policy.js revision 96f780b2685504729a2d57531df54cd90b1b513b
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * Copyright (c) 2012 ForgeRock AS. All Rights Reserved
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * The contents of this file are subject to the terms
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * of the Common Development and Distribution License
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * (the License). You may not use this file except in
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * compliance with the License.
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * You can obtain a copy of the License at
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * http://forgerock.org/license/CDDLv1.0.html
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * See the License for the specific language governing
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * permission and limitations under the License.
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * When distributing Covered Code, include this CDDL
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell * Header Notice in each file and include the License file
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * at http://forgerock.org/license/CDDLv1.0.html
415243fbc81341293a852ff6aa14e9608d08685cCraig McDonnell * If applicable, add the following below the CDDL Header,
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * with the fields enclosed by brackets [] replaced by
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * your own identifying information:
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell * "Portions Copyrighted [year] [name of copyright owner]"
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell//var fullObject;
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnellvar failedPolicies = new Array();
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell "policies" : [
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell "clientValidation": true,
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "clientValidation": true,
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell "policyId" : "max-attempts-triggers-lock-cooldown",
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "policyExec" : "maxAttemptsTriggersLockCooldown",
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell "policyRequirements" : ["NO_MORE_THAN_X_ATTEMPTS_WITHIN_Y_MINUTES"]
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell "clientValidation": true,
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell "clientValidation": true,
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnell "policyRequirements": ["VALID_EMAIL_ADDRESS_FORMAT"]
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "clientValidation": true,
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "clientValidation": true,
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "policyRequirements": ["VALID_PHONE_FORMAT"]
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "clientValidation": true,
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "policyRequirements" : ["AT_LEAST_X_CAPITAL_LETTERS"]
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "clientValidation": true,
a1e92b2783be4bfeb0c7e267223cc7779a6f324cKen Stubbings "clientValidation": true,
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell "clientValidation": true,
a1e92b2783be4bfeb0c7e267223cc7779a6f324cKen Stubbings "policyRequirements" : ["CANNOT_CONTAIN_OTHERS"]
465ea459a87d4605e145d8f45b6a9c104b696e3bCraig McDonnellfunction maxAttemptsTriggersLockCooldown(fullObject, value, params, property) {
a1e92b2783be4bfeb0c7e267223cc7779a6f324cKen Stubbings lastFailedDate = new Date(fullObject[params.dateTimeField]);
5d37db6a3aca50ba14cba8909d3ae44f7d43e407Ken Stubbings (lastFailedDate.getTime() + (1000*60*params.numMinutes)) > (new Date()).getTime()
a1e92b2783be4bfeb0c7e267223cc7779a6f324cKen Stubbings failures = [{"policyRequirement": "NO_MORE_THAN_X_ATTEMPTS_WITHIN_Y_MINUTES", params: {"max":params.max,"numMinutes":params.numMinutes}}];
a1e92b2783be4bfeb0c7e267223cc7779a6f324cKen Stubbingsfunction cannotContainOthers(fullObject, value, params, property) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell var fieldArray = params.disallowedFields.split(","),
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (typeof(openidm) !== "undefined" && typeof(request) !== "undefined" && request.id && !request.id.match('/$')) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (value && typeof(value) === "string" && value.length) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell for (var i = 0; i < fieldArray.length; i++) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (typeof(fullObject[fieldArray[i]]) === "undefined" && typeof(fullObject_server[fieldArray[i]]) !== "undefined") {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell fullObject[fieldArray[i]] = fullObject_server[fieldArray[i]];
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (typeof(fullObject[fieldArray[i]]) === "string" && value.match(fullObject[fieldArray[i]]))
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell return [{"policyRequirement": "CANNOT_CONTAIN_OTHERS", params: {"disallowedFields": fieldArray[i]}}];
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnellfunction validDate(fullObject, value, params, property) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (value && value.length && isNaN(new Date(value).getTime())) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell return [ {"policyRequirement": "VALID_DATE"}];
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnellfunction validPhoneFormat(fullObject, value, params, property) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (value && value.length && !phonePattern.test(value))
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell return [ {"policyRequirement": "VALID_PHONE_FORMAT"}];
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnellfunction validNameFormat(fullObject, value, params, property) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell var namePattern = /^([A-Za'-\u0105\u0107\u0119\u0142\u00F3\u015B\u017C\u017A\u0104\u0106\u0118\u0141\u00D3\u015A\u017B\u0179\u00C0\u00C8\u00CC\u00D2\u00D9\u00E0\u00E8\u00EC\u00F2\u00F9\u00C1\u00C9\u00CD\u00D3\u00DA\u00DD\u00E1\u00E9\u00ED\u00F3\u00FA\u00FD\u00C2\u00CA\u00CE\u00D4\u00DB\u00E2\u00EA\u00EE\u00F4\u00FB\u00C3\u00D1\u00D5\u00E3\u00F1\u00F5\u00C4\u00CB\u00CF\u00D6\u00DC\u0178\u00E4\u00EB\u00EF\u00F6\u00FC\u0178\u00A1\u00BF\u00E7\u00C7\u0152\u0153\u00DF\u00D8\u00F8\u00C5\u00E5\u00C6\u00E6\u00DE\u00FE\u00D0\u00F0\-\s])+$/;
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (value && value.length && !namePattern.test(value))
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell return [ {"policyRequirement": "VALID_NAME_FORMAT"}];
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnellfunction validEmailAddressFormat(fullObject, value, params, property) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell var emailPattern = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/;
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (value && value.length && !emailPattern.test(value))
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell return [ {"policyRequirement": "VALID_EMAIL_ADDRESS_FORMAT"}];
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnellfunction required(fullObject, value, params, propName) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell if (value === undefined) {
916ef74523ecddc8140815c084ab6971ee366bcfCraig McDonnell return [ { "policyRequirement" : "REQUIRED" } ];
6c1420dd55f69d09f39dd213ee6c97ba901b8d92Craig McDonnellfunction notEmpty(fullObject, value, params, property) {
var currentValue = openidm.read("config/" + params.configBase),
if (typeof value !== "string" || !value.length || value.match(reg) === null || value.match(reg).length < params.numCaps) {
return [ { "policyRequirement" : "AT_LEAST_X_CAPITAL_LETTERS", "params" : {"numCaps": params.numCaps} } ];
if (typeof value !== "string" || !value.length || value.match(reg) === null || value.match(reg).length < params.numNums) {
var props = resource.properties;
var compProps = resource.properties;
return resource;
var retObj = {},
policyRequirements = new Array(),
if (policy == null) {
var found = false;
found = true;
if (!found) {
p.params = new Array();
var param = {};
found = false;
return returnPolicies;
var found = false;
found = true;
if (!found) {
found = false;
var returnArray = new Array();
var resource;
var object;
if (props != null) {
if (policies != null) {
var property = {};
return returnArray;
function processRequest() {
var resource;
if (resource == null ) {
resource = {};
var compArray = new Array();
returnObject = {};
var failedPolicyRequirements = new Array();
returnObject = {};
if (resource == null) {
} catch (error) {