indigo-iam · enricovianello · Aug 30, 2024 · Aug 9, 2024 · Aug 9, 2024 · Aug 13, 2024
diff --git a/iam-common/pom.xml b/iam-common/pom.xml
@@ -5,7 +5,7 @@
   <parent>
     <groupId>it.infn.mw.iam-parent</groupId>
     <artifactId>iam-parent</artifactId>
-    <version>1.10.0</version>
+    <version>1.10.1</version>
   </parent>
 
   <groupId>it.infn.mw.iam-common</groupId>

diff --git a/iam-login-service/pom.xml b/iam-login-service/pom.xml
@@ -22,7 +22,7 @@
   <parent>
     <groupId>it.infn.mw.iam-parent</groupId>
     <artifactId>iam-parent</artifactId>
-    <version>1.10.0</version>
+    <version>1.10.1</version>
   </parent>
 
   <groupId>it.infn.mw.iam-login-service</groupId>
@@ -106,7 +106,7 @@
     </dependency>
 
     <dependency>
-      <groupId>org.webjars</groupId>
+      <groupId>org.webjars.npm</groupId>
       <artifactId>angular-ui-router</artifactId>
     </dependency>
 
@@ -116,27 +116,42 @@
     </dependency>
 
     <dependency>
-      <groupId>org.webjars</groupId>
+      <groupId>org.webjars.npm</groupId>
+      <artifactId>angular-cookies</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.webjars.npm</groupId>
+      <artifactId>angular-resource</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.webjars.npm</groupId>
+      <artifactId>angular-animate</artifactId>
+    </dependency>
+
+    <dependency>
+      <groupId>org.webjars.npm</groupId>
       <artifactId>angular-sanitize</artifactId>
     </dependency>
 
     <dependency>
-      <groupId>org.webjars</groupId>
+      <groupId>org.webjars.npm</groupId>
       <artifactId>jquery</artifactId>
     </dependency>
 
     <dependency>
-      <groupId>org.webjars</groupId>
+      <groupId>org.webjars.npm</groupId>
       <artifactId>jquery-ui</artifactId>
     </dependency>
 
     <dependency>
-      <groupId>org.webjars</groupId>
+      <groupId>org.webjars.npm</groupId>
       <artifactId>bootstrap</artifactId>
     </dependency>
 
     <dependency>
-      <groupId>org.webjars</groupId>
+      <groupId>org.webjars.npm</groupId>
       <artifactId>font-awesome</artifactId>
     </dependency>
 

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/api/aup/model/AupConverter.java b/iam-login-service/src/main/java/it/infn/mw/iam/api/aup/model/AupConverter.java
@@ -32,7 +32,11 @@ public IamAup entityFromDto(AupDTO dto) {
     aup.setSignatureValidityInDays(dto.getSignatureValidityInDays());
     aup.setUrl(dto.getUrl());
     aup.setText(dto.getText());
-    aup.setAupRemindersInDays(dto.getAupRemindersInDays());
+    if (dto.getAupRemindersInDays() == null) {
+      aup.setAupRemindersInDays("");
+    } else {
+      aup.setAupRemindersInDays(dto.getAupRemindersInDays());
+    }
     return aup;
   }
 

diff --git a/...service/src/main/java/it/infn/mw/iam/api/aup/model/AupRemindersAndSignatureValidator.java b/...service/src/main/java/it/infn/mw/iam/api/aup/model/AupRemindersAndSignatureValidator.java
@@ -24,7 +24,8 @@
 import javax.validation.ConstraintValidator;
 import javax.validation.ConstraintValidatorContext;
 
-public class AupRemindersAndSignatureValidator implements ConstraintValidator<AupRemindersAndSignature, AupDTO> {
+public class AupRemindersAndSignatureValidator
+    implements ConstraintValidator<AupRemindersAndSignature, AupDTO> {
 
   @Override
   public boolean isValid(AupDTO value, ConstraintValidatorContext context) {
@@ -50,11 +51,22 @@ public boolean isValid(AupDTO value, ConstraintValidatorContext context) {
       return false;
     }
 
-    if (aupRemindersInDays == null || aupRemindersInDays.isEmpty()) {
+    if (signatureValidityInDays == 0) {
+      if (aupRemindersInDays != null && !aupRemindersInDays.isEmpty()) {
+        context.disableDefaultConstraintViolation();
+        context
+          .buildConstraintViolationWithTemplate(
+              "Invalid AUP: aupRemindersInDays cannot be set if signatureValidityInDays is 0")
+          .addConstraintViolation();
+        return false;
+      }
+      return true;
+    }
+
+    if (aupRemindersInDays == null) {
       context.disableDefaultConstraintViolation();
-      context
-        .buildConstraintViolationWithTemplate(
-            "Invalid AUP: aupRemindersInDays cannot be empty or null")
+      context.buildConstraintViolationWithTemplate(
+          "Invalid AUP: aupRemindersInDays must be set when signatureValidityInDays is greater than 0")
         .addConstraintViolation();
       return false;
     }
@@ -87,15 +99,18 @@ public boolean isValid(AupDTO value, ConstraintValidatorContext context) {
       if (uniqueNumbers.size() != numbers.size()) {
         context.disableDefaultConstraintViolation();
         context
-          .buildConstraintViolationWithTemplate("Invalid AUP: duplicate values for reminders are not allowed")
+          .buildConstraintViolationWithTemplate(
+              "Invalid AUP: duplicate values for reminders are not allowed")
           .addConstraintViolation();
         return false;
       }
 
       return true;
     } catch (NumberFormatException e) {
       context.disableDefaultConstraintViolation();
-      context.buildConstraintViolationWithTemplate("Invalid AUP: non-integer value found")
+      context
+        .buildConstraintViolationWithTemplate(
+            "Invalid AUP: non-integer value found for aupRemindersInDays")
         .addConstraintViolation();
       return false;
     }

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/lifecycle/ExpiredAccountsHandler.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/lifecycle/ExpiredAccountsHandler.java
@@ -16,16 +16,19 @@
 package it.infn.mw.iam.core.lifecycle;
 
 import static com.google.common.collect.Sets.newHashSet;
+import static it.infn.mw.iam.core.lifecycle.ExpiredAccountsHandler.AccountLifecycleStatus.PENDING_REMOVAL;
+import static it.infn.mw.iam.core.lifecycle.ExpiredAccountsHandler.AccountLifecycleStatus.PENDING_SUSPENSION;
+import static it.infn.mw.iam.core.lifecycle.ExpiredAccountsHandler.AccountLifecycleStatus.SUSPENDED;
 
 import java.time.Clock;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Date;
+import java.util.Optional;
 import java.util.Set;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
@@ -43,10 +46,7 @@
 public class ExpiredAccountsHandler implements Runnable {
 
   public enum AccountLifecycleStatus {
-    OK,
-    PENDING_SUSPENSION,
-    PENDING_REMOVAL,
-    SUSPENDED
+    OK, PENDING_SUSPENSION, PENDING_REMOVAL, SUSPENDED
   }
 
   public static final String LIFECYCLE_TIMESTAMP_LABEL = "lifecycle.timestamp";
@@ -67,7 +67,6 @@ public enum AccountLifecycleStatus {
 
   private Set<IamAccount> accountsScheduledForRemoval = newHashSet();
 
-  @Autowired
   public ExpiredAccountsHandler(Clock clock, LifecycleProperties properties,
       IamAccountRepository repo, IamAccountService service) {
     this.clock = clock;
@@ -96,40 +95,71 @@ private boolean pastRemovalGracePeriod(IamAccount expiredAccount) {
         properties.getAccount().getExpiredAccountPolicy().getRemovalGracePeriodDays());
   }
 
-  private void addLastCheckedLabel(IamAccount expiredAccount) {
-    accountService.setLabel(expiredAccount,
-        IamLabel.builder()
-          .name(LIFECYCLE_TIMESTAMP_LABEL)
-          .value(String.valueOf(checkTime.toEpochMilli()))
-          .build());
-  }
-
   private void addStatusLabel(IamAccount expiredAccount, AccountLifecycleStatus status) {
     accountService.setLabel(expiredAccount,
         IamLabel.builder().name(LIFECYCLE_STATUS_LABEL).value(status.name()).build());
   }
 
+  private boolean checkAccountStatusIs(IamAccount a, AccountLifecycleStatus status) {
+    Optional<IamLabel> lifecycleStatus = a.getLabelByName(LIFECYCLE_STATUS_LABEL);
+    if (lifecycleStatus.isEmpty()) {
+      return false;
+    }
+    return status.name().equals(lifecycleStatus.get().getValue());
+  }
+
   private void suspendAccount(IamAccount expiredAccount) {
 
-    LOG.info("Suspeding account {} expired on {} ({} days ago)", expiredAccount.getUsername(),
+    if (expiredAccount.isActive()) {
+      LOG.info("Suspending account {} expired on {} ({} days ago)", expiredAccount.getUsername(),
         expiredAccount.getEndTime(),
         ChronoUnit.DAYS.between(expiredAccount.getEndTime().toInstant(), checkTime));
-    accountService.disableAccount(expiredAccount);
-    if (properties.getAccount().getExpiredAccountPolicy().isRemoveExpiredAccounts()) {
-      addStatusLabel(expiredAccount, AccountLifecycleStatus.PENDING_REMOVAL);
+      accountService.disableAccount(expiredAccount);
+    } else {
+      // nothing to do
+      LOG.debug("Account {} expired on {} has been already suspended", expiredAccount.getUsername(), expiredAccount.getEndTime());
     }
-    else {
-      addStatusLabel(expiredAccount, AccountLifecycleStatus.SUSPENDED);
+    if (properties.getAccount().getExpiredAccountPolicy().isRemoveExpiredAccounts()) {
+      markAsPendingRemoval(expiredAccount);
+    } else {
+      markAsSuspended(expiredAccount);
     }
-    addLastCheckedLabel(expiredAccount);
   }
 
   private void markAsPendingSuspension(IamAccount expiredAccount) {
+    if (checkAccountStatusIs(expiredAccount, PENDING_SUSPENSION)) {
+      LOG.debug("Account {} expired on {} has been already marked as pending suspension",
+          expiredAccount.getUsername(), expiredAccount.getEndTime());
+      return;
+    }
     LOG.info("Marking account {} (expired on {} ({} days ago)) as pending suspension",
         expiredAccount.getUsername(), expiredAccount.getEndTime(),
         ChronoUnit.DAYS.between(expiredAccount.getEndTime().toInstant(), checkTime));
-    addStatusLabel(expiredAccount, AccountLifecycleStatus.PENDING_SUSPENSION);
-    addLastCheckedLabel(expiredAccount);
+    addStatusLabel(expiredAccount, PENDING_SUSPENSION);
+  }
+
+  private void markAsPendingRemoval(IamAccount expiredAccount) {
+    if (checkAccountStatusIs(expiredAccount, PENDING_REMOVAL)) {
+      LOG.debug("Account {} expired on {} has been already marked as pending removal",
+          expiredAccount.getUsername(), expiredAccount.getEndTime());
+      return;
+    }
+    LOG.info("Marking account {} (expired on {} ({} days ago)) as pending removal",
+        expiredAccount.getUsername(), expiredAccount.getEndTime(),
+        ChronoUnit.DAYS.between(expiredAccount.getEndTime().toInstant(), checkTime));
+    addStatusLabel(expiredAccount, PENDING_REMOVAL);
+  }
+
+  private void markAsSuspended(IamAccount expiredAccount) {
+    if (checkAccountStatusIs(expiredAccount, SUSPENDED)) {
+      LOG.debug("Account {} expired on {} has been already marked as suspended",
+          expiredAccount.getUsername(), expiredAccount.getEndTime());
+      return;
+    }
+    LOG.info("Marking account {} (expired on {} ({} days ago)) as suspended",
+        expiredAccount.getUsername(), expiredAccount.getEndTime(),
+        ChronoUnit.DAYS.between(expiredAccount.getEndTime().toInstant(), checkTime));
+    addStatusLabel(expiredAccount, SUSPENDED);
   }
 
   private void removeAccount(IamAccount expiredAccount) {
@@ -139,7 +169,6 @@ private void removeAccount(IamAccount expiredAccount) {
     accountService.deleteAccount(expiredAccount);
   }
 
-
   private void scheduleAccountRemoval(IamAccount expiredAccount) {
     accountsScheduledForRemoval.add(expiredAccount);
   }

diff --git a/iam-login-service/src/main/webapp/WEB-INF/tags/iam/page.tag b/iam-login-service/src/main/webapp/WEB-INF/tags/iam/page.tag
@@ -25,7 +25,7 @@
 
 <link
   rel="stylesheet"
-  href="/webjars/bootstrap/css/bootstrap.min.css"></link>
+  href="/webjars/bootstrap/dist/css/bootstrap.min.css"></link>
 
 <link
   rel="stylesheet"

diff --git a/iam-login-service/src/main/webapp/WEB-INF/tags/iamHeader.tag b/iam-login-service/src/main/webapp/WEB-INF/tags/iamHeader.tag
@@ -13,7 +13,7 @@
 
 <link
   rel="stylesheet"
-  href="/webjars/bootstrap/css/bootstrap.min.css"></link>
+  href="/webjars/bootstrap/dist/css/bootstrap.min.css"></link>
 
 <link
   rel="stylesheet"

diff --git a/iam-login-service/src/main/webapp/WEB-INF/views/iam/cern/register.jsp b/iam-login-service/src/main/webapp/WEB-INF/views/iam/cern/register.jsp
@@ -22,8 +22,8 @@
 <t:page title="Register">
   <jsp:attribute name="footer">
     <script type="text/javascript" src="/webjars/angularjs/angular.min.js"></script>
-    <script type="text/javascript" src="/webjars/angularjs/angular-animate.js"></script>
-    <script type="text/javascript" src="/webjars/angularjs/angular-cookies.js"></script>
+    <script type="text/javascript" src="/webjars/angular-animate/angular-animate.min.js"></script>
+    <script type="text/javascript" src="/webjars/angular-cookies/angular-cookies.min.js"></script>
     <script type="text/javascript" src="/webjars/angular-ui-bootstrap/dist/ui-bootstrap-tpls.js"></script>
     <script type="text/javascript" src="${resourcesPrefix}/iam/apps/cern-registration/registration.app.js"></script>
     <script type="text/javascript" src="${resourcesPrefix}/iam/apps/cern-registration/registration.controller.js"></script>

diff --git a/iam-login-service/src/main/webapp/WEB-INF/views/iam/dashboard.jsp b/iam-login-service/src/main/webapp/WEB-INF/views/iam/dashboard.jsp
@@ -51,13 +51,12 @@
     <!-- /.content-wrapper -->
   </div>
   <!-- Libraries -->
-  <script type="text/javascript" src="<c:url value='/webjars/jquery/jquery.min.js'/>"></script>
+  <script type="text/javascript" src="<c:url value='/webjars/jquery/dist/jquery.min.js'/>"></script>
   <script type="text/javascript" src="<c:url value='/webjars/angularjs/angular.min.js'/>"></script>
-  <script type="text/javascript" src="<c:url value='/webjars/angularjs/angular-animate.js'/>"></script>
-  <script type="text/javascript" src="<c:url value='/webjars/angularjs/angular-resource.min.js'/>"></script>
-  <script type="text/javascript" src="<c:url value='/webjars/angularjs/angular-cookies.min.js'/>"></script>
-  <script type="text/javascript" src="<c:url value='/webjars/angular-ui-router/angular-ui-router.min.js'/>"></script>
+  <script type="text/javascript" src="<c:url value='/webjars/angular-ui-router/release/angular-ui-router.min.js'/>"></script>
   <script type="text/javascript" src="<c:url value='/webjars/angular-ui-select/select.min.js'/>"></script>
+  <script type="text/javascript" src="<c:url value='/webjars/angular-cookies/angular-cookies.min.js'/>"></script>
+  <script type="text/javascript" src="<c:url value='/webjars/angular-resource/angular-resource.min.js'/>"></script>
   <script type="text/javascript" src="<c:url value='/webjars/angular-sanitize/angular-sanitize.min.js'/>"></script>
   <script type="text/javascript" src="<c:url value='/webjars/angular-ui-bootstrap/dist/ui-bootstrap-tpls.js'/>"></script>