Examples with ChaiUser com.novell.ldapchai.ChaiUser used on opensource projects

Example 51 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class LdapOtpOperator method writeOtpUserConfiguration.

@Override
public void writeOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity userIdentity, final String userGuid, final OTPUserRecord otpConfig) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final LdapProfile ldapProfile = config.getLdapProfiles().get(userIdentity.getLdapProfileID());
    final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.OTP_SECRET_LDAP_ATTRIBUTE);
    if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
        final String errorMsg = "ldap storage attribute is not configured, unable to write OTP secret";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    String value = composeOtpAttribute(otpConfig);
    if (value == null || value.length() == 0) {
        final String errorMsg = "Invalid value for OTP secret, unable to store";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
            value = encryptAttributeValue(value);
        }
        final ChaiUser theUser = pwmSession == null ? pwmApplication.getProxiedChaiUser(userIdentity) : pwmSession.getSessionManager().getActor(pwmApplication, userIdentity);
        theUser.writeStringAttribute(ldapStorageAttribute, value);
        LOGGER.info("saved OTP secret for user to chai-ldap format");
    } catch (ChaiException ex) {
        final String errorMsg;
        if (ex.getErrorCode() == ChaiError.NO_ACCESS) {
            errorMsg = "permission error writing OTP secret to ldap attribute '" + ldapStorageAttribute + "', user does not appear to have correct permissions to save OTP secret: " + ex.getMessage();
        } else {
            errorMsg = "error writing OTP secret to ldap attribute '" + ldapStorageAttribute + "': " + ex.getMessage();
        }
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, errorMsg);
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    } catch (PwmOperationalException ex) {
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, ex.getMessage());
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(ex);
        throw pwmOE;
    }
}

Example 52 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class RestChallengesServer method doDeleteChallengeData.

private RestResultBean doDeleteChallengeData(final RestRequest restRequest, final String username) throws PwmUnrecoverableException {
    final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
    try {
        final ChaiUser chaiUser;
        final String userGUID;
        chaiUser = targetUserIdentity.getChaiUser();
        userGUID = LdapOperationsHelper.readLdapGuidValue(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), false);
        final CrService crService = restRequest.getPwmApplication().getCrService();
        crService.clearResponses(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userGUID);
        // update statistics
        StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
        return RestResultBean.forSuccessMessage(restRequest, Message.Success_Unknown);
    } catch (Exception e) {
        final String errorMsg = "unexpected error delete responses: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        return RestResultBean.fromError(restRequest, errorInformation);
    }
}

Example 53 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class LDAPStatusChecker method checkLdapServerUrls.

public List<HealthRecord> checkLdapServerUrls(final PwmApplication pwmApplication, final Configuration config, final LdapProfile ldapProfile) {
    final List<HealthRecord> returnRecords = new ArrayList<>();
    final List<String> serverURLs = ldapProfile.readSettingAsStringArray(PwmSetting.LDAP_SERVER_URLS);
    for (final String loopURL : serverURLs) {
        final String proxyDN = ldapProfile.readSettingAsString(PwmSetting.LDAP_PROXY_USER_DN);
        ChaiProvider chaiProvider = null;
        try {
            chaiProvider = LdapOperationsHelper.createChaiProvider(pwmApplication, SessionLabel.HEALTH_SESSION_LABEL, config, ldapProfile, Collections.singletonList(loopURL), proxyDN, ldapProfile.readSettingAsPassword(PwmSetting.LDAP_PROXY_USER_PASSWORD));
            final ChaiUser proxyUser = chaiProvider.getEntryFactory().newChaiUser(proxyDN);
            proxyUser.exists();
        } catch (Exception e) {
            final String errorString = "error connecting to ldap server '" + loopURL + "': " + e.getMessage();
            returnRecords.add(new HealthRecord(HealthStatus.WARN, makeLdapTopic(ldapProfile, config), errorString));
        } finally {
            if (chaiProvider != null) {
                try {
                    chaiProvider.close();
                } catch (Exception e) {
                /* ignore */
                }
            }
        }
    }
    return returnRecords;
}

Example 54 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class UserIdentity method canonicalized.

public UserIdentity canonicalized(final PwmApplication pwmApplication) throws PwmUnrecoverableException {
    if (this.canonicalized) {
        return this;
    }
    final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(this);
    final String userDN;
    try {
        userDN = chaiUser.readCanonicalDN();
    } catch (ChaiException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    final UserIdentity canonicalziedIdentity = new UserIdentity(userDN, this.getLdapProfileID());
    canonicalziedIdentity.canonicalized = true;
    return canonicalziedIdentity;
}

Example 55 with ChaiUser

use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.

the class ForgottenPasswordServlet method executeResetPassword.

private void executeResetPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        return;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
    try {
        // try unlocking user
        theUser.unlockPassword();
        LOGGER.trace(pwmSession, "unlock account succeeded");
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
    }
    try {
        final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.FORGOTTEN_PASSWORD);
        sessionAuthenticator.authUserWithUnknownPassword(userIdentity, AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
        pwmSession.getLoginInfoBean().getAuthFlags().add(AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
        LOGGER.info(pwmSession, "user successfully supplied password recovery responses, forward to change password page: " + theUser.getEntryDN());
        // mark the event log
        pwmApplication.getAuditManager().submit(AuditEvent.RECOVER_PASSWORD, pwmSession.getUserInfo(), pwmSession);
        // add the post-forgotten password actions
        addPostChangeAction(pwmRequest, userIdentity);
        // mark user as requiring a new password.
        pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
        // redirect user to change password screen.
        pwmRequest.sendRedirect(PwmServletDefinition.PublicChangePassword.servletUrlName());
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmSession, "unexpected error authenticating during forgotten password recovery process user: " + e.getMessage());
        pwmRequest.respondWithError(e.getErrorInformation());
    } finally {
        clearForgottenPasswordBean(pwmRequest);
    }
}