use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.
the class RestChallengesServer method doFormGetChallengeData.
@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json)
public RestResultBean doFormGetChallengeData(final RestRequest restRequest) throws PwmUnrecoverableException {
final boolean answers = restRequest.readParameterAsBoolean("answers");
final boolean helpdesk = restRequest.readParameterAsBoolean("helpdesk");
final String username = restRequest.readParameterAsString(FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation);
try {
if (answers && !restRequest.getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.ENABLE_WEBSERVICES_READANSWERS)) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "retrieval of answers is not permitted"));
}
final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
// gather data
final ResponseSet responseSet;
final ChallengeSet challengeSet;
final ChallengeSet helpdeskChallengeSet;
final String outputUsername;
final ChaiUser chaiUser = targetUserIdentity.getChaiUser();
final Locale userLocale = restRequest.getLocale();
final CrService crService = restRequest.getPwmApplication().getCrService();
responseSet = crService.readUserResponseSet(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser);
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userLocale);
final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, passwordPolicy, userLocale);
challengeSet = challengeProfile.getChallengeSet();
helpdeskChallengeSet = challengeProfile.getHelpdeskChallengeSet();
outputUsername = targetUserIdentity.getUserIdentity().toDelimitedKey();
// build output
final JsonChallengesData jsonData = new JsonChallengesData();
{
jsonData.username = outputUsername;
if (responseSet != null) {
jsonData.challenges = responseSet.asChallengeBeans(answers);
if (helpdesk) {
jsonData.helpdeskChallenges = responseSet.asHelpdeskChallengeBeans(answers);
}
jsonData.minimumRandoms = responseSet.getChallengeSet().getMinRandomRequired();
}
final Policy policy = new Policy();
if (challengeSet != null) {
policy.challenges = challengesToBeans(challengeSet.getChallenges());
policy.minimumRandoms = challengeSet.getMinRandomRequired();
}
if (helpdeskChallengeSet != null && helpdesk) {
policy.helpdeskChallenges = challengesToBeans(helpdeskChallengeSet.getChallenges());
}
if (policy.challenges != null || policy.helpdeskChallenges != null) {
jsonData.policy = policy;
}
}
// update statistics
StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
return RestResultBean.withData(jsonData);
} catch (ChaiException e) {
final String errorMsg = "unexpected error building json response: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
return RestResultBean.fromError(restRequest, errorInformation);
}
}
use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.
the class ChallengeProfile method readChallengeProfileFromConfig.
public static ChallengeProfile readChallengeProfileFromConfig(final String profileID, final Locale locale, final StoredConfiguration storedConfiguration) {
final int minRandomRequired = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_REQUIRED, profileID));
ChallengeSet readChallengeSet = null;
try {
readChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_RANDOM_CHALLENGES, minRandomRequired);
} catch (PwmOperationalException e) {
LOGGER.trace("configured challengeSet for profile '" + profileID + "' is not valid: " + e.getMessage());
}
ChallengeSet readHelpdeskChallengeSet = null;
try {
readHelpdeskChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_HELPDESK_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_HELPDESK_RANDOM_CHALLENGES, 1);
} catch (PwmOperationalException e) {
LOGGER.trace("discarding configured helpdesk challengeSet for profile '" + profileID + "' issue: " + e.getMessage());
}
final int minRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_SETUP, profileID));
final int minHelpdeskRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_HELPDESK_MIN_RANDOM_SETUP, profileID));
final List<UserPermission> userPermissions = (List<UserPermission>) storedConfiguration.readSetting(PwmSetting.CHALLENGE_POLICY_QUERY_MATCH, profileID).toNativeObject();
return new ChallengeProfile(profileID, locale, readChallengeSet, readHelpdeskChallengeSet, minRandomSetup, minHelpdeskRandomSetup, userPermissions);
}
use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.
the class ImportResponsesCommand method doCommand.
@Override
void doCommand() throws Exception {
final PwmApplication pwmApplication = cliEnvironment.getPwmApplication();
final File inputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
try (BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(inputFile), PwmConstants.DEFAULT_CHARSET.toString()))) {
out("importing stored responses from " + inputFile.getAbsolutePath() + "....");
int counter = 0;
String line;
final long startTime = System.currentTimeMillis();
while ((line = reader.readLine()) != null) {
counter++;
final RestChallengesServer.JsonChallengesData inputData;
inputData = JsonUtil.deserialize(line, RestChallengesServer.JsonChallengesData.class);
final UserIdentity userIdentity = UserIdentity.fromDelimitedKey(inputData.username);
final ChaiUser user = pwmApplication.getProxiedChaiUser(userIdentity);
if (user.exists()) {
out("writing responses to user '" + user.getEntryDN() + "'");
try {
final ChallengeProfile challengeProfile = pwmApplication.getCrService().readUserChallengeProfile(null, userIdentity, user, PwmPasswordPolicy.defaultPolicy(), PwmConstants.DEFAULT_LOCALE);
final ChallengeSet challengeSet = challengeProfile.getChallengeSet();
final String userGuid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
final ResponseInfoBean responseInfoBean = inputData.toResponseInfoBean(PwmConstants.DEFAULT_LOCALE, challengeSet.getIdentifier());
pwmApplication.getCrService().writeResponses(userIdentity, user, userGuid, responseInfoBean);
} catch (Exception e) {
out("error writing responses to user '" + user.getEntryDN() + "', error: " + e.getMessage());
return;
}
} else {
out("user '" + user.getEntryDN() + "' is not a valid userDN");
return;
}
}
out("output complete, " + counter + " responses imported in " + TimeDuration.fromCurrent(startTime).asCompactString());
}
}
use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.
the class CrService method readUserChallengeProfile.
public ChallengeProfile readUserChallengeProfile(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser, final PwmPasswordPolicy policy, final Locale locale) throws PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final long methodStartTime = System.currentTimeMillis();
ChallengeSet returnSet = null;
if (config.readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_CHALLENGE_SET)) {
try {
if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
if (policy != null && policy.getChaiPasswordPolicy() != null) {
returnSet = NmasCrFactory.readAssignedChallengeSet(theUser.getChaiProvider(), policy.getChaiPasswordPolicy(), locale);
}
if (returnSet == null) {
returnSet = NmasCrFactory.readAssignedChallengeSet(theUser, locale);
}
if (returnSet == null) {
LOGGER.debug(sessionLabel, "no nmas c/r policy found for user " + theUser.getEntryDN());
} else {
LOGGER.debug(sessionLabel, "using nmas c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
final String challengeID = "nmasPolicy-" + userIdentity.toDelimitedKey();
final ChallengeProfile challengeProfile = ChallengeProfile.createChallengeProfile(challengeID, locale, applyPwmPolicyToNmasChallenges(returnSet, config), null, (int) config.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MIN_RANDOM_DURING_SETUP), 0);
LOGGER.debug(sessionLabel, "using ldap c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + ", result=" + JsonUtil.serialize(challengeProfile));
return challengeProfile;
}
}
} catch (ChaiException e) {
LOGGER.error(sessionLabel, "error reading nmas c/r policy for user " + theUser.getEntryDN() + ": " + e.getMessage());
}
LOGGER.debug(sessionLabel, "no detected c/r policy for user " + theUser.getEntryDN() + " in nmas");
}
// use PWM policies if PWM is configured and either its all that is configured OR the NMAS policy read was not successful
final String challengeProfileID = determineChallengeProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
final ChallengeProfile challengeProfile = config.getChallengeProfile(challengeProfileID, locale);
LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + " returned profile: " + (challengeProfile == null ? "null" : challengeProfile.getIdentifier()));
return challengeProfile;
}
use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.
the class ForgottenPasswordUtil method initForgottenPasswordBean.
static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final Locale locale = pwmRequest.getLocale();
final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
forgottenPasswordBean.setUserIdentity(userIdentity);
final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
final ChallengeSet challengeSet;
if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
} catch (ChaiValidationException e) {
final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
} else {
challengeSet = null;
}
if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
try {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
if (chaiUser.isPasswordLocked()) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
}
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
LOGGER.error(sessionLabel, errorInformation);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
}
final List<FormConfiguration> attributeForm;
try {
attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
forgottenPasswordBean.setUserLocale(locale);
forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
forgottenPasswordBean.setAttributeForm(attributeForm);
forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
}
}
Aggregations