correct ad pwd policy level merging

jrivard · jrivard · commit cb8bcc3fbe2a · 2019-05-28T13:18:55.000-04:00
diff --git a/server/src/main/java/password/pwm/config/Configuration.java b/server/src/main/java/password/pwm/config/Configuration.java
@@ -667,14 +667,16 @@ protected PwmPasswordPolicy initPasswordPolicy( final String profile, final Loca
         }
 
         // set pwm-specific values
-        final PwmPasswordPolicy passwordPolicy = PwmPasswordPolicy.createPwmPasswordPolicy( passwordPolicySettings );
-        passwordPolicy.setProfileID( profile );
-        {
-            final List<UserPermission> queryMatch = ( List<UserPermission> ) storedConfiguration.readSetting( PwmSetting.PASSWORD_POLICY_QUERY_MATCH, profile ).toNativeObject();
-            passwordPolicy.setUserPermissions( queryMatch );
-        }
-        passwordPolicy.setRuleText( JavaTypeConverter.valueToLocalizedString( storedConfiguration.readSetting( PwmSetting.PASSWORD_POLICY_RULE_TEXT, profile ), locale ) );
-        return passwordPolicy;
+        final List<UserPermission> queryMatch = ( List<UserPermission> ) storedConfiguration.readSetting( PwmSetting.PASSWORD_POLICY_QUERY_MATCH, profile ).toNativeObject();
+        final String ruleText = JavaTypeConverter.valueToLocalizedString( storedConfiguration.readSetting( PwmSetting.PASSWORD_POLICY_RULE_TEXT, profile ), locale );
+
+        final PwmPasswordPolicy.PolicyMetaData policyMetaData = PwmPasswordPolicy.PolicyMetaData.builder()
+                .profileID( profile )
+                .userPermissions( queryMatch )
+                .ruleText( ruleText )
+                .build();
+
+        return  PwmPasswordPolicy.createPwmPasswordPolicy( passwordPolicySettings, null, policyMetaData );
     }
 
     public List<String> readSettingAsStringArray( final PwmSetting setting )
diff --git a/server/src/main/java/password/pwm/config/profile/PwmPasswordPolicy.java b/server/src/main/java/password/pwm/config/profile/PwmPasswordPolicy.java
@@ -25,10 +25,13 @@
 import com.novell.ldapchai.ChaiPasswordPolicy;
 import com.novell.ldapchai.ChaiPasswordRule;
 import com.novell.ldapchai.util.StringHelper;
+import lombok.Builder;
+import lombok.Value;
 import password.pwm.config.option.ADPolicyComplexity;
 import password.pwm.config.value.data.UserPermission;
 import password.pwm.health.HealthMessage;
 import password.pwm.health.HealthRecord;
+import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.JsonUtil;
 import password.pwm.util.java.StringUtil;
 import password.pwm.util.logging.PwmLogger;
@@ -44,6 +47,7 @@
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
+import java.util.TreeSet;
 import java.util.regex.Pattern;
 
 
@@ -65,12 +69,26 @@ public class PwmPasswordPolicy implements Profile, Serializable
     private List<UserPermission> userPermissions;
     private String ruleText;
 
+    public static PwmPasswordPolicy createPwmPasswordPolicy( final Map<String, String> policyMap )
+    {
+        return createPwmPasswordPolicy( policyMap, null );
+    }
+
     public static PwmPasswordPolicy createPwmPasswordPolicy(
             final Map<String, String> policyMap,
             final ChaiPasswordPolicy chaiPasswordPolicy
     )
     {
-        return new PwmPasswordPolicy( policyMap, chaiPasswordPolicy );
+        return new PwmPasswordPolicy( policyMap, chaiPasswordPolicy, null );
+    }
+
+    public static PwmPasswordPolicy createPwmPasswordPolicy(
+            final Map<String, String> policyMap,
+            final ChaiPasswordPolicy chaiPasswordPolicy,
+            final PolicyMetaData policyMetaData
+    )
+    {
+        return new PwmPasswordPolicy( policyMap, chaiPasswordPolicy, policyMetaData );
     }
 
     public String getIdentifier( )
@@ -110,7 +128,8 @@ public static PwmPasswordPolicy defaultPolicy( )
 
     private PwmPasswordPolicy(
             final Map<String, String> policyMap,
-            final ChaiPasswordPolicy chaiPasswordPolicy
+            final ChaiPasswordPolicy chaiPasswordPolicy,
+            final PolicyMetaData policyMetaData
     )
     {
         if ( policyMap != null )
@@ -129,6 +148,12 @@ else if ( Boolean.parseBoolean( chaiPasswordPolicy.getValue( ChaiPasswordRule.AD
             }
         }
         this.chaiPasswordPolicy = chaiPasswordPolicy;
+        if ( policyMetaData != null )
+        {
+            this.ruleText = policyMetaData.getRuleText();
+            this.userPermissions = policyMetaData.getUserPermissions();
+            this.profileID = policyMetaData.getProfileID();
+        }
     }
 
     @Override
@@ -152,31 +177,18 @@ public String getValue( final PwmPasswordRule rule )
         return policyMap.get( rule.getKey() );
     }
 
-    public void setProfileID( final String profileID )
-    {
-        this.profileID = profileID;
-    }
+
 
     public List<UserPermission> getUserPermissions( )
     {
         return userPermissions;
     }
 
-    public void setUserPermissions( final List<UserPermission> userPermissions )
-    {
-        this.userPermissions = userPermissions;
-    }
-
     public String getRuleText( )
     {
         return ruleText;
     }
 
-    public void setRuleText( final String ruleText )
-    {
-        this.ruleText = ruleText;
-    }
-
     public PwmPasswordPolicy merge( final PwmPasswordPolicy otherPolicy )
     {
         if ( otherPolicy == null )
@@ -230,6 +242,10 @@ public PwmPasswordPolicy merge( final PwmPasswordPolicy otherPolicy )
                         newPasswordPolicies.put( ruleKey, mergeMin( minimumLifetimeLocalValue, minimumLifetimeOtherValue ) );
                         break;
 
+                    case ADComplexityLevel:
+                        newPasswordPolicies.put( ruleKey, mergeADComplexityLevel( policyMap.get( ruleKey ), otherPolicy.policyMap.get( ruleKey ) ) );
+                        break;
+
                     default:
                         final String localValueString = StringUtil.defaultString( policyMap.get( ruleKey ), rule.getDefaultValue() );
                         final String otherValueString = StringUtil.defaultString( otherPolicy.policyMap.get( ruleKey ), rule.getDefaultValue() );
@@ -269,10 +285,18 @@ public PwmPasswordPolicy merge( final PwmPasswordPolicy otherPolicy )
         final ChaiPasswordPolicy backingPolicy = this.chaiPasswordPolicy != null ? chaiPasswordPolicy : otherPolicy.chaiPasswordPolicy;
         final PwmPasswordPolicy returnPolicy = createPwmPasswordPolicy( newPasswordPolicies, backingPolicy );
         final String newRuleText = ( ruleText != null && !ruleText.isEmpty() ) ? ruleText : otherPolicy.ruleText;
-        returnPolicy.setRuleText( newRuleText );
+        returnPolicy.ruleText = ( newRuleText );
         return returnPolicy;
     }
 
+    private static String mergeADComplexityLevel( final String value1, final String value2 )
+    {
+        final TreeSet<ADPolicyComplexity> seenValues = new TreeSet<>();
+        seenValues.add( JavaHelper.readEnumFromString( ADPolicyComplexity.class, ADPolicyComplexity.NONE, value1 ) );
+        seenValues.add( JavaHelper.readEnumFromString( ADPolicyComplexity.class, ADPolicyComplexity.NONE, value2 ) );
+        return seenValues.last().name();
+    }
+
     protected static String mergeMin( final String value1, final String value2 )
     {
         final int iValue1 = StringHelper.convertStrToInt( value1, 0 );
@@ -304,11 +328,6 @@ protected static String mergeMax( final String value1, final String value2 )
         return returnValue;
     }
 
-    public static PwmPasswordPolicy createPwmPasswordPolicy( final Map<String, String> policyMap )
-    {
-        return createPwmPasswordPolicy( policyMap, null );
-    }
-
     public Map<String, String> getPolicyMap( )
     {
         return Collections.unmodifiableMap( policyMap );
@@ -372,4 +391,13 @@ public List<HealthRecord> health( final Locale locale )
 
         return Collections.unmodifiableList( returnList );
     }
+
+    @Value
+    @Builder
+    public static class PolicyMetaData
+    {
+        private String profileID;
+        private List<UserPermission> userPermissions;
+        private String ruleText;
+    }
 }
diff --git a/server/src/main/java/password/pwm/config/profile/PwmPasswordRule.java b/server/src/main/java/password/pwm/config/profile/PwmPasswordRule.java
@@ -30,10 +30,14 @@
 import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.logging.PwmLogger;
 
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.Set;
+import java.util.TreeMap;
 
 /**
  * Password rules.
@@ -518,4 +522,14 @@ public String getLabel( final Locale locale, final Configuration config )
             return "MissingKey-" + key;
         }
     }
+
+    public static List<PwmPasswordRule> sortedByLabel ( final Locale locale, final Configuration config )
+    {
+        final TreeMap<String, PwmPasswordRule> sortedMap = new TreeMap<>();
+        for ( final PwmPasswordRule rule : PwmPasswordRule.values() )
+        {
+            sortedMap.put( rule.getLabel( locale, config ), rule );
+        }
+        return Collections.unmodifiableList( new ArrayList<>( sortedMap.values() ) );
+    }
 }
diff --git a/server/src/main/resources/password/pwm/i18n/Message.properties b/server/src/main/resources/password/pwm/i18n/Message.properties
@@ -152,6 +152,7 @@ Rule_AllowUserChange=Permit Admin Change Password
 Rule_AllowAdminChange=Permit User Change Password
 Rule_ADComplexityLevel=AD Complexity Level
 Rule_ADComplexityMaxViolations=Maximum AD Complexity Violations
+Rule_AllowMacroInRegExSetting=Regular Expressions Allow Macros
 Success_ActivateUser=Your user account has been successfully activated.  Be sure to complete the process, or you will not be able to access your account.
 Success_ConfigFileUpload=The configuration file has been successfully uploaded.
 Success_ClearResponse=Your secret questions and answers have been successfully removed.
diff --git a/webapp/src/main/webapp/WEB-INF/jsp/admin-user-debug.jsp b/webapp/src/main/webapp/WEB-INF/jsp/admin-user-debug.jsp
@@ -357,7 +357,7 @@
                             <td><%=JspUtility.friendlyWrite(pageContext, ldapPolicy.getDisplayName(JspUtility.locale(request)))%></td>
                             <td><%=JspUtility.friendlyWrite(pageContext, userPolicy.getDisplayName(JspUtility.locale(request)))%></td>
                         </tr>
-                        <% for (final PwmPasswordRule rule : PwmPasswordRule.values()) { %>
+                        <% for (final PwmPasswordRule rule : PwmPasswordRule.sortedByLabel(JspUtility.locale(request), JspUtility.getPwmRequest(pageContext).getConfig())) { %>
                         <tr>
                             <td><span title="<%=rule.getKey()%>"><%=rule.getLabel(JspUtility.locale(request), JspUtility.getPwmRequest(pageContext).getConfig())%></span></td>
                             <td><%=rule.getRuleType()%></td>
