Example 21 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class HelpdeskServlet method processSetPasswordAction.
@ActionHandler(action = "setPassword")
private ProcessStatus processSetPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
final HelpdeskProfile helpdeskProfile = pwmRequest.getPwmSession().getSessionManager().getHelpdeskProfile(pwmRequest.getPwmApplication());
final RestSetPasswordServer.JsonInputData jsonInput = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestSetPasswordServer.JsonInputData.class);
final UserIdentity userIdentity = UserIdentity.fromKey(jsonInput.getUsername(), pwmRequest.getPwmApplication());
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final HelpdeskUIMode mode = helpdeskProfile.readSettingAsEnum(PwmSetting.HELPDESK_SET_PASSWORD_MODE, HelpdeskUIMode.class);
if (mode == HelpdeskUIMode.none) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " must not be set to none"));
}
final PasswordData newPassword;
if (jsonInput.getPassword() == null) {
if (mode != HelpdeskUIMode.random) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to " + mode + " and no password is included in request"));
}
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userIdentity, chaiUser, pwmRequest.getLocale());
newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), passwordPolicy, pwmRequest.getPwmApplication());
} else {
if (mode == HelpdeskUIMode.random) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SECURITY_VIOLATION, "setting " + PwmSetting.HELPDESK_SET_PASSWORD_MODE.toMenuLocationDebug(helpdeskProfile.getIdentifier(), pwmRequest.getLocale()) + " is set to autogen yet a password is included in request"));
}
newPassword = new PasswordData(jsonInput.getPassword());
}
try {
PasswordUtility.helpdeskSetUserPassword(pwmRequest.getPwmSession(), chaiUser, userInfo, pwmRequest.getPwmApplication(), newPassword);
} catch (PwmException e) {
LOGGER.error("error during set password REST operation: " + e.getMessage());
pwmRequest.outputJsonResult(RestResultBean.fromError(e.getErrorInformation(), pwmRequest));
return ProcessStatus.Halt;
}
pwmRequest.outputJsonResult(RestResultBean.forSuccessMessage(pwmRequest, Message.Success_ChangedHelpdeskPassword, userInfo.getUsername()));
return ProcessStatus.Halt;
}
Also used :
PwmException(password.pwm.error.PwmException)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
PasswordData(password.pwm.util.PasswordData)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HelpdeskUIMode(password.pwm.config.option.HelpdeskUIMode)
UserInfo(password.pwm.ldap.UserInfo)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
RestSetPasswordServer(password.pwm.ws.server.rest.RestSetPasswordServer)
Example 22 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class HelpdeskServlet method restValidateAttributes.
@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Instant startTime = Instant.now();
final String bodyString = pwmRequest.readRequestBodyAsString();
final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
boolean passed = false;
{
final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
if (verificationForms == null || verificationForms.isEmpty()) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
throw new PwmUnrecoverableException(errorInformation);
}
final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
final ChaiUser chaiUser;
try {
chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
int successCount = 0;
for (final FormConfiguration formConfiguration : verificationForms) {
final String name = formConfiguration.getName();
final String suppliedValue = bodyMap.get(name);
try {
if (chaiUser.compareStringAttribute(name, suppliedValue)) {
successCount++;
}
} catch (ChaiException e) {
LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
}
}
if (successCount == verificationForms.size()) {
passed = true;
}
}
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
if (passed) {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
} else {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
// add a delay to prevent continuous checks
final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
JavaHelper.pause(100);
}
final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
final RestResultBean restResultBean = RestResultBean.withData(responseBean);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Instant(java.time.Instant)
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
List(java.util.List)
ArrayList(java.util.ArrayList)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiException(com.novell.ldapchai.exception.ChaiException)
PwmSession(password.pwm.http.PwmSession)
Map(java.util.Map)
HashMap(java.util.HashMap)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 23 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class HelpdeskServlet method processUserPhotoImageRequest.
@ActionHandler(action = "photo")
private ProcessStatus processUserPhotoImageRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
final UserIdentity userIdentity = readUserKeyRequestParameter(pwmRequest);
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
LOGGER.debug(pwmRequest, "received user photo request to view user " + userIdentity.toString());
final PhotoDataBean photoData;
try {
photoData = LdapOperationsHelper.readPhotoDataFromLdap(pwmRequest.getConfig(), chaiUser, userIdentity);
} catch (PwmOperationalException e) {
final ErrorInformation errorInformation = e.getErrorInformation();
LOGGER.error(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
try (OutputStream outputStream = pwmRequest.getPwmResponse().getOutputStream()) {
final HttpServletResponse resp = pwmRequest.getPwmResponse().getHttpServletResponse();
resp.setContentType(photoData.getMimeType());
outputStream.write(photoData.getContents());
}
return ProcessStatus.Halt;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PhotoDataBean(password.pwm.ldap.PhotoDataBean)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
OutputStream(java.io.OutputStream)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
PwmOperationalException(password.pwm.error.PwmOperationalException)
Example 24 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class HelpdeskServlet method processRandomPasswordAction.
@ActionHandler(action = "randomPassword")
private ProcessStatus processRandomPasswordAction(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ChaiUnavailableException {
final RestRandomPasswordServer.JsonInput input = JsonUtil.deserialize(pwmRequest.readRequestBodyAsString(), RestRandomPasswordServer.JsonInput.class);
final UserIdentity userIdentity = UserIdentity.fromKey(input.getUsername(), pwmRequest.getPwmApplication());
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), userIdentity, chaiUser.getChaiProvider());
final RandomPasswordGenerator.RandomGeneratorConfig.RandomGeneratorConfigBuilder randomConfigBuilder = RandomPasswordGenerator.RandomGeneratorConfig.builder();
randomConfigBuilder.passwordPolicy(userInfo.getPasswordPolicy());
final RandomPasswordGenerator.RandomGeneratorConfig randomConfig = randomConfigBuilder.build();
final PasswordData randomPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getPwmSession().getLabel(), randomConfig, pwmRequest.getPwmApplication());
final RestRandomPasswordServer.JsonOutput jsonOutput = new RestRandomPasswordServer.JsonOutput();
jsonOutput.setPassword(randomPassword.getStringValue());
final RestResultBean restResultBean = RestResultBean.withData(jsonOutput);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
UserInfo(password.pwm.ldap.UserInfo)
RestRandomPasswordServer(password.pwm.ws.server.rest.RestRandomPasswordServer)
ChaiUser(com.novell.ldapchai.ChaiUser)
PasswordData(password.pwm.util.PasswordData)
RandomPasswordGenerator(password.pwm.util.RandomPasswordGenerator)
RestResultBean(password.pwm.ws.server.RestResultBean)
Example 25 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckAttributes.
@ActionHandler(action = "checkAttributes")
private ProcessStatus processCheckAttributes(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
// final SessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.isBogusUser()) {
final FormConfiguration formConfiguration = forgottenPasswordBean.getAttributeForm().iterator().next();
// add a bit of jitter to pretend like we're checking a data source
JavaHelper.pause(300 + PwmRandom.getInstance().nextInt(700));
if (forgottenPasswordBean.getUserSearchValues() != null) {
final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap(formConfigurations, forgottenPasswordBean.getUserSearchValues());
pwmRequest.getPwmApplication().getIntruderManager().convenience().markAttributes(formMap, pwmRequest.getPwmSession());
}
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for attribute '" + formConfiguration.getName() + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) });
forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.ATTRIBUTES);
setLastError(pwmRequest, errorInformation);
return ProcessStatus.Continue;
}
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
try {
// check attributes
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
final Locale userLocale = pwmRequest.getLocale();
final List<FormConfiguration> requiredAttributesForm = forgottenPasswordBean.getAttributeForm();
if (requiredAttributesForm.isEmpty()) {
return ProcessStatus.Continue;
}
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, requiredAttributesForm, userLocale);
for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
final FormConfiguration formConfiguration = entry.getKey();
final String attrName = formConfiguration.getName();
try {
if (theUser.compareStringAttribute(attrName, entry.getValue())) {
LOGGER.trace(pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'");
} else {
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
} catch (ChaiOperationException e) {
LOGGER.error(pwmRequest, "error during param validation of '" + attrName + "', error: " + e.getMessage());
throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "ldap error testing value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
}
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.ATTRIBUTES);
} catch (PwmDataValidationException e) {
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr()));
}
return ProcessStatus.Continue;
}
Also used :
Locale(java.util.Locale)
UserIdentity(password.pwm.bean.UserIdentity)
ErrorInformation(password.pwm.error.ErrorInformation)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
ChaiUser(com.novell.ldapchai.ChaiUser)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Map(java.util.Map)
LinkedHashMap(java.util.LinkedHashMap)
Aggregations
ChaiUser (com.novell.ldapchai.ChaiUser)69
ErrorInformation (password.pwm.error.ErrorInformation)38
UserIdentity (password.pwm.bean.UserIdentity)30
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)27
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25
PwmOperationalException (password.pwm.error.PwmOperationalException)23
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)21
ChaiException (com.novell.ldapchai.exception.ChaiException)18
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)18
PwmApplication (password.pwm.PwmApplication)16
PwmSession (password.pwm.http.PwmSession)12
UserInfo (password.pwm.ldap.UserInfo)12
Instant (java.time.Instant)10
FormConfiguration (password.pwm.config.value.data.FormConfiguration)10
PasswordData (password.pwm.util.PasswordData)10
MacroMachine (password.pwm.util.macro.MacroMachine)10
ArrayList (java.util.ArrayList)9
List (java.util.List)9
LdapProfile (password.pwm.config.profile.LdapProfile)9
Locale (java.util.Locale)8
