Search in sources :

Example 11 with SecurityQuestionAnswerDTO

use of com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO in project midpoint by Evolveum.

the class UserMenuPanel method createUsersSecurityQuestionsList.

public List<SecurityQuestionAnswerDTO> createUsersSecurityQuestionsList(PrismObject<UserType> user) {
    SecurityQuestionsCredentialsType credentialsPolicyType = user.asObjectable().getCredentials().getSecurityQuestions();
    if (credentialsPolicyType == null) {
        return null;
    }
    List<SecurityQuestionAnswerType> secQuestAnsList = credentialsPolicyType.getQuestionAnswer();
    if (secQuestAnsList != null) {
        List<SecurityQuestionAnswerDTO> secQuestAnswListDTO = new ArrayList<SecurityQuestionAnswerDTO>();
        for (Iterator iterator = secQuestAnsList.iterator(); iterator.hasNext(); ) {
            SecurityQuestionAnswerType securityQuestionAnswerType = (SecurityQuestionAnswerType) iterator.next();
            Protector protector = ((PageBase) getPage()).getPrismContext().getDefaultProtector();
            if (securityQuestionAnswerType.getQuestionAnswer() != null && securityQuestionAnswerType.getQuestionAnswer().getEncryptedDataType() != null) {
                try {
                    String decoded = protector.decryptString(securityQuestionAnswerType.getQuestionAnswer());
                    secQuestAnswListDTO.add(new SecurityQuestionAnswerDTO(securityQuestionAnswerType.getQuestionIdentifier(), decoded));
                } catch (EncryptionException e) {
                    // TODO do we need to thrown exception here?
                    LOGGER.error("Could not get security questions. Error: " + e.getMessage(), e);
                    continue;
                }
            }
        }
        return secQuestAnswListDTO;
    } else {
        return null;
    }
}
Also used : SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) Protector(com.evolveum.midpoint.prism.crypto.Protector)

Example 12 with SecurityQuestionAnswerDTO

use of com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO in project midpoint by Evolveum.

the class PageSecurityQuestions method initLayout.

public void initLayout() {
    Form mainForm = new MidpointForm(ID_MAIN_FORM);
    pqPanels = new ArrayList<>();
    PrismObject<SecurityPolicyType> securityPolicy = getGlobalSecurityPolicy();
    LOGGER.trace("Found security policy: {}", securityPolicy);
    if (securityPolicy == null) {
        LOGGER.error("No security policy, cannot process security questions");
        // we do not want to provide any information to the attacker.
        throw new RestartResponseException(PageError.class);
    }
    SecurityQuestionsCredentialsPolicyType secQuestionsPolicy = securityPolicy.asObjectable().getCredentials() != null ? securityPolicy.asObjectable().getCredentials().getSecurityQuestions() : null;
    questionNumber = secQuestionsPolicy != null ? secQuestionsPolicy.getQuestionNumber() : 1;
    questionList = secQuestionsPolicy != null ? secQuestionsPolicy.getQuestion() : new ArrayList<>();
    List<SecurityQuestionAnswerDTO> userQuestionAnswerList = questions.getUserQuestionAnswers();
    if (userQuestionAnswerList == null) {
        getSession().error(getString("pageForgetPassword.message.ContactAdminQuestionsNotSet"));
        SecurityContext securityContext = SecurityContextHolder.getContext();
        securityContext.setAuthentication(null);
        throw new RestartResponseException(PageForgotPassword.class);
    }
    int panelNumber = 0;
    // Loop for finding the preset questions from the Policy Questions
    for (SecurityQuestionDefinitionType question : questionList) {
        // user's question List loop to match the questions
        for (SecurityQuestionAnswerDTO questionAnswer : userQuestionAnswerList) {
            // if the question is in the policy check
            if (questionAnswer.getPwdQuestionIdentifier().equalsIgnoreCase(question.getIdentifier())) {
                LoadableModel<SecurityQuestionAnswerDTO> model = new LoadableModel<SecurityQuestionAnswerDTO>() {

                    @Override
                    protected SecurityQuestionAnswerDTO load() {
                        SecurityQuestionAnswerDTO a = new SecurityQuestionAnswerDTO(questionAnswer.getPwdQuestionIdentifier(), "", questionAnswer.getPwdQuestion());
                        a = checkIfQuestionIsValid(a, questionList);
                        return a;
                    }
                };
                MyPasswordQuestionsPanel panel = new MyPasswordQuestionsPanel(ID_QUESTION_ANSWER_PANEL, model);
                panel.getBaseFormComponent().setRequired(true);
                pqPanels.add(panel);
                panelNumber++;
            }
        }
        if (panelNumber == questionNumber) {
            // we have enough
            break;
        }
    }
    if (panelNumber < questionNumber) {
        getSession().error(getString("pageForgetPassword.message.ContactAdminQuestionsNotSetEnough"));
        SecurityContext securityContext = SecurityContextHolder.getContext();
        securityContext.setAuthentication(null);
        throw new RestartResponseException(PageForgotPassword.class);
    }
    add(mainForm);
    mainForm.add(getPanels(pqPanels));
    initButtons(mainForm);
}
Also used : MidpointForm(com.evolveum.midpoint.web.component.form.MidpointForm) Form(org.apache.wicket.markup.html.form.Form) ArrayList(java.util.ArrayList) MidpointForm(com.evolveum.midpoint.web.component.form.MidpointForm) RestartResponseException(org.apache.wicket.RestartResponseException) SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO) SecurityContext(org.springframework.security.core.context.SecurityContext) LoadableModel(com.evolveum.midpoint.gui.api.model.LoadableModel) MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)

Example 13 with SecurityQuestionAnswerDTO

use of com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO in project midpoint by Evolveum.

the class SecurityQuestionsPanel method loadPageModel.

private PasswordQuestionsDto loadPageModel() {
    LOGGER.debug("Loading user for Security Question Page.");
    GuiProfiledPrincipal principalUser = AuthUtil.getPrincipalUser();
    PasswordQuestionsDto dto = new PasswordQuestionsDto(principalUser.getOid());
    OperationResult result = new OperationResult(OPERATION_LOAD_USER);
    try {
        Task task = getPageBase().createSimpleTask(OPERATION_LOAD_USER);
        OperationResult subResult = result.createSubresult(OPERATION_LOAD_USER);
        PrismObject<UserType> user = getPageBase().getModelService().getObject(UserType.class, principalUser.getOid(), null, task, subResult);
        dto.setUserQuestionAnswers(createUsersSecurityQuestionsList(user));
        subResult.recordSuccessIfUnknown();
    } catch (Exception ex) {
        LoggingUtils.logExceptionOnDebugLevel(LOGGER, "Couldn't get user Questions, Probably not set yet", ex);
    } finally {
        result.recomputeStatus();
    }
    CredentialsPolicyType credPolicy = principalUser.getApplicableSecurityPolicy().getCredentials();
    List<SecurityQuestionDefinitionType> questionsDef = new ArrayList<>();
    // Security Policy set question numbers
    if (credPolicy != null && credPolicy.getSecurityQuestions() != null) {
        // Actual Policy Question List
        questionsDef = getEnabledSecurityQuestions(credPolicy);
    } else {
        LOGGER.debug("Couldn't load credentials for security questions");
    }
    result = new OperationResult(OPERATION_LOAD_QUESTION_POLICY);
    try {
        /*User's Pre-Set Question List*/
        List<SecurityQuestionAnswerDTO> userQuestionList = dto.getUserQuestionAnswers();
        /* check if user's set number of
             * questions matches the policy or not*/
        // Case that policy have more than users's number of numbers
        int questionSize = questionsDef.size();
        if (userQuestionList == null) {
            dto.getActualQuestionAnswers().addAll(executeAddingQuestions(questionSize, 0, questionsDef));
        // TODO same questions check should be implemented
        } else if (questionSize > userQuestionList.size()) {
            dto.getActualQuestionAnswers().addAll(executePasswordQuestionsAndAnswers(userQuestionList, questionsDef, userQuestionList.size()));
            // QUESTION NUMBER BIGGER THAN QUESTION LIST
            // rest of the questions
            int difference = questionSize - userQuestionList.size();
            dto.getActualQuestionAnswers().addAll(executeAddingQuestions(difference, userQuestionList.size(), questionsDef));
        } else if (questionSize <= userQuestionList.size()) {
            // QUESTION NUMBER SMALLER THAN QUESTION LIST OR EQUALS TO QUESTION LIST
            dto.getActualQuestionAnswers().addAll(executePasswordQuestionsAndAnswers(userQuestionList, questionsDef, 0));
        }
    } catch (Exception ex) {
        result.recordFatalError(getString("PageMyPasswordQuestions.message.couldNotLoadSysConfig"), ex);
    }
    return dto;
}
Also used : Task(com.evolveum.midpoint.task.api.Task) ArrayList(java.util.ArrayList) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) GuiProfiledPrincipal(com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal) SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO) PasswordQuestionsDto(com.evolveum.midpoint.web.page.admin.home.dto.PasswordQuestionsDto)

Aggregations

SecurityQuestionAnswerDTO (com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)13 ArrayList (java.util.ArrayList)8 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)7 MyPasswordQuestionsPanel (com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)5 Protector (com.evolveum.midpoint.prism.crypto.Protector)4 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)3 Task (com.evolveum.midpoint.task.api.Task)3 SecurityQuestionDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)2 Iterator (java.util.Iterator)2 RestartResponseException (org.apache.wicket.RestartResponseException)2 Form (org.apache.wicket.markup.html.form.Form)2 LoadableModel (com.evolveum.midpoint.gui.api.model.LoadableModel)1 GuiProfiledPrincipal (com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)1 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1 MidpointForm (com.evolveum.midpoint.web.component.form.MidpointForm)1 PasswordQuestionsDto (com.evolveum.midpoint.web.page.admin.home.dto.PasswordQuestionsDto)1 CredentialsPolicyType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType)1 SecurityQuestionAnswerType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)1