Example 1 with ResponseSet
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class CrService method readUserResponseSet.
public ResponseSet readUserResponseSet(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser) throws ChaiUnavailableException, PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
LOGGER.trace(sessionLabel, "beginning read of user response sequence");
final List<DataStorageMethod> readPreferences = config.helper().getCrReadPreference();
final String debugMsg = "will attempt to read the following storage methods: " + JsonUtil.serializeCollection(readPreferences) + " for user " + theUser.getEntryDN();
LOGGER.debug(sessionLabel, debugMsg);
final String userGUID;
if (readPreferences.contains(DataStorageMethod.DB) || readPreferences.contains(DataStorageMethod.LOCALDB)) {
userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
} else {
userGUID = null;
}
for (final DataStorageMethod storageMethod : readPreferences) {
final ResponseSet readResponses;
LOGGER.trace(sessionLabel, "attempting read of responses via storage method: " + storageMethod);
readResponses = operatorMap.get(storageMethod).readResponseSet(theUser, userIdentity, userGUID);
if (readResponses != null) {
LOGGER.debug(sessionLabel, "returning responses read via method " + storageMethod + " for user " + theUser.getEntryDN());
return readResponses;
} else {
LOGGER.trace(sessionLabel, "no responses read using method " + storageMethod);
}
}
LOGGER.debug(sessionLabel, "no responses found for user " + theUser.getEntryDN());
return null;
}
Also used :
Configuration(password.pwm.config.Configuration)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
DataStorageMethod(password.pwm.config.option.DataStorageMethod)
Example 2 with ResponseSet
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class NMASCrOperator method readResponseInfo.
@Override
public ResponseInfoBean readResponseInfo(final ChaiUser theUser, final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
try {
if (theUser.getChaiProvider().getDirectoryVendor() != DirectoryVendor.EDIRECTORY) {
LOGGER.debug("skipping request to read NMAS responses for " + userIdentity + ", directory type is not eDirectory");
return null;
}
final ResponseSet responseSet = NmasCrFactory.readNmasResponseSet(theUser);
if (responseSet == null) {
return null;
}
final ResponseInfoBean responseInfoBean = CrOperators.convertToNoAnswerInfoBean(responseSet, DataStorageMethod.NMAS);
responseInfoBean.setTimestamp(null);
return responseInfoBean;
} catch (ChaiException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, "unexpected error reading response info " + e.getMessage()));
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
NmasResponseSet(com.novell.ldapchai.impl.edir.NmasResponseSet)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
ResponseInfoBean(password.pwm.bean.ResponseInfoBean)
ChaiException(com.novell.ldapchai.exception.ChaiException)
Example 3 with ResponseSet
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class ForgottenPasswordUtil method readResponseSet.
static ResponseSet readResponseSet(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException {
if (forgottenPasswordBean.getUserIdentity() == null) {
return null;
}
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
responseSet = pwmApplication.getCrService().readUserResponseSet(pwmRequest.getSessionLabel(), userIdentity, theUser);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
return responseSet;
}
Also used :
PwmApplication(password.pwm.PwmApplication)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiUser(com.novell.ldapchai.ChaiUser)
UserIdentity(password.pwm.bean.UserIdentity)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
Example 4 with ResponseSet
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class ForgottenPasswordUtil method verifyRequirementsForAuthMethod.
static void verifyRequirementsForAuthMethod(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final IdentityVerificationMethod recoveryVerificationMethods) throws PwmUnrecoverableException {
switch(recoveryVerificationMethods) {
case TOKEN:
{
ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
}
break;
case ATTRIBUTES:
{
final List<FormConfiguration> formConfiguration = forgottenPasswordBean.getAttributeForm();
if (formConfiguration == null || formConfiguration.isEmpty()) {
final String errorMsg = "user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case OTP:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
if (userInfo.getOtpUserRecord() == null) {
final String errorMsg = "could not find a one time password configuration for " + userInfo.getUserIdentity();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_OTP_CONFIGURATION, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case CHALLENGE_RESPONSES:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES);
throw new PwmUnrecoverableException(errorInformation);
}
final ChallengeSet challengeSet = userInfo.getChallengeProfile().getChallengeSet();
try {
if (responseSet.meetsChallengeSetRequirements(challengeSet)) {
if (challengeSet.getRequiredChallenges().isEmpty() && (challengeSet.getMinRandomRequired() <= 0)) {
final String errorMsg = "configured challenge set policy for " + userInfo.getUserIdentity().toString() + " is empty, user not qualified to recover password";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
} catch (ChaiValidationException e) {
final String errorMsg = "stored response set for user '" + userInfo.getUserIdentity() + "' do not meet current challenge set requirements: " + e.getLocalizedMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
default:
// continue, assume no data requirements for method.
break;
}
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
ChallengeSet(com.novell.ldapchai.cr.ChallengeSet)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
List(java.util.List)
ArrayList(java.util.ArrayList)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
UserInfo(password.pwm.ldap.UserInfo)
Example 5 with ResponseSet
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckResponses.
@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
// read the supplied responses from the user
final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
final boolean responsesPassed;
try {
responsesPassed = responseSet.test(crMap);
} catch (ChaiUnavailableException e) {
if (e.getCause() instanceof PwmUnrecoverableException) {
throw (PwmUnrecoverableException) e.getCause();
}
throw e;
}
// special case for nmas, clear out existing challenges and input fields.
if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
}
if (responsesPassed) {
LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
} else {
final String errorMsg = "incorrect response to one or more challenges";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
} catch (ChaiValidationException e) {
LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
return ProcessStatus.Continue;
}
Also used :
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UserIdentity(password.pwm.bean.UserIdentity)
ResponseSet(com.novell.ldapchai.cr.ResponseSet)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
Challenge(com.novell.ldapchai.cr.Challenge)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException)
NMASCrOperator(password.pwm.util.operations.cr.NMASCrOperator)
ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)
Aggregations
ResponseSet (com.novell.ldapchai.cr.ResponseSet)11
ErrorInformation (password.pwm.error.ErrorInformation)7
PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)7
ChaiUser (com.novell.ldapchai.ChaiUser)4
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)4
ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)4
ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)3
ChaiException (com.novell.ldapchai.exception.ChaiException)3
PwmApplication (password.pwm.PwmApplication)3
UserIdentity (password.pwm.bean.UserIdentity)3
ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)2
Locale (java.util.Locale)2
ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)2
UserInfo (password.pwm.ldap.UserInfo)2
RestMethodHandler (password.pwm.ws.server.RestMethodHandler)2
Challenge (com.novell.ldapchai.cr.Challenge)1
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)1
NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)1
BufferedWriter (java.io.BufferedWriter)1
File (java.io.File)1
