Search in sources :

Example 6 with ChallengeSet

use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.

the class RestChallengesServer method doFormGetChallengeData.

@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json)
public RestResultBean doFormGetChallengeData(final RestRequest restRequest) throws PwmUnrecoverableException {
    final boolean answers = restRequest.readParameterAsBoolean("answers");
    final boolean helpdesk = restRequest.readParameterAsBoolean("helpdesk");
    final String username = restRequest.readParameterAsString(FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation);
    try {
        if (answers && !restRequest.getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.ENABLE_WEBSERVICES_READANSWERS)) {
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "retrieval of answers is not permitted"));
        }
        final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
        // gather data
        final ResponseSet responseSet;
        final ChallengeSet challengeSet;
        final ChallengeSet helpdeskChallengeSet;
        final String outputUsername;
        final ChaiUser chaiUser = targetUserIdentity.getChaiUser();
        final Locale userLocale = restRequest.getLocale();
        final CrService crService = restRequest.getPwmApplication().getCrService();
        responseSet = crService.readUserResponseSet(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser);
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userLocale);
        final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, passwordPolicy, userLocale);
        challengeSet = challengeProfile.getChallengeSet();
        helpdeskChallengeSet = challengeProfile.getHelpdeskChallengeSet();
        outputUsername = targetUserIdentity.getUserIdentity().toDelimitedKey();
        // build output
        final JsonChallengesData jsonData = new JsonChallengesData();
        {
            jsonData.username = outputUsername;
            if (responseSet != null) {
                jsonData.challenges = responseSet.asChallengeBeans(answers);
                if (helpdesk) {
                    jsonData.helpdeskChallenges = responseSet.asHelpdeskChallengeBeans(answers);
                }
                jsonData.minimumRandoms = responseSet.getChallengeSet().getMinRandomRequired();
            }
            final Policy policy = new Policy();
            if (challengeSet != null) {
                policy.challenges = challengesToBeans(challengeSet.getChallenges());
                policy.minimumRandoms = challengeSet.getMinRandomRequired();
            }
            if (helpdeskChallengeSet != null && helpdesk) {
                policy.helpdeskChallenges = challengesToBeans(helpdeskChallengeSet.getChallenges());
            }
            if (policy.challenges != null || policy.helpdeskChallenges != null) {
                jsonData.policy = policy;
            }
        }
        // update statistics
        StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
        return RestResultBean.withData(jsonData);
    } catch (ChaiException e) {
        final String errorMsg = "unexpected error building json response: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        return RestResultBean.fromError(restRequest, errorInformation);
    }
}
Also used : Locale(java.util.Locale) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ResponseSet(com.novell.ldapchai.cr.ResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) CrService(password.pwm.util.operations.CrService) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) ChaiException(com.novell.ldapchai.exception.ChaiException) RestMethodHandler(password.pwm.ws.server.RestMethodHandler)

Example 7 with ChallengeSet

use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.

the class ChallengeProfile method readChallengeProfileFromConfig.

public static ChallengeProfile readChallengeProfileFromConfig(final String profileID, final Locale locale, final StoredConfiguration storedConfiguration) {
    final int minRandomRequired = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_REQUIRED, profileID));
    ChallengeSet readChallengeSet = null;
    try {
        readChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_RANDOM_CHALLENGES, minRandomRequired);
    } catch (PwmOperationalException e) {
        LOGGER.trace("configured challengeSet for profile '" + profileID + "' is not valid: " + e.getMessage());
    }
    ChallengeSet readHelpdeskChallengeSet = null;
    try {
        readHelpdeskChallengeSet = readChallengeSet(profileID, locale, storedConfiguration, PwmSetting.CHALLENGE_HELPDESK_REQUIRED_CHALLENGES, PwmSetting.CHALLENGE_HELPDESK_RANDOM_CHALLENGES, 1);
    } catch (PwmOperationalException e) {
        LOGGER.trace("discarding configured helpdesk challengeSet for profile '" + profileID + "' issue: " + e.getMessage());
    }
    final int minRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_MIN_RANDOM_SETUP, profileID));
    final int minHelpdeskRandomSetup = (int) Configuration.JavaTypeConverter.valueToLong(storedConfiguration.readSetting(PwmSetting.CHALLENGE_HELPDESK_MIN_RANDOM_SETUP, profileID));
    final List<UserPermission> userPermissions = (List<UserPermission>) storedConfiguration.readSetting(PwmSetting.CHALLENGE_POLICY_QUERY_MATCH, profileID).toNativeObject();
    return new ChallengeProfile(profileID, locale, readChallengeSet, readHelpdeskChallengeSet, minRandomSetup, minHelpdeskRandomSetup, userPermissions);
}
Also used : ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) ArrayList(java.util.ArrayList) List(java.util.List) PwmOperationalException(password.pwm.error.PwmOperationalException) UserPermission(password.pwm.config.value.data.UserPermission)

Example 8 with ChallengeSet

use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.

the class ImportResponsesCommand method doCommand.

@Override
void doCommand() throws Exception {
    final PwmApplication pwmApplication = cliEnvironment.getPwmApplication();
    final File inputFile = (File) cliEnvironment.getOptions().get(CliParameters.REQUIRED_EXISTING_INPUT_FILE.getName());
    try (BufferedReader reader = new BufferedReader(new InputStreamReader(new FileInputStream(inputFile), PwmConstants.DEFAULT_CHARSET.toString()))) {
        out("importing stored responses from " + inputFile.getAbsolutePath() + "....");
        int counter = 0;
        String line;
        final long startTime = System.currentTimeMillis();
        while ((line = reader.readLine()) != null) {
            counter++;
            final RestChallengesServer.JsonChallengesData inputData;
            inputData = JsonUtil.deserialize(line, RestChallengesServer.JsonChallengesData.class);
            final UserIdentity userIdentity = UserIdentity.fromDelimitedKey(inputData.username);
            final ChaiUser user = pwmApplication.getProxiedChaiUser(userIdentity);
            if (user.exists()) {
                out("writing responses to user '" + user.getEntryDN() + "'");
                try {
                    final ChallengeProfile challengeProfile = pwmApplication.getCrService().readUserChallengeProfile(null, userIdentity, user, PwmPasswordPolicy.defaultPolicy(), PwmConstants.DEFAULT_LOCALE);
                    final ChallengeSet challengeSet = challengeProfile.getChallengeSet();
                    final String userGuid = LdapOperationsHelper.readLdapGuidValue(pwmApplication, null, userIdentity, false);
                    final ResponseInfoBean responseInfoBean = inputData.toResponseInfoBean(PwmConstants.DEFAULT_LOCALE, challengeSet.getIdentifier());
                    pwmApplication.getCrService().writeResponses(userIdentity, user, userGuid, responseInfoBean);
                } catch (Exception e) {
                    out("error writing responses to user '" + user.getEntryDN() + "', error: " + e.getMessage());
                    return;
                }
            } else {
                out("user '" + user.getEntryDN() + "' is not a valid userDN");
                return;
            }
        }
        out("output complete, " + counter + " responses imported in " + TimeDuration.fromCurrent(startTime).asCompactString());
    }
}
Also used : PwmApplication(password.pwm.PwmApplication) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) InputStreamReader(java.io.InputStreamReader) UserIdentity(password.pwm.bean.UserIdentity) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ResponseInfoBean(password.pwm.bean.ResponseInfoBean) FileInputStream(java.io.FileInputStream) ChaiUser(com.novell.ldapchai.ChaiUser) BufferedReader(java.io.BufferedReader) RestChallengesServer(password.pwm.ws.server.rest.RestChallengesServer) File(java.io.File)

Example 9 with ChallengeSet

use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.

the class CrService method readUserChallengeProfile.

public ChallengeProfile readUserChallengeProfile(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser, final PwmPasswordPolicy policy, final Locale locale) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final long methodStartTime = System.currentTimeMillis();
    ChallengeSet returnSet = null;
    if (config.readSettingAsBoolean(PwmSetting.EDIRECTORY_READ_CHALLENGE_SET)) {
        try {
            if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
                if (policy != null && policy.getChaiPasswordPolicy() != null) {
                    returnSet = NmasCrFactory.readAssignedChallengeSet(theUser.getChaiProvider(), policy.getChaiPasswordPolicy(), locale);
                }
                if (returnSet == null) {
                    returnSet = NmasCrFactory.readAssignedChallengeSet(theUser, locale);
                }
                if (returnSet == null) {
                    LOGGER.debug(sessionLabel, "no nmas c/r policy found for user " + theUser.getEntryDN());
                } else {
                    LOGGER.debug(sessionLabel, "using nmas c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
                    final String challengeID = "nmasPolicy-" + userIdentity.toDelimitedKey();
                    final ChallengeProfile challengeProfile = ChallengeProfile.createChallengeProfile(challengeID, locale, applyPwmPolicyToNmasChallenges(returnSet, config), null, (int) config.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MIN_RANDOM_DURING_SETUP), 0);
                    LOGGER.debug(sessionLabel, "using ldap c/r policy for user " + theUser.getEntryDN() + ": " + returnSet.toString());
                    LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + ", result=" + JsonUtil.serialize(challengeProfile));
                    return challengeProfile;
                }
            }
        } catch (ChaiException e) {
            LOGGER.error(sessionLabel, "error reading nmas c/r policy for user " + theUser.getEntryDN() + ": " + e.getMessage());
        }
        LOGGER.debug(sessionLabel, "no detected c/r policy for user " + theUser.getEntryDN() + " in nmas");
    }
    // use PWM policies if PWM is configured and either its all that is configured OR the NMAS policy read was not successful
    final String challengeProfileID = determineChallengeProfileForUser(pwmApplication, sessionLabel, userIdentity, locale);
    final ChallengeProfile challengeProfile = config.getChallengeProfile(challengeProfileID, locale);
    LOGGER.trace(sessionLabel, "readUserChallengeProfile completed in " + TimeDuration.fromCurrent(methodStartTime).asCompactString() + " returned profile: " + (challengeProfile == null ? "null" : challengeProfile.getIdentifier()));
    return challengeProfile;
}
Also used : ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) Configuration(password.pwm.config.Configuration) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 10 with ChallengeSet

use of com.novell.ldapchai.cr.ChallengeSet in project pwm by pwm-project.

the class ForgottenPasswordUtil method initForgottenPasswordBean.

static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Locale locale = pwmRequest.getLocale();
    final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
    forgottenPasswordBean.setUserIdentity(userIdentity);
    final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
    final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
    forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
    final ChallengeSet challengeSet;
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
        final ResponseSet responseSet;
        try {
            final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
            challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
        } catch (ChaiValidationException e) {
            final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    } else {
        challengeSet = null;
    }
    if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
        try {
            final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            if (chaiUser.isPasswordLocked()) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
            }
        } catch (ChaiOperationException e) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
            LOGGER.error(sessionLabel, errorInformation);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    }
    final List<FormConfiguration> attributeForm;
    try {
        attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
    }
    forgottenPasswordBean.setUserLocale(locale);
    forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
    forgottenPasswordBean.setAttributeForm(attributeForm);
    forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
    forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
    for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
        verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
    }
}
Also used : Locale(java.util.Locale) ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) IdentityVerificationMethod(password.pwm.config.option.IdentityVerificationMethod) PwmApplication(password.pwm.PwmApplication) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ResponseSet(com.novell.ldapchai.cr.ResponseSet) UserInfo(password.pwm.ldap.UserInfo) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) SessionLabel(password.pwm.bean.SessionLabel) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiUser(com.novell.ldapchai.ChaiUser) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)11 ChaiChallengeSet (com.novell.ldapchai.cr.ChaiChallengeSet)4 Challenge (com.novell.ldapchai.cr.Challenge)4 ResponseSet (com.novell.ldapchai.cr.ResponseSet)4 ChallengeProfile (password.pwm.config.profile.ChallengeProfile)4 ErrorInformation (password.pwm.error.ErrorInformation)4 ChaiUser (com.novell.ldapchai.ChaiUser)3 ArrayList (java.util.ArrayList)3 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)3 ChaiChallenge (com.novell.ldapchai.cr.ChaiChallenge)2 ChaiException (com.novell.ldapchai.exception.ChaiException)2 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)2 ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)2 List (java.util.List)2 Locale (java.util.Locale)2 PwmApplication (password.pwm.PwmApplication)2 FormConfiguration (password.pwm.config.value.data.FormConfiguration)2 PwmDataValidationException (password.pwm.error.PwmDataValidationException)2 ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)2 SetupResponsesBean (password.pwm.http.bean.SetupResponsesBean)2