type=password");
142 hgen.input(fields[1],"",false,"type=hidden", "value=").end();
145 hgen.input(fields[2],"New Password*",true, "type=password")
146 .input(fields[3], "Reenter New Password*",true, "type=password")
147 // .input(fields[3],"Start Date",false,"type=date", "value="+
148 // Chrono.dateOnlyFmt.format(new Date(System.currentTimeMillis()))
155 hgen.tagOnly("input", "type=submit", "value=Submit")
158 .p("All AAF Passwords continue to be valid until their listed expiration dates. ",
159 "This allows you to migrate services to this new password until the old ones expire.").br().br()
160 .p("Note: You must be an Admin of the Namespace where the MechID is defined.").br()
163 Mark div = hgen.divID("passwordRules");
164 cache.dynamic(hgen, new DynamicCode<HTMLGen, AAF_GUI, AuthzTrans>() {
166 public void code(final AAF_GUI gui, final AuthzTrans trans, final Cache<HTMLGen> cache, final HTMLGen hgen) throws APIException, IOException {
168 Organization org = OrganizationFactory.obtain(trans.env(),trans.getUserPrincipal().getName());
170 hgen.incr(HTMLGen.H4).text("Password Rules for ").text(org.getName()).end()
172 for (String line : org.getPasswordRules()) {
173 hgen.leaf(HTMLGen.LI).text(line).end();
177 } catch (OrganizationException e) {
178 hgen.p("No Password Rules can be found for company of ID ",trans.getUserPrincipal().getName()).br();
188 // Package on Purpose
189 static boolean skipCurrent(AuthzTrans trans, Identity user) throws OrganizationException {
191 // Should this be an abstractable Policy?
192 String tuser = trans.user();
193 if (user.fullID().equals(trans.user())) {
196 Identity manager = user.responsibleTo();
197 if (tuser.equals(user.fullID()) || manager.isFound()) {