Example 56 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class ForgottenPasswordServlet method executeUnlock.
private void executeUnlock(final PwmRequest pwmRequest) throws IOException, ServletException, ChaiUnavailableException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
theUser.unlockPassword();
// mark the event log
final UserInfo userInfoBean = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
pwmApplication.getAuditManager().submit(AuditEvent.UNLOCK_PASSWORD, userInfoBean, pwmSession);
ForgottenPasswordUtil.sendUnlockNoticeEmail(pwmRequest, forgottenPasswordBean);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UnlockAccount);
} catch (ChaiOperationException e) {
final String errorMsg = "unable to unlock user " + userIdentity + " error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
LOGGER.error(pwmSession, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation, true);
} finally {
clearForgottenPasswordBean(pwmRequest);
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmApplication(password.pwm.PwmApplication)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
UserInfo(password.pwm.ldap.UserInfo)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
PwmSession(password.pwm.http.PwmSession)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Example 57 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class ForgottenPasswordUtil method initForgottenPasswordBean.
static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Locale locale = pwmRequest.getLocale();
final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
forgottenPasswordBean.setUserIdentity(userIdentity);
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
final ChallengeSet challengeSet;
if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
} catch (ChaiValidationException e) {
final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
} else {
challengeSet = null;
}
if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
try {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
if (chaiUser.isPasswordLocked()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
}
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
LOGGER.error(sessionLabel, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
final List<FormConfiguration> attributeForm;
try {
attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
forgottenPasswordBean.setUserLocale(locale);
forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
forgottenPasswordBean.setAttributeForm(attributeForm);
forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
}
}
Also used :
Locale(java.util.Locale)
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod)
PwmApplication(password.pwm.PwmApplication)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
SessionLabel(password.pwm.bean.SessionLabel)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
ChaiUser(com.novell.ldapchai.ChaiUser)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Example 58 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class HelpdeskCardInfoBean method makeHelpdeskCardInfo.
static HelpdeskCardInfoBean makeHelpdeskCardInfo(final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final UserIdentity userIdentity) throws PwmUnrecoverableException, ChaiUnavailableException {
final HelpdeskCardInfoBean.HelpdeskCardInfoBeanBuilder builder = HelpdeskCardInfoBean.builder();
final Instant startTime = Instant.now();
LOGGER.trace(pwmRequest, "beginning to assemble card data report for user " + userIdentity);
final Locale actorLocale = pwmRequest.getLocale();
final ChaiUser theUser = HelpdeskServlet.getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
if (!theUser.exists()) {
return null;
}
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), actorLocale, userIdentity, theUser.getChaiProvider());
final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userInfo, null);
builder.userKey(userIdentity.toObfuscatedKey(pwmRequest.getPwmApplication()));
builder.photoURL(figurePhotoURL(pwmRequest, helpdeskProfile, theUser, macroMachine, userIdentity));
builder.displayNames(figureDisplayNames(pwmRequest.getPwmApplication(), helpdeskProfile, pwmRequest.getSessionLabel(), userInfo));
final TimeDuration timeDuration = TimeDuration.fromCurrent(startTime);
final HelpdeskCardInfoBean helpdeskCardInfoBean = builder.build();
if (pwmRequest.getConfig().isDevDebugMode()) {
LOGGER.trace(pwmRequest, "completed assembly of card data report for user " + userIdentity + " in " + timeDuration.asCompactString() + ", contents: " + JsonUtil.serialize(helpdeskCardInfoBean));
}
return builder.build();
}
Also used :
Locale(java.util.Locale)
ChaiUser(com.novell.ldapchai.ChaiUser)
Instant(java.time.Instant)
MacroMachine(password.pwm.util.macro.MacroMachine)
UserInfo(password.pwm.ldap.UserInfo)
TimeDuration(password.pwm.util.java.TimeDuration)
Example 59 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class HelpdeskServlet method restUnlockIntruder.
@ActionHandler(action = "unlockIntruder")
private ProcessStatus restUnlockIntruder(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
if (userKey.length() < 1) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_UNLOCK)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password unlock request, but helpdesk unlock is not enabled");
LOGGER.error(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation);
return ProcessStatus.Halt;
}
// clear pwm intruder setting.
{
final IntruderManager intruderManager = pwmRequest.getPwmApplication().getIntruderManager();
intruderManager.convenience().clearUserIdentity(userIdentity);
}
try {
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
// send notice email
HelpdeskServletUtil.sendUnlockNoticeEmail(pwmRequest, helpdeskProfile, userIdentity, chaiUser);
chaiUser.unlockPassword();
{
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_UNLOCK_PASSWORD, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
} catch (ChaiPasswordPolicyException e) {
final ChaiError passwordError = e.getErrorCode();
final PwmError pwmError = PwmError.forChaiError(passwordError);
pwmRequest.respondWithError(new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError));
LOGGER.trace(pwmRequest, "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString());
return ProcessStatus.Halt;
} catch (ChaiOperationException e) {
final PwmError returnMsg = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
pwmRequest.respondWithError(error);
LOGGER.warn(pwmRequest, "error resetting password for user '" + userIdentity.toDisplayString() + "'' " + error.toDebugStr() + ", " + e.getMessage());
return ProcessStatus.Halt;
}
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
PwmError(password.pwm.error.PwmError)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
ChaiError(com.novell.ldapchai.exception.ChaiError)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
IntruderManager(password.pwm.svc.intruder.IntruderManager)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 60 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class ChangePasswordServlet method processChangeAction.
@ActionHandler(action = "change")
ProcessStatus processChangeAction(final PwmRequest pwmRequest) throws ServletException, PwmUnrecoverableException, IOException, ChaiUnavailableException {
final ChangePasswordBean changePasswordBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ChangePasswordBean.class);
final UserInfo userInfo = pwmRequest.getPwmSession().getUserInfo();
if (!changePasswordBean.isAllChecksPassed()) {
return ProcessStatus.Continue;
}
final PasswordData password1 = pwmRequest.readParameterAsPassword("password1");
final PasswordData password2 = pwmRequest.readParameterAsPassword("password2");
// check the password meets the requirements
try {
final ChaiUser theUser = pwmRequest.getPwmSession().getSessionManager().getActor(pwmRequest.getPwmApplication());
final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmRequest.getPwmApplication(), userInfo.getPasswordPolicy());
final PasswordData oldPassword = pwmRequest.getPwmSession().getLoginInfoBean().getUserCurrentPassword();
pwmPasswordRuleValidator.testPassword(password1, oldPassword, userInfo, theUser);
} catch (PwmDataValidationException e) {
setLastError(pwmRequest, e.getErrorInformation());
LOGGER.debug(pwmRequest, "failed password validation check: " + e.getErrorInformation().toDebugStr());
return ProcessStatus.Continue;
}
// make sure the two passwords match
final boolean caseSensitive = userInfo.getPasswordPolicy().getRuleHelper().readBooleanValue(PwmPasswordRule.CaseSensitive);
if (PasswordUtility.PasswordCheckInfo.MatchStatus.MATCH != PasswordUtility.figureMatchStatus(caseSensitive, password1, password2)) {
setLastError(pwmRequest, PwmError.PASSWORD_DOESNOTMATCH.toInfo());
forwardToChangePage(pwmRequest);
return ProcessStatus.Continue;
}
try {
ChangePasswordServletUtil.executeChangePassword(pwmRequest, password1);
} catch (PwmOperationalException e) {
LOGGER.debug(e.getErrorInformation().toDebugStr());
setLastError(pwmRequest, e.getErrorInformation());
}
return ProcessStatus.Continue;
}
Also used :
ChangePasswordBean(password.pwm.http.bean.ChangePasswordBean)
PwmPasswordRuleValidator(password.pwm.util.PwmPasswordRuleValidator)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
ChaiUser(com.novell.ldapchai.ChaiUser)
PasswordData(password.pwm.util.PasswordData)
UserInfo(password.pwm.ldap.UserInfo)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Aggregations
ChaiUser (com.novell.ldapchai.ChaiUser)69
ErrorInformation (password.pwm.error.ErrorInformation)38
UserIdentity (password.pwm.bean.UserIdentity)30
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)27
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25
PwmOperationalException (password.pwm.error.PwmOperationalException)23
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)21
ChaiException (com.novell.ldapchai.exception.ChaiException)18
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)18
PwmApplication (password.pwm.PwmApplication)16
PwmSession (password.pwm.http.PwmSession)12
UserInfo (password.pwm.ldap.UserInfo)12
Instant (java.time.Instant)10
FormConfiguration (password.pwm.config.value.data.FormConfiguration)10
PasswordData (password.pwm.util.PasswordData)10
MacroMachine (password.pwm.util.macro.MacroMachine)10
ArrayList (java.util.ArrayList)9
List (java.util.List)9
LdapProfile (password.pwm.config.profile.LdapProfile)9
Locale (java.util.Locale)8
