- misc minor fixes

pwm/servlet/src/password/pwm/AppProperty.java

@@ -145,6 +145,7 @@ public enum AppProperty {
     LOGGING_FILE_PATH                               ("logging.file.path"),
     LOGGING_DEV_OUTPUT                              ("logging.devOutput.enable"),
     NEWUSER_LDAP_USE_TEMP_PW                        ("newUser.ldap.useTempPassword"),
+    NEWUSER_TOKEN_ALLOW_PLAIN_PW                    ("newUser.token.allowPlainPassword"),
     NMAS_THREADS_MAX_COUNT                          ("nmas.threads.maxCount"),
     NMAS_THREADS_MIN_SECONDS                        ("nmas.threads.minSeconds"),
     NMAS_THREADS_MAX_SECONDS                        ("nmas.threads.maxSeconds"),

pwm/servlet/src/password/pwm/AppProperty.properties

@@ -138,6 +138,7 @@ logging.file.maxSize=20MB
 logging.file.maxRollover=50
 logging.file.path=logs
 newUser.ldap.useTempPassword=auto
+newUser.token.allowPlainPassword=true
 nmas.threads.maxCount=120
 nmas.threads.minSeconds=1800
 nmas.threads.maxSeconds=3000

pwm/servlet/src/password/pwm/http/filter/RequestInitializationFilter.java

@@ -73,7 +73,7 @@ public class RequestInitializationFilter implements Filter {
                 checkIfSessionRecycleNeeded(pwmRequest);
             //}
         } catch (Throwable e) {
-            LOGGER.error("can't load application: " + e.getMessage());
+            LOGGER.error("can't load application: " + e.getMessage(),e);
             if (!(new PwmURL(req).isResourceURL())) {
                 ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_APP_UNAVAILABLE);
                 try {

pwm/servlet/src/password/pwm/http/servlet/NewUserServlet.java

@@ -52,9 +52,9 @@ import password.pwm.i18n.Message;
 import password.pwm.ldap.UserDataReader;
 import password.pwm.ldap.UserSearchEngine;
 import password.pwm.ldap.auth.SessionAuthenticator;
-import password.pwm.token.TokenType;
 import password.pwm.token.TokenPayload;
 import password.pwm.token.TokenService;
+import password.pwm.token.TokenType;
 import password.pwm.util.*;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.macro.MacroMachine;
@@ -91,7 +91,7 @@ public class NewUserServlet extends AbstractPwmServlet {
     private static final String FIELD_PASSWORD1 = "password1";
     private static final String FIELD_PASSWORD2 = "password2";
     private static final String TOKEN_PAYLOAD_ATTR = "_______profileID";
-    
+
     public enum Page {
         ProfileSelect,
         Form,
@@ -145,7 +145,7 @@ public class NewUserServlet extends AbstractPwmServlet {
             pwmRequest.respondWithError(PwmError.ERROR_SERVICE_NOT_AVAILABLE.toInfo());
             return;
         }
-        
+
         // convert a url command like /pwm/public/NewUserServlet/12321321 to redirect with a process action.
         if (action == null) {
             if (pwmRequest.convertURLtokenCommand()) {
@@ -458,17 +458,17 @@ public class NewUserServlet extends AbstractPwmServlet {
 
 
     private void handleProfileChoiceRequest(final PwmRequest pwmRequest, final NewUserBean newUserBean)
-            throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException 
+            throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException
     {
         final Set<String> profileIDs = pwmRequest.getConfig().getNewUserProfiles().keySet();
         final String requestedProfileID = pwmRequest.readParameterAsString("profile");
-        
+
         if (requestedProfileID == null || requestedProfileID.isEmpty()) {
             newUserBean.setProfileID(null);
         } if (profileIDs.contains(requestedProfileID)) {
             newUserBean.setProfileID(requestedProfileID);
         }
-        
+
         this.advancedToNextStage(pwmRequest, newUserBean);
     }
 
@@ -806,7 +806,7 @@ public class NewUserServlet extends AbstractPwmServlet {
     {
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
-        
+
         if (pwmApplication.getConfig().getTokenStorageMethod() == TokenStorageMethod.STORE_LDAP) {
             throw new PwmUnrecoverableException(new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR,null,new String[]{
                     "cannot generate new user tokens when storage type is configured as STORE_LDAP."}));
@@ -1081,10 +1081,10 @@ public class NewUserServlet extends AbstractPwmServlet {
             this.formData = formData;
         }
     }
-    
+
     private static class NewUserFormUtils {
-        
-        
+
+
         static NewUserBean.NewUserForm readFromRequest(PwmRequest pwmRequest)
                 throws PwmDataValidationException, PwmUnrecoverableException
         {
@@ -1125,12 +1125,23 @@ public class NewUserServlet extends AbstractPwmServlet {
             final Locale userLocale = pwmRequest.getLocale();
 
             final Map<String, String> payloadMap = tokenPayload.getData();
-            final String profileID = payloadMap.get(TOKEN_PAYLOAD_ATTR);
-            payloadMap.remove(TOKEN_PAYLOAD_ATTR);
 
-            final NewUserProfile newUserProfile = pwmRequest.getConfig().getNewUserProfiles().get(profileID);
-            if (newUserProfile == null) {
-                throw new PwmOperationalException(PwmError.ERROR_TOKEN_INCORRECT,"token data references an invalid new user profileID");
+            final NewUserProfile newUserProfile;
+            {
+                final String profileID = payloadMap.get(TOKEN_PAYLOAD_ATTR);
+                payloadMap.remove(TOKEN_PAYLOAD_ATTR);
+                if (profileID == null || profileID.isEmpty()) {
+                    // typically missing because issued with code before newuser profile existed, so assume  only profile
+                    if (pwmRequest.getConfig().getNewUserProfiles().size() > 1) {
+                        throw new PwmOperationalException(PwmError.ERROR_TOKEN_INCORRECT, "token data missing reference to new user profileID");
+                    }
+                    newUserProfile = pwmRequest.getConfig().getNewUserProfiles().values().iterator().next();
+                } else {
+                    if (!pwmRequest.getConfig().getNewUserProfiles().keySet().contains(profileID)) {
+                        throw new PwmOperationalException(PwmError.ERROR_TOKEN_INCORRECT, "token data references an invalid new user profileID");
+                    }
+                    newUserProfile = pwmRequest.getConfig().getNewUserProfiles().get(profileID);
+                }
             }
 
             final List<FormConfiguration> newUserFormDefinition = newUserProfile.readSettingAsForm(PwmSetting.NEWUSER_FORM);
@@ -1138,14 +1149,24 @@ public class NewUserServlet extends AbstractPwmServlet {
                     newUserFormDefinition, userLocale);
             final PasswordData passwordData;
             if (payloadMap.containsKey(FIELD_PASSWORD1)) {
-                final String rawPassword = payloadMap.get(FIELD_PASSWORD1);
-                final String realPassword = pwmRequest.getPwmApplication().getSecureService().decryptStringValue(rawPassword);
-                passwordData = new PasswordData(realPassword);
+                final String passwordInToken = payloadMap.get(FIELD_PASSWORD1);
+                String decryptedPassword = passwordInToken;
+                try {
+                    decryptedPassword = pwmRequest.getPwmApplication().getSecureService().decryptStringValue(passwordInToken);
+                } catch (PwmUnrecoverableException e) {
+                    final boolean allowUnencryptedPassword = Boolean.parseBoolean(pwmRequest.getConfig().readAppProperty(AppProperty.NEWUSER_TOKEN_ALLOW_PLAIN_PW));
+                    if (allowUnencryptedPassword && e.getError() == PwmError.ERROR_CRYPT_ERROR) {
+                        LOGGER.warn(pwmRequest, "error decrypting password in tokenPayload, will use raw password value: " + e.getMessage());
+                    } else {
+                        throw e;
+                    }
+                }
+                passwordData = new PasswordData(decryptedPassword);
             } else {
                 passwordData = null;
             }
             final NewUserBean.NewUserForm newUserForm = new NewUserBean.NewUserForm(userFormValues, passwordData, passwordData);
-            return new NewUserTokenData(profileID,newUserForm);
+            return new NewUserTokenData(newUserProfile.getIdentifier(), newUserForm);
         }
 
         static Map<String, String> toTokenPayload(
@@ -1164,7 +1185,7 @@ public class NewUserServlet extends AbstractPwmServlet {
             return payloadMap;
         }
     }
-    
+
     public static NewUserProfile getNewUserProfile(final PwmRequest pwmRequest) {
         final String profileID = pwmRequest.getPwmSession().getNewUserBean().getProfileID();
         if (profileID == null) {
@@ -1172,9 +1193,9 @@ public class NewUserServlet extends AbstractPwmServlet {
         }
         return pwmRequest.getConfig().getNewUserProfiles().get(profileID);
     }
-    
-    void forwardToFormPage(final PwmRequest pwmRequest) 
-            throws ServletException, PwmUnrecoverableException, IOException 
+
+    void forwardToFormPage(final PwmRequest pwmRequest)
+            throws ServletException, PwmUnrecoverableException, IOException
     {
         final List<FormConfiguration> formConfiguration = getFormDefinition(pwmRequest);
         pwmRequest.addFormInfoToRequestAttr(formConfiguration, null, false, true);

pwm/servlet/src/password/pwm/util/intruder/IntruderManager.java

@@ -43,6 +43,7 @@ import password.pwm.health.HealthRecord;
 import password.pwm.health.HealthStatus;
 import password.pwm.health.HealthTopic;
 import password.pwm.http.PwmSession;
+import password.pwm.ldap.LdapUserDataReader;
 import password.pwm.ldap.UserStatusReader;
 import password.pwm.util.*;
 import password.pwm.util.db.DatabaseDataStore;
@@ -336,7 +337,7 @@ public class IntruderManager implements Serializable, PwmService {
                             sessionLabel
                     );
                     pwmApplication.getAuditManager().submit(auditRecord);
-                    sendAlert(manager.readIntruderRecord(subject));
+                    sendAlert(manager.readIntruderRecord(subject), sessionLabel);
                 }
 
                 manager.markAlerted(subject);
@@ -367,7 +368,7 @@ public class IntruderManager implements Serializable, PwmService {
         }
     }
 
-    private void sendAlert(final IntruderRecord intruderRecord) {
+    private void sendAlert(final IntruderRecord intruderRecord, final SessionLabel sessionLabel) {
         if (intruderRecord == null) {
             return;
         }
@@ -375,7 +376,7 @@ public class IntruderManager implements Serializable, PwmService {
         if (intruderRecord.getType() == RecordType.USER_ID) {
             try {
                 final UserIdentity identity = UserIdentity.fromDelimitedKey(intruderRecord.getSubject());
-                sendIntruderNoticeEmail(pwmApplication, identity);
+                sendIntruderNoticeEmail(pwmApplication, sessionLabel, identity);
             } catch (PwmUnrecoverableException e) {
                 LOGGER.error("unable to send intruder mail, can't read userDN/ldapProfile from stored record: " + e.getMessage());
             }
@@ -536,6 +537,7 @@ public class IntruderManager implements Serializable, PwmService {
 
     private static void sendIntruderNoticeEmail(
             final PwmApplication pwmApplication,
+            final SessionLabel sessionLabel,
             final UserIdentity userIdentity
     )
     {
@@ -548,12 +550,19 @@ public class IntruderManager implements Serializable, PwmService {
 
         try {
             final UserStatusReader userStatusReader = new UserStatusReader(pwmApplication, null);
-            MacroMachine.forUser(pwmApplication, PwmConstants.DEFAULT_LOCALE, null, userIdentity);
             final UserInfoBean userInfoBean = userStatusReader.populateUserInfoBean(
                     PwmConstants.DEFAULT_LOCALE,
                     userIdentity
             );
-            pwmApplication.getEmailQueue().submitEmail(configuredEmailSetting, userInfoBean, null);
+
+            final MacroMachine macroMachine = new MacroMachine(
+                    pwmApplication,
+                    sessionLabel,
+                    userInfoBean,
+                    null,
+                    LdapUserDataReader.appProxiedReader(pwmApplication, userIdentity));
+
+            pwmApplication.getEmailQueue().submitEmail(configuredEmailSetting, userInfoBean, macroMachine);
         } catch (PwmUnrecoverableException e) {
             LOGGER.error("error reading user info while sending intruder notice for user " + userIdentity + ", error: " + e.getMessage());
         }

pwm/servlet/src/password/pwm/util/operations/PasswordUtility.java

@@ -965,7 +965,20 @@ public class PasswordUtility {
             return;
         }
 
-        pwmApplication.getEmailQueue().submitEmail(configuredEmailSetting, userInfoBean, null);
+        final MacroMachine macroMachine = userInfoBean == null
+                ? null
+                : new MacroMachine(
+                pwmApplication,
+                pwmSession.getLabel(),
+                userInfoBean,
+                null,
+                LdapUserDataReader.appProxiedReader(
+                        pwmApplication,
+                        userInfoBean.getUserIdentity()
+                )
+        );
+
+        pwmApplication.getEmailQueue().submitEmail(configuredEmailSetting, userInfoBean, macroMachine);
     }
 
     public static Date determinePwdLastModified(

pwm/servlet/web/WEB-INF/jsp/admin-analysis.jsp

@@ -214,8 +214,7 @@
                     <div style="height:100%; width: 100%">
                         <div id="statsChartOptionsDiv" style="width:580px; text-align: center; margin:0 auto;">
                             <label for="statsChartSelect">Statistic</label>
-                            <select name="statsChartSelect" id="statsChartSelect" data-dojo-type="dijit.form.Select" style="width: 300px;" data-dojo-props="maxHeight: -1"
-                                    onchange="refreshChart()">
+                            <select name="statsChartSelect" id="statsChartSelect" data-dojo-type="dijit.form.Select" style="width: 300px;" data-dojo-props="maxHeight: -1">
                                 <% for (final Statistic loopStat : Statistic.sortedValues(locale)) { %>
                                 <option value="<%=loopStat %>"><%=loopStat.getLabel(locale)%></option>
                                 <% } %>
@@ -268,6 +267,7 @@
                 PWM_MAIN.addEventHandler('reportStartButton','click',function(){ PWM_ADMIN.reportAction('start') });
                 PWM_MAIN.addEventHandler('reportStopButton','click',function(){ PWM_ADMIN.reportAction('stop') });
                 PWM_MAIN.addEventHandler('reportClearButton','click',function(){ PWM_ADMIN.reportAction('clear') });
+                PWM_MAIN.addEventHandler('statsChartSelect','change',function(){ refreshChart() })
 
             });
         });

pwm/servlet/web/public/reference/referencedoc.jsp

@@ -121,9 +121,6 @@
                 <td>
                     <h3>Type</h3>
                 </td>
-                <td>
-                    <h3>Stored In User History</h3>
-                </td>
                 <td>
                     <h3>Resource Key</h3>
                 </td>
@@ -139,9 +136,6 @@
                 <td>
                     <%= auditEvent.getType() %>
                 </td>
-                <td>
-                    <%= auditEvent.isStoreOnUser() %>
-                </td>
                 <td>
                     <%= auditEvent.getMessage().getKey() %>
                 </td>

pwm/servlet/web/public/resources/js/configeditor-settings.js

@@ -1926,7 +1926,6 @@ ChallengeSettingHandler.draw = function(settingKey) {
         (function(localeKey) {
             var multiValues = resultValue[localeKey];
             var rowCount = PWM_MAIN.itemCount(multiValues);
-            var editJsText = 'ChallengeSettingHandler.editLocale(\'' + settingKey + '\',\'' + localeKey + '\')';
 
             bodyText += '<table class="noborder"><tr><td>';
             bodyText += '<table style="cursor: pointer; table-layout: fixed">';
@@ -1936,7 +1935,7 @@ ChallengeSettingHandler.draw = function(settingKey) {
             }
 
             bodyText += '<tr>';
-            bodyText += '<td style="width:100%" onclick="' + editJsText + '"> ';
+            bodyText += '<td style="width:100%" id="button-edit-' + settingKey + '-' + localeKey + '">';
             if (rowCount > 0) {
                 for (var iteration in multiValues) {
                     var id = 'panel-value-' + settingKey + '-' + localeKey + '-' + iteration;
@@ -1974,6 +1973,10 @@ ChallengeSettingHandler.draw = function(settingKey) {
 
     for (var localeName in resultValue) {
         (function(localeKey) {
+            PWM_MAIN.addEventHandler('button-edit-' + settingKey + '-' + localeKey,'click',function(){
+                ChallengeSettingHandler.editLocale(settingKey,localeKey);
+            });
+
             var multiValues = resultValue[localeKey];
             var rowCount = PWM_MAIN.itemCount(multiValues);
             if (rowCount > 0) {
@@ -2192,7 +2195,7 @@ ChallengeSettingHandler.write = function(keyName, nextFunction) {
 
 var UserPermissionHandler = {};
 UserPermissionHandler.defaultFilterValue = {type:'ldapFilter',ldapQuery:"(objectClass=*)",ldapBase:""};
-UserPermissionHandler.defaultGroupValue = {type:'ldapGroup',ldapBase:"cn=exampleGroup,ou=container,o=organization"};
+UserPermissionHandler.defaultGroupValue = {type:'ldapGroup',ldapBase:""};
 
 UserPermissionHandler.init = function(keyName) {
     console.log('UserPermissionHandler init for ' + keyName);
@@ -2215,13 +2218,13 @@ UserPermissionHandler.draw = function(keyName) {
     for (var iteration in resultValue) {
         (function(rowKey) {
             var inputID = "value-" + keyName + "-" + rowKey;
-            htmlBody += '<div class="setting_item_value_wrapper" style="float:left; width: 570px;"><div style="width:100%; text-align:center">';
-            if (resultValue[rowKey]['type'] == 'ldapGroup') {
-                htmlBody += 'LDAP Group';
-            } else {
-                htmlBody += 'LDAP Filter';
+
+            if (htmlBody.length > 0) {
+                htmlBody += '<br/><br/><div style="clear:both; text-align:center"><span class="fa fa-plus"></span></div>'
             }
 
+            htmlBody += '<div class="setting_item_value_wrapper" style="float:left; width: 570px;"><div style="width:100%; text-align:center">';
+
             var currentProfileValue = ('ldapProfileID' in resultValue[rowKey]) ? resultValue[rowKey]['ldapProfileID'] : "";
             htmlBody += '</div><table class="noborder">'
                 + '<td style="width:200px" id="' + inputID + '_profileHeader' + '">' + PWM_CONFIG.showString('Setting_Permission_Profile') + '</td>'