minor fixes

pom.xml

@@ -192,12 +192,12 @@
             <plugin>
                 <groupId>org.jasig.mojo.jspc</groupId>
                 <artifactId>jspc-maven-plugin</artifactId>
-                <version>2.0.0</version>
+                <version>2.0.2</version>
                 <dependencies>
                     <dependency>
                         <groupId>org.jasig.mojo.jspc</groupId>
                         <artifactId>jspc-compiler-tomcat7</artifactId>
-                        <version>2.0.0</version>
+                        <version>2.0.2</version>
                     </dependency>
                 </dependencies>
                 <configuration>
@@ -357,7 +357,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.10</version>
+            <version>4.12</version>
             <scope>test</scope>
         </dependency>
         <dependency>
@@ -441,7 +441,7 @@
         <dependency>
             <groupId>com.sun.mail</groupId>
             <artifactId>javax.mail</artifactId>
-            <version>1.5.5</version>
+            <version>1.5.6</version>
         </dependency>
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
@@ -476,12 +476,12 @@
         <dependency>
             <groupId>org.glassfish.jersey.containers</groupId>
             <artifactId>jersey-container-servlet</artifactId>
-            <version>2.23.1</version>
+            <version>2.23.2</version>
         </dependency>
         <dependency>
             <groupId>org.glassfish.jersey.media</groupId>
             <artifactId>jersey-media-json-jackson</artifactId>
-            <version>2.23.1</version>
+            <version>2.23.2</version>
         </dependency>
         <dependency>
             <groupId>org.jasig.cas.client</groupId>
@@ -491,7 +491,7 @@
         <dependency>
             <groupId>org.mapdb</groupId>
             <artifactId>mapdb</artifactId>
-            <version>3.0.0</version>
+            <version>3.0.1</version>
         </dependency>
         <dependency>
             <groupId>com.h2database</groupId>

src/main/java/password/pwm/AppProperty.java

@@ -36,7 +36,6 @@ public enum AppProperty {
     APPLICATION_WORDLIST_RETRY_SECONDS              ("application.wordlistRetryImportSeconds"),
     AUDIT_EVENTS_EMAILFROM                          ("audit.events.emailFrom"),
     AUDIT_EVENTS_EMAILSUBJECT                       ("audit.events.emailSubject"),
-    AUDIT_VAULT_MAX_RECORDS                         ("audit.vault.maxRecords"),
     BACKUP_LOCATION                                 ("backup.path"),
     BACKUP_CONFIG_COUNT                             ("backup.config.count"),
     BACKUP_LOCALDB_COUNT                            ("backup.localdb.count"),

src/main/java/password/pwm/PwmEnvironment.java

@@ -542,11 +542,13 @@ public class PwmEnvironment implements Serializable {
                 } catch (IOException e) {
                     LOGGER.error("error releasing file lock: " + e.getMessage());
                 }
+                /*
                 try {
                     lockfile.delete();
                 } catch (Exception e) {
                     LOGGER.error("error deleting lock file: " + e.getMessage());
                 }
+                */
                 lock = null;
                 LOGGER.debug("released file lock on file " + lockfile.getAbsolutePath());
             }

src/main/java/password/pwm/config/PwmSetting.java

@@ -614,6 +614,8 @@ public enum PwmSetting {
             "audit.user.eventList", PwmSettingSyntax.OPTIONLIST, PwmSettingCategory.AUDIT_CONFIG),
     EVENTS_AUDIT_MAX_AGE(
             "events.audit.maxAge", PwmSettingSyntax.DURATION, PwmSettingCategory.AUDIT_CONFIG),
+    EVENTS_AUDIT_MAX_EVENTS(
+            "events.audit.maxEvents", PwmSettingSyntax.NUMERIC, PwmSettingCategory.AUDIT_CONFIG),
 
     EVENTS_USER_STORAGE_METHOD(
             "events.user.storageMethod", PwmSettingSyntax.SELECT, PwmSettingCategory.USER_HISTORY),

src/main/java/password/pwm/http/servlet/DeleteAccountServlet.java

@@ -218,6 +218,14 @@ public class DeleteAccountServlet extends AbstractPwmServlet {
         // mark the event log
         pwmApplication.getAuditManager().submit(AuditEvent.DELETE_ACCOUNT, pwmRequest.getPwmSession().getUserInfoBean(), pwmRequest.getPwmSession());
 
+        final String nextUrl = profile.readSettingAsString(PwmSetting.DELETE_ACCOUNT_NEXT_URL);
+        if (nextUrl != null && !nextUrl.isEmpty()) {
+            final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication);
+            final String macroedUrl = macroMachine.expandMacros(nextUrl);
+            LOGGER.debug(pwmRequest, "settinging forward url to post-delete next url: " + macroedUrl);
+            pwmRequest.getPwmSession().getSessionStateBean().setForwardURL(macroedUrl);
+        }
+
         // perform ldap entry delete.
         if (deleteAccountProfile.readSettingAsBoolean(PwmSetting.DELETE_ACCOUNT_DELETE_USER_ENTRY)) {
             final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(pwmRequest.getUserInfoIfLoggedIn());
@@ -233,19 +241,8 @@ public class DeleteAccountServlet extends AbstractPwmServlet {
         // clear the delete bean
         pwmApplication.getSessionStateService().clearBean(pwmRequest, DeleteAccountBean.class);
 
-        final String nextUrl = profile.readSettingAsString(PwmSetting.DELETE_ACCOUNT_NEXT_URL);
-        if (nextUrl != null && !nextUrl.isEmpty()) {
-            final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication);
-            final String macroedUrl = macroMachine.expandMacros(nextUrl);
-            LOGGER.debug(pwmRequest, "settinging forward url to post-delete next url: " + macroedUrl);
-            pwmRequest.getPwmSession().getSessionStateBean().setForwardURL(macroedUrl);
-        }
-
         // delete finished, so logout and redirect.
         pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
         pwmRequest.sendRedirectToContinue();
     }
-
-
-
 }

src/main/java/password/pwm/http/servlet/LoginServlet.java

@@ -169,7 +169,9 @@ public class LoginServlet extends AbstractPwmServlet {
         try {
             handleLoginRequest(pwmRequest, username, password, context, ldapProfile, passwordOnly);
         } catch (PwmOperationalException e) {
-            pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation(), pwmRequest));
+            final ErrorInformation errorInformation = e.getErrorInformation();
+            LOGGER.trace(pwmRequest, "returning rest login error to client: " + errorInformation.toDebugStr());
+            pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
             return;
         }
 

src/main/java/password/pwm/http/servlet/configmanager/DebugItemGenerator.java

@@ -60,7 +60,6 @@ public class DebugItemGenerator {
             AboutItemGenerator.class,
             EnvironmentItemGenerator.class,
             AppPropertiesItemGenerator.class,
-            AuditDebugItemGenerator.class,
             InfoDebugItemGenerator.class,
             HealthDebugItemGenerator.class,
             ThreadDumpDebugItemGenerator.class,
@@ -258,21 +257,6 @@ public class DebugItemGenerator {
         }
     }
 
-    static class AuditDebugItemGenerator implements Generator {
-        @Override
-        public String getFilename() {
-            return "audit.csv";
-        }
-
-        @Override
-        public void outputItem(PwmApplication pwmApplication, PwmRequest pwmRequest, OutputStream outputStream) throws Exception
-        {
-            final ByteArrayOutputStream baos = new ByteArrayOutputStream();
-            pwmApplication.getAuditManager().outputVaultToCsv(baos, pwmRequest.getLocale(), true);
-            outputStream.write(baos.toByteArray());
-        }
-    }
-
     static class InfoDebugItemGenerator implements Generator {
         @Override
         public String getFilename() {

src/main/java/password/pwm/ldap/LdapOperationsHelper.java

@@ -29,10 +29,7 @@ import com.novell.ldapchai.ChaiUser;
 import com.novell.ldapchai.cr.Answer;
 import com.novell.ldapchai.exception.ChaiOperationException;
 import com.novell.ldapchai.exception.ChaiUnavailableException;
-import com.novell.ldapchai.provider.ChaiConfiguration;
-import com.novell.ldapchai.provider.ChaiProvider;
-import com.novell.ldapchai.provider.ChaiProviderFactory;
-import com.novell.ldapchai.provider.ChaiSetting;
+import com.novell.ldapchai.provider.*;
 import com.novell.ldapchai.util.SearchHelper;
 import password.pwm.AppProperty;
 import password.pwm.PwmApplication;

src/main/java/password/pwm/ldap/UserSearchEngine.java

@@ -41,6 +41,7 @@ import password.pwm.error.*;
 import password.pwm.http.PwmRequest;
 import password.pwm.svc.PwmService;
 import password.pwm.svc.stats.Statistic;
+import password.pwm.util.Helper;
 import password.pwm.util.JsonUtil;
 import password.pwm.util.StringUtil;
 import password.pwm.util.TimeDuration;
@@ -235,10 +236,10 @@ public class UserSearchEngine {
                 if (!skipProfile) {
                     try {
                         returnMap.putAll(performMultiUserSearchImpl(
-                                        ldapProfile,
-                                        searchConfiguration,
-                                        maxResults - returnMap.size(),
-                                        returnAttributes)
+                                ldapProfile,
+                                searchConfiguration,
+                                maxResults - returnMap.size(),
+                                returnAttributes)
                         );
                     } catch (PwmUnrecoverableException e) {
                         if (e.getError() == PwmError.ERROR_DIRECTORY_UNAVAILABLE) {
@@ -247,11 +248,11 @@ public class UserSearchEngine {
                                 errors.add(e.getErrorInformation().getDetailedErrorMsg());
                                 if (errors.size() >= ldapProfiles.size()) {
                                     final String errorMsg = "all ldap profiles are unreachable; errors: " + JsonUtil.serializeCollection(errors);
-                                    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE,errorMsg));
+                                    throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, errorMsg));
                                 }
-                            } else {
-                                throw e;
                             }
+                        } else {
+                            throw e;
                         }
                     }
                 }
@@ -336,17 +337,31 @@ public class UserSearchEngine {
         final Map<UserIdentity,Map<String,String>> returnMap;
         returnMap = new LinkedHashMap<>();
         for (final String loopContext : searchContexts) {
-            final Map<UserIdentity,Map<String,String>> singleContextResults;
-            singleContextResults = doSingleContextSearch(
-                    ldapProfile,
-                    searchFilter,
-                    loopContext,
-                    returnAttributes,
-                    maxResults - returnMap.size(),
-                    chaiProvider,
-                    timeLimitMS
-            );
-            returnMap.putAll(singleContextResults);
+            try {
+                final Map<UserIdentity, Map<String, String>> singleContextResults = doSingleContextSearch(
+                        ldapProfile,
+                        searchFilter,
+                        loopContext,
+                        returnAttributes,
+                        maxResults - returnMap.size(),
+                        chaiProvider,
+                        timeLimitMS
+                );
+                returnMap.putAll(singleContextResults);
+            } catch (Throwable t) {
+                final ErrorInformation errorInformation;
+                if (t instanceof PwmException) {
+                    errorInformation = new ErrorInformation(((PwmException) t).getError(), "unexpected error during ldap search ("
+                            + "profile=" + ldapProfile.getIdentifier() + ")"
+                            + ", error: " + t.getMessage());
+                } else {
+                    errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected error during ldap search ("
+                            + "profile=" + ldapProfile.getIdentifier() + ")"
+                            + ", error: " + Helper.readHostileExceptionMessage(t));
+                }
+                LOGGER.error(sessionLabel, "error during user search: " + errorInformation.toDebugStr());
+                throw new PwmUnrecoverableException(errorInformation);
+            }
             if (returnMap.size() >= maxResults) {
                 break;
             }

src/main/java/password/pwm/svc/event/AuditEvent.java

@@ -33,7 +33,13 @@ import java.util.*;
 public enum AuditEvent {
 
     // system events
-    STARTUP(                        Message.EventLog_Startup,                           Admin.EventLog_Narrative_Startup,                          Type.SYSTEM),
+    STARTUP(
+            Message.EventLog_Startup,
+            Admin.EventLog_Narrative_Startup,
+            Type.SYSTEM
+    ),
+
+
     SHUTDOWN(                       Message.EventLog_Shutdown,                          Admin.EventLog_Narrative_Shutdown,                         Type.SYSTEM),
     FATAL_EVENT(                    Message.EventLog_FatalEvent,                        Admin.EventLog_Narrative_FatalEvent,                       Type.SYSTEM),
     INTRUDER_LOCK(                  Message.EventLog_IntruderLockout,                   Admin.EventLog_Narrative_IntruderLockout,                  Type.SYSTEM),

src/main/java/password/pwm/svc/event/AuditService.java

@@ -136,15 +136,22 @@ public class AuditService implements PwmService {
         }
         {
             final TimeDuration maxRecordAge = new TimeDuration(pwmApplication.getConfig().readSettingAsLong(PwmSetting.EVENTS_AUDIT_MAX_AGE) * 1000);
-            final int maxRecords = Integer.parseInt(pwmApplication.getConfig().readAppProperty(AppProperty.AUDIT_VAULT_MAX_RECORDS));
+            final long maxRecords = pwmApplication.getConfig().readSettingAsLong(PwmSetting.EVENTS_AUDIT_MAX_EVENTS);
             final AuditVault.Settings settings = new AuditVault.Settings(
                     maxRecords,
                     maxRecordAge
             );
 
             if (pwmApplication.getLocalDB() != null && pwmApplication.getApplicationMode() != PwmApplicationMode.READ_ONLY) {
-                auditVault = new LocalDbAuditVault(pwmApplication, pwmApplication.getLocalDB());
-                auditVault.init(settings);
+                if (maxRecords < 1) {
+                    LOGGER.debug("localDB audit vault will remain closed due to max records setting");
+                    pwmApplication.getLocalDB().truncate(LocalDB.DB.AUDIT_EVENTS);
+                } else {
+                    auditVault = new LocalDbAuditVault(pwmApplication, pwmApplication.getLocalDB());
+                    auditVault.init(settings);
+                }
+            } else {
+                LOGGER.debug("localDB audit vault will remain closed due to application mode");
             }
         }
 
@@ -253,7 +260,7 @@ public class AuditService implements PwmService {
         return auditVault.size();
     }
 
-    public Date eldestValutRecord() {
+    public Date eldestVaultRecord() {
         if (status != STATUS.OPEN || auditVault == null) {
             return null;
         }

src/main/java/password/pwm/svc/event/AuditVault.java

@@ -40,16 +40,16 @@ public interface AuditVault {
     void add(AuditRecord record);
 
     class Settings {
-        private int maxRecordCount;
+        private long maxRecordCount;
         private TimeDuration maxRecordAge;
 
 
-        public Settings(int maxRecordCount, TimeDuration maxRecordAge) {
+        public Settings(long maxRecordCount, TimeDuration maxRecordAge) {
             this.maxRecordCount = maxRecordCount;
             this.maxRecordAge = maxRecordAge;
         }
 
-        public int getMaxRecordCount() {
+        public long getMaxRecordCount() {
             return maxRecordCount;
         }
 

src/main/java/password/pwm/svc/event/LocalDbAuditVault.java

@@ -151,7 +151,7 @@ public class LocalDbAuditVault implements AuditVault {
                 auditDB.removeFirst();
                 workActions++;
             } else {
-                return;
+                break;
             }
         }
 

src/main/java/password/pwm/util/TimeDuration.java

@@ -382,6 +382,36 @@ public class TimeDuration implements Comparable, Serializable {
         return "TimeDuration[" + this.asCompactString() + "]";
     }
 
+    /**
+     * Pause the calling thread the specified amount of time.
+     *
+     * @param sleepTimeMS - a time duration in milliseconds
+     * @return time actually spent sleeping
+     */
+    public static TimeDuration pause(final long sleepTimeMS) {
+        final long startTime = System.currentTimeMillis();
+        do {
+            try {
+                final long sleepTime = sleepTimeMS - (System.currentTimeMillis() - startTime);
+                Thread.sleep(sleepTime > 0 ? sleepTime : 5);
+            } catch (InterruptedException e) {
+                //who cares
+            }
+        } while ((System.currentTimeMillis() - startTime) < sleepTimeMS);
+
+        return TimeDuration.fromCurrent(startTime);
+    }
+
+    /**
+     * Pause the calling thread the specified amount of time.
+     *
+     * @return time actually spent sleeping
+     */
+    public TimeDuration pause() {
+        return pause(this.getTotalMilliseconds());
+    }
+
+
     // -------------------------- INNER CLASSES --------------------------
 
     private static class TimeDetail implements Serializable {

src/main/java/password/pwm/util/localdb/Xodus_LocalDB.java

@@ -68,7 +68,13 @@ public class Xodus_LocalDB implements LocalDBProvider {
 
 
     @Override
-    public void init(File dbDirectory, Map<String, String> initParameters, Map<Parameter,String> parameters) throws LocalDBException {
+    public void init(
+            final File dbDirectory,
+            final Map<String, String> initParameters,
+            final Map<Parameter,String> parameters
+    )
+            throws LocalDBException
+    {
         this.fileLocation = dbDirectory;
 
         LOGGER.trace("begin environment open");
@@ -79,6 +85,8 @@ public class Xodus_LocalDB implements LocalDBProvider {
         environmentConfig.setGcEnabled(true);
         environmentConfig.setEnvCloseForcedly(true);
         environmentConfig.setFullFileReadonly(false);
+        environmentConfig.setGcStartIn(0);
+        environmentConfig.setGcUtilizationFromScratch(true);
         environmentConfig.setMemoryUsage(50 * 1024 * 1024);
 
         for (final String key : initParameters.keySet()) {

src/main/java/password/pwm/ws/client/rest/naaf/NAAFLoginMethod.java

@@ -29,7 +29,7 @@ public enum NAAFLoginMethod {
     EMAIL_OTP("EMAIL_OTP:1",NAAFMethods.NAAFEmailOTPMethodHandler.class),
     SMS_OTP("SMS_OTP:1",NAAFMethods.NAAFSMSOTPMethodHandler.class),
     SMARTPHONE("SMARTPHONE:1",NAAFMethods.NAAFSmartphoneMethodHandler.class),
-    RADIUS("RADIUS:1",NAAFMethods.NAAFSmartphoneMethodHandler.class),
+    RADIUS("RADIUS:1",NAAFMethods.NAAFRadiusMethodHandler.class),
     TOTP("TOTP:1",NAAFMethods.NAAFTOTPMethodHandler.class),
     HOTP("HOTP:1",NAAFMethods.NAAFHOTPMethodHandler.class),
 

src/main/resources/password/pwm/AppProperty.properties

@@ -28,7 +28,6 @@ application.fileLock.waitSeconds=120
 application.wordlistRetryImportSeconds=600
 audit.events.emailFrom=Audit Event Notification <@DefaultEmailFromAddress@>
 audit.events.emailSubject=@PwmAppName@ - Audit Event - %EVENT%
-audit.vault.maxRecords=100000000
 backup.path=backup
 backup.config.count=20
 backup.localdb.count=10

src/main/resources/password/pwm/config/PwmSetting.xml

@@ -1853,11 +1853,21 @@
             <value>true</value>
         </default>
     </setting>
+
     <setting hidden="false" key="events.audit.maxAge" level="2" required="true">
         <default>
             <value>15552000</value>
         </default>
     </setting>
+    <setting hidden="false" key="events.audit.maxEvents" level="2" required="true">
+        <properties>
+            <property key="Minimum">0</property>
+            <property key="Maximum">100000000</property>
+        </properties>
+        <default>
+            <value>1000000</value>
+        </default>
+    </setting>
     <setting hidden="false" key="challenge.enable" level="1">
         <default>
             <value>true</value>

src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -1111,6 +1111,7 @@ Setting_Label_deleteAccount.actions=Pre-Delete Actions
 Setting_Description_deleteAccount.actions=Actions to execute during the user deletion process.  These actions will execute prior to the actual LDAP entry is deleted (if so configured).  Typically these actions are used to disable the LDAP account and trigger some type of process that will result in an eventual deletion.
 Setting_Label_deleteAccount.nextUrl=Next URL
 Setting_Description_deleteAccount.nextUrl=URL to send user to after deletion.  If blank, the normal logout handling will occur.
-
+Setting_Label_events.audit.maxEvents=LocalDB Audit Events Storage Max Events
+Setting_Description_events.audit.maxEvents=Maximum count of events of the local audit event log.  Default is 1000000.
 
 

src/main/webapp/WEB-INF/jsp/activateuser-entercode.jsp

@@ -51,7 +51,7 @@
                 <input type="hidden" id="pwmFormID" name="pwmFormID" value="<pwm:FormID/>"/>
             </form>
             <pwm:if test="<%=PwmIfTest.showCancel%>">
-                <form action="<pwm:current-url/>" method="post" enctype="application/x-www-form-urlencoded" style="display: inline;">
+                <form action="<pwm:current-url/>" method="post" enctype="application/x-www-form-urlencoded" class="something">
                     <input type="hidden" name="processAction" value="reset"/>
                     <button type="submit" name="button" class="btn" id="buttonCancel">
                         <pwm:if test="<%=PwmIfTest.showIcons%>"><span class="btn-icon pwm-icon pwm-icon-times"></span>&nbsp</pwm:if>

src/main/webapp/WEB-INF/jsp/admin-dashboard.jsp

@@ -432,7 +432,7 @@
                                 Oldest Local Audit Records
                             </td>
                             <td>
-                                <% Date eldestAuditRecord = dashboard_pwmApplication.getAuditManager().eldestValutRecord(); %>
+                                <% Date eldestAuditRecord = dashboard_pwmApplication.getAuditManager().eldestVaultRecord(); %>
                                 <%= eldestAuditRecord != null
                                         ? TimeDuration.fromCurrent(eldestAuditRecord).asLongString()
                                         : JspUtility.getMessage(pageContext, Display.Value_NotApplicable)

src/main/webapp/public/resources/js/configeditor-settings.js

@@ -3126,7 +3126,7 @@ PrivateKeyHandler.draw = function(keyName) {
         htmlBody += '<tr><td>Format</td><td><div class="setting_table_value">' + key['format'] + '</div></td></tr>';
         htmlBody += '<tr><td>Algorithm</td><td><div class="setting_table_value">' + key['algorithm'] + '</div></td></tr>';
         htmlBody += '</table></div>';
-        htmlBody += '<button id="' + keyName + '_ClearButton" class="btn"><span class="btn-icon pwm-icon pwm-icon-times"></span>Clear</button>'
+        htmlBody += '<button id="' + keyName + '_ClearButton" class="btn"><span class="btn-icon pwm-icon pwm-icon-times"></span>Remove Certificate</button>'
     } else {
         htmlBody += '<div>No Key Present</div><br/>';
     }

src/main/webapp/public/resources/style.css

@@ -1041,3 +1041,6 @@ dialog .closeIcon { float: right; cursor: pointer; margin-right: 3px; }
 .center { text-align: center; }
 
 
+.something {
+    display: none;
+}