Example 31 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class RestChallengesServer method doFormGetChallengeData.
@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json)
public RestResultBean doFormGetChallengeData(final RestRequest restRequest) throws PwmUnrecoverableException {
final boolean answers = restRequest.readParameterAsBoolean("answers");
final boolean helpdesk = restRequest.readParameterAsBoolean("helpdesk");
final String username = restRequest.readParameterAsString(FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation);
try {
if (answers && !restRequest.getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.ENABLE_WEBSERVICES_READANSWERS)) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "retrieval of answers is not permitted"));
}
final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
// gather data
final ResponseSet responseSet;
final ChallengeSet challengeSet;
final ChallengeSet helpdeskChallengeSet;
final String outputUsername;
final ChaiUser chaiUser = targetUserIdentity.getChaiUser();
final Locale userLocale = restRequest.getLocale();
final CrService crService = restRequest.getPwmApplication().getCrService();
responseSet = crService.readUserResponseSet(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser);
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userLocale);
final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, passwordPolicy, userLocale);
challengeSet = challengeProfile.getChallengeSet();
helpdeskChallengeSet = challengeProfile.getHelpdeskChallengeSet();
outputUsername = targetUserIdentity.getUserIdentity().toDelimitedKey();
// build output
final JsonChallengesData jsonData = new JsonChallengesData();
{
jsonData.username = outputUsername;
if (responseSet != null) {
jsonData.challenges = responseSet.asChallengeBeans(answers);
if (helpdesk) {
jsonData.helpdeskChallenges = responseSet.asHelpdeskChallengeBeans(answers);
}
jsonData.minimumRandoms = responseSet.getChallengeSet().getMinRandomRequired();
}
final Policy policy = new Policy();
if (challengeSet != null) {
policy.challenges = challengesToBeans(challengeSet.getChallenges());
policy.minimumRandoms = challengeSet.getMinRandomRequired();
}
if (helpdeskChallengeSet != null && helpdesk) {
policy.helpdeskChallenges = challengesToBeans(helpdeskChallengeSet.getChallenges());
}
if (policy.challenges != null || policy.helpdeskChallenges != null) {
jsonData.policy = policy;
}
}
// update statistics
StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
return RestResultBean.withData(jsonData);
} catch (ChaiException e) {
final String errorMsg = "unexpected error building json response: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
return RestResultBean.fromError(restRequest, errorInformation);
}
}
Also used :
Locale(java.util.Locale)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChallengeProfile(password.pwm.config.profile.ChallengeProfile)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
CrService(password.pwm.util.operations.CrService)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ChaiException(com.novell.ldapchai.exception.ChaiException)
RestMethodHandler(password.pwm.ws.server.RestMethodHandler)
Example 32 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class NewUserProfile method getNewUserPasswordPolicy.
public PwmPasswordPolicy getNewUserPasswordPolicy(final PwmApplication pwmApplication, final Locale userLocale) throws PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final long maxNewUserCacheMS = Long.parseLong(pwmApplication.getConfig().readAppProperty(AppProperty.CONFIG_NEWUSER_PASSWORD_POLICY_CACHE_MS));
if (newUserPasswordPolicyCacheTime != null && TimeDuration.fromCurrent(newUserPasswordPolicyCacheTime).isLongerThan(maxNewUserCacheMS)) {
newUserPasswordPolicyCacheTime = Instant.now();
newUserPasswordPolicyCache.clear();
}
final PwmPasswordPolicy cachedPolicy = newUserPasswordPolicyCache.get(userLocale);
if (cachedPolicy != null) {
return cachedPolicy;
}
final PwmPasswordPolicy thePolicy;
final LdapProfile defaultLdapProfile = config.getDefaultLdapProfile();
final String configuredNewUserPasswordDN = readSettingAsString(PwmSetting.NEWUSER_PASSWORD_POLICY_USER);
if (configuredNewUserPasswordDN == null || configuredNewUserPasswordDN.length() < 1) {
final String errorMsg = "the setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(this.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " must have a value";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg));
} else {
final String lookupDN;
if ("TESTUSER".equalsIgnoreCase(configuredNewUserPasswordDN)) {
lookupDN = defaultLdapProfile.readSettingAsString(PwmSetting.LDAP_TEST_USER_DN);
if (lookupDN == null || lookupDN.isEmpty()) {
final String errorMsg = "setting " + PwmSetting.LDAP_TEST_USER_DN.toMenuLocationDebug(defaultLdapProfile.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " must be configured since setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(this.getIdentifier(), PwmConstants.DEFAULT_LOCALE) + " is set to TESTUSER";
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg));
}
} else {
lookupDN = configuredNewUserPasswordDN;
}
if (lookupDN.isEmpty()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "user ldap dn in setting " + PwmSetting.NEWUSER_PASSWORD_POLICY_USER.toMenuLocationDebug(null, PwmConstants.DEFAULT_LOCALE) + " can not be resolved"));
} else {
try {
final ChaiProvider chaiProvider = pwmApplication.getProxyChaiProvider(defaultLdapProfile.getIdentifier());
final ChaiUser chaiUser = chaiProvider.getEntryFactory().newChaiUser(lookupDN);
final UserIdentity userIdentity = new UserIdentity(lookupDN, defaultLdapProfile.getIdentifier());
thePolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, null, userIdentity, chaiUser, userLocale);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
}
newUserPasswordPolicyCache.put(userLocale, thePolicy);
return thePolicy;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
Configuration(password.pwm.config.Configuration)
StoredConfiguration(password.pwm.config.stored.StoredConfiguration)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Example 33 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class NewUserUtils method createUser.
@SuppressWarnings("checkstyle:MethodLength")
static void createUser(final NewUserForm newUserForm, final PwmRequest pwmRequest, final String newUserDN) throws PwmUnrecoverableException, ChaiUnavailableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final long startTime = System.currentTimeMillis();
// re-perform verification before proceeding
{
final PasswordUtility.PasswordCheckInfo passwordCheckInfo = NewUserServlet.verifyForm(pwmRequest, newUserForm, false);
passwordCheckInfoToException(passwordCheckInfo);
}
NewUserUtils.LOGGER.debug(pwmSession, "beginning createUser process for " + newUserDN);
final NewUserProfile newUserProfile = NewUserServlet.getNewUserProfile(pwmRequest);
final boolean promptForPassword = newUserProfile.readSettingAsBoolean(PwmSetting.NEWUSER_PROMPT_FOR_PASSWORD);
final PasswordData userPassword;
if (promptForPassword) {
userPassword = newUserForm.getNewUserPassword();
} else {
final PwmPasswordPolicy pwmPasswordPolicy = newUserProfile.getNewUserPasswordPolicy(pwmRequest.getPwmApplication(), pwmRequest.getLocale());
userPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), pwmPasswordPolicy, pwmRequest.getPwmApplication());
}
// set up the user creation attributes
final Map<String, String> createAttributes = NewUserFormUtils.getLdapDataFromNewUserForm(NewUserServlet.getNewUserProfile(pwmRequest), newUserForm);
// read the creation object classes from configuration
final Set<String> createObjectClasses = new LinkedHashSet<>(pwmApplication.getConfig().readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
// add the auto-add object classes
{
final LdapProfile defaultLDAPProfile = pwmApplication.getConfig().getDefaultLdapProfile();
createObjectClasses.addAll(defaultLDAPProfile.readSettingAsStringArray(PwmSetting.AUTO_ADD_OBJECT_CLASSES));
}
final ChaiProvider chaiProvider = pwmApplication.getConfig().getDefaultLdapProfile().getProxyChaiProvider(pwmApplication);
try {
// create the ldap entry
chaiProvider.createEntry(newUserDN, createObjectClasses, createAttributes);
NewUserUtils.LOGGER.info(pwmSession, "created user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error creating user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
final boolean useTempPw;
{
final String settingValue = pwmApplication.getConfig().readAppProperty(AppProperty.NEWUSER_LDAP_USE_TEMP_PW);
if ("auto".equalsIgnoreCase(settingValue)) {
useTempPw = chaiProvider.getDirectoryVendor() == DirectoryVendor.ACTIVE_DIRECTORY;
} else {
useTempPw = Boolean.parseBoolean(settingValue);
}
}
if (useTempPw) {
NewUserUtils.LOGGER.trace(pwmSession, "will use temporary password process for new user entry: " + newUserDN);
final PasswordData temporaryPassword;
{
final RandomPasswordGenerator.RandomGeneratorConfig randomGeneratorConfig = RandomPasswordGenerator.RandomGeneratorConfig.builder().passwordPolicy(newUserProfile.getNewUserPasswordPolicy(pwmApplication, pwmRequest.getLocale())).build();
temporaryPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), randomGeneratorConfig, pwmApplication);
}
final ChaiUser proxiedUser = chaiProvider.getEntryFactory().newChaiUser(newUserDN);
try {
// set password as admin
proxiedUser.setPassword(temporaryPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set temporary password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting temporary password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
NewUserUtils.LOGGER.debug(pwmSession, "setting userAccountControl attribute to enable account " + theUser.getEntryDN());
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
try {
// bind as user
NewUserUtils.LOGGER.debug(pwmSession, "attempting bind as user to then allow changing to requested password for new user entry: " + newUserDN);
final ChaiConfiguration chaiConfiguration = ChaiConfiguration.builder(chaiProvider.getChaiConfiguration()).setSetting(ChaiSetting.BIND_DN, newUserDN).setSetting(ChaiSetting.BIND_PASSWORD, temporaryPassword.getStringValue()).build();
final ChaiProvider bindAsProvider = pwmApplication.getLdapConnectionService().getChaiProviderFactory().newProvider(chaiConfiguration);
final ChaiUser bindAsUser = bindAsProvider.getEntryFactory().newChaiUser(newUserDN);
bindAsUser.changePassword(temporaryPassword.getStringValue(), userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "changed to user requested password for new user entry: " + newUserDN);
bindAsProvider.close();
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting user password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
} else {
try {
// set password
theUser.setPassword(userPassword.getStringValue());
NewUserUtils.LOGGER.debug(pwmSession, "set user requested password for new user entry: " + newUserDN);
} catch (ChaiOperationException e) {
final String userMessage = "unexpected ldap error setting password for new user entry: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, userMessage);
throw new PwmOperationalException(errorInformation);
}
// add AD-specific attributes
if (DirectoryVendor.ACTIVE_DIRECTORY == chaiProvider.getDirectoryVendor()) {
try {
theUser.writeStringAttribute("userAccountControl", "512");
} catch (ChaiOperationException e) {
final String errorMsg = "error enabling AD account when writing userAccountControl attribute: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
}
NewUserUtils.LOGGER.trace(pwmSession, "new user ldap creation process complete, now authenticating user");
// write data to remote web service
remoteWriteFormData(pwmRequest, newUserForm);
// authenticate the user to pwm
final UserIdentity userIdentity = new UserIdentity(newUserDN, pwmApplication.getConfig().getDefaultLdapProfile().getIdentifier());
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.NEW_USER_REGISTRATION);
sessionAuthenticator.authenticateUser(userIdentity, userPassword);
{
// execute configured actions
final List<ActionConfiguration> actions = newUserProfile.readSettingAsAction(PwmSetting.NEWUSER_WRITE_ATTRIBUTES);
if (actions != null && !actions.isEmpty()) {
NewUserUtils.LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmSession.getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
actionExecutor.executeActions(actions, pwmSession.getLabel());
}
}
// send user email
sendNewUserEmailConfirmation(pwmRequest);
// add audit record
pwmApplication.getAuditManager().submit(AuditEvent.CREATE_USER, pwmSession.getUserInfo(), pwmSession);
// increment the new user creation statistics
pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
NewUserUtils.LOGGER.debug(pwmSession, "completed createUser process for " + newUserDN + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")");
}
Also used :
LinkedHashSet(java.util.LinkedHashSet)
SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator)
PwmOperationalException(password.pwm.error.PwmOperationalException)
ErrorInformation(password.pwm.error.ErrorInformation)
PasswordData(password.pwm.util.PasswordData)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
List(java.util.List)
ArrayList(java.util.ArrayList)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
ActionExecutor(password.pwm.util.operations.ActionExecutor)
PwmApplication(password.pwm.PwmApplication)
UserIdentity(password.pwm.bean.UserIdentity)
NewUserProfile(password.pwm.config.profile.NewUserProfile)
LdapProfile(password.pwm.config.profile.LdapProfile)
ChaiConfiguration(com.novell.ldapchai.provider.ChaiConfiguration)
ChaiProvider(com.novell.ldapchai.provider.ChaiProvider)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmSession(password.pwm.http.PwmSession)
Example 34 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class PeopleSearchDataReader method doDetailLookup.
private UserSearchResults doDetailLookup(final UserIdentity userIdentity) throws PwmUnrecoverableException {
final List<FormConfiguration> detailFormConfig = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PEOPLE_SEARCH_DETAIL_FORM);
final Map<String, String> attributeHeaderMap = UserSearchResults.fromFormConfiguration(detailFormConfig, pwmRequest.getLocale());
if (peopleSearchConfiguration.isOrgChartEnabled()) {
final String orgChartParentAttr = peopleSearchConfiguration.getOrgChartParentAttr();
if (!attributeHeaderMap.containsKey(orgChartParentAttr)) {
attributeHeaderMap.put(orgChartParentAttr, orgChartParentAttr);
}
final String orgChartChildAttr = peopleSearchConfiguration.getOrgChartParentAttr();
if (!attributeHeaderMap.containsKey(orgChartChildAttr)) {
attributeHeaderMap.put(orgChartChildAttr, orgChartChildAttr);
}
}
try {
final ChaiUser theUser = getChaiUser(userIdentity);
final Map<String, String> values = theUser.readStringAttributes(attributeHeaderMap.keySet());
return new UserSearchResults(attributeHeaderMap, Collections.singletonMap(userIdentity, values), false);
} catch (ChaiException e) {
LOGGER.error("unexpected error during detail lookup of '" + userIdentity + "', error: " + e.getMessage());
throw PwmUnrecoverableException.fromChaiException(e);
}
}
Also used :
ChaiUser(com.novell.ldapchai.ChaiUser)
UserSearchResults(password.pwm.ldap.search.UserSearchResults)
FormConfiguration(password.pwm.config.value.data.FormConfiguration)
ChaiException(com.novell.ldapchai.exception.ChaiException)
Example 35 with ChaiUser
use of com.novell.ldapchai.ChaiUser in project pwm by pwm-project.
the class PeopleSearchDataReader method readUserMultiAttributeValues.
private List<String> readUserMultiAttributeValues(final PwmRequest pwmRequest, final UserIdentity userIdentity, final String attributeName) throws PwmUnrecoverableException {
final List<String> returnObj = new ArrayList<>();
final int maxValues = Integer.parseInt(pwmRequest.getConfig().readAppProperty(AppProperty.PEOPLESEARCH_VALUE_MAXCOUNT));
final ChaiUser chaiUser = getChaiUser(userIdentity);
try {
final Set<String> ldapValues = chaiUser.readMultiStringAttribute(attributeName);
if (ldapValues != null) {
returnObj.addAll(ldapValues);
}
while (returnObj.size() > maxValues) {
returnObj.remove(returnObj.size() - 1);
}
return Collections.unmodifiableList(returnObj);
} catch (ChaiOperationException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, "error reading attribute value '" + attributeName + "', error:" + e.getMessage()));
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiUser(com.novell.ldapchai.ChaiUser)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Aggregations
ChaiUser (com.novell.ldapchai.ChaiUser)69
ErrorInformation (password.pwm.error.ErrorInformation)38
UserIdentity (password.pwm.bean.UserIdentity)30
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)27
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)25
PwmOperationalException (password.pwm.error.PwmOperationalException)23
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)21
ChaiException (com.novell.ldapchai.exception.ChaiException)18
ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)18
PwmApplication (password.pwm.PwmApplication)16
PwmSession (password.pwm.http.PwmSession)12
UserInfo (password.pwm.ldap.UserInfo)12
Instant (java.time.Instant)10
FormConfiguration (password.pwm.config.value.data.FormConfiguration)10
PasswordData (password.pwm.util.PasswordData)10
MacroMachine (password.pwm.util.macro.MacroMachine)10
ArrayList (java.util.ArrayList)9
List (java.util.List)9
LdapProfile (password.pwm.config.profile.LdapProfile)9
Locale (java.util.Locale)8
