policy.js revision bae0f27fde2298fc261664f259a70326ffb07a27
594N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 0N/A * Copyright (c) 2012 ForgeRock AS. All Rights Reserved 0N/A * The contents of this file are subject to the terms 0N/A * of the Common Development and Distribution License 0N/A * (the License). You may not use this file except in 0N/A * compliance with the License. 0N/A * You can obtain a copy of the License at 0N/A * See the License for the specific language governing 0N/A * permission and limitations under the License. 0N/A * When distributing Covered Code, include this CDDL 0N/A * Header Notice in each file and include the License file 0N/A * If applicable, add the following below the CDDL Header, 0N/A * with the fields enclosed by brackets [] replaced by 0N/A * your own identifying information: 0N/A * "Portions Copyrighted [year] [name of copyright owner]" 0N/A {
"policyId" :
"required",
0N/A "policyExec" :
"required",
0N/A "clientValidation":
true,
0N/A "policyRequirements" : [
"REQUIRED"]
0N/A {
"policyId" :
"not-empty",
0N/A "policyExec" :
"notEmpty",
0N/A "clientValidation":
true,
0N/A "policyRequirements" : [
"REQUIRED"]
0N/A "policyId" :
"max-attempts-triggers-lock-cooldown",
0N/A "policyExec" :
"maxAttemptsTriggersLockCooldown",
0N/A "policyRequirements" : [
"NO_MORE_THAN_X_ATTEMPTS_WITHIN_Y_MINUTES"]
0N/A {
"policyId" :
"unique",
0N/A "policyExec" :
"unique",
0N/A "policyRequirements" : [
"UNIQUE"]
0N/A "policyId" :
"valid-date",
0N/A "policyExec" :
"validDate",
0N/A "clientValidation":
true,
0N/A "policyRequirements": [
"VALID_DATE"]
0N/A "policyId" :
"valid-email-address-format",
0N/A "policyExec" :
"validEmailAddressFormat",
0N/A "clientValidation":
true,
0N/A "policyRequirements": [
"VALID_EMAIL_ADDRESS_FORMAT"]
0N/A "policyId" :
"valid-name-format",
0N/A "policyExec" :
"validNameFormat",
0N/A "clientValidation":
true,
0N/A "policyRequirements": [
"VALID_NAME_FORMAT"]
0N/A "policyId" :
"valid-phone-format",
0N/A "policyExec" :
"validPhoneFormat",
0N/A "policyRequirements": [
"VALID_PHONE_FORMAT"]
0N/A {
"policyId" :
"at-least-X-capitals",
0N/A "policyExec" :
"atLeastXCapitalLetters",
0N/A "policyRequirements" : [
"AT_LEAST_X_CAPITAL_LETTERS"]
0N/A {
"policyId" :
"at-least-X-numbers",
0N/A "clientValidation":
true,
0N/A "policyExec" :
"atLeastXNumbers",
0N/A "policyRequirements" : [
"AT_LEAST_X_NUMBERS"]
0N/A {
"policyId" :
"minimum-length",
0N/A "clientValidation":
true,
0N/A "policyExec" :
"propertyMinLength",
0N/A "policyRequirements" : [
"MIN_LENGTH"]
0N/A {
"policyId" :
"cannot-contain-others",
0N/A "clientValidation":
true,
1365N/A "policyExec" :
"cannotContainOthers",
1365N/A "policyRequirements" : [
"CANNOT_CONTAIN_OTHERS"]
0N/A "policyId" :
"required-if-configured",
0N/A "policyExec":
"requiredIfConfigured",
0N/A "policyRequirements" : [
"REQUIRED"]
0N/A {
"policyId" :
"re-auth-required",
0N/A "policyExec" :
"reauthRequired",
0N/A "policyRequirements" : [
"REAUTH_REQUIRED"]
0N/A return [ {
"policyRequirement":
"VALID_DATE"}];
0N/A return [ {
"policyRequirement":
"VALID_PHONE_FORMAT"}];
0N/A var namePattern = /^([A-
Za'-\u0105\u0107\u0119\u0142\u00F3\u015B\u017C\u017A\u0104\u0106\u0118\u0141\u00D3\u015A\u017B\u0179\u00C0\u00C8\u00CC\u00D2\u00D9\u00E0\u00E8\u00EC\u00F2\u00F9\u00C1\u00C9\u00CD\u00D3\u00DA\u00DD\u00E1\u00E9\u00ED\u00F3\u00FA\u00FD\u00C2\u00CA\u00CE\u00D4\u00DB\u00E2\u00EA\u00EE\u00F4\u00FB\u00C3\u00D1\u00D5\u00E3\u00F1\u00F5\u00C4\u00CB\u00CF\u00D6\u00DC\u0178\u00E4\u00EB\u00EF\u00F6\u00FC\u0178\u00A1\u00BF\u00E7\u00C7\u0152\u0153\u00DF\u00D8\u00F8\u00C5\u00E5\u00C6\u00E6\u00DE\u00FE\u00D0\u00F0\-\s])+$/; 0N/A if (value && value.length && !namePattern.test(value)) 0N/A return [ {"policyRequirement": "VALID_NAME_FORMAT"}]; 0N/Afunction validEmailAddressFormat(fullObject, value, params, property) { 0N/A var emailPattern = /^([A-Za-z0-9_\-\.])+\@([A-Za-z0-9_\-\.])+\.([A-Za-z]{2,4})$/; 0N/A if (value && value.length && !emailPattern.test(value)) 0N/A return [ {"policyRequirement": "VALID_EMAIL_ADDRESS_FORMAT"}]; function required(fullObject, value, params, propName) { if (value === undefined) { return [ { "policyRequirement" : "REQUIRED" } ]; function notEmpty(fullObject, value, params, property) { if (!value || !value.length) return [ {"policyRequirement": "REQUIRED"}]; function requiredIfConfigured(fullObject, value, params, property) { var currentValue = openidm.read("config/" + params.configBase), baseKeyArray = params.baseKey.split("."); for (var i in baseKeyArray) currentValue = currentValue[baseKeyArray[i]]; if (currentValue && (!value || !value.length)) return [ {"policyRequirement": "REQUIRED"}]; function unique(fullObject, value, params, property) { "_query-id": "get-by-field-value", if (value && value.length) var existing = openidm.query(request.id, queryParams); if (existing.result.length != 0 && (!fullObject["_id"] || existing.result[0]["_id"] != fullObject["_id"])) { return [{"policyRequirement": "UNIQUE"}]; function propertyMinLength(fullObject, value, params, property) { var minLength = params.minLength; if (typeof value !== "string" || value.length < minLength) { return [ { "policyRequirement" : "MIN_LENGTH", "params" : {"minLength":minLength} } ]; function atLeastXCapitalLetters(fullObject, value, params, property) { if (typeof value !== "string" || !value.length || value.match(reg) === null || value.match(reg).length < params.numCaps) { return [ { "policyRequirement" : "AT_LEAST_X_CAPITAL_LETTERS", "params" : {"numCaps": params.numCaps} } ]; function atLeastXNumbers(fullObject, value, params, property) { if (typeof value !== "string" || !value.length || value.match(reg) === null || value.match(reg).length < params.numNums) { return [ { "policyRequirement" : "AT_LEAST_X_NUMBERS", "params" : {"numNums": params.numNums} } ]; function getPolicy(policyId) { for (var i = 0; i < policyConfig.policies.length; i++) { if (policyConfig.policies[i].policyId == policyId) { return policyConfig.policies[i]; function reauthRequired(fullObject, value, params, propName) { var req = request.parent.parent; if (typeof req.type !== 'undefined' && req.type == "http") { authFilter.reauthenticate(req); return [ { "policyRequirement" : "REAUTH_REQUIRED" } ]; function getPropertyValue(requestObject, propName) { var propAddress = propName.split("/"); var tmpObject = requestObject; for (var i = 0; i < propAddress.length; i++) { tmpObject = tmpObject[propAddress[i]]; if (tmpObject === undefined || tmpObject === null) { function getPropertyConfig(resource, propName) { for (var i = 0; i < props.length; i++) { if (prop.name == propName) { function getResource(resources, resourceName) { for (var i = 0; i < resources.length; i++) { var resource = resources[i]; if (resourceMatches(resource.resource, resourceName)) { function resourceMatches(resource1, resource2) { rsrc1 = resource1.split("/"); rsrc2 = resource2.split("/"); if (rsrc1.length == rsrc2.length) { for (var i = 0; i < rsrc1.length; i++) { if (rsrc1[i] != rsrc2[i] && function getResourceWithPolicyRequirements(resource) { // Loop through the properties for this resource for (var i = 0; i < compProps.length; i++) { var propPolicyReqs = new Array(); // loop through the policies of each property for (var j = 0; j < prop.policies.length; j++) { var policy = getPolicy(prop.policies[j].policyId); // Check if client validation is enabled, if so add source if ((policy.clientValidation !== undefined) && policy.clientValidation) { prop.policies[j].policyFunction = eval(policy.policyExec).toString(); prop.policies[j].policyRequirements = policy.policyRequirements; reqs = policy.policyRequirements; // loop through the requirements for each policy for (var x = 0; x < reqs.length; x++) { // Add the requirements array to the property object // Return all property configs for this resource // update old policy with new config // Get the policy configuration for the specified resource // Update the policy configuration with any resource specific }
else if (
method ==
"action") {
throw "No resource specified";
// There is no configured policies for this resource (nothing to verify) // Perform the validation if (
action ==
"validateObject") {
}
else if (
action ==
"validateProperty") {
throw "Unsupported action: " +
action;
// Set the result to true if no failedPolicyRequirements (failures), false otherwise // Set the return failedPolicyRequirements throw "Unsupported method: " +
method;
//Load additional policy scripts if configured