Example 11 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class LdapXmlUserHistory method readUserHistory.
public List<UserAuditRecord> readUserHistory(final UserInfo userInfo) throws PwmUnrecoverableException {
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
final StoredHistory storedHistory = readUserHistory(pwmApplication, userInfo.getUserIdentity(), theUser);
return storedHistory.asAuditRecords(userInfo);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Example 12 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class LdapPermissionTester method testGroupMatch.
public static boolean testGroupMatch(final PwmApplication pwmApplication, final SessionLabel pwmSession, final UserIdentity userIdentity, final String groupDN) throws PwmUnrecoverableException {
final Instant startTime = Instant.now();
if (userIdentity == null) {
return false;
}
LOGGER.trace(pwmSession, "begin check for ldapGroup match for " + userIdentity + " using queryMatch: " + groupDN);
boolean result = false;
if (groupDN == null || groupDN.length() < 1) {
LOGGER.trace(pwmSession, "missing groupDN value, skipping check");
} else {
final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
final String filterString = "(" + ldapProfile.readSettingAsString(PwmSetting.LDAP_USER_GROUP_ATTRIBUTE) + "=" + groupDN + ")";
try {
LOGGER.trace(pwmSession, "checking ldap to see if " + userIdentity + " matches group '" + groupDN + "' using filter '" + filterString + "'");
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
final Map<String, Map<String, String>> results = theUser.getChaiProvider().search(theUser.getEntryDN(), filterString, Collections.<String>emptySet(), SearchScope.BASE);
if (results.size() == 1 && results.keySet().contains(theUser.getEntryDN())) {
result = true;
}
} catch (ChaiException e) {
LOGGER.warn(pwmSession, "LDAP error during group for " + userIdentity + " using " + filterString + ", error:" + e.getMessage());
}
}
final String logMsg = "user " + userIdentity.toDisplayString() + " is " + (result ? "" : "not ") + "a match for group '" + groupDN + "'" + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
LOGGER.debug(pwmSession, logMsg);
return result;
}
Also used :
ChaiUser(com.novell.ldapchai.ChaiUser)
Instant(java.time.Instant)
LdapProfile(password.pwm.config.profile.LdapProfile)
ChaiException(com.novell.ldapchai.exception.ChaiException)
TreeMap(java.util.TreeMap)
Map(java.util.Map)
Example 13 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class ActionExecutor method executeLdapAction.
private void executeLdapAction(final SessionLabel sessionLabel, final ActionConfiguration actionConfiguration) throws ChaiUnavailableException, PwmOperationalException, PwmUnrecoverableException {
String attributeName = actionConfiguration.getAttributeName();
String attributeValue = actionConfiguration.getAttributeValue();
final ChaiUser theUser;
if (settings.getChaiUser() != null) {
theUser = settings.getChaiUser();
} else {
if (settings.getUserIdentity() == null) {
final String errorMsg = "attempt to execute lap action but neither chaiUser or userIdentity is specified";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
theUser = pwmApplication.getProxiedChaiUser(settings.getUserIdentity());
}
if (settings.isExpandPwmMacros()) {
if (settings.getMacroMachine() == null) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, "executor specified macro expansion but did not supply macro machine"));
}
final MacroMachine macroMachine = settings.getMacroMachine();
attributeName = macroMachine.expandMacros(attributeName);
attributeValue = macroMachine.expandMacros(attributeValue);
}
writeLdapAttribute(sessionLabel, theUser, attributeName, attributeValue, actionConfiguration.getLdapMethod(), settings.getMacroMachine());
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
MacroMachine(password.pwm.util.macro.MacroMachine)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Example 14 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class PasswordUtility method helpdeskSetUserPassword.
public static void helpdeskSetUserPassword(final PwmSession pwmSession, final ChaiUser chaiUser, final UserInfo userInfo, final PwmApplication pwmApplication, final PasswordData newPassword) throws ChaiUnavailableException, PwmUnrecoverableException, PwmOperationalException {
final SessionLabel sessionLabel = pwmSession.getLabel();
final UserIdentity userIdentity = userInfo.getUserIdentity();
if (!pwmSession.isAuthenticated()) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user is not authenticated";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
final HelpdeskProfile helpdeskProfile = pwmSession.getSessionManager().getHelpdeskProfile(pwmApplication);
if (helpdeskProfile == null) {
final String errorMsg = "attempt to helpdeskSetUserPassword, but user does not have helpdesk permission";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, errorMsg);
throw new PwmOperationalException(errorInformation);
}
setPassword(pwmApplication, pwmSession.getLabel(), chaiUser.getChaiProvider(), userInfo, null, newPassword);
// create a proxy user object for pwm to update/read the user.
final ChaiUser proxiedUser = pwmApplication.getProxiedChaiUser(userIdentity);
// mark the event log
{
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_SET_PASSWORD, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// update statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.HELPDESK_PASSWORD_SET);
{
// execute configured actions
LOGGER.debug(sessionLabel, "executing changepassword and helpdesk post password change writeAttributes to user " + userIdentity);
final List<ActionConfiguration> actions = new ArrayList<>();
actions.addAll(pwmApplication.getConfig().readSettingAsAction(PwmSetting.CHANGE_PASSWORD_WRITE_ATTRIBUTES));
actions.addAll(helpdeskProfile.readSettingAsAction(PwmSetting.HELPDESK_POST_SET_PASSWORD_WRITE_ATTRIBUTES));
if (!actions.isEmpty()) {
final LoginInfoBean loginInfoBean = new LoginInfoBean();
loginInfoBean.setUserCurrentPassword(newPassword);
final MacroMachine macroMachine = MacroMachine.forUser(pwmApplication, sessionLabel, userInfo, loginInfoBean);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setMacroMachine(macroMachine).setExpandPwmMacros(true).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
final HelpdeskClearResponseMode settingClearResponses = HelpdeskClearResponseMode.valueOf(helpdeskProfile.readSettingAsString(PwmSetting.HELPDESK_CLEAR_RESPONSES));
if (settingClearResponses == HelpdeskClearResponseMode.yes) {
final String userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
pwmApplication.getCrService().clearResponses(pwmSession.getLabel(), userIdentity, proxiedUser, userGUID);
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmApplication, pwmSession).createHelpdeskAuditRecord(AuditEvent.HELPDESK_CLEAR_RESPONSES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmApplication.getAuditManager().submit(auditRecord);
}
// send email notification
sendChangePasswordHelpdeskEmailNotice(pwmSession, pwmApplication, userInfo);
// expire if so configured
if (helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_FORCE_PW_EXPIRATION)) {
LOGGER.trace(pwmSession, "preparing to expire password for user " + userIdentity.toDisplayString());
try {
proxiedUser.expirePassword();
} catch (ChaiOperationException e) {
LOGGER.warn(pwmSession, "error while forcing password expiration for user " + userIdentity.toDisplayString() + ", error: " + e.getMessage());
}
}
// send password
final boolean sendPassword = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_SEND_PASSWORD);
if (sendPassword) {
final MessageSendMethod messageSendMethod;
{
final String profileID = ProfileUtility.discoverProfileIDforUser(pwmApplication, sessionLabel, userIdentity, ProfileType.ForgottenPassword);
final ForgottenPasswordProfile forgottenPasswordProfile = pwmApplication.getConfig().getForgottenPasswordProfiles().get(profileID);
messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
}
PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmSession.getSessionStateBean().getLocale(), messageSendMethod);
}
}
Also used :
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
LoginInfoBean(password.pwm.bean.LoginInfoBean)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
MessageSendMethod(password.pwm.config.option.MessageSendMethod)
PwmOperationalException(password.pwm.error.PwmOperationalException)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
SessionLabel(password.pwm.bean.SessionLabel)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
HelpdeskClearResponseMode(password.pwm.config.option.HelpdeskClearResponseMode)
MacroMachine(password.pwm.util.macro.MacroMachine)
List(java.util.List)
ArrayList(java.util.ArrayList)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 15 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class ForgottenPasswordUtil method doActionSendNewPassword.
static void doActionSendNewPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final ForgottenPasswordBean forgottenPasswordBean = ForgottenPasswordServlet.forgottenPasswordBean(pwmRequest);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(pwmApplication.getConfig(), forgottenPasswordBean);
LOGGER.trace(pwmRequest, "beginning process to send new password to user");
if (!forgottenPasswordBean.getProgress().isAllPassed()) {
return;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
try {
// try unlocking user
theUser.unlockPassword();
LOGGER.trace(pwmRequest, "unlock account succeeded");
} catch (ChaiOperationException e) {
final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
return;
}
try {
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
LOGGER.info(pwmRequest, "user successfully supplied password recovery responses, emailing new password to: " + theUser.getEntryDN());
// add post change actions
ForgottenPasswordServlet.addPostChangeAction(pwmRequest, userIdentity);
// create new password
final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), userInfo.getPasswordPolicy(), pwmApplication);
LOGGER.trace(pwmRequest, "generated random password value based on password policy for " + userIdentity.toDisplayString());
// set the password
try {
theUser.setPassword(newPassword.getStringValue());
LOGGER.trace(pwmRequest, "set user " + userIdentity.toDisplayString() + " password to system generated random value");
} catch (ChaiException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
if (recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
LOGGER.debug(pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired");
theUser.expirePassword();
}
// mark the event log
{
final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.RECOVER_PASSWORD, userIdentity, pwmRequest.getSessionLabel());
pwmApplication.getAuditManager().submit(auditRecord);
}
final MessageSendMethod messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
// send email or SMS
final String toAddress = PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmRequest.getLocale(), messageSendMethod);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordSend, toAddress);
} catch (PwmException e) {
LOGGER.warn(pwmRequest, "unexpected error setting new password during recovery process for user: " + e.getMessage());
pwmRequest.respondWithError(e.getErrorInformation());
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ldap error while processing recovery action " + recoveryAction + ", error: " + e.getMessage());
LOGGER.warn(pwmRequest, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
} finally {
ForgottenPasswordServlet.clearForgottenPasswordBean(pwmRequest);
// the user should not be authenticated, this is a safety method
pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
// the password set flag should not have been set, this is a safety method
pwmRequest.getPwmSession().getSessionStateBean().setPasswordModified(false);
}
}
Also used :
ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
UserInfo(password.pwm.ldap.UserInfo)
MessageSendMethod(password.pwm.config.option.MessageSendMethod)
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
RecoveryAction(password.pwm.config.option.RecoveryAction)
PasswordData(password.pwm.util.PasswordData)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
AuditRecord(password.pwm.svc.event.AuditRecord)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
ChaiException(com.novell.ldapchai.exception.ChaiException)
Aggregations
ChaiUser (com.novell.ldapchai.ChaiUser)69
ErrorInformation (password.pwm.error.ErrorInformation)38
UserIdentity (password.pwm.bean.UserIdentity)30
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)27
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25
PwmOperationalException (password.pwm.error.PwmOperationalException)23
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)21
ChaiException (com.novell.ldapchai.exception.ChaiException)18
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)18
PwmApplication (password.pwm.PwmApplication)16
PwmSession (password.pwm.http.PwmSession)12
UserInfo (password.pwm.ldap.UserInfo)12
Instant (java.time.Instant)10
FormConfiguration (password.pwm.config.value.data.FormConfiguration)10
PasswordData (password.pwm.util.PasswordData)10
MacroMachine (password.pwm.util.macro.MacroMachine)10
ArrayList (java.util.ArrayList)9
List (java.util.List)9
LdapProfile (password.pwm.config.profile.LdapProfile)9
Locale (java.util.Locale)8
