use of org.forgerock.json.resource.InternalServerErrorException in project OpenAM by OpenRock.
the class OathDevicesResource method actionCollection.
/**
* {@inheritDoc}
*/
@Override
public Promise<ActionResponse, ResourceException> actionCollection(Context context, ActionRequest request) {
try {
//could be admin
final AMIdentity identity = getUserIdFromUri(context);
final AuthenticatorOathService realmOathService = oathServiceFactory.create(getRealm(context));
switch(request.getAction()) {
case SKIP:
try {
final boolean setValue = request.getContent().get(VALUE).asBoolean();
realmOathService.setUserSkipOath(identity, setValue ? AuthenticatorOathService.SKIPPABLE : AuthenticatorOathService.NOT_SKIPPABLE);
return newResultPromise(newActionResponse(JsonValueBuilder.jsonValue().build()));
} catch (SSOException | IdRepoException e) {
debug.error("OathDevicesResource :: SKIP action - Unable to set value in user store.", e);
return new InternalServerErrorException().asPromise();
}
case CHECK:
try {
final Set resultSet = identity.getAttribute(realmOathService.getSkippableAttributeName());
boolean result = false;
if (CollectionUtils.isNotEmpty(resultSet)) {
String tmp = (String) resultSet.iterator().next();
int resultInt = Integer.valueOf(tmp);
if (resultInt == AuthenticatorOathService.SKIPPABLE) {
result = true;
}
}
return newResultPromise(newActionResponse(JsonValueBuilder.jsonValue().put(RESULT, result).build()));
} catch (SSOException | IdRepoException e) {
debug.error("OathDevicesResource :: CHECK action - Unable to read value from user store.", e);
return new InternalServerErrorException().asPromise();
}
case //sets their 'skippable' selection to default (NOT_SET) and deletes their profiles attribute
RESET:
try {
realmOathService.setUserSkipOath(identity, AuthenticatorOathService.NOT_SET);
realmOathService.removeAllUserDevices(identity);
return newResultPromise(newActionResponse(JsonValueBuilder.jsonValue().put(RESULT, true).build()));
} catch (SSOException | IdRepoException e) {
debug.error("OathDevicesResource :: Action - Unable to reset identity attributes", e);
return new InternalServerErrorException().asPromise();
}
default:
return new NotSupportedException().asPromise();
}
} catch (SMSException e) {
debug.error("OathDevicesResource :: Action - Unable to communicate with the SMS.", e);
return new InternalServerErrorException().asPromise();
} catch (SSOException | InternalServerErrorException e) {
debug.error("OathDevicesResource :: Action - Unable to retrieve identity data from request context", e);
return new InternalServerErrorException().asPromise();
}
}
use of org.forgerock.json.resource.InternalServerErrorException in project OpenAM by OpenRock.
the class IdentityResourceV2 method sendNotification.
/**
* Sends email notification to end user
* @param to Resource receiving notification
* @param subject Notification subject
* @param message Notification Message
* @param confirmationLink Confirmation Link to be sent
* @throws Exception when message cannot be sent
*/
private void sendNotification(String to, String subject, String message, String realm, String confirmationLink) throws ResourceException {
try {
mailmgr = new ServiceConfigManager(RestUtils.getToken(), MailServerImpl.SERVICE_NAME, MailServerImpl.SERVICE_VERSION);
mailscm = mailmgr.getOrganizationConfig(realm, null);
mailattrs = mailscm.getAttributes();
} catch (SMSException smse) {
if (debug.errorEnabled()) {
debug.error("{} :: Cannot create service {}", SEND_NOTIF_TAG, MailServerImpl.SERVICE_NAME, smse);
}
throw new InternalServerErrorException("Cannot create the service: " + MailServerImpl.SERVICE_NAME, smse);
} catch (SSOException ssoe) {
if (debug.errorEnabled()) {
debug.error("{} :: Invalid SSOToken ", SEND_NOTIF_TAG, ssoe);
}
throw new InternalServerErrorException("Cannot create the service: " + MailServerImpl.SERVICE_NAME, ssoe);
}
if (mailattrs == null || mailattrs.isEmpty()) {
if (debug.errorEnabled()) {
debug.error("{} :: no attrs set {}", SEND_NOTIF_TAG, mailattrs);
}
throw new NotFoundException("No service Config Manager found for realm " + realm);
}
// Get MailServer Implementation class
String attr = mailattrs.get(MAIL_IMPL_CLASS).iterator().next();
MailServer mailServer;
try {
mailServer = mailServerLoader.load(attr, realm);
} catch (IllegalStateException e) {
debug.error("{} :: Failed to load mail server implementation: {}", SEND_NOTIF_TAG, attr, e);
throw new InternalServerErrorException("Failed to load mail server implementation: " + attr, e);
}
try {
// Check if subject has not been included
if (StringUtils.isBlank(subject)) {
// Use default email service subject
subject = mailattrs.get(MAIL_SUBJECT).iterator().next();
}
} catch (Exception e) {
if (debug.warningEnabled()) {
debug.warning("{} no subject found ", SEND_NOTIF_TAG, e);
}
subject = "";
}
try {
// Check if Custom Message has been included
if (StringUtils.isBlank(message)) {
// Use default email service message
message = mailattrs.get(MAIL_MESSAGE).iterator().next();
}
message = message + System.getProperty("line.separator") + confirmationLink;
} catch (Exception e) {
if (debug.warningEnabled()) {
debug.warning("{} no message found", SEND_NOTIF_TAG, e);
}
message = confirmationLink;
}
// Send the emails via the implementation class
try {
mailServer.sendEmail(to, subject, message);
} catch (MessagingException e) {
if (debug.errorEnabled()) {
debug.error("{} Failed to send mail", SEND_NOTIF_TAG, e);
}
throw new InternalServerErrorException("Failed to send mail", e);
}
}
use of org.forgerock.json.resource.InternalServerErrorException in project OpenAM by OpenRock.
the class IdentityResourceV1 method sendNotification.
/**
* Sends email notification to end user
* @param to Resource receiving notification
* @param subject Notification subject
* @param message Notification Message
* @param confirmationLink Confirmation Link to be sent
* @throws Exception when message cannot be sent
*/
private void sendNotification(String to, String subject, String message, String realm, String confirmationLink) throws ResourceException {
try {
mailmgr = new ServiceConfigManager(RestUtils.getToken(), MailServerImpl.SERVICE_NAME, MailServerImpl.SERVICE_VERSION);
mailscm = mailmgr.getOrganizationConfig(realm, null);
mailattrs = mailscm.getAttributes();
} catch (SMSException smse) {
if (debug.errorEnabled()) {
debug.error("{} :: Cannot create service {}", SEND_NOTIF_TAG, MailServerImpl.SERVICE_NAME, smse);
}
throw new InternalServerErrorException("Cannot create the service: " + MailServerImpl.SERVICE_NAME, smse);
} catch (SSOException ssoe) {
if (debug.errorEnabled()) {
debug.error("{} :: Invalid SSOToken ", SEND_NOTIF_TAG, ssoe);
}
throw new InternalServerErrorException("Cannot create the service: " + MailServerImpl.SERVICE_NAME, ssoe);
}
if (mailattrs == null || mailattrs.isEmpty()) {
if (debug.errorEnabled()) {
debug.error("{} :: no attrs set {}", SEND_NOTIF_TAG, mailattrs);
}
throw new NotFoundException("No service Config Manager found for realm " + realm);
}
// Get MailServer Implementation class
String attr = mailattrs.get(MAIL_IMPL_CLASS).iterator().next();
MailServer mailServer;
try {
mailServer = mailServerLoader.load(attr, realm);
} catch (IllegalStateException e) {
debug.error("{} :: Failed to load mail server implementation: {}", SEND_NOTIF_TAG, attr, e);
throw new InternalServerErrorException("Failed to load mail server implementation: " + attr, e);
}
try {
// Check if subject has not been included
if (StringUtils.isBlank(subject)) {
// Use default email service subject
subject = mailattrs.get(MAIL_SUBJECT).iterator().next();
}
} catch (Exception e) {
if (debug.warningEnabled()) {
debug.warning("{} no subject found ", SEND_NOTIF_TAG, e);
}
subject = "";
}
try {
// Check if Custom Message has been included
if (StringUtils.isBlank(message)) {
// Use default email service message
message = mailattrs.get(MAIL_MESSAGE).iterator().next();
}
message = message + System.getProperty("line.separator") + confirmationLink;
} catch (Exception e) {
if (debug.warningEnabled()) {
debug.warning("{} no message found", SEND_NOTIF_TAG, e);
}
message = confirmationLink;
}
// Send the emails via the implementation class
try {
mailServer.sendEmail(to, subject, message);
} catch (MessagingException e) {
if (debug.errorEnabled()) {
debug.error("{} Failed to send mail", SEND_NOTIF_TAG, e);
}
throw new InternalServerErrorException("Failed to send mail", e);
}
}
use of org.forgerock.json.resource.InternalServerErrorException in project OpenAM by OpenRock.
the class IdentityResourceV1 method generateNewPasswordEmail.
/**
* Generates the e-mail contents based on the incoming request.
*
* Will only send the e-mail if all the following conditions are true:
*
* - Forgotten Password service is enabled
* - User exists
* - User has an e-mail address in their profile
* - E-mail service is correctly configured.
*
* @param context Non null.
* @param request Non null.
* @param realm Used as part of user lookup.
* @param restSecurity Non null.
*/
private Promise<ActionResponse, ResourceException> generateNewPasswordEmail(final Context context, final ActionRequest request, final String realm, final RestSecurity restSecurity) {
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
final JsonValue jsonBody = request.getContent();
try {
// Check to make sure forgotPassword enabled
if (restSecurity == null) {
if (debug.warningEnabled()) {
debug.warning("Rest Security not created. restSecurity={}", restSecurity);
}
throw getException(UNAVAILABLE, "Rest Security Service not created");
}
if (!restSecurity.isForgotPassword()) {
if (debug.warningEnabled()) {
debug.warning("Forgot Password set to : {}", restSecurity.isForgotPassword());
}
throw getException(UNAVAILABLE, "Forgot password is not accessible.");
}
// Generate Admin Token
SSOToken adminToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
Map<String, Set<String>> searchAttributes = getIdentityServicesAttributes(realm);
searchAttributes.putAll(getAttributeFromRequest(jsonBody));
List searchResults = identityServices.search(new CrestQuery("*"), searchAttributes, adminToken);
if (searchResults.isEmpty()) {
throw new NotFoundException("User not found");
} else if (searchResults.size() > 1) {
throw new ConflictException("Multiple users found");
} else {
String username = (String) searchResults.get(0);
IdentityDetails identityDetails = identityServices.read(username, getIdentityServicesAttributes(realm), adminToken);
String email = null;
String uid = null;
for (Map.Entry<String, Set<String>> attribute : asMap(identityDetails.getAttributes()).entrySet()) {
String attributeName = attribute.getKey();
if (MAIL.equalsIgnoreCase(attributeName)) {
if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
email = attribute.getValue().iterator().next();
}
} else if (UNIVERSAL_ID.equalsIgnoreCase(attributeName)) {
if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
uid = attribute.getValue().iterator().next();
}
}
}
// Check to see if user is Active/Inactive
if (!isUserActive(uid)) {
throw new ForbiddenException("Request is forbidden for this user");
}
// Check if email is provided
if (email == null || email.isEmpty()) {
throw new BadRequestException("No email provided in profile.");
}
// Get full deployment URL
HttpContext header = context.asContext(HttpContext.class);
StringBuilder deploymentURL = RestUtils.getFullDeploymentURI(header.getPath());
String subject = jsonBody.get("subject").asString();
String message = jsonBody.get("message").asString();
// Retrieve email registration token life time
if (restSecurity == null) {
if (debug.warningEnabled()) {
debug.warning("Rest Security not created. restSecurity={}", restSecurity);
}
throw new NotFoundException("Rest Security Service not created");
}
Long tokenLifeTime = restSecurity.getForgotPassTLT();
// Generate Token
org.forgerock.openam.cts.api.tokens.Token ctsToken = generateToken(email, username, tokenLifeTime, realm);
// Store token in datastore
CTSHolder.getCTS().createAsync(ctsToken);
// Create confirmationId
String confirmationId = Hash.hash(ctsToken.getTokenId() + username + SystemProperties.get(AM_ENCRYPTION_PWD));
// Build Confirmation URL
String confURL = restSecurity.getForgotPasswordConfirmationUrl();
StringBuilder confURLBuilder = new StringBuilder(100);
if (confURL == null || confURL.isEmpty()) {
confURLBuilder.append(deploymentURL.append("/json/confirmation/forgotPassword").toString());
} else {
confURLBuilder.append(confURL);
}
String confirmationLink = confURLBuilder.append("?confirmationId=").append(requestParamEncode(confirmationId)).append("&tokenId=").append(requestParamEncode(ctsToken.getTokenId())).append("&username=").append(requestParamEncode(username)).append("&realm=").append(realm).toString();
// Send Registration
sendNotification(email, subject, message, realm, confirmationLink);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
if (debug.messageEnabled()) {
debug.message("IdentityResource.generateNewPasswordEmail :: ACTION of generate new password email " + " for username={} in realm={} performed by principalName={}", username, realm, principalName);
}
}
return newResultPromise(newActionResponse(result));
} catch (NotFoundException e) {
debug.warning("Could not find user", e);
return e.asPromise();
} catch (ResourceException re) {
// Service not available, Neither or both Username/Email provided, User inactive
debug.warning(re.getMessage(), re);
return re.asPromise();
} catch (Exception e) {
// Intentional - all other errors are considered Internal Error.
debug.error("Internal error : Failed to send mail", e);
return new InternalServerErrorException("Failed to send mail", e).asPromise();
}
}
use of org.forgerock.json.resource.InternalServerErrorException in project OpenAM by OpenRock.
the class IdentityResourceV1 method confirmationIdCheck.
/**
* Will validate confirmationId is correct
* @param context Current Server Context
* @param request Request from client to confirm registration
*/
private Promise<ActionResponse, ResourceException> confirmationIdCheck(final Context context, final ActionRequest request, final String realm) {
final String METHOD = "IdentityResource.confirmationIdCheck";
final JsonValue jVal = request.getContent();
String tokenID;
String confirmationId;
String email = null;
String username = null;
//email or username value used to create confirmationId
String hashComponent = null;
String hashComponentAttr = null;
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
try {
tokenID = jVal.get(TOKEN_ID).asString();
confirmationId = jVal.get(CONFIRMATION_ID).asString();
email = jVal.get(EMAIL).asString();
username = jVal.get(USERNAME).asString();
if (StringUtils.isBlank(confirmationId)) {
if (debug.errorEnabled()) {
debug.error("{} :: Bad Request - confirmationId not found in request.", METHOD);
}
throw new BadRequestException("confirmationId not provided");
}
if (StringUtils.isBlank(email) && !StringUtils.isBlank(username)) {
hashComponent = username;
hashComponentAttr = USERNAME;
}
if (!StringUtils.isBlank(email) && StringUtils.isBlank(username)) {
hashComponent = email;
hashComponentAttr = EMAIL;
}
if (StringUtils.isBlank(hashComponent)) {
if (debug.errorEnabled()) {
debug.error("{} :: Bad Request - hashComponent not found in request.", METHOD);
}
throw new BadRequestException("Required information not provided");
}
if (StringUtils.isBlank(tokenID)) {
if (debug.errorEnabled()) {
debug.error("{} :: Bad Request - tokenID not found in request.", METHOD);
}
throw new BadRequestException("tokenId not provided");
}
validateToken(tokenID, realm, hashComponent, confirmationId);
// build resource
result.put(hashComponentAttr, hashComponent);
result.put(TOKEN_ID, tokenID);
result.put(CONFIRMATION_ID, confirmationId);
if (debug.messageEnabled()) {
debug.message("{} :: Confirmed for token '{}' with confirmation '{}'", METHOD, tokenID, confirmationId);
}
return newResultPromise(newActionResponse(result));
} catch (BadRequestException bre) {
debug.warning("{} :: Cannot confirm registration/forgotPassword for : {}", METHOD, hashComponent, bre);
return bre.asPromise();
} catch (ResourceException re) {
debug.warning("{} :: Resource error for : {}", METHOD, hashComponent, re);
return re.asPromise();
} catch (CoreTokenException cte) {
debug.error("{} :: CTE error for : {}", METHOD, hashComponent, cte);
return new InternalServerErrorException(cte).asPromise();
}
}
Aggregations