Password must be optional for Service Account #1808

package.json

@@ -16,18 +16,17 @@
   },
   "dependencies": {
     "@enonic/lib-admin-ui": "file:./.xp/dev/lib-admin-ui",
+    "check-password-strength": "^2.0.10",
     "hasher": "^1.2.0",
     "jquery": "^3.7.1",
     "nanoid": "^5.0.8",
-    "owasp-password-strength-test": "^1.3.0",
     "q": "^1.5.1"
   },
   "devDependencies": {
     "@enonic/eslint-config": "^2.0.1",
     "@swc/core": "1.9.2",
     "@types/hasher": "^0.0.35",
     "@types/nanoid": "^3.0.0",
-    "@types/owasp-password-strength-test": "^1.3.2",
     "@types/q": "^1.5.7",
     "browserslist-config-enonic": "^1.0.8",
     "circular-dependency-plugin": "^5.2.2",

src/main/java/com/enonic/xp/app/users/rest/resource/security/UsersSecurityResource.java

@@ -22,7 +22,6 @@
 import com.enonic.xp.app.users.rest.resource.security.json.GroupJson;
 import com.enonic.xp.app.users.rest.resource.security.json.PrincipalJson;
 import com.enonic.xp.app.users.rest.resource.security.json.RoleJson;
-import com.enonic.xp.app.users.rest.resource.security.json.UpdatePasswordJson;
 import com.enonic.xp.app.users.rest.resource.security.json.UserJson;
 import com.enonic.xp.jaxrs.JaxRsComponent;
 import com.enonic.xp.security.Group;
@@ -138,21 +137,6 @@ public EmailAvailabilityJson isEmailAvailable( @QueryParam("idProviderKey") fina
         return new EmailAvailabilityJson( queryResult.isEmpty() );
     }
 
-    @POST
-    @Path("principals/setPassword")
-    public UserJson setPassword( final UpdatePasswordJson params )
-    {
-        final PrincipalKey userKey = params.getUserKey();
-
-        if ( isNullOrEmpty( params.getPassword() ) )
-        {
-            throw new WebApplicationException( "Password has not been set." );
-        }
-
-        final User user = securityService.setPassword( userKey, params.getPassword() );
-        return new UserJson( user );
-    }
-
     private PrincipalJson principalToJson( final Principal principal, final Boolean resolveMemberships )
     {
 

src/main/resources/apis/graphql/schema/mutation.js

@@ -33,7 +33,7 @@ module.exports = schemaGenerator.createObjectType({
                 displayName: graphQl.nonNull(graphQl.GraphQLString),
                 email: graphQl.nonNull(graphQl.GraphQLString),
                 login: graphQl.nonNull(graphQl.GraphQLString),
-                password: graphQl.nonNull(graphQl.GraphQLString),
+                password: graphQl.GraphQLString,
                 memberships: graphQl.list(graphQl.GraphQLString)
             },
             resolve: function(env) {
@@ -55,7 +55,8 @@ module.exports = schemaGenerator.createObjectType({
                 email: graphQl.nonNull(graphQl.GraphQLString),
                 login: graphQl.nonNull(graphQl.GraphQLString),
                 addMemberships: graphQl.list(graphQl.GraphQLString),
-                removeMemberships: graphQl.list(graphQl.GraphQLString)
+                removeMemberships: graphQl.list(graphQl.GraphQLString),
+                password: graphQl.GraphQLString,
             },
             resolve: function(env) {
                 return users.update({
@@ -64,7 +65,8 @@ module.exports = schemaGenerator.createObjectType({
                     email: env.args.email,
                     login: env.args.login,
                     addMemberships: env.args.addMemberships,
-                    removeMemberships: env.args.removeMemberships
+                    removeMemberships: env.args.removeMemberships,
+                    password: env.args.password,
                 });
             }
         },

src/main/resources/apis/graphql/types/objects/principal.js

@@ -127,7 +127,9 @@ exports.PrincipalType = schemaGenerator.createObjectType({
         hasPassword: {
             type: graphQl.GraphQLBoolean,
             resolve: function (env) {
-                return env.source.authenticationHash != null;
+                // when source comes from Node API, it will have the 'authenticationHash'
+                // when source comes from Auth API, it will have the 'hasPassword' property
+                return env.source.authenticationHash != null || env.source.hasPassword === true;
             }
         }
     }

src/main/resources/assets/icons/icons.less

@@ -17,3 +17,10 @@
   }
 }
 
+.icon-close {
+  .icon();
+
+  &::before {
+    content: "\e36b";
+  }
+}

src/main/resources/assets/js/app/wizard/ChangeUserPasswordDialog.ts

@@ -1,7 +1,5 @@
 import {OpenChangePasswordDialogEvent} from './OpenChangePasswordDialogEvent';
-import {SetUserPasswordRequest} from './SetUserPasswordRequest';
 import {PasswordGenerator} from './PasswordGenerator';
-import {Principal} from '@enonic/lib-admin-ui/security/Principal';
 import {Validators} from '@enonic/lib-admin-ui/ui/form/Validators';
 import {DefaultErrorHandler} from '@enonic/lib-admin-ui/DefaultErrorHandler';
 import {ModalDialog} from '@enonic/lib-admin-ui/ui/dialog/ModalDialog';
@@ -12,13 +10,15 @@ import {Fieldset} from '@enonic/lib-admin-ui/ui/form/Fieldset';
 import {Form} from '@enonic/lib-admin-ui/ui/form/Form';
 import {showFeedback} from '@enonic/lib-admin-ui/notify/MessageBus';
 import {Action} from '@enonic/lib-admin-ui/ui/Action';
+import {UpdatePasswordRequest} from '../../graphql/principal/user/UpdatePasswordRequest';
+import {User} from '../principal/User';
 
 export class ChangeUserPasswordDialog
     extends ModalDialog {
 
     private password: PasswordGenerator;
 
-    private principal: Principal;
+    private principal: User;
 
     private changePasswordAction: Action;
 
@@ -55,7 +55,7 @@ export class ChangeUserPasswordDialog
 
         OpenChangePasswordDialogEvent.on((event) => {
             this.principal = event.getPrincipal();
-            userPath.setHtml(this.principal.getKey().toPath());
+            userPath.setHtml(this.principal?.getKey().toPath());
             this.open();
         });
 
@@ -69,9 +69,9 @@ export class ChangeUserPasswordDialog
                 if (!this.password.isValid()) {
                     return;
                 }
-                new SetUserPasswordRequest()
-                    .setKey(this.principal.getKey())
+                new UpdatePasswordRequest()
                     .setPassword(this.password.getValue())
+                    .setKey(this.principal.getKey())
                     .sendAndParse()
                     .then(() => {
                         showFeedback(i18n('notify.change.password'));
@@ -101,7 +101,7 @@ export class ChangeUserPasswordDialog
         this.remove();
     }
 
-    getPrincipal(): Principal {
+    getPrincipal(): User {
         return this.principal;
     }
 

src/main/resources/assets/js/app/wizard/GroupWizardPanel.ts

@@ -32,6 +32,7 @@ export class GroupWizardPanel
         const descriptionStep = this.getDescriptionWizardStepForm();
         const membersStep = this.getMembersWizardStepForm();
         this.rolesWizardStepForm = new RolesWizardStepForm();
+        this.rolesWizardStepForm.initialize();
 
         steps.push(new WizardStep(i18n('field.groups'), descriptionStep));
         steps.push(new WizardStep(i18n('field.members'), membersStep));

src/main/resources/assets/js/app/wizard/IdProviderWizardPanel.ts

@@ -72,7 +72,10 @@ export class IdProviderWizardPanel
         const steps: WizardStep[] = [];
 
         this.idProviderWizardStepForm = new IdProviderWizardStepForm();
+        this.idProviderWizardStepForm.initialize();
+
         this.permissionsWizardStepForm = new SecurityWizardStepForm();
+        this.permissionsWizardStepForm.initialize();
 
         steps.push(new WizardStep(i18n('field.idProvider'), this.idProviderWizardStepForm));
         steps.push(new WizardStep(i18n('field.permissions'), this.permissionsWizardStepForm));

src/main/resources/assets/js/app/wizard/MembersWizardPanel.ts

@@ -19,7 +19,10 @@ export class MembersWizardPanel extends PrincipalWizardPanel {
         super(params);
 
         this.descriptionWizardStepForm = new PrincipalDescriptionWizardStepForm();
+        this.descriptionWizardStepForm.initialize();
+
         this.membersWizardStepForm = new MembersWizardStepForm();
+        this.membersWizardStepForm.initialize();
 
         this.addClass('membership-wizard-panel');
     }

src/main/resources/assets/js/app/wizard/OpenChangePasswordDialogEvent.ts

@@ -1,18 +1,18 @@
-import {Principal} from '@enonic/lib-admin-ui/security/Principal';
 import {ClassHelper} from '@enonic/lib-admin-ui/ClassHelper';
 import {Event} from '@enonic/lib-admin-ui/event/Event';
+import {User} from '../principal/User';
 
 export class OpenChangePasswordDialogEvent
     extends Event {
 
-    private principal: Principal;
+    private readonly principal: User;
 
-    constructor(principal: Principal) {
+    constructor(principal: User) {
         super();
         this.principal = principal;
     }
 
-    getPrincipal(): Principal {
+    getPrincipal(): User {
         return this.principal;
     }
 

src/main/resources/assets/js/app/wizard/PasswordGenerator.ts

@@ -3,14 +3,12 @@ import {Element} from '@enonic/lib-admin-ui/dom/Element';
 import {AEl} from '@enonic/lib-admin-ui/dom/AEl';
 import {DivEl} from '@enonic/lib-admin-ui/dom/DivEl';
 import {i18n} from '@enonic/lib-admin-ui/util/Messages';
-import {nanoid} from 'nanoid';
+import {customAlphabet} from 'nanoid';
 import {InputEl} from '@enonic/lib-admin-ui/dom/InputEl';
-import * as owasp from 'owasp-password-strength-test';
-import {PasswordStrengthBlock} from './PasswordStrengthBlock';
+import {passwordStrength} from 'check-password-strength';
 import {StringHelper} from '@enonic/lib-admin-ui/util/StringHelper';
 
 export enum PasswordStrength {
-    EXCELLENT = 'excellent',
     STRONG = 'strong',
     MEDIUM = 'medium',
     WEAK = 'weak',
@@ -23,7 +21,6 @@ export class PasswordGenerator
     private input: InputEl;
     private showLink: AEl;
     private generateLink: AEl;
-    private passwordStrengthBlock: PasswordStrengthBlock;
     private passwordStrength: PasswordStrength;
     private helpTextBlock: DivEl;
 
@@ -39,7 +36,6 @@ export class PasswordGenerator
 
     private initElements() {
         this.input = new InputEl('password-input');
-        this.passwordStrengthBlock = new PasswordStrengthBlock();
         this.showLink = new AEl('show-link');
         this.toggleShowLink(true);
         this.generateLink = new AEl('generate-link');
@@ -127,46 +123,39 @@ export class PasswordGenerator
             return;
         }
 
-        const testResult: owasp.TestResult = owasp.test(value);
-        this.passwordStrengthBlock.setTestResult(testResult);
+        const testResult: string = passwordStrength(value).value;
 
         this.passwordStrength = this.getPasswordStrength(testResult);
+
         this.getEl().setAttribute('data-i18n', i18n(`field.pswGenerator.complexity.${this.passwordStrength}`));
         this.addClass(this.passwordStrength);
     }
 
-    private getPasswordStrength(testResult: owasp.TestResult): PasswordStrength {
-        if (testResult.errors.length === 0) {
-            return PasswordStrength.EXCELLENT;
-        }
-
-        if (testResult.errors.length === 1) {
-            return PasswordStrength.STRONG;
-        }
-
-        if (testResult.errors.length === 2) {
-            return PasswordStrength.MEDIUM;
-        }
-
-        if (testResult.errors.length === 3) {
-            return PasswordStrength.WEAK;
-        }
-
-        return PasswordStrength.BAD;
+    private getPasswordStrength(testResult: string): PasswordStrength {
+        return PasswordStrength[testResult.toUpperCase()] || PasswordStrength.BAD;
     }
 
     private generatePassword() {
-        this.input.setValue(nanoid());
+        let passStrength = PasswordStrength.BAD;
+        let password = ''
+        const nanoid = customAlphabet('1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!#$%&()*+,-.<=>?@[]^_{|}~', 15);
+        while (!this.isPasswordValid(passStrength)) {
+            password = nanoid();
+            passStrength = this.getPasswordStrength(passwordStrength(password).value);
+        }
+        this.input.setValue(password);
     }
 
     isValid(): boolean {
-        return !!this.getValue() && this.getValue().length > 0 && this.input.isValid() && this.isPasswordValid();
+        return !!this.getValue() && this.getValue().length > 0 && this.input.isValid() && this.isPasswordValid(this.passwordStrength);
+    }
+
+    setFocus(): void {
+        this.input.getEl().focus();
     }
 
-    private isPasswordValid(): boolean {
-        return this.passwordStrength === PasswordStrength.EXCELLENT ||
-               this.passwordStrength === PasswordStrength.STRONG ||
-               this.passwordStrength === PasswordStrength.MEDIUM;
+    private isPasswordValid(passwordStrength: PasswordStrength): boolean {
+        return passwordStrength === PasswordStrength.STRONG || passwordStrength === PasswordStrength.MEDIUM;
     }
 
     private initFocusEvents(el: Element) {
@@ -187,7 +176,6 @@ export class PasswordGenerator
 
             const toolbarWrapper = new DivEl('toolbar-wrapper');
             toolbarWrapper.appendChildren(this.showLink, this.generateLink);
-            toolbarWrapper.appendChild(this.passwordStrengthBlock);
             this.appendChild(toolbarWrapper);
             this.appendChild(this.helpTextBlock);