Search in sources :

Example 1 with SecurityQuestionAnswerType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.

the class SecurityQuestionsPolicyEvaluator method validateCredentialContainerValues.

@Override
protected void validateCredentialContainerValues(PrismContainerValue<SecurityQuestionsCredentialsType> cVal) throws PolicyViolationException, SchemaException, ObjectNotFoundException, ExpressionEvaluationException {
    SecurityQuestionsCredentialsType securityQuestions = cVal.asContainerable();
    if (securityQuestions != null) {
        List<SecurityQuestionAnswerType> questionAnswers = securityQuestions.getQuestionAnswer();
        for (SecurityQuestionAnswerType questionAnswer : questionAnswers) {
            ProtectedStringType answer = questionAnswer.getQuestionAnswer();
            validateProtectedStringValue(answer);
        }
    }
}
Also used : SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType) SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)

Example 2 with SecurityQuestionAnswerType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.

the class MidpointRestSecurityQuestionsAuthenticator method createAuthenticationContext.

@Override
protected SecurityQuestionsAuthenticationContext createAuthenticationContext(AuthorizationPolicy policy, ContainerRequestContext requestCtx) {
    JsonFactory f = new JsonFactory();
    ObjectMapper mapper = new ObjectMapper(f);
    JsonNode node = null;
    try {
        node = mapper.readTree(policy.getAuthorization());
    } catch (IOException e) {
        RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
        return null;
    }
    JsonNode userNameNode = node.findPath("user");
    if (userNameNode instanceof MissingNode) {
        RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, "{" + USER_CHALLENGE + "}");
        return null;
    }
    String userName = userNameNode.asText();
    policy.setUserName(userName);
    JsonNode answerNode = node.findPath("answer");
    if (answerNode instanceof MissingNode) {
        SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
        SearchResultList<PrismObject<UserType>> users = null;
        try {
            users = searchUser(userName);
        } finally {
            SecurityContextHolder.getContext().setAuthentication(null);
        }
        if (users.size() != 1) {
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
            return null;
        }
        PrismObject<UserType> user = users.get(0);
        PrismContainer<SecurityQuestionAnswerType> questionAnswerContainer = user.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
        if (questionAnswerContainer == null || questionAnswerContainer.isEmpty()) {
            requestCtx.abortWith(Response.status(Status.UNAUTHORIZED).header("WWW-Authenticate", "Security question authentication failed. Incorrect username and/or password").build());
            return null;
        }
        String questionChallenge = "";
        List<SecurityQuestionDefinitionType> questions = null;
        try {
            SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
            questions = getQuestions(user);
        } finally {
            SecurityContextHolder.getContext().setAuthentication(null);
        }
        Collection<SecurityQuestionAnswerType> questionAnswers = questionAnswerContainer.getRealValues();
        Iterator<SecurityQuestionAnswerType> questionAnswerIterator = questionAnswers.iterator();
        while (questionAnswerIterator.hasNext()) {
            SecurityQuestionAnswerType questionAnswer = questionAnswerIterator.next();
            SecurityQuestionDefinitionType question = questions.stream().filter(q -> q.getIdentifier().equals(questionAnswer.getQuestionIdentifier())).findFirst().get();
            String challenge = QUESTION.replace(Q_ID, question.getIdentifier());
            questionChallenge += challenge.replace(Q_TXT, question.getQuestionText());
            if (questionAnswerIterator.hasNext()) {
                questionChallenge += ",";
            }
        }
        String userChallenge = USER_CHALLENGE.replace("username", userName);
        String challenge = "{" + userChallenge + ", \"answer\" : [" + questionChallenge + "]}";
        RestServiceUtil.createSecurityQuestionAbortMessage(requestCtx, challenge);
        return null;
    }
    ArrayNode answers = (ArrayNode) answerNode;
    Iterator<JsonNode> answersList = answers.elements();
    Map<String, String> questionAnswers = new HashMap<>();
    while (answersList.hasNext()) {
        JsonNode answer = answersList.next();
        String questionId = answer.findPath("qid").asText();
        String questionAnswer = answer.findPath("qans").asText();
        questionAnswers.put(questionId, questionAnswer);
    }
    return new SecurityQuestionsAuthenticationContext(userName, questionAnswers);
}
Also used : SecurityQuestionDefinitionType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType) HashMap(java.util.HashMap) JsonFactory(com.fasterxml.jackson.core.JsonFactory) JsonNode(com.fasterxml.jackson.databind.JsonNode) MissingNode(com.fasterxml.jackson.databind.node.MissingNode) IOException(java.io.IOException) AnonymousAuthenticationToken(org.springframework.security.authentication.AnonymousAuthenticationToken) PrismObject(com.evolveum.midpoint.prism.PrismObject) SecurityQuestionsAuthenticationContext(com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext) ArrayNode(com.fasterxml.jackson.databind.node.ArrayNode) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType) ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)

Example 3 with SecurityQuestionAnswerType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.

the class PageMyPasswordQuestions method updateQuestions.

private void updateQuestions(String useroid, AjaxRequestTarget target) {
    Task task = createSimpleTask(OPERATION_SAVE_QUESTIONS);
    OperationResult result = new OperationResult(OPERATION_SAVE_QUESTIONS);
    SchemaRegistry registry = getPrismContext().getSchemaRegistry();
    SecurityQuestionAnswerType[] answerTypeList = new SecurityQuestionAnswerType[questionNumber];
    try {
        int listnum = 0;
        for (Iterator iterator = pqPanels.iterator(); iterator.hasNext(); ) {
            MyPasswordQuestionsPanel type = (MyPasswordQuestionsPanel) iterator.next();
            SecurityQuestionAnswerType answerType = new SecurityQuestionAnswerType();
            ProtectedStringType answer = new ProtectedStringType();
            answer.setClearValue(((TextField<String>) type.get(MyPasswordQuestionsPanel.F_ANSWER)).getModelObject());
            answerType.setQuestionAnswer(answer);
            //used apache's unescapeHtml method for special chars like \'
            String results = StringEscapeUtils.unescapeHtml((type.get(MyPasswordQuestionsPanel.F_QUESTION)).getDefaultModelObjectAsString());
            answerType.setQuestionIdentifier(getQuestionIdentifierFromQuestion(results));
            answerTypeList[listnum] = answerType;
            listnum++;
        }
        //if(answerTypeList.length !=)
        // fill in answerType data here
        ItemPath path = new ItemPath(UserType.F_CREDENTIALS, CredentialsType.F_SECURITY_QUESTIONS, SecurityQuestionsCredentialsType.F_QUESTION_ANSWER);
        ObjectDelta<UserType> objectDelta = ObjectDelta.createModificationReplaceContainer(UserType.class, useroid, path, getPrismContext(), answerTypeList);
        Collection<ObjectDelta<? extends ObjectType>> deltas = MiscSchemaUtil.createCollection(objectDelta);
        getModelService().executeChanges(deltas, null, task, result);
        /*			
			System.out.println("getModel");
			 Collection<ObjectDelta<? extends ObjectType>> deltas = new ArrayList<ObjectDelta<? extends ObjectType>>();
			PasswordQuestionsDto dto = new PasswordQuestionsDto();
			 PrismObjectDefinition objDef =registry.findObjectDefinitionByCompileTimeClass(UserType.class);
			 Class<? extends ObjectType> type =  UserType.class;

			 final ItemPath valuePath = new ItemPath(SchemaConstantsGenerated.C_CREDENTIALS,
	                  CredentialsType.F_SECURITY_QUESTIONS, SecurityQuestionsCredentialsType.F_QUESTION_ANSWER); 
			 SecurityQuestionAnswerType secQuesAnsType= new SecurityQuestionAnswerType();
			 ProtectedStringType protStrType= new ProtectedStringType();
			 protStrType.setClearValue("deneme");
			 secQuesAnsType.setQuestionAnswer(protStrType);
			 dto.setSecurityAnswers(new ArrayList<SecurityQuestionAnswerType>());
			 dto.getSecurityAnswers().add(secQuesAnsType);

			PropertyDelta delta = PropertyDelta.createModificationReplaceProperty(valuePath, objDef, dto.getSecurityAnswers().get(0).getQuestionAnswer());
		//	PropertyDelta delta= PropertyDelta.createModifica

			 System.out.println("Update Questions3");
			deltas.add(ObjectDelta.createModifyDelta(useroid, delta, type, getPrismContext()));
			System.out.println("Update Questions4");
			getModelService().executeChanges(deltas, null, createSimpleTask(OPERATION_SAVE_QUESTIONS), result);
			System.out.println("Update Questions5");

			 */
        success(getString("message.success"));
        target.add(getFeedbackPanel());
    } catch (Exception ex) {
        error(getString("message.error"));
        target.add(getFeedbackPanel());
        ex.printStackTrace();
    }
}
Also used : Task(com.evolveum.midpoint.task.api.Task) OperationResult(com.evolveum.midpoint.schema.result.OperationResult) RestartResponseException(org.apache.wicket.RestartResponseException) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) ObjectType(com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType) Iterator(java.util.Iterator) MyPasswordQuestionsPanel(com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel) ObjectDelta(com.evolveum.midpoint.prism.delta.ObjectDelta) SchemaRegistry(com.evolveum.midpoint.prism.schema.SchemaRegistry) SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType) ProtectedStringType(com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) ItemPath(com.evolveum.midpoint.prism.path.ItemPath)

Example 4 with SecurityQuestionAnswerType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.

the class PageSecurityQuestions method createUsersSecurityQuestionsList.

public List<SecurityQuestionAnswerDTO> createUsersSecurityQuestionsList(PrismObject<UserType> user) {
    SecurityQuestionsCredentialsType credentialsPolicyType = user.asObjectable().getCredentials().getSecurityQuestions();
    if (credentialsPolicyType == null) {
        return null;
    }
    List<SecurityQuestionAnswerType> secQuestAnsList = credentialsPolicyType.getQuestionAnswer();
    if (secQuestAnsList != null) {
        List<SecurityQuestionAnswerDTO> secQuestAnswListDTO = new ArrayList<SecurityQuestionAnswerDTO>();
        for (Iterator iterator = secQuestAnsList.iterator(); iterator.hasNext(); ) {
            SecurityQuestionAnswerType securityQuestionAnswerType = (SecurityQuestionAnswerType) iterator.next();
            Protector protector = getPrismContext().getDefaultProtector();
            String decoded = "";
            if (securityQuestionAnswerType.getQuestionAnswer().getEncryptedDataType() != null) {
                try {
                    decoded = protector.decryptString(securityQuestionAnswerType.getQuestionAnswer());
                } catch (EncryptionException e) {
                    // TODO Auto-generated catch block
                    e.printStackTrace();
                }
            }
            secQuestAnswListDTO.add(new SecurityQuestionAnswerDTO(securityQuestionAnswerType.getQuestionIdentifier(), decoded));
        }
        return secQuestAnswListDTO;
    } else {
        return null;
    }
}
Also used : SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType) SecurityQuestionAnswerDTO(com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO) ArrayList(java.util.ArrayList) Iterator(java.util.Iterator) EncryptionException(com.evolveum.midpoint.prism.crypto.EncryptionException) SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType) Protector(com.evolveum.midpoint.prism.crypto.Protector)

Example 5 with SecurityQuestionAnswerType

use of com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType in project midpoint by Evolveum.

the class TestAbstractRestService method test600modifySecurityQuestionAnswer.

@Test
public void test600modifySecurityQuestionAnswer() throws Exception {
    final String TEST_NAME = "test600modifySecurityQuestionAnswer";
    displayTestTile(this, TEST_NAME);
    WebClient client = prepareClient();
    client.path("/users/" + USER_DARTHADDER_OID);
    getDummyAuditService().clear();
    TestUtil.displayWhen(TEST_NAME);
    Response response = client.post(getRequestFile(MODIFICATION_REPLACE_ANSWER));
    TestUtil.displayThen(TEST_NAME);
    displayResponse(response);
    traceResponse(response);
    assertEquals("Expected 204 but got " + response.getStatus(), 204, response.getStatus());
    IntegrationTestTools.display("Audit", getDummyAuditService());
    getDummyAuditService().assertRecords(4);
    getDummyAuditService().assertLoginLogout(SchemaConstants.CHANNEL_REST_URI);
    getDummyAuditService().assertHasDelta(1, ChangeType.MODIFY, UserType.class);
    TestUtil.displayWhen(TEST_NAME);
    response = client.get();
    TestUtil.displayThen(TEST_NAME);
    displayResponse(response);
    assertEquals("Expected 200 but got " + response.getStatus(), 200, response.getStatus());
    UserType userDarthadder = response.readEntity(UserType.class);
    CredentialsType credentials = userDarthadder.getCredentials();
    assertNotNull("No credentials in user. Something is wrong.", credentials);
    SecurityQuestionsCredentialsType securityQuestions = credentials.getSecurityQuestions();
    assertNotNull("No security questions defined for user. Something is wrong.", securityQuestions);
    List<SecurityQuestionAnswerType> secQuestionAnswers = securityQuestions.getQuestionAnswer();
    assertEquals("Expected just one question-answer couple, but found " + secQuestionAnswers.size(), 1, secQuestionAnswers.size());
    SecurityQuestionAnswerType secQuestionAnswer = secQuestionAnswers.iterator().next();
    String decrypted = getPrismContext().getDefaultProtector().decryptString(secQuestionAnswer.getQuestionAnswer());
    assertEquals("Unexpected answer " + decrypted + ". Expected 'newAnswer'.", "newAnswer", decrypted);
}
Also used : Response(javax.ws.rs.core.Response) SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType) CredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType) SecurityQuestionsCredentialsType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType) WebClient(org.apache.cxf.jaxrs.client.WebClient) UserType(com.evolveum.midpoint.xml.ns._public.common.common_3.UserType) SecurityQuestionAnswerType(com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType) Test(org.testng.annotations.Test)

Aggregations

SecurityQuestionAnswerType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType)8 EncryptionException (com.evolveum.midpoint.prism.crypto.EncryptionException)3 SecurityQuestionsCredentialsType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsType)3 UserType (com.evolveum.midpoint.xml.ns._public.common.common_3.UserType)3 ProtectedStringType (com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType)3 Iterator (java.util.Iterator)3 Protector (com.evolveum.midpoint.prism.crypto.Protector)2 SecurityQuestionAnswerDTO (com.evolveum.midpoint.web.page.admin.home.dto.SecurityQuestionAnswerDTO)2 ArrayList (java.util.ArrayList)2 SecurityQuestionsAuthenticationContext (com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext)1 PrismObject (com.evolveum.midpoint.prism.PrismObject)1 ObjectDelta (com.evolveum.midpoint.prism.delta.ObjectDelta)1 ItemPath (com.evolveum.midpoint.prism.path.ItemPath)1 SchemaRegistry (com.evolveum.midpoint.prism.schema.SchemaRegistry)1 OperationResult (com.evolveum.midpoint.schema.result.OperationResult)1 Task (com.evolveum.midpoint.task.api.Task)1 MyPasswordQuestionsPanel (com.evolveum.midpoint.web.page.admin.home.component.MyPasswordQuestionsPanel)1 CredentialsType (com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType)1 ObjectType (com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType)1 SecurityQuestionDefinitionType (com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType)1