diff --git a/modules/distribution/product/src/main/assembly/bin.xml b/modules/distribution/product/src/main/assembly/bin.xml index 411ee6764b..97277ea1f6 100644 --- a/modules/distribution/product/src/main/assembly/bin.xml +++ b/modules/distribution/product/src/main/assembly/bin.xml @@ -552,6 +552,7 @@ accountrecoveryendpoint/RecoveryEndpointConfig.properties accountrecoveryendpoint/self-registration-complete.jsp accountrecoveryendpoint/password-recovery.jsp + accountrecoveryendpoint/password-reset-complete.jsp accountrecoveryendpoint/includes/header.jsp accountrecoveryendpoint/includes/title.jsp accountrecoveryendpoint/includes/product-footer.jsp @@ -586,6 +587,7 @@ self-registration-complete.jsp password-recovery.jsp + password-reset-complete.jsp self-registration-username-request.jsp self-registration-with-verification.jsp error.jsp diff --git a/modules/distribution/product/src/main/assembly/filter.properties b/modules/distribution/product/src/main/assembly/filter.properties index 830b26409c..fde43d419c 100644 --- a/modules/distribution/product/src/main/assembly/filter.properties +++ b/modules/distribution/product/src/main/assembly/filter.properties @@ -3,7 +3,7 @@ product.key=AM product.version=4.3.0 product.wum.name=wso2am -carbon.version=4.9.26.beta +carbon.version=4.9.26 am.version=4.3.0 default.server.role=APIManager bundle.creators=org.wso2.carbon.mediator.bridge.MediatorBundleCreator diff --git a/modules/distribution/product/src/main/conf/deployment.toml b/modules/distribution/product/src/main/conf/deployment.toml index d507ec3cda..4d2abbd5a1 100755 --- a/modules/distribution/product/src/main/conf/deployment.toml +++ b/modules/distribution/product/src/main/conf/deployment.toml @@ -234,7 +234,7 @@ allow_credentials = false #enable_authentication = true #[apim.token.revocation] -#notifier_impl = "org.wso2.carbon.apimgt.keymgt.events.TokenRevocationNotifierImpl" +#notifier_impl = "org.wso2.carbon.apimgt.notification.TokenRevocationNotifierImpl" #enable_realtime_notifier = true #realtime_notifier.ttl = 5000 #enable_persistent_notifier = true diff --git a/modules/distribution/product/src/main/extensions/password-reset-complete.jsp b/modules/distribution/product/src/main/extensions/password-reset-complete.jsp new file mode 100644 index 0000000000..a1db711b94 --- /dev/null +++ b/modules/distribution/product/src/main/extensions/password-reset-complete.jsp @@ -0,0 +1,288 @@ +<%-- + ~ Copyright (c) 2016, WSO2 Inc. (http://www.wso2.org) All Rights Reserved. + ~ + ~ WSO2 Inc. licenses this file to you under the Apache License, + ~ Version 2.0 (the "License"); you may not use this file except + ~ in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, + ~ software distributed under the License is distributed on an + ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + ~ KIND, either express or implied. See the License for the + ~ specific language governing permissions and limitations + ~ under the License. + --%> +<%@ page import="org.apache.commons.lang.StringUtils" %> +<%@ page import="org.wso2.carbon.core.SameSiteCookie" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointConstants" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.IdentityManagementEndpointUtil" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.ApiException" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.api.NotificationApi" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.Error" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.Property" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.ResetPasswordRequest" %> +<%@ page import="org.wso2.carbon.identity.core.util.IdentityTenantUtil" %> +<%@ page import="java.io.File" %> +<%@ page import="java.net.URISyntaxException" %> +<%@ page import="java.net.URLEncoder" %> +<%@ page import="java.util.ArrayList" %> +<%@ page import="java.util.HashMap" %> +<%@ page import="java.util.List" %> +<%@ page import="java.util.Map" %> +<%@ page import="javax.servlet.http.Cookie" %> +<%@ page import="java.util.Base64" %> +<%@ page import="org.wso2.carbon.core.util.SignatureUtil" %> +<%@ page import="org.json.simple.JSONObject" %> +<%@ page import="org.owasp.encoder.Encode" %> +<%@ page import="org.wso2.carbon.identity.recovery.util.Utils" %> +<%@ page import="org.apache.http.client.utils.URIBuilder" %> +<%@ page import="java.net.URI" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.model.User" %> +<%@ page import="org.wso2.carbon.identity.mgt.endpoint.util.client.PreferenceRetrievalClient" %> +<%@ taglib prefix="layout" uri="org.wso2.identity.apps.taglibs.layout.controller" %> + + + + + +<% + String ERROR_MESSAGE = "errorMsg"; + String ERROR_CODE = "errorCode"; + String PASSWORD_RESET_PAGE = "password-reset.jsp"; + String AUTO_LOGIN_COOKIE_NAME = "ALOR"; + String AUTO_LOGIN_FLOW_TYPE = "RECOVERY"; + String AUTO_LOGIN_COOKIE_DOMAIN = "AutoLoginCookieDomain"; + String RECOVERY_TYPE_INVITE = "invite"; + String passwordHistoryErrorCode = "22001"; + String passwordPatternErrorCode = "20035"; + String confirmationKey = + IdentityManagementEndpointUtil.getStringValue(request.getSession().getAttribute("confirmationKey")); + String newPassword = request.getParameter("reset-password"); + String callback = request.getParameter("callback"); + String userStoreDomain = request.getParameter("userstoredomain"); + String type = request.getParameter("type"); + String username = null; + PreferenceRetrievalClient preferenceRetrievalClient = new PreferenceRetrievalClient(); + Boolean isAutoLoginEnable = preferenceRetrievalClient.checkAutoLoginAfterPasswordRecoveryEnabled(tenantDomain); + String sessionDataKey = StringUtils.EMPTY; + + if (StringUtils.isBlank(callback)) { + callback = IdentityManagementEndpointUtil.getUserPortalUrl( + application.getInitParameter(IdentityManagementEndpointConstants.ConfigConstants.USER_PORTAL_URL), tenantDomain); + } + + if (StringUtils.isNotBlank(newPassword)) { + NotificationApi notificationApi = new NotificationApi(); + ResetPasswordRequest resetPasswordRequest = new ResetPasswordRequest(); + List properties = new ArrayList(); + Property property = new Property(); + property.setKey("callback"); + property.setValue(URLEncoder.encode(callback, "UTF-8")); + properties.add(property); + + Property tenantProperty = new Property(); + tenantProperty.setKey(IdentityManagementEndpointConstants.TENANT_DOMAIN); + if (tenantDomain == null) { + tenantDomain = IdentityManagementEndpointConstants.SUPER_TENANT; + } + tenantProperty.setValue(URLEncoder.encode(tenantDomain, "UTF-8")); + properties.add(tenantProperty); + + resetPasswordRequest.setKey(confirmationKey); + resetPasswordRequest.setPassword(newPassword); + resetPasswordRequest.setProperties(properties); + + try { + User user = notificationApi.setUserPasswordPost(resetPasswordRequest); + username = user.getUsername(); + userStoreDomain = user.getRealm(); + + if (isAutoLoginEnable) { + if (userStoreDomain != null) { + username = userStoreDomain + "/" + username + "@" + tenantDomain; + } + + String cookieDomain = application.getInitParameter(AUTO_LOGIN_COOKIE_DOMAIN); + JSONObject contentValueInJson = new JSONObject(); + contentValueInJson.put("username", username); + contentValueInJson.put("createdTime", System.currentTimeMillis()); + contentValueInJson.put("flowType", AUTO_LOGIN_FLOW_TYPE); + if (StringUtils.isNotBlank(cookieDomain)) { + contentValueInJson.put("domain", cookieDomain); + } + String content = contentValueInJson.toString(); + + SignatureUtil.init(); + JSONObject cookieValueInJson = new JSONObject(); + cookieValueInJson.put("content", content); + String signature = Base64.getEncoder().encodeToString(SignatureUtil.doSignature(content)); + cookieValueInJson.put("signature", signature); + String cookieValue = Base64.getEncoder().encodeToString(cookieValueInJson.toString().getBytes()); + + IdentityManagementEndpointUtil.setCookie(request, response, AUTO_LOGIN_COOKIE_NAME, cookieValue, + 300, SameSiteCookie.NONE, "/", cookieDomain); + + if (callback.contains("?")) { + String queryParams = callback.substring(callback.indexOf("?") + 1); + String[] parameterList = queryParams.split("&"); + Map queryMap = new HashMap<>(); + for (String param : parameterList) { + String key = param.substring(0, param.indexOf("=")); + String value = param.substring(param.indexOf("=") + 1); + queryMap.put(key, value); + } + sessionDataKey = queryMap.get("sessionDataKey"); + } + } + } catch (ApiException e) { + + Error error = IdentityManagementEndpointUtil.buildError(e); + IdentityManagementEndpointUtil.addErrorInformation(request, error); + if (error != null) { + request.setAttribute(ERROR_MESSAGE, error.getDescription()); + request.setAttribute(ERROR_CODE, error.getCode()); + if (passwordHistoryErrorCode.equals(error.getCode()) || + passwordPatternErrorCode.equals(error.getCode())) { + String i18Resource = IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, error.getCode()); + if (!i18Resource.equals(error.getCode())) { + request.setAttribute(ERROR_MESSAGE, i18Resource); + } + request.setAttribute(IdentityManagementEndpointConstants.TENANT_DOMAIN, tenantDomain); + request.setAttribute(IdentityManagementEndpointConstants.CALLBACK, callback); + request.setAttribute("userstoredomain", userStoreDomain); + request.getRequestDispatcher(PASSWORD_RESET_PAGE).forward(request, response); + return; + } + } + request.getRequestDispatcher("error.jsp").forward(request, response); + return; + } + + } else { + request.setAttribute("error", true); + request.setAttribute("errorMsg", IdentityManagementEndpointUtil.i18n(recoveryResourceBundle, + "Password.cannot.be.empty")); + request.setAttribute(IdentityManagementEndpointConstants.TENANT_DOMAIN, tenantDomain); + request.setAttribute(IdentityManagementEndpointConstants.CALLBACK, callback); + request.setAttribute("userstoredomain", userStoreDomain); + request.getRequestDispatcher("password-reset.jsp").forward(request, response); + return; + } + + session.invalidate(); +%> +<%@ page contentType="text/html;charset=UTF-8" language="java" %> + +<%-- Data for the layout from the page --%> +<% + layoutData.put("containerSize", "medium"); +%> + + + + + <% + File headerFile = new File(getServletContext().getRealPath("extensions/header.jsp")); + if (headerFile.exists()) { + %> + + <% } else { %> + + <% } %> + + + <% if (!RECOVERY_TYPE_INVITE.equalsIgnoreCase(type)) { %> + + + + + + + + + + + <% } %> + + + + + <% if (RECOVERY_TYPE_INVITE.equalsIgnoreCase(type)) { + File productTitleFile = new File(getServletContext().getRealPath("extensions/product-title.jsp")); + if (productTitleFile.exists()) { + %> + + <% } else { %> + + <% } + } %> + + + <% if (RECOVERY_TYPE_INVITE.equalsIgnoreCase(type)) { %> + + + Password Set Sucessfully + + + You have successfully set a password for your account <%=username%>. + + + <% } %> + + + + <% if (RECOVERY_TYPE_INVITE.equalsIgnoreCase(type)) { + File productFooterFile = new File(getServletContext().getRealPath("extensions/product-footer.jsp")); + if (productFooterFile.exists()) { + %> + + <% } else { %> + + <% } + } %> + + + + <%-- footer --%> + <% + File footerFile = new File(getServletContext().getRealPath("extensions/footer.jsp")); + if (footerFile.exists()) { + %> + + <% } else { %> + + <% } %> + + + + diff --git a/modules/distribution/product/src/main/extensions/product-title.jsp b/modules/distribution/product/src/main/extensions/product-title.jsp index 1d3a59ef0f..821088fcbf 100644 --- a/modules/distribution/product/src/main/extensions/product-title.jsp +++ b/modules/distribution/product/src/main/extensions/product-title.jsp @@ -22,7 +22,7 @@ <% if ("API Manager".equals(request.getAttribute("headerTitle"))) { %> - + diff --git a/modules/distribution/product/src/main/resources/conf/default.json b/modules/distribution/product/src/main/resources/conf/default.json index 50c511df3f..2904e4256d 100644 --- a/modules/distribution/product/src/main/resources/conf/default.json +++ b/modules/distribution/product/src/main/resources/conf/default.json @@ -482,6 +482,7 @@ "apim.jwt.use_kid_property": true, "apim.jwt.use_sha256_hash": false, "server_configuration": { + "diagnostic_tool_enabled": "true", "deployment_toml_path": "../conf/deployment.toml", "logs_directory": "../repository/logs", "updates_config_path": "../updates/config.json", @@ -494,14 +495,14 @@ "cpu_watcher": { "enabled": "true", "threshold": "80", - "retry_count": "2", + "attempts": "2", "interval": "5", "action_executors": "ThreadDumper,MetricsSnapshot,ServerInfo" }, "memory_watcher": { "enabled": "true", "threshold": "80", - "retry_count": "2", + "attempts": "2", "interval": "5", "action_executors": "ThreadDumper,MetricsSnapshot,ServerInfo" }, diff --git a/modules/distribution/product/src/main/resources/conf/templates/diagnostics-tool/conf/config.toml.j2 b/modules/distribution/product/src/main/resources/conf/templates/diagnostics-tool/conf/config.toml.j2 index 65994e110d..14424d4964 100644 --- a/modules/distribution/product/src/main/resources/conf/templates/diagnostics-tool/conf/config.toml.j2 +++ b/modules/distribution/product/src/main/resources/conf/templates/diagnostics-tool/conf/config.toml.j2 @@ -26,6 +26,7 @@ # Server Configurations [server_configuration] +diagnostic_tool_enabled = "{{server_configuration.diagnostic_tool_enabled}}" deployment_toml_path = "{{server_configuration.deployment_toml_path}}" logs_directory = "{{server_configuration.logs_directory}}" updates_config_path = "{{server_configuration.updates_config_path}}" @@ -73,14 +74,14 @@ executor = "{{action.executor}}" [cpu_watcher] enabled = "{{cpu_watcher.enabled}}" threshold = "{{cpu_watcher.threshold}}" -retry_count = "{{cpu_watcher.retry_count}}" +attempts = "{{cpu_watcher.attempts}}" interval = "{{cpu_watcher.interval}}" action_executors = "{{cpu_watcher.action_executors}}" [memory_watcher] enabled = "{{memory_watcher.enabled}}" threshold = "{{memory_watcher.threshold}}" -retry_count = "{{memory_watcher.retry_count}}" +attempts = "{{memory_watcher.attempts}}" interval = "{{memory_watcher.interval}}" action_executors = "{{memory_watcher.action_executors}}" diff --git a/modules/distribution/product/src/main/startup-scripts/fips.bat b/modules/distribution/product/src/main/startup-scripts/fips.bat index c9ba6067e7..0087583c90 100644 --- a/modules/distribution/product/src/main/startup-scripts/fips.bat +++ b/modules/distribution/product/src/main/startup-scripts/fips.bat @@ -118,8 +118,6 @@ if not exist "%CARBON_HOME%\repository\components\plugins\bcpkix-jdk*.jar" ( ) else ( echo "Required bcpkix jar is not available in %homeDir%/.wso2-bc/backup. Download the jar from maven central repository." ) ) -echo "bcprov_text %bcprov_text%" -echo "bcpkix_text %bcpkix_text%" findstr /c:%bcprov_text% %api_publisher_bundles_info% > nul if %errorlevel%==1 ( set server_restart_required=true @@ -370,9 +368,6 @@ if not exist "%CARBON_HOME%\repository\components\lib\bcpkix-fips*.jar" ( set bcprov_text=%bcprov_jar%,%bcprov_version%,../plugins/%bcprov_jar%_%bcprov_version%.jar,4,true set bcpkix_text=%bcpkix_jar%,%bcpkix_version%,../plugins/%bcpkix_jar%_%bcpkix_version%.jar,4,true -echo "bcprov_text %bcprov_text%" -echo "bcpkix_text %bcpkix_text%" - set api_publisher_temp_file=%CARBON_HOME%\repository\components\api-publisher-deprecated\configuration\org.eclipse.equinox.simpleconfigurator\api_publisher_temp.info findstr /v /c:%bcprov_text% /c:%bcpkix_text% %api_publisher_bundles_info% > !api_publisher_temp_file! move /y !api_publisher_temp_file! %api_publisher_bundles_info% > nul diff --git a/modules/distribution/resources/operation_policies/specifications/backEndJWT_v1.json b/modules/distribution/resources/operation_policies/specifications/backEndJWT_v1.json new file mode 100644 index 0000000000..6991499332 --- /dev/null +++ b/modules/distribution/resources/operation_policies/specifications/backEndJWT_v1.json @@ -0,0 +1,54 @@ +{ + "category": "Mediation", + "name": "BackEndJWT", + "version": "v1", + "displayName": "Backend JWT", + "description": "This policy allows you to enable backend jwt", + "policyAttributes": [ + { + "name": "encoding", + "displayName": "Encoding", + "description": "Encoding of the JWT token", + "validationRegex": "^.+$", + "type": "Enum", + "allowedValues" : ["Base64","Base64Url"], + "required": true + }, + { + "name": "header", + "displayName": "Header Name", + "description": "Header of the JWT token", + "validationRegex": "^.+$", + "type": "Enum", + "allowedValues" : ["SHA256withRSA","NONE"], + "required": true + }, + { + "name": "signingAlgorithm", + "displayName": "Signing Algorithm", + "description": "Signing algorithm of the JWT token", + "validationRegex": "^.+$", + "type": "String", + "defaultValue": "X-JWT-Assertion", + "required": true + }, + { + "name": "tokenTTL", + "displayName": "Token TTL", + "description": "TokenTTL time to live for the backend JWT token in seconds", + "validationRegex": "^.+$", + "type": "Integer", + "defaultValue": 3600, + "required": true + } + ], + "applicableFlows": [ + "request" + ], + "supportedGateways": [ + "ChoreoConnect" + ], + "supportedApiTypes": [ + "HTTP" + ] +} diff --git a/modules/p2-profile/product/carbon.product b/modules/p2-profile/product/carbon.product index 2d83b07a6e..4fd6ada531 100644 --- a/modules/p2-profile/product/carbon.product +++ b/modules/p2-profile/product/carbon.product @@ -2,7 +2,7 @@ +version="4.9.26" useFeatures="true" includeLaunchers="true"> @@ -14,7 +14,7 @@ version="4.9.26.beta" useFeatures="true" includeLaunchers="true"> - + diff --git a/pom.xml b/pom.xml index 2847ba4f27..e430a834c5 100644 --- a/pom.xml +++ b/pom.xml @@ -1284,10 +1284,10 @@ 5.3.11 - 9.1.47 + 9.1.69 - 9.29.95 + 9.29.116 [9.0.0, 10.0.0) @@ -1300,23 +1300,23 @@ 4.8.33 - 4.9.26-beta + 4.9.26 4.3.0-SNAPSHOT 1.1.23 - 4.9.10 + 4.9.11 [4.5.0, 5.0.0) - 4.7.202 + 4.7.203 - 5.25.701 + 5.25.705 1.8.107 1.8.14 1.7.33 - 6.13.14 + 6.13.16 1.6.10 5.7.5 5.9.9 @@ -1339,7 +1339,7 @@ 4.11.14 - 4.9.26 + 4.9.27 3.2.13 @@ -1353,7 +1353,7 @@ 1.8 3.0-FINAL 1.0.0.M8-wso2v1 - 4.0.0-wso2v103 + 4.0.0-wso2v104 1.0.2 1.6.1-wso2v98 1.2.11-wso2v29 @@ -1461,7 +1461,7 @@ 1.0.24 - 1.0.14 + 1.0.16 5.11.34 @@ -1473,10 +1473,10 @@ 1.6.3.wso2v3 - 1.7.7 - 2.0.1 + 1.7.8 + 2.0.2 3.2.1 - 1.0.8 + 1.0.9 2.1.1 1.0.7 1.0.7
+ You have successfully set a password for your account <%=username%>. +