use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class CrService method readUserResponseSet.
public ResponseSet readUserResponseSet(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser) throws ChaiUnavailableException, PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
LOGGER.trace(sessionLabel, "beginning read of user response sequence");
final List<DataStorageMethod> readPreferences = config.helper().getCrReadPreference();
final String debugMsg = "will attempt to read the following storage methods: " + JsonUtil.serializeCollection(readPreferences) + " for user " + theUser.getEntryDN();
LOGGER.debug(sessionLabel, debugMsg);
final String userGUID;
if (readPreferences.contains(DataStorageMethod.DB) || readPreferences.contains(DataStorageMethod.LOCALDB)) {
userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
} else {
userGUID = null;
}
for (final DataStorageMethod storageMethod : readPreferences) {
final ResponseSet readResponses;
LOGGER.trace(sessionLabel, "attempting read of responses via storage method: " + storageMethod);
readResponses = operatorMap.get(storageMethod).readResponseSet(theUser, userIdentity, userGUID);
if (readResponses != null) {
LOGGER.debug(sessionLabel, "returning responses read via method " + storageMethod + " for user " + theUser.getEntryDN());
return readResponses;
} else {
LOGGER.trace(sessionLabel, "no responses read using method " + storageMethod);
}
}
LOGGER.debug(sessionLabel, "no responses found for user " + theUser.getEntryDN());
return null;
}
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class NMASCrOperator method readResponseInfo.
@Override
public ResponseInfoBean readResponseInfo(final ChaiUser theUser, final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
try {
if (theUser.getChaiProvider().getDirectoryVendor() != DirectoryVendor.EDIRECTORY) {
LOGGER.debug("skipping request to read NMAS responses for " + userIdentity + ", directory type is not eDirectory");
return null;
}
final ResponseSet responseSet = NmasCrFactory.readNmasResponseSet(theUser);
if (responseSet == null) {
return null;
}
final ResponseInfoBean responseInfoBean = CrOperators.convertToNoAnswerInfoBean(responseSet, DataStorageMethod.NMAS);
responseInfoBean.setTimestamp(null);
return responseInfoBean;
} catch (ChaiException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, "unexpected error reading response info " + e.getMessage()));
}
}
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class ForgottenPasswordUtil method readResponseSet.
static ResponseSet readResponseSet(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException {
if (forgottenPasswordBean.getUserIdentity() == null) {
return null;
}
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
responseSet = pwmApplication.getCrService().readUserResponseSet(pwmRequest.getSessionLabel(), userIdentity, theUser);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
return responseSet;
}
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class ForgottenPasswordUtil method verifyRequirementsForAuthMethod.
static void verifyRequirementsForAuthMethod(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final IdentityVerificationMethod recoveryVerificationMethods) throws PwmUnrecoverableException {
switch(recoveryVerificationMethods) {
case TOKEN:
{
ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
}
break;
case ATTRIBUTES:
{
final List<FormConfiguration> formConfiguration = forgottenPasswordBean.getAttributeForm();
if (formConfiguration == null || formConfiguration.isEmpty()) {
final String errorMsg = "user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case OTP:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
if (userInfo.getOtpUserRecord() == null) {
final String errorMsg = "could not find a one time password configuration for " + userInfo.getUserIdentity();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_OTP_CONFIGURATION, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case CHALLENGE_RESPONSES:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES);
throw new PwmUnrecoverableException(errorInformation);
}
final ChallengeSet challengeSet = userInfo.getChallengeProfile().getChallengeSet();
try {
if (responseSet.meetsChallengeSetRequirements(challengeSet)) {
if (challengeSet.getRequiredChallenges().isEmpty() && (challengeSet.getMinRandomRequired() <= 0)) {
final String errorMsg = "configured challenge set policy for " + userInfo.getUserIdentity().toString() + " is empty, user not qualified to recover password";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
} catch (ChaiValidationException e) {
final String errorMsg = "stored response set for user '" + userInfo.getUserIdentity() + "' do not meet current challenge set requirements: " + e.getLocalizedMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
default:
// continue, assume no data requirements for method.
break;
}
}
use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckResponses.
@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
// read the supplied responses from the user
final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
final boolean responsesPassed;
try {
responsesPassed = responseSet.test(crMap);
} catch (ChaiUnavailableException e) {
if (e.getCause() instanceof PwmUnrecoverableException) {
throw (PwmUnrecoverableException) e.getCause();
}
throw e;
}
// special case for nmas, clear out existing challenges and input fields.
if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
}
if (responsesPassed) {
LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
} else {
final String errorMsg = "incorrect response to one or more challenges";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
} catch (ChaiValidationException e) {
LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
return ProcessStatus.Continue;
}
Aggregations