Merge branch 'master' into oauth-enh

client/src/i18n/translations_en.json

@@ -12,6 +12,7 @@
   "Button_Export": "Export",
   "Button_Email": "Email",
   "Button_ExportOrgChart": "Export Organizational Chart",
+  "Button_EmailTeam": "Email Team Members",
   "Button_GoBack": "Go Back",
   "Button_HelpdeskClearOtpSecret": "Clear OTP Secret",
   "Button_More": "More",

client/src/modules/helpdesk/verifications-dialog.controller.ts

@@ -53,7 +53,7 @@ export default class VerificationsDialogController {
     inputs: { name: string, label: string }[];
     isDetailsView: boolean;
     status: string;
-    tokenData: IVerificationTokenResponse;
+    tokenData: string;
     viewDetailsEnabled: boolean;
     verificationMethod: string;
     verificationStatus: string;
@@ -163,7 +163,9 @@ export default class VerificationsDialogController {
         let data = {};
         this.objectService.assign(data, this.formData);
         if (this.tokenData) {
-            this.objectService.assign(data, this.tokenData);
+            this.objectService.assign(data, {
+                tokenData: this.tokenData
+            });
         }
         this.helpDeskService.validateVerificationData(this.personUserKey, data, this.verificationMethod)
             .then((response) => {
@@ -190,6 +192,7 @@ export default class VerificationsDialogController {
         this.helpDeskService.sendVerificationToken(this.personUserKey, this.tokenDestinationID)
             .then((response) => {
                 this.verificationTokenSent = true;
+                this.tokenData = (response as any).data.tokenData;
             })
             .catch((reason) => {
                 this.verificationTokenSent = false;

client/src/modules/peoplesearch/orgchart-export.controller.ts

@@ -20,7 +20,7 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  */
 
-import {IPeopleService} from '../../services/people.service';
+import {IPwmService} from '../../services/pwm.service';
 
 require('./orgchart-export.component.scss');
 
@@ -31,7 +31,7 @@ export default class OrgchartExportController {
         '$window',
         'IasDialogService',
         'translateFilter',
-        'peopleService',
+        'PwmService',
         'maxDepth',
         'personName',
         'userKey'
@@ -39,15 +39,18 @@ export default class OrgchartExportController {
     constructor(private $window: angular.IWindowService,
                 private IasDialogService: any,
                 private translateFilter: (id: string) => string,
-                private peopleService: IPeopleService,
+                private pwmService: IPwmService,
                 private maxDepth: number,
                 private personName: string,
                 private userKey: string) {
     }
 
     exportOrgChart() {
-        // tslint:disable-next-line
-        this.$window.location.href = `/pwm/private/peoplesearch?processAction=exportOrgChart&depth=${this.depth}&userKey=${this.userKey}`;
+        this.$window.location.href = this.pwmService.getServerUrl('exportOrgChart', {
+            depth: this.depth,
+            userKey: this.userKey
+        });
+
         this.IasDialogService.close();
     }
 }

client/src/services/helpdesk.service.ts

@@ -51,7 +51,7 @@ export interface IHelpDeskService {
     sendVerificationToken(userKey: string, choice: string): IPromise<IVerificationTokenResponse>;
     setPassword(userKey: string, random: boolean, password?: string): IPromise<ISuccessResponse>;
     unlockIntruder(userKey: string): IPromise<ISuccessResponse>;
-    validateVerificationData(userKey: string, formData: any, tokenData: any): IPromise<IVerificationStatus>;
+    validateVerificationData(userKey: string, formData: any, method: any): IPromise<IVerificationStatus>;
     showStrengthMeter: boolean;
 }
 

onejar/pom.xml

@@ -17,8 +17,7 @@
 
     <properties>
         <project.root.basedir>${project.basedir}/..</project.root.basedir>
-        <tomcat.version>9.0.13</tomcat.version>
-        <jetty-version>9.4.11.v20180605</jetty-version>
+        <tomcat.version>9.0.14</tomcat.version>
     </properties>
 
     <build>

onejar/src/main/java/password/pwm/onejar/TomcatOnejarRunner.java

@@ -165,8 +165,6 @@ public class TomcatOnejarRunner
         connector.setAttribute( "keyAlias", OnejarMain.KEYSTORE_ALIAS );
         connector.setAttribute( "clientAuth", "false" );
 
-        connector.addUpgradeProtocol( new org.apache.coyote.http2.Http2Protocol() );
-
         out( "connector maxThreads=" + connector.getAttribute( "maxThreads" ) );
         out( "connector maxConnections=" + connector.getAttribute( "maxConnections" ) );
 

server/src/main/java/password/pwm/svc/email/EmailService.java

@@ -85,13 +85,6 @@ public class EmailService implements PwmService
 
     private final ThreadLocal<EmailConnection> threadLocalTransport = new ThreadLocal<>();
 
-    enum SendFailureMode
-    {
-        RESEND,
-        REQUEUE,
-        DISCARD,
-    }
-
     public void init( final PwmApplication pwmApplication )
             throws PwmException
     {
@@ -100,6 +93,13 @@ public class EmailService implements PwmService
 
         servers.addAll( EmailServerUtil.makeEmailServersMap( pwmApplication.getConfig() ) );
 
+        if ( servers.isEmpty() )
+        {
+            status = STATUS.CLOSED;
+            LOGGER.debug( () -> "no email servers configured, will remain closed" );
+            return;
+        }
+
         for ( final EmailServer emailServer : servers )
         {
             serverErrors.put( emailServer, Optional.empty() );

server/src/main/java/password/pwm/svc/node/DatabaseNodeDataService.java

@@ -25,6 +25,7 @@ package password.pwm.svc.node;
 import password.pwm.PwmApplication;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.svc.PwmService;
 import password.pwm.util.db.DatabaseAccessor;
 import password.pwm.util.db.DatabaseException;
 import password.pwm.util.db.DatabaseTable;
@@ -36,7 +37,7 @@ import password.pwm.util.logging.PwmLogger;
 import java.util.LinkedHashMap;
 import java.util.Map;
 
-public class DatabaseNodeDataService implements NodeDataServiceProvider
+class DatabaseNodeDataService implements NodeDataServiceProvider
 {
     private static final PwmLogger LOGGER = PwmLogger.forClass( DatabaseNodeDataService.class );
 
@@ -45,9 +46,14 @@ public class DatabaseNodeDataService implements NodeDataServiceProvider
 
     private final PwmApplication pwmApplication;
 
-    public DatabaseNodeDataService( final PwmApplication pwmApplication )
+    DatabaseNodeDataService( final PwmApplication pwmApplication ) throws PwmUnrecoverableException
     {
         this.pwmApplication = pwmApplication;
+
+        if ( pwmApplication.getDatabaseService().status() != PwmService.STATUS.OPEN )
+        {
+            throw new PwmUnrecoverableException( PwmError.ERROR_NODE_SERVICE_ERROR, "database service is not available" );
+        }
     }
 
     private DatabaseAccessor getDatabaseAccessor()

server/src/main/java/password/pwm/svc/node/LDAPNodeDataService.java

@@ -28,6 +28,7 @@ import lombok.Value;
 import password.pwm.PwmApplication;
 import password.pwm.bean.UserIdentity;
 import password.pwm.config.PwmSetting;
+import password.pwm.config.profile.LdapProfile;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmUnrecoverableException;
@@ -39,16 +40,38 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 import java.util.Set;
 
-public class LDAPNodeDataService implements NodeDataServiceProvider
+class LDAPNodeDataService implements NodeDataServiceProvider
 {
     private static final PwmLogger LOGGER = PwmLogger.forClass( LDAPNodeDataService.class );
 
     private final PwmApplication pwmApplication;
     private static final String VALUE_PREFIX = "0006#.#.#";
 
-    public LDAPNodeDataService( final PwmApplication pwmApplication )
+    LDAPNodeDataService( final PwmApplication pwmApplication ) throws PwmUnrecoverableException
     {
         this.pwmApplication = pwmApplication;
+
+        final UserIdentity testUser;
+        final String ldapProfileID;
+        try
+        {
+            final LdapProfile ldapProfile = pwmApplication.getConfig().getDefaultLdapProfile();
+            ldapProfileID = ldapProfile.getIdentifier();
+            testUser = ldapProfile.getTestUser( pwmApplication );
+        }
+        catch ( PwmUnrecoverableException e )
+        {
+            final String msg = "error checking ldap test user configuration for ldap node service: " + e.getMessage();
+            throw PwmUnrecoverableException.newException( PwmError.ERROR_INTERNAL, msg );
+        }
+
+        if ( testUser == null )
+        {
+            final String msg = "ldap node service requires that setting "
+                    + PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug( ldapProfileID, null )
+                    + " is configured";
+            throw PwmUnrecoverableException.newException( PwmError.ERROR_NODE_SERVICE_ERROR, msg );
+        }
     }
 
     @Override

server/src/main/java/password/pwm/svc/node/NodeDataServiceProvider.java

@@ -27,7 +27,7 @@ import password.pwm.util.java.TimeDuration;
 
 import java.util.Map;
 
-public interface NodeDataServiceProvider
+interface NodeDataServiceProvider
 {
     Map<String, StoredNodeData> readStoredData( ) throws PwmUnrecoverableException;
 

server/src/main/java/password/pwm/svc/node/NodeService.java

@@ -111,10 +111,16 @@ public class NodeService implements PwmService
                 return;
             }
         }
-        catch ( Exception e )
+        catch ( PwmUnrecoverableException e )
         {
+            startupError = e.getErrorInformation();
             LOGGER.error( "error starting up cluster service: " + e.getMessage() );
         }
+        catch ( Exception e )
+        {
+            startupError = new ErrorInformation( PwmError.ERROR_NODE_SERVICE_ERROR, "error starting up cluster service: " + e.getMessage() );
+            LOGGER.error( startupError );
+        }
 
         status = STATUS.CLOSED;
     }

server/src/main/java/password/pwm/util/secure/X509Utils.java

@@ -81,52 +81,6 @@ public abstract class X509Utils
         return readRemoteCertificates( host, port, configuration );
     }
 
-    public static List<X509Certificate> readRemoteHttpCertificates(
-            final PwmApplication pwmApplication,
-            final SessionLabel sessionLabel,
-            final URI uri,
-            final Configuration configuration
-    )
-            throws PwmUnrecoverableException
-    {
-        final CertReaderTrustManager certReaderTrustManager = new CertReaderTrustManager( readCertificateFlagsFromConfig( configuration ) );
-        final PwmHttpClientConfiguration pwmHttpClientConfiguration = PwmHttpClientConfiguration.builder()
-                .trustManager( certReaderTrustManager )
-                .build();
-        final PwmHttpClient pwmHttpClient = new PwmHttpClient( pwmApplication, sessionLabel, pwmHttpClientConfiguration );
-        final PwmHttpClientRequest request = new PwmHttpClientRequest( HttpMethod.GET, uri.toString(), "", Collections.emptyMap() );
-
-        LOGGER.debug( sessionLabel, () -> "beginning attempt to import certificates via httpclient" );
-
-        ErrorInformation requestError = null;
-        try
-        {
-            pwmHttpClient.makeRequest( request );
-        }
-        catch ( PwmException e )
-        {
-            requestError = e.getErrorInformation();
-        }
-
-        if ( certReaderTrustManager.getCertificates() != null )
-        {
-            return certReaderTrustManager.getCertificates();
-        }
-
-        {
-            final ErrorInformation finalError = requestError;
-            LOGGER.debug( sessionLabel, () -> "unable to read certificates from remote server via httpclient, error: " + finalError );
-        }
-
-        if ( requestError == null )
-        {
-            final String msg = "unable to read certificates via httpclient; check log files for more details";
-            throw PwmUnrecoverableException.newException( PwmError.ERROR_CERTIFICATE_ERROR, msg );
-        }
-
-        throw new PwmUnrecoverableException( requestError );
-    }
-
     public static List<X509Certificate> readRemoteCertificates(
             final String host,
             final int port,
@@ -189,6 +143,52 @@ public abstract class X509Utils
         return certs == null ? Collections.emptyList() : certs;
     }
 
+    public static List<X509Certificate> readRemoteHttpCertificates(
+            final PwmApplication pwmApplication,
+            final SessionLabel sessionLabel,
+            final URI uri,
+            final Configuration configuration
+    )
+            throws PwmUnrecoverableException
+    {
+        final CertReaderTrustManager certReaderTrustManager = new CertReaderTrustManager( readCertificateFlagsFromConfig( configuration ) );
+        final PwmHttpClientConfiguration pwmHttpClientConfiguration = PwmHttpClientConfiguration.builder()
+                .trustManager( certReaderTrustManager )
+                .build();
+        final PwmHttpClient pwmHttpClient = new PwmHttpClient( pwmApplication, sessionLabel, pwmHttpClientConfiguration );
+        final PwmHttpClientRequest request = new PwmHttpClientRequest( HttpMethod.GET, uri.toString(), "", Collections.emptyMap() );
+
+        LOGGER.debug( sessionLabel, () -> "beginning attempt to import certificates via httpclient" );
+
+        ErrorInformation requestError = null;
+        try
+        {
+            pwmHttpClient.makeRequest( request );
+        }
+        catch ( PwmException e )
+        {
+            requestError = e.getErrorInformation();
+        }
+
+        if ( certReaderTrustManager.getCertificates() != null )
+        {
+            return certReaderTrustManager.getCertificates();
+        }
+
+        {
+            final ErrorInformation finalError = requestError;
+            LOGGER.debug( sessionLabel, () -> "unable to read certificates from remote server via httpclient, error: " + finalError );
+        }
+
+        if ( requestError == null )
+        {
+            final String msg = "unable to read certificates via httpclient; check log files for more details";
+            throw PwmUnrecoverableException.newException( PwmError.ERROR_CERTIFICATE_ERROR, msg );
+        }
+
+        throw new PwmUnrecoverableException( requestError );
+    }
+
     private static ReadCertificateFlag[] readCertificateFlagsFromConfig( final Configuration configuration )
     {
         final CertificateMatchingMode mode = configuration.readCertificateMatchingMode();
@@ -523,7 +523,7 @@ public abstract class X509Utils
         for ( final X509Certificate certificate : certificates )
         {
             final boolean[] keyUsages = certificate.getKeyUsage();
-            if ( keyUsages.length > keyCertSignBitPosition - 1 )
+            if ( keyUsages != null && keyUsages.length > keyCertSignBitPosition - 1 )
             {
                 if ( keyUsages[keyCertSignBitPosition] )
                 {

server/src/main/resources/password/pwm/i18n/Display.properties

@@ -66,6 +66,7 @@ Button_OK=OK
 Button_SendEmail=Send Email
 Button_Export=Export
 Button_ExportOrgChart=Export Organizational Chart
+Button_EmailTeam=Email Team Members
 Button_TokenVerification=Token Verification
 Button_SendToken=Send Token
 Display_ActivateUser=To confirm your identity, please enter the following information. Your information will be used to locate and activate your user account.<p/>Be sure to complete the process, or your account will not be activated properly.
@@ -296,6 +297,7 @@ Title_AnsweredQuestions=Answered Questions
 Title_ActivateUser=Activate Account
 Title_Admin=Administration
 Title_Application=Self Service Password Reset
+Title_Application_Abbrev=SSPR
 Title_Captcha=Verification
 Title_ChangePassword=Change Password
 Title_ConfirmResponses=Confirm Security Questions

webapp/pom.xml

@@ -295,15 +295,10 @@
             <version>1.14.2</version>
         </dependency>
         <dependency>
-            <groupId>org.webjars.bower</groupId>
+            <groupId>org.webjars.npm</groupId>
             <artifactId>dgrid</artifactId>
             <version>1.2.1</version>
         </dependency>
-        <dependency>
-            <groupId>org.webjars.bower</groupId>
-            <artifactId>dstore</artifactId>
-            <version>1.1.2</version>
-        </dependency>
         <dependency>
             <groupId>org.webjars.bower</groupId>
             <artifactId>font-awesome</artifactId>

webapp/src/main/webapp/WEB-INF/jsp/fragment/header-body.jsp

@@ -41,7 +41,10 @@
     <div id="header-center">
         <div id="header-center-left">
             <div id="header-page"><pwm:display key="${param['pwm.PageName']}" displayIfMissing="true"/></div>
-            <div id="header-title"><pwm:display key="Title_Application"/></div>
+            <div id="header-title">
+                <span class="title-long"><pwm:display key="Title_Application"/></span>
+                <span class="title-short"><pwm:display key="Title_Application_Abbrev"/></span>
+            </div>
         </div>
 
         <div id="header-center-right">