Yair Zaslavsky has uploaded a new change for review. Change subject: core, tools: Supporting change password Url presentation ......................................................................
core, tools: Supporting change password Url presentation This patch adds the ability for the admin to configure for each authentication domain a url which will be shown on login attempts failing due to password expiration. This allows providing the users with a link to a web page allowing to change their expired password. In order to set these URLs, a new optional parameter was introduced to manage-domains, named changePasswordUrl. Change-Id: Icc393a547a3869733654553bf6d62df2b253a269 Signed-off-by: Yair Zaslavsky <[email protected]> --- M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java M backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java M packaging/bin/engine-manage-domains.sh M packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql 5 files changed, 72 insertions(+), 17 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/18/23318/1 diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java index 0a223c9..6cc90a0 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java @@ -1606,5 +1606,9 @@ @DefaultValueAttribute("10") MaxNumOfTriesToRunFailedAutoStartVm, + @TypeConverterAttribute(String.class) + @DefaultValueAttribute("") + ChangePasswordUrl, + Invalid; } diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java index 314a43c..f519f6c 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ConfigurationProvider.java @@ -3,12 +3,12 @@ import static org.ovirt.engine.core.common.config.ConfigValues.AdUserId; import static org.ovirt.engine.core.common.config.ConfigValues.AdUserName; import static org.ovirt.engine.core.common.config.ConfigValues.AdUserPassword; +import static org.ovirt.engine.core.common.config.ConfigValues.ChangePasswordUrl; import static org.ovirt.engine.core.common.config.ConfigValues.DomainName; import static org.ovirt.engine.core.common.config.ConfigValues.LDAPProviderTypes; import static org.ovirt.engine.core.common.config.ConfigValues.LDAPSecurityAuthentication; -import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers; import static org.ovirt.engine.core.common.config.ConfigValues.LDAPServerPort; - +import static org.ovirt.engine.core.common.config.ConfigValues.LdapServers; import java.io.BufferedWriter; import java.io.File; @@ -34,7 +34,7 @@ String adUserId, String ldapProviderTypes, String engineConfigExecutable, - String engineConfigProperties, String ldapServerPort) { + String engineConfigProperties, String ldapServerPort, String passwordChangeUrls) { super(); configVals.put(AdUserName, adUserName); configVals.put(AdUserPassword, adUserPassword); @@ -44,6 +44,7 @@ configVals.put(AdUserId, adUserId); configVals.put(LDAPProviderTypes, ldapProviderTypes); configVals.put(LDAPServerPort, ldapServerPort); + configVals.put(ChangePasswordUrl, passwordChangeUrls); this.engineConfigExecutable = engineConfigExecutable; this.engineConfigProperties = engineConfigProperties; } diff --git a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java index a8d57f5..bf5c4c7 100644 --- a/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java +++ b/backend/manager/tools/src/main/java/org/ovirt/engine/core/domains/ManageDomains.java @@ -97,6 +97,7 @@ provider, forceDelete, ldapServers, + changePasswordUrl, } public enum ActionType { @@ -251,6 +252,11 @@ if (ldapPort == null) { ldapPort = DEFAULT_LDAP_SERVER_PORT; } + String changePasswordUrl = + getConfigValue(engineConfigExecutable, engineConfigProperties, ConfigValues.ChangePasswordUrl); + if (changePasswordUrl == null) { + changePasswordUrl = ""; + } configurationProvider = new ConfigurationProvider(adUserName, @@ -261,7 +267,7 @@ adUserId, ldapProviderTypes, utilityConfiguration.getEngineConfigExecutablePath(), - engineConfigProperties, ldapPort); + engineConfigProperties, ldapPort, changePasswordUrl); } catch (Throwable e) { throw new ManageDomainsResult(ManageDomainsResultEnum.FAILED_READING_CURRENT_CONFIGURATION, e.getMessage()); @@ -333,6 +339,21 @@ sb.append(" " + t.name() + "\n"); } throw new ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND, sb.toString()); + } + + protected String getChangePasswordUrl(CLIParser parser) throws ManageDomainsResult { + String changePasswordUrl = parser.getArg(Arguments.changePasswordUrl.name()); + if (StringUtils.isEmpty(changePasswordUrl)) { + throw new ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND, + "Password change URL must not be empty"); + } + try { + URL url = new URL(changePasswordUrl); + } catch (MalformedURLException e) { + throw new ManageDomainsResult(ManageDomainsResultEnum.INVALID_ARGUMENT_FOR_COMMAND, + "The provided string for Password change URL is not a valid URL"); + } + return changePasswordUrl; } private String getPasswordInput(CLIParser parser) throws ManageDomainsResult { @@ -498,6 +519,7 @@ List<String> ldapServers = getLdapServers(parser, domainName); validateKdcServers(authMode, domainName); domainNameEntry.setValueForDomain(domainName, null); + String changePasswordUrl = getChangePasswordUrl(parser); String currentAdUserNameEntry = configurationProvider.getConfigValue(ConfigValues.AdUserName); String currentAdUserPasswordEntry = configurationProvider.getConfigValue(ConfigValues.AdUserPassword); @@ -506,6 +528,7 @@ String currentAdUserIdEntry = configurationProvider.getConfigValue(ConfigValues.AdUserId); String currentLDAPProviderTypes = configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes); String ldapServerPort = configurationProvider.getConfigValue(ConfigValues.LDAPServerPort); + String currentChangePasswordUrl = configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl); DomainsConfigurationEntry adUserNameEntry = new DomainsConfigurationEntry(currentAdUserNameEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); @@ -519,6 +542,9 @@ new DomainsConfigurationEntry(currentAdUserIdEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); DomainsConfigurationEntry ldapProviderTypesEntry = new DomainsConfigurationEntry(currentLDAPProviderTypes, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + DomainsConfigurationEntry changePasswordUrlEntry = + new DomainsConfigurationEntry(currentChangePasswordUrl, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + LdapProviderType ldapProviderType = getLdapProviderType(parser); adUserNameEntry.setValueForDomain(domainName, userName); @@ -526,6 +552,8 @@ authModeEntry.setValueForDomain(domainName, authMode); ldapProviderTypesEntry.setValueForDomain(domainName, ldapProviderType.name()); setLdapServersPerDomain(domainName, ldapServersEntry, StringUtils.join(ldapServers, ",")); + changePasswordUrlEntry.setValueForDomain(domainName, changePasswordUrl); + testConfiguration(domainName, @@ -550,7 +578,7 @@ authModeEntry, ldapServersEntry, adUserIdEntry, - ldapProviderTypesEntry); + ldapProviderTypesEntry, changePasswordUrlEntry); printSuccessMessage(domainName, "added"); } @@ -627,6 +655,7 @@ String currentAdUserIdEntry = configurationProvider.getConfigValue(ConfigValues.AdUserId); String currentLdapProviderTypeEntry = configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes); String ldapServerPort = configurationProvider.getConfigValue(ConfigValues.LDAPServerPort); + String currentChangePasswordUrl = configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl); DomainsConfigurationEntry adUserNameEntry = @@ -639,6 +668,9 @@ new DomainsConfigurationEntry(currentAdUserIdEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); DomainsConfigurationEntry ldapProviderTypeEntry = new DomainsConfigurationEntry(currentLdapProviderTypeEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + DomainsConfigurationEntry changePaswordUrlEntry = + new DomainsConfigurationEntry(currentChangePasswordUrl, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + if (userName != null) { adUserNameEntry.setValueForDomain(domainName, userName); @@ -663,6 +695,9 @@ if (ldapProviderType != null) { ldapProviderTypeEntry.setValueForDomain(domainName, ldapProviderType.name()); } + if (parser.hasArg(Arguments.changePasswordUrl.name())) { + changePaswordUrlEntry.setValueForDomain(domainName, getChangePasswordUrl(parser)); + } testConfiguration(domainName, domainNameEntry, @@ -685,7 +720,8 @@ authModeEntry, ldapServersEntry, adUserIdEntry, - ldapProviderTypeEntry); + ldapProviderTypeEntry, + changePaswordUrlEntry); printSuccessMessage(domainName, "edited"); } @@ -930,7 +966,8 @@ DomainsConfigurationEntry authModeEntry, DomainsConfigurationEntry ldapServersEntry, DomainsConfigurationEntry adUserIdEntry, - DomainsConfigurationEntry ldapProviderTypeEntry) throws ManageDomainsResult { + DomainsConfigurationEntry ldapProviderTypeEntry, DomainsConfigurationEntry changePasswordUrlEntry) + throws ManageDomainsResult { // Update the configuration configurationProvider.setConfigValue(ConfigValues.AdUserName, adUserNameEntry); @@ -952,6 +989,8 @@ configurationProvider.setConfigValue(ConfigValues.LDAPProviderTypes, ldapProviderTypeEntry); + + configurationProvider.setConfigValue(ConfigValues.ChangePasswordUrl, changePasswordUrlEntry); } public void deleteDomain(String domainName, boolean forceDelete) throws ManageDomainsResult { @@ -983,6 +1022,7 @@ String currentLdapServersEntry = configurationProvider.getConfigValue(ConfigValues.LdapServers); String currentAdUserId = configurationProvider.getConfigValue(ConfigValues.AdUserId); String ldapProviderType = configurationProvider.getConfigValue(ConfigValues.LDAPProviderTypes); + String changePasswordUrl = configurationProvider.getConfigValue(ConfigValues.ChangePasswordUrl); DomainsConfigurationEntry adUserNameEntry = new DomainsConfigurationEntry(currentAdUserNameEntry, DOMAIN_SEPERATOR, VALUE_SEPERATOR); @@ -997,12 +1037,16 @@ DomainsConfigurationEntry ldapProviderTypeEntry = new DomainsConfigurationEntry(ldapProviderType, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + DomainsConfigurationEntry changePasswordUrlEntry = + new DomainsConfigurationEntry(changePasswordUrl, DOMAIN_SEPERATOR, VALUE_SEPERATOR); + adUserNameEntry.removeValueForDomain(domainName); adUserIdEntry.removeValueForDomain(domainName); adUserPasswordEntry.removeValueForDomain(domainName); authModeEntry.removeValueForDomain(domainName); ldapServersEntry.removeValueForDomain(domainName); ldapProviderTypeEntry.removeValueForDomain(domainName); + changePasswordUrlEntry.removeValueForDomain(domainName); // Update the configuration setConfigurationEntries(domainNameEntry, @@ -1011,7 +1055,7 @@ authModeEntry, ldapServersEntry, adUserIdEntry, - ldapProviderTypeEntry); + ldapProviderTypeEntry, changePasswordUrlEntry); System.out.println(String.format(DELETE_DOMAIN_SUCCESS, domainName)); } diff --git a/packaging/bin/engine-manage-domains.sh b/packaging/bin/engine-manage-domains.sh index 7eb920e..bc895a4 100755 --- a/packaging/bin/engine-manage-domains.sh +++ b/packaging/bin/engine-manage-domains.sh @@ -11,16 +11,17 @@ cat << __EOF__ engine-manage-domains: add/edit/delete/validate/list domains USAGE: - engine-manage-domains -action=ACTION [-domain=DOMAIN -provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH -addPermissions -forceDelete -ldapServers=LDAP_SERVERS] -report + engine-manage-domains -action=ACTION [-domain=DOMAIN -provider=PROVIDER -user=USER -passwordFile=PASSWORD_FILE -interactive -configFile=PATH -addPermissions -forceDelete -ldapServers=LDAP_SERVERS -changePasswordUrl] -report Where: - ACTION action to perform (add/edit/delete/validate/list). See details below. - DOMAIN (mandatory for add, edit and delete) the domain you wish to perform the action on. - PROVIDER (mandatory for add, optional for edit) the LDAP provider type of server used for the domain. Among the supported providers IPA, RHDS, ITDS, ActiveDirectory and OpenLDAP. - USER (optional for edit, mandatory for add) the domain user. - PASSWORD_FILE (optional for edit, mandatory for add) a file containing the password in the first line. - interactive alternative for using -passwordFile - read the password interactively. - PATH (optional) use the given alternate configuration file. - LDAP_SERVERS (optional) a comma delimited list of LDAP servers to be set to the domain. + ACTION action to perform (add/edit/delete/validate/list). See details below. + DOMAIN (mandatory for add, edit and delete) the domain you wish to perform the action on. + PROVIDER (mandatory for add, optional for edit) the LDAP provider type of server used for the domain. Among the supported providers IPA, RHDS, ITDS, ActiveDirectory and OpenLDAP. + USER (optional for edit, mandatory for add) the domain user. + PASSWORD_FILE (optional for edit, mandatory for add) a file containing the password in the first line. + interactive alternative for using -passwordFile - read the password interactively. + PATH (optional) use the given alternate configuration file. + LDAP_SERVERS (optional) a comma delimited list of LDAP servers to be set to the domain. + CHANGE_PASSWORD_URL (optional) a URL to be returned to the user in case the password has expired. Available actions: add @@ -100,6 +101,7 @@ LdapServers= LDAPProviderTypes= LDAPServerPort= +ChangePasswordUrl= __EOF__ # diff --git a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql index 531e7f7..5051aeb 100644 --- a/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql +++ b/packaging/dbscripts/upgrade/pre_upgrade/0000_config.sql @@ -608,6 +608,10 @@ select fn_db_add_config_value('EnableVdsHaReservation','true','general'); select fn_db_add_config_value('VdsHaReservationIntervalInMinutes','5','general'); +--Password URL change +select fn_db_add_config_value('ChangePasswordUrl','','general'); + + ------------------------------------------------------------------------------------ -- Update with override section ------------------------------------------------------------------------------------ -- To view, visit http://gerrit.ovirt.org/23318 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Icc393a547a3869733654553bf6d62df2b253a269 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Yair Zaslavsky <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
