Search in sources :

Example 1 with ResponseSet

use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.

the class CrService method readUserResponseSet.

public ResponseSet readUserResponseSet(final SessionLabel sessionLabel, final UserIdentity userIdentity, final ChaiUser theUser) throws ChaiUnavailableException, PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    LOGGER.trace(sessionLabel, "beginning read of user response sequence");
    final List<DataStorageMethod> readPreferences = config.helper().getCrReadPreference();
    final String debugMsg = "will attempt to read the following storage methods: " + JsonUtil.serializeCollection(readPreferences) + " for user " + theUser.getEntryDN();
    LOGGER.debug(sessionLabel, debugMsg);
    final String userGUID;
    if (readPreferences.contains(DataStorageMethod.DB) || readPreferences.contains(DataStorageMethod.LOCALDB)) {
        userGUID = LdapOperationsHelper.readLdapGuidValue(pwmApplication, sessionLabel, userIdentity, false);
    } else {
        userGUID = null;
    }
    for (final DataStorageMethod storageMethod : readPreferences) {
        final ResponseSet readResponses;
        LOGGER.trace(sessionLabel, "attempting read of responses via storage method: " + storageMethod);
        readResponses = operatorMap.get(storageMethod).readResponseSet(theUser, userIdentity, userGUID);
        if (readResponses != null) {
            LOGGER.debug(sessionLabel, "returning responses read via method " + storageMethod + " for user " + theUser.getEntryDN());
            return readResponses;
        } else {
            LOGGER.trace(sessionLabel, "no responses read using method " + storageMethod);
        }
    }
    LOGGER.debug(sessionLabel, "no responses found for user " + theUser.getEntryDN());
    return null;
}
Also used : Configuration(password.pwm.config.Configuration) ResponseSet(com.novell.ldapchai.cr.ResponseSet) DataStorageMethod(password.pwm.config.option.DataStorageMethod)

Example 2 with ResponseSet

use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.

the class NMASCrOperator method readResponseInfo.

@Override
public ResponseInfoBean readResponseInfo(final ChaiUser theUser, final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
    try {
        if (theUser.getChaiProvider().getDirectoryVendor() != DirectoryVendor.EDIRECTORY) {
            LOGGER.debug("skipping request to read NMAS responses for " + userIdentity + ", directory type is not eDirectory");
            return null;
        }
        final ResponseSet responseSet = NmasCrFactory.readNmasResponseSet(theUser);
        if (responseSet == null) {
            return null;
        }
        final ResponseInfoBean responseInfoBean = CrOperators.convertToNoAnswerInfoBean(responseSet, DataStorageMethod.NMAS);
        responseInfoBean.setTimestamp(null);
        return responseInfoBean;
    } catch (ChaiException e) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, "unexpected error reading response info " + e.getMessage()));
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ResponseSet(com.novell.ldapchai.cr.ResponseSet) NmasResponseSet(com.novell.ldapchai.impl.edir.NmasResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ResponseInfoBean(password.pwm.bean.ResponseInfoBean) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 3 with ResponseSet

use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.

the class ForgottenPasswordUtil method readResponseSet.

static ResponseSet readResponseSet(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException {
    if (forgottenPasswordBean.getUserIdentity() == null) {
        return null;
    }
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ResponseSet responseSet;
    try {
        final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
        responseSet = pwmApplication.getCrService().readUserResponseSet(pwmRequest.getSessionLabel(), userIdentity, theUser);
    } catch (ChaiUnavailableException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    return responseSet;
}
Also used : PwmApplication(password.pwm.PwmApplication) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) ResponseSet(com.novell.ldapchai.cr.ResponseSet)

Example 4 with ResponseSet

use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.

the class ForgottenPasswordUtil method verifyRequirementsForAuthMethod.

static void verifyRequirementsForAuthMethod(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final IdentityVerificationMethod recoveryVerificationMethods) throws PwmUnrecoverableException {
    switch(recoveryVerificationMethods) {
        case TOKEN:
            {
                ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
            }
            break;
        case ATTRIBUTES:
            {
                final List<FormConfiguration> formConfiguration = forgottenPasswordBean.getAttributeForm();
                if (formConfiguration == null || formConfiguration.isEmpty()) {
                    final String errorMsg = "user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured";
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            break;
        case OTP:
            {
                final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                if (userInfo.getOtpUserRecord() == null) {
                    final String errorMsg = "could not find a one time password configuration for " + userInfo.getUserIdentity();
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_OTP_CONFIGURATION, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            break;
        case CHALLENGE_RESPONSES:
            {
                final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
                if (responseSet == null) {
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES);
                    throw new PwmUnrecoverableException(errorInformation);
                }
                final ChallengeSet challengeSet = userInfo.getChallengeProfile().getChallengeSet();
                try {
                    if (responseSet.meetsChallengeSetRequirements(challengeSet)) {
                        if (challengeSet.getRequiredChallenges().isEmpty() && (challengeSet.getMinRandomRequired() <= 0)) {
                            final String errorMsg = "configured challenge set policy for " + userInfo.getUserIdentity().toString() + " is empty, user not qualified to recover password";
                            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
                            throw new PwmUnrecoverableException(errorInformation);
                        }
                    }
                } catch (ChaiValidationException e) {
                    final String errorMsg = "stored response set for user '" + userInfo.getUserIdentity() + "' do not meet current challenge set requirements: " + e.getLocalizedMessage();
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            break;
        default:
            // continue, assume no data requirements for method.
            break;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ResponseSet(com.novell.ldapchai.cr.ResponseSet) List(java.util.List) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo)

Example 5 with ResponseSet

use of com.novell.ldapchai.cr.ResponseSet in project pwm by pwm-project.

the class ForgottenPasswordServlet method processCheckResponses.

@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.getUserIdentity() == null) {
        return ProcessStatus.Continue;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
    if (responseSet == null) {
        final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        // read the supplied responses from the user
        final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
        final boolean responsesPassed;
        try {
            responsesPassed = responseSet.test(crMap);
        } catch (ChaiUnavailableException e) {
            if (e.getCause() instanceof PwmUnrecoverableException) {
                throw (PwmUnrecoverableException) e.getCause();
            }
            throw e;
        }
        // special case for nmas, clear out existing challenges and input fields.
        if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
            forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
        }
        if (responsesPassed) {
            LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
        } else {
            final String errorMsg = "incorrect response to one or more challenges";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
            handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
            return ProcessStatus.Continue;
        }
    } catch (ChaiValidationException e) {
        LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
        return ProcessStatus.Continue;
    }
    forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
    return ProcessStatus.Continue;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) ResponseSet(com.novell.ldapchai.cr.ResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) Challenge(com.novell.ldapchai.cr.Challenge) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) NMASCrOperator(password.pwm.util.operations.cr.NMASCrOperator) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

ResponseSet (com.novell.ldapchai.cr.ResponseSet)11 ErrorInformation (password.pwm.error.ErrorInformation)7 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)7 ChaiUser (com.novell.ldapchai.ChaiUser)4 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)4 ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)4 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)3 ChaiException (com.novell.ldapchai.exception.ChaiException)3 PwmApplication (password.pwm.PwmApplication)3 UserIdentity (password.pwm.bean.UserIdentity)3 ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)2 Locale (java.util.Locale)2 ForgottenPasswordBean (password.pwm.http.bean.ForgottenPasswordBean)2 UserInfo (password.pwm.ldap.UserInfo)2 RestMethodHandler (password.pwm.ws.server.RestMethodHandler)2 Challenge (com.novell.ldapchai.cr.Challenge)1 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)1 NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)1 BufferedWriter (java.io.BufferedWriter)1 File (java.io.File)1