Update cef branch removing all extra code from previous check ins.

server/src/main/java/password/pwm/config/PwmSetting.java

@@ -723,7 +723,7 @@ public enum PwmSetting {
     CHALLENGE_ENFORCE_MINIMUM_PASSWORD_LIFETIME(
             "challenge.enforceMinimumPasswordLifetime", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.RECOVERY_SETTINGS),
 
-    // recovery definition/verification
+    // recovery profile
     RECOVERY_PROFILE_LIST(
             "recovery.profile.list", PwmSettingSyntax.PROFILE, PwmSettingCategory.INTERNAL),
     RECOVERY_PROFILE_QUERY_MATCH(
@@ -732,22 +732,18 @@ public enum PwmSetting {
             "recovery.verificationMethods", PwmSettingSyntax.VERIFICATION_METHOD, PwmSettingCategory.RECOVERY_DEF),
     RECOVERY_TOKEN_SEND_METHOD(
             "challenge.token.sendMethod", PwmSettingSyntax.SELECT, PwmSettingCategory.RECOVERY_DEF),
+    RECOVERY_ALLOW_UNLOCK(
+            "challenge.allowUnlock", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.RECOVERY_DEF),
+    RECOVERY_ACTION(
+            "recovery.action", PwmSettingSyntax.SELECT, PwmSettingCategory.RECOVERY_DEF),
+    RECOVERY_SENDNEWPW_METHOD(
+            "recovery.sendNewPassword.sendMethod", PwmSettingSyntax.SELECT, PwmSettingCategory.RECOVERY_DEF),
     RECOVERY_ATTRIBUTE_FORM(
             "challenge.requiredAttributes", PwmSettingSyntax.FORM, PwmSettingCategory.RECOVERY_DEF),
-    TOKEN_RESEND_ENABLE(
-            "recovery.token.resend.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.RECOVERY_DEF),
     RECOVERY_ALLOW_WHEN_LOCKED(
             "recovery.allowWhenLocked", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.RECOVERY_DEF),
-
-    // recovery action
-    RECOVERY_ACTION(
-            "recovery.action", PwmSettingSyntax.SELECT, PwmSettingCategory.RECOVERY_ACTIONS),
-    RECOVERY_SENDNEWPW_METHOD(
-            "recovery.sendNewPassword.sendMethod", PwmSettingSyntax.SELECT, PwmSettingCategory.RECOVERY_ACTIONS),
-    RECOVERY_ALLOW_UNLOCK(
-            "challenge.allowUnlock", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.RECOVERY_ACTIONS),
-    RECOVERY_ALLOW_CHANGE_PW_WITHIN_MIN_LIFETIME(
-            "recovery.allowChangePwWithinMinLifetime", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.RECOVERY_ACTIONS),
+    TOKEN_RESEND_ENABLE(
+            "recovery.token.resend.enable", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.RECOVERY_DEF),
 
     // recovery oauth
     RECOVERY_OAUTH_ID_LOGIN_URL(

server/src/main/java/password/pwm/config/PwmSettingCategory.java

@@ -140,7 +140,6 @@ public enum PwmSettingCategory {
     RECOVERY_PROFILE            (RECOVERY),
 
     RECOVERY_DEF                (RECOVERY_PROFILE),
-    RECOVERY_ACTIONS            (RECOVERY_PROFILE),
     RECOVERY_OAUTH              (RECOVERY_PROFILE),
 
     FORGOTTEN_USERNAME          (MODULES_PUBLIC),

server/src/main/java/password/pwm/http/PwmRequestAttribute.java

@@ -79,7 +79,6 @@ public enum PwmRequestAttribute {
     ForgottenPasswordOtpRecord,
     ForgottenPasswordResendTokenEnabled,
     ForgottenPasswordTokenDestItems,
-    ForgottenPasswordShowChangePasswordAction,
 
     GuestCurrentExpirationDate,
     GuestMaximumExpirationDate,

server/src/main/java/password/pwm/svc/event/AuditService.java

@@ -77,8 +77,6 @@ public class AuditService implements PwmService {
     private ErrorInformation lastError;
     private UserHistoryStore userHistoryStore;
     private AuditVault auditVault;
-    private boolean cefEnabled = false;
-
     private PwmApplication pwmApplication;
 
     public AuditService() {
@@ -91,7 +89,7 @@ public class AuditService implements PwmService {
     public void init(final PwmApplication pwmApplication) throws PwmException {
         this.status = STATUS.OPENING;
         this.pwmApplication = pwmApplication;
-        cefEnabled = pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.AUDIT_COMMONEVENTFORMAT_ENABLE);
+
         settings = new AuditSettings(pwmApplication.getConfig());
 
         if (pwmApplication.getApplicationMode() == null || pwmApplication.getApplicationMode() == PwmApplicationMode.READ_ONLY) {
@@ -107,7 +105,6 @@ public class AuditService implements PwmService {
         }
 
         final List<String> syslogConfigString = pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.AUDIT_SYSLOG_SERVERS);
-
         if (syslogConfigString != null && !syslogConfigString.isEmpty()) {
             try {
                 syslogManager = new SyslogAuditService(pwmApplication);
@@ -179,7 +176,6 @@ public class AuditService implements PwmService {
 
     @Override
     public void close() {
-
         if (syslogManager != null) {
                 syslogManager.close();
             }
@@ -193,10 +189,10 @@ public class AuditService implements PwmService {
         }
 
         final List<HealthRecord> healthRecords = new ArrayList<>();
-
         if (syslogManager != null) {
             healthRecords.addAll(syslogManager.healthCheck());
         }
+
         if (lastError != null) {
             healthRecords.add(new HealthRecord(HealthStatus.WARN, HealthTopic.Audit, lastError.toDebugStr()));
         }
@@ -346,7 +342,6 @@ public class AuditService implements PwmService {
         }
 
         // send to syslog
-
         if (syslogManager != null) {
             try {
                 syslogManager.add(auditRecord);

server/src/main/resources/password/pwm/config/PwmSetting.xml

@@ -2445,11 +2445,6 @@
             <value>true</value>
         </default>
     </setting>
-    <setting hidden="false" key="recovery.allowChangePwWithinMinLifetime" level="1" required="true">
-        <default>
-            <value>true</value>
-        </default>
-    </setting>
     <setting hidden="false" key="response.hashMethod" level="2" required="true">
         <default>
             <value>PBKDF2_SHA512</value>
@@ -3957,8 +3952,6 @@
     </category>
     <category hidden="false" key="RECOVERY_DEF">
     </category>
-    <category hidden="false" key="RECOVERY_ACTIONS">
-    </category>
     <category hidden="false" key="RECOVERY_OAUTH">
     </category>
     <category hidden="false" key="ADMINISTRATION">

server/src/main/resources/password/pwm/i18n/Display.properties

@@ -146,7 +146,6 @@ Display_RecoverEnterCode=To verify your identity, a security code has been sent
 Display_RecoverEnterCodeSMS=To verify your identity, a security code has been sent to your phone at %1%.  Please enter the security code in the message here.
 Display_RecoverPassword=Please answer the following questions. If you answer these questions correctly, you will then be able to reset your password.
 Display_RecoverPasswordChoices=Your account has been locked due to excessive incorrect login attempts.  You may continue by unlocking your account or by changing your password.
-Display_RecoverMinLifetimeChoices=Your account has been locked due to excessive incorrect login attempts. You can not change your password yet because your previous password change was too recent. You may continue by unlocking your account and then attempt to login again.
 Display_RecoverRandomResponses=You must answer the following questions to continue.
 Display_RecoverRequiredResponses=These questions are required by your administrator.
 Display_RecoverOTP=To verify your identity, please use your mobile device to generate your security code.

server/src/main/resources/password/pwm/i18n/PwmSetting.properties

@@ -86,8 +86,7 @@ Category_Description_PASSWORD_GLOBAL=Password related settings that apply to all
 Category_Description_PASSWORD_POLICY=Settings that define the LDAP directories that are used by the application.  If the user identities are in multiple LDAP directories, configure each directory as an LDAP Directory Profile.  Within each LDAP directory profile definition, you can control the individual servers and other settings for each LDAP directory.
 Category_Description_PEOPLE_SEARCH=The people search module provides basic white pages or directory lookup functionality to your users.  Customizations allow easy searching and display quick detailed information about your users' colleagues.
 Category_Description_PROFILES=Profiles
-Category_Description_RECOVERY_ACTIONS=Action
-Category_Description_RECOVERY_DEF=Verification
+Category_Description_RECOVERY_DEF=Definition
 Category_Description_RECOVERY_OAUTH=OAuth
 Category_Description_RECOVERY=Policies for forgotten password configuration.
 Category_Description_RECOVERY_PROFILE=Policies for forgotten password configuration.
@@ -181,8 +180,7 @@ Category_Label_PASSWORD_GLOBAL=Password Settings
 Category_Label_PASSWORD_POLICY=Password Policies
 Category_Label_PEOPLE_SEARCH=People Search
 Category_Label_PROFILES=Policies
-Category_Label_RECOVERY_ACTIONS=Action
-Category_Label_RECOVERY_DEF=Verification
+Category_Label_RECOVERY_DEF=Defination
 Category_Label_RECOVERY=Forgotten Password
 Category_Label_RECOVERY_OAUTH=OAuth
 Category_Label_RECOVERY_PROFILE=Profiles
@@ -241,7 +239,7 @@ Setting_Description_challenge.allowSetup.queryMatch=Specify the permissions used
 Setting_Description_challenge.allowUnlock=Enable this option if @PwmAppName@ allows user accounts to be unlocked during forgotten password.  If true, and if the users' accounts are locked due to too many invalid login attempts, and the users' passwords are not expired, then @PwmAppName@ gives the users a chance to unlock their accounts instead of resetting their passwords.
 Setting_Description_challenge.caseInsensitive=Enable to control the case sensitivity of responses.  If enabled, then @PwmAppName@ deems the responses correct even if the case is wrong.  Changing this value does not change existing stored responses -- @PwmAppName@ saves the case sensitive flag on each users' stored responses.
 Setting_Description_challenge.enable=Enable this option to have the save responses page available to users. (Default enabled)
-Setting_Description_challenge.enforceMinimumPasswordLifetime=Enable this option to allow users to start the forgotten password process if the user's last password change occured within the minimum password lifetime policy for that user.  This setting applies prior to the user identification (email token, challenge/response, etc) sequence.  See also <code>@PwmSettingReference\:recovery.allowChangePwWithinMinLifetime@</code>.
+Setting_Description_challenge.enforceMinimumPasswordLifetime=Enable this option to enforce the minimum password lifetime setting when the users authenticate via Forgotten Password. If this setting is true, the users cannot change their passwords if the minimum password lifetime setting has not passed.  If false, @PwmAppName@ permits the users to change their passwords when they are authenticated via Forgotten Password even if the minimum lifetime setting has not passed.
 Setting_Description_challenge.forceSetup=Enable this option to direct the users to configure Challenge/Response when they log in.  @PwmAppName@ forces the users to enter responses if they do not have current valid responses stored.
 Setting_Description_challenge.helpdesk.minRandomsSetup=Specify the minimum number of Help Desk random questions you require the users to complete during the Response Setup.  If this number is higher than the available randoms, or lower than the minimum required, the system adjusts it accordingly.  Set this option to zero to force the users to configure all available randoms Challenge/Response questions at the time of setup.
 Setting_Description_challenge.helpdesk.randomChallenges=Specify additional random questions to present to the help desk users. @PwmAppName@ might require the users to supply answers to all or some of these questions when setting up their responses, as controlled by the "Minimum Help Desk Random Challenges Required During Setup" setting.  The questions and answers are visible to Help Desk users but are not used for forgotten password recovery.

server/src/main/webapp/WEB-INF/jsp/forgottenpassword-actionchoice.jsp

@@ -21,8 +21,8 @@
   ~ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   --%>
 
+<!DOCTYPE html>
 <%@ page import="password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet" %>
-
 <%@ page language="java" session="true" isThreadSafe="true" contentType="text/html" %>
 <%@ taglib uri="pwm" prefix="pwm" %>
 <html lang="<pwm:value name="<%=PwmValue.localeCode%>"/>" dir="<pwm:value name="<%=PwmValue.localeDir%>"/>">