Merge branch 'releases/1.10'

Author: Madhura Bhave

build.gradle

@@ -12,6 +12,7 @@ buildscript {
     classpath group: 'org.jfrog.buildinfo', name: 'build-info-extractor-gradle', version: '2.2.4'
     classpath group: 'net.saliman', name: 'gradle-cobertura-plugin', version: '2.2.2'
     classpath group: 'org.kt3k.gradle.plugin', name: 'coveralls-gradle-plugin', version: '0.4.1'
+    classpath 'org.springframework.build.gradle:propdeps-plugin:0.0.7'
   }
 }
 
@@ -22,6 +23,12 @@ ext {
 allprojects {
   /* http://issues.gradle.org/browse/GRADLE-2470 */
   apply plugin: 'java'
+  apply plugin: 'eclipse-wtp'
+  apply plugin: 'propdeps'
+  apply plugin: 'propdeps-maven'
+  apply plugin: 'propdeps-idea'
+  apply plugin: 'propdeps-eclipse'
+  configurations.provided.transitive = false
   sourceCompatibility = 1.7
   targetCompatibility = 1.7
 }
@@ -35,6 +42,13 @@ group = 'org.cloudfoundry.identity'
 apply plugin: 'war'
 description = 'Cloud Foundry Login Server'
 
+eclipse {
+	wtp {
+	    component {
+	      contextPath = 'login'
+	    }
+	}
+}
 task packageSources(type: Jar) {
   classifier = 'sources'
   from sourceSets.main.allSource
@@ -54,10 +68,14 @@ repositories {
 
 dependencies {
   Project identityCommon = project(':cloudfoundry-identity-parent:cloudfoundry-identity-common')
+  compile (project(':cloudfoundry-identity-parent:cloudfoundry-identity-scim')) {
+    exclude(module: 'jna')
+  }
 
   compile(identityCommon) {
     exclude(module: 'jna')
   }
+
   compile group: 'org.springframework', name: 'spring-context-support', version:springVersion
   compile group: 'org.springframework.security', name: 'spring-security-openid', version:springSecurityVersion
   compile(group: 'org.springframework.security.extensions', name: 'spring-security-saml2-core', version:'1.0.0.RELEASE') {
@@ -167,6 +185,7 @@ cargo {
   port = 8080
 
   local {
+//    jvmArgs = "-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=5005"
     systemProperties {
       property 'UAA_PROFILE', 'local'
       property 'net.sourceforge.cobertura.datafile', integrationCoverageFile
@@ -212,7 +231,13 @@ project.gradle.taskGraph.whenReady { TaskExecutionGraph graph ->
       if (runningWithCoverage()) {
         extraClasspath = files(configurations.coberturaJar.files)
       }
+      if (graph.hasTask(integrationTest)) {
+        systemProperties {
+          property  'login.invitationsEnabled', 'true'
+        }
+      }
     }
+
   }
 
   project.tasks.withType(Test).each {

gradle.properties

@@ -1 +1 @@
-version=1.9.1
+version=1.10

src/main/java/org/cloudfoundry/identity/uaa/login/AccountCreationService.java

@@ -1,24 +1,90 @@
 package org.cloudfoundry.identity.uaa.login;
 
+import org.cloudfoundry.identity.uaa.scim.ScimUser;
 import org.codehaus.jackson.annotate.JsonProperty;
 
+import java.io.IOException;
+
 public interface AccountCreationService {
-    void beginActivation(String email, String clientId);
+    void beginActivation(String email, String password, String clientId);
+
+    AccountCreationResponse completeActivation(String code) throws IOException;
+
+    void resendVerificationCode(String email, String clientId);
+
+    ScimUser createUser(String username, String password);
+
+    public static class ExistingUserResponse {
+        @JsonProperty
+        private String error;
+
+        @JsonProperty
+        private String message;
+
+        @JsonProperty("user_id")
+        private String userId;
+
+        @JsonProperty
+        private Boolean verified;
+
+        @JsonProperty
+        private Boolean active;
+
+        public String getError() {
+            return error;
+        }
+
+        public void setError(String error) {
+            this.error = error;
+        }
+
+        public String getMessage() {
+            return message;
+        }
+
+        public void setMessage(String message) {
+            this.message = message;
+        }
+
+        public Boolean getVerified() {
+            return verified;
+        }
+
+        public void setVerified(Boolean verified) {
+            this.verified = verified;
+        }
+
+        public Boolean getActive() {
+            return active;
+        }
+
+        public void setActive(Boolean active) {
+            this.active = active;
+        }
 
-    AccountCreation completeActivation(String code, String password);
+        public String getUserId() {
+            return userId;
+        }
 
-    public static class AccountCreation {
+        public void setUserId(String userId) {
+            this.userId = userId;
+        }
+    }
+
+    public static class AccountCreationResponse {
         @JsonProperty("user_id")
         private String userId;
         private String username;
+        private String email;
         @JsonProperty("redirect_location")
         private String redirectLocation;
 
-        public AccountCreation() {}
+        public AccountCreationResponse() {}
 
-        public AccountCreation(String userId, String username, String redirectLocation) {
+        public AccountCreationResponse(String userId, String username, String email, String redirectLocation) {
             this.userId = userId;
             this.username = username;
+            this.email = email;
             this.redirectLocation = redirectLocation;
         }
 
@@ -42,8 +108,8 @@ public String getRedirectLocation() {
             return redirectLocation;
         }
 
-        public void setRedirectLocation(String redirectLocation) {
-            this.redirectLocation = redirectLocation;
+        public String getEmail() {
+            return email;
         }
     }
 }

src/main/java/org/cloudfoundry/identity/uaa/login/AccountsController.java

@@ -14,24 +14,30 @@
 
 import org.cloudfoundry.identity.uaa.authentication.Origin;
 import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
+import org.cloudfoundry.identity.uaa.error.UaaException;
 import org.cloudfoundry.identity.uaa.user.UaaAuthority;
+import org.hibernate.validator.constraints.Email;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.client.HttpClientErrorException;
 
 import javax.servlet.http.HttpServletResponse;
+import javax.validation.Valid;
+
+import java.io.IOException;
 
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
 import static org.springframework.web.bind.annotation.RequestMethod.POST;
 
 @Controller
-@RequestMapping("/accounts")
 public class AccountsController {
 
     private final AccountCreationService accountCreationService;
@@ -40,58 +46,54 @@ public AccountsController(AccountCreationService accountCreationService) {
         this.accountCreationService = accountCreationService;
     }
 
-    @RequestMapping(value = "/new", method = GET)
+    @RequestMapping(value = "/create_account", method = GET)
     public String activationEmail(Model model,
                                   @RequestParam(value = "client_id", defaultValue = "login") String clientId) {
         model.addAttribute("client_id", clientId);
         return "accounts/new_activation_email";
     }
 
-    @RequestMapping(value = "/new", method = GET, params = {"code", "email"})
-    public String newAccount() {
-        return "accounts/new";
-    }
-
-    @RequestMapping(method = POST, params = {"email", "client_id"})
-    public String sendActivationEmail(@RequestParam("email") String email,
-                                      @RequestParam("client_id") String clientId) {
-        accountCreationService.beginActivation(email, clientId);
+    @RequestMapping(value = "/create_account.do", method = POST)
+    public String sendActivationEmail(Model model, HttpServletResponse response,
+                                      @RequestParam("client_id") String clientId,
+                                      @Valid @ModelAttribute("email") ValidEmail email, BindingResult result,
+                                      @RequestParam("password") String password,
+                                      @RequestParam("password_confirmation") String passwordConfirmation) {
+        if(result.hasErrors()) {
+            return handleUnprocessableEntity(model, response, "invalid_email");
+        }
+        ChangePasswordValidation validation = new ChangePasswordValidation(password, passwordConfirmation);
+        if (!validation.valid()) {
+            return handleUnprocessableEntity(model, response, validation.getMessageCode());
+        }
+        try {
+            accountCreationService.beginActivation(email.getEmail(), password, clientId);
+        } catch (UaaException e) {
+            return handleUnprocessableEntity(model, response, "username_exists");
+        }
         return "redirect:accounts/email_sent";
     }
 
-    @RequestMapping(value = "/email_sent", method = RequestMethod.GET)
+    @RequestMapping(value = "/accounts/email_sent", method = RequestMethod.GET)
     public String emailSent() {
         return "accounts/email_sent";
     }
 
-    @RequestMapping(method = POST, params = {"email", "code", "password", "password_confirmation"})
-    public String createAccount(Model model,
+    @RequestMapping(value = "/verify_user", method = GET)
+    public String verifyUser(Model model,
                                 @RequestParam("code") String code,
-                                @RequestParam("password") String password,
-                                @RequestParam("password_confirmation") String passwordConfirmation,
-                                HttpServletResponse response) {
+                                HttpServletResponse response) throws IOException {
 
-        ChangePasswordValidation validation = new ChangePasswordValidation(password, passwordConfirmation);
-        if (!validation.valid()) {
-            model.addAttribute("message_code", validation.getMessageCode());
-            response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
-            return "accounts/new";
-        }
-
-        AccountCreationService.AccountCreation accountCreation;
+        AccountCreationService.AccountCreationResponse accountCreation;
         try {
-            accountCreation = accountCreationService.completeActivation(code, password);
+            accountCreation = accountCreationService.completeActivation(code);
         } catch (HttpClientErrorException e) {
-            if (e.getStatusCode().equals(HttpStatus.CONFLICT)) {
-                model.addAttribute("message_code", "email_already_taken");
-            } else {
-                model.addAttribute("message_code", "code_expired");
-            }
+            model.addAttribute("error_message_code", "code_expired");
             response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
-            return "accounts/new";
+            return "accounts/new_activation_email";
         }
 
-        UaaPrincipal uaaPrincipal = new UaaPrincipal(accountCreation.getUserId(), accountCreation.getUsername(), accountCreation.getUsername(), Origin.UAA, null);
+        UaaPrincipal uaaPrincipal = new UaaPrincipal(accountCreation.getUserId(), accountCreation.getUsername(), accountCreation.getEmail(), Origin.UAA, null);
         UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(uaaPrincipal, null, UaaAuthority.USER_AUTHORITIES);
         SecurityContextHolder.getContext().setAuthentication(token);
 
@@ -101,4 +103,23 @@ public String createAccount(Model model,
         }
         return "redirect:" + redirectLocation;
     }
+
+    private String handleUnprocessableEntity(Model model, HttpServletResponse response, String errorMessage) {
+        model.addAttribute("error_message_code", errorMessage);
+        response.setStatus(HttpStatus.UNPROCESSABLE_ENTITY.value());
+        return "accounts/new_activation_email";
+    }
+
+    public static class ValidEmail {
+        @Email
+        String email;
+
+        public String getEmail() {
+            return email;
+        }
+
+        public void setEmail(String email) {
+            this.email = email;
+        }
+    }
 }

src/main/java/org/cloudfoundry/identity/uaa/login/ChangeEmailController.java

@@ -5,6 +5,7 @@
 import org.cloudfoundry.identity.uaa.error.UaaException;
 import org.cloudfoundry.identity.uaa.user.UaaAuthority;
 import org.hibernate.validator.constraints.Email;
+import org.hibernate.validator.constraints.NotEmpty;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -105,6 +106,7 @@ public String verifyEmail(Model model, @RequestParam("code") String code, Redire
 
     public static class ValidEmail {
         @Email
+        @NotEmpty
         String newEmail;
 
         public String getNewEmail() {