IdStory Identity Manager

I did review for requirements above and here are my notes.

• public password change content - changes idm and all accounts password (see all flag in PasswordChangeDto).
• please use the same mechanism with PasswordChangeType on all places if needed - don't create second feature, only improve current mechanism by configuration if needed etc.

• see #115 notes (reuse or remove hidden content)
• where tokens for temporary link will be stored? Maybe in IdmPassword agenda or soething new?
• where configuration will be stored (configuration servce or new agenda)?

I finally finished implementation. It is in personal/PeterSourek/feature-363-pwdReset.

• Move module to separate repository
• Make module compatible with 7.3.6 (now it is 7.3.4)

Could you please review it? Thank you.

I did test and review and found some issues:
- IdentityPasswordValidateProcessor's event types should be configured too for new event type - password should be validated before provisioning.
- PropertyModuleDescriptor super class for module descriptor could be used, then redundant ConfigPasswordReset could be removed.
- One of "pwd-reset" or pwdreset module identifier should be chosen. The same identifier should be used everywhere (property file, flyway, module descriptor, fe / be)
- module properties should not contain reserved words "password" and "token" - they are confidential by default and this is not needed in this case i think.
- swagger controller annotations - wrong tag "Example"
- password reset is public endpoint, but swagger says authentication is needed - authentication annotations should be removed.
- PasswordResetResultCode is in wrong package ( eu.bcvsolutions.idm.pwdreset.domain). All exceptions should extend ResultCodeException => then redundant exception handling in controller can be removed.
- ConfigurationService#getFrontendUrl method should be used => wrong url is generated to email now (parameters before path, start with double slash)
- PasswordResetPermission is in wrong package (eu.bcvsolutions.idm.pwdreset.domain) and is not used at all. ModuleDescriptor#getPermissions method should be overriden and localization for new group should be added on FE.
- submit button on FE is not localized
- content.response.token... localization should be replaced with standard result codes with parameters - user doesn't know what is wrong exactly => see above ResultCodeException generalization + FE localization. Some "raw" exceptions are thrown in BE - when identity not exists (fails, when notification is send - check has to be done earlier + appropriate ResultCodeException). When duplicit reset request is created (DB constraint error in log). When identity has not email defined etc.
- Basic.Row and Basic.Col component could be used instead direct bootstrap style
- when some error occurs, then no redirection is needed from password reset page, just message wit reason should be shown.
- when password reset token is verified and password is changed successfully, then no message is shown - identity can be logged in - same behavior as password change.
- Advanced.PasswordField component should be used on VerifyReset content - content layout is broken now.
- Token parameter from url is not prefilled in form.
- warnings in code - serial, unused import and fields, missing author
- we aren't using modifier 'final' for each variable, only there, when is needed (its discutable, but we are using it this way)

I changed dependency to released 7.3.6 version a cleanup mvn project.

I repaired all implementation related stuff. I need to update documentation, but code review can be done.

I did review again. A lot of points were fixed, thx! There are still some issues:
- PasswordResetResultCode.CANNOT_REQUEST_RESET is not localized.
- Navigation is not selected for password reset contents - see PasswordChange.componentDidMount method for inspiration.
- When duplicate reset request is created - DB constraint error in log using h2 DB - @OneToOne annotation in PasswordResetRequest entity (@OneToMany?).
- jpa metamodel can be used in IdentityResolver for field names.
- PasswordReset content is obfuscated :) (wrong auto format?).
- When password reset is successful, then identity should be logged in - the same behavior as PasswordChange content
- When password reset fails (e.g. password policy validation failed), then entered password should not be cleared - the same behavior as PasswordChange content

Done. Can you please do the review again? I did all the things you told me to. :) Thanks

I did test and review, password reset work, thx. Some issues above is not complete:
- PropertyModuleDescriptor super class for module descriptor is used now, its ok, but module properties is missing (https://wiki.czechidm.com/devel/dev/configuration/backend#module_configuration)
- jpa metamodel can be used in IdentityResolver for field names ("email").
- update doc https://wiki.czechidm.com/tutorial/adm/modules_pwdreset (identity-password-validate-processor has to process password reset event too - i tested it, it will work)

After fixing this remaining minor issues, you can close this ticket.

Thx Ondra and Patrik for solving remaining issues, i did test and review together with #925. I'm closing this obsolete ticket.