Search in sources :

Example 11 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class NMASCrOperator method clearResponses.

public void clearResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String user) throws PwmUnrecoverableException {
    try {
        if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
            NmasCrFactory.clearResponseSet(theUser);
            LOGGER.info("cleared responses for user " + theUser.getEntryDN() + " using NMAS method ");
        }
    } catch (ChaiException e) {
        final String errorMsg = "error clearing responses from nmas: " + e.getMessage();
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_CLEARING_RESPONSES, errorMsg);
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(e);
        throw pwmOE;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 12 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class ForgottenPasswordUtil method doActionSendNewPassword.

static void doActionSendNewPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final ForgottenPasswordBean forgottenPasswordBean = ForgottenPasswordServlet.forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(pwmApplication.getConfig(), forgottenPasswordBean);
    LOGGER.trace(pwmRequest, "beginning process to send new password to user");
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        return;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
    try {
        // try unlocking user
        theUser.unlockPassword();
        LOGGER.trace(pwmRequest, "unlock account succeeded");
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation);
        return;
    }
    try {
        final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
        LOGGER.info(pwmRequest, "user successfully supplied password recovery responses, emailing new password to: " + theUser.getEntryDN());
        // add post change actions
        ForgottenPasswordServlet.addPostChangeAction(pwmRequest, userIdentity);
        // create new password
        final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), userInfo.getPasswordPolicy(), pwmApplication);
        LOGGER.trace(pwmRequest, "generated random password value based on password policy for " + userIdentity.toDisplayString());
        // set the password
        try {
            theUser.setPassword(newPassword.getStringValue());
            LOGGER.trace(pwmRequest, "set user " + userIdentity.toDisplayString() + " password to system generated random value");
        } catch (ChaiException e) {
            throw PwmUnrecoverableException.fromChaiException(e);
        }
        if (recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
            LOGGER.debug(pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired");
            theUser.expirePassword();
        }
        // mark the event log
        {
            final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.RECOVER_PASSWORD, userIdentity, pwmRequest.getSessionLabel());
            pwmApplication.getAuditManager().submit(auditRecord);
        }
        final MessageSendMethod messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        // send email or SMS
        final String toAddress = PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmRequest.getLocale(), messageSendMethod);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordSend, toAddress);
    } catch (PwmException e) {
        LOGGER.warn(pwmRequest, "unexpected error setting new password during recovery process for user: " + e.getMessage());
        pwmRequest.respondWithError(e.getErrorInformation());
    } catch (ChaiOperationException e) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ldap error while processing recovery action " + recoveryAction + ", error: " + e.getMessage());
        LOGGER.warn(pwmRequest, errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation);
    } finally {
        ForgottenPasswordServlet.clearForgottenPasswordBean(pwmRequest);
        // the user should not be authenticated, this is a safety method
        pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
        // the password set flag should not have been set, this is a safety method
        pwmRequest.getPwmSession().getSessionStateBean().setPasswordModified(false);
    }
}
Also used : ForgottenPasswordProfile(password.pwm.config.profile.ForgottenPasswordProfile) PwmApplication(password.pwm.PwmApplication) UserIdentity(password.pwm.bean.UserIdentity) UserInfo(password.pwm.ldap.UserInfo) MessageSendMethod(password.pwm.config.option.MessageSendMethod) PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) RecoveryAction(password.pwm.config.option.RecoveryAction) PasswordData(password.pwm.util.PasswordData) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) AuditRecord(password.pwm.svc.event.AuditRecord) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 13 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class HelpdeskServlet method restValidateAttributes.

@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final Instant startTime = Instant.now();
    final String bodyString = pwmRequest.readRequestBodyAsString();
    final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
    final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
    boolean passed = false;
    {
        final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
        if (verificationForms == null || verificationForms.isEmpty()) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
            throw new PwmUnrecoverableException(errorInformation);
        }
        final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
        final ChaiUser chaiUser;
        try {
            chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
        int successCount = 0;
        for (final FormConfiguration formConfiguration : verificationForms) {
            final String name = formConfiguration.getName();
            final String suppliedValue = bodyMap.get(name);
            try {
                if (chaiUser.compareStringAttribute(name, suppliedValue)) {
                    successCount++;
                }
            } catch (ChaiException e) {
                LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
            }
        }
        if (successCount == verificationForms.size()) {
            passed = true;
        }
    }
    final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
    if (passed) {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
    } else {
        final PwmSession pwmSession = pwmRequest.getPwmSession();
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
    }
    // add a delay to prevent continuous checks
    final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
    while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
        JavaHelper.pause(100);
    }
    final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
    final RestResultBean restResultBean = RestResultBean.withData(responseBean);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Instant(java.time.Instant) UserIdentity(password.pwm.bean.UserIdentity) HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord) ErrorInformation(password.pwm.error.ErrorInformation) AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory) ChaiUser(com.novell.ldapchai.ChaiUser) List(java.util.List) ArrayList(java.util.ArrayList) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmSession(password.pwm.http.PwmSession) Map(java.util.Map) HashMap(java.util.HashMap) RestResultBean(password.pwm.ws.server.RestResultBean)

Example 14 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class DeleteAccountServlet method handleDeleteRequest.

@ActionHandler(action = "delete")
private ProcessStatus handleDeleteRequest(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final DeleteAccountProfile deleteAccountProfile = getProfile(pwmRequest);
    final UserIdentity userIdentity = pwmRequest.getUserInfoIfLoggedIn();
    {
        // execute configured actions
        final List<ActionConfiguration> actions = deleteAccountProfile.readSettingAsAction(PwmSetting.DELETE_ACCOUNT_ACTIONS);
        if (actions != null && !actions.isEmpty()) {
            LOGGER.debug(pwmRequest, "executing configured actions to user " + userIdentity);
            final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
            try {
                actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
            } catch (PwmOperationalException e) {
                LOGGER.error("error during user delete action execution: " + e.getMessage());
                throw new PwmUnrecoverableException(e.getErrorInformation(), e.getCause());
            }
        }
    }
    // send notification
    sendProfileUpdateEmailNotice(pwmRequest);
    // mark the event log
    pwmApplication.getAuditManager().submit(AuditEvent.DELETE_ACCOUNT, pwmRequest.getPwmSession().getUserInfo(), pwmRequest.getPwmSession());
    final String nextUrl = deleteAccountProfile.readSettingAsString(PwmSetting.DELETE_ACCOUNT_NEXT_URL);
    if (nextUrl != null && !nextUrl.isEmpty()) {
        final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication);
        final String macroedUrl = macroMachine.expandMacros(nextUrl);
        LOGGER.debug(pwmRequest, "settinging forward url to post-delete next url: " + macroedUrl);
        pwmRequest.getPwmSession().getSessionStateBean().setForwardURL(macroedUrl);
    }
    // perform ldap entry delete.
    if (deleteAccountProfile.readSettingAsBoolean(PwmSetting.DELETE_ACCOUNT_DELETE_USER_ENTRY)) {
        final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(pwmRequest.getUserInfoIfLoggedIn());
        try {
            chaiUser.getChaiProvider().deleteEntry(chaiUser.getEntryDN());
        } catch (ChaiException e) {
            final PwmUnrecoverableException pwmException = PwmUnrecoverableException.fromChaiException(e);
            LOGGER.error("error during user delete", pwmException);
            throw pwmException;
        }
    }
    // clear the delete bean
    pwmApplication.getSessionStateService().clearBean(pwmRequest, DeleteAccountBean.class);
    // delete finished, so logout and redirect.
    pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
    pwmRequest.sendRedirectToContinue();
    return ProcessStatus.Halt;
}
Also used : ActionExecutor(password.pwm.util.operations.ActionExecutor) PwmApplication(password.pwm.PwmApplication) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) DeleteAccountProfile(password.pwm.config.profile.DeleteAccountProfile) MacroMachine(password.pwm.util.macro.MacroMachine) List(java.util.List) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 15 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class RestChallengesServer method doFormGetChallengeData.

@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json)
public RestResultBean doFormGetChallengeData(final RestRequest restRequest) throws PwmUnrecoverableException {
    final boolean answers = restRequest.readParameterAsBoolean("answers");
    final boolean helpdesk = restRequest.readParameterAsBoolean("helpdesk");
    final String username = restRequest.readParameterAsString(FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation);
    try {
        if (answers && !restRequest.getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.ENABLE_WEBSERVICES_READANSWERS)) {
            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "retrieval of answers is not permitted"));
        }
        final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
        // gather data
        final ResponseSet responseSet;
        final ChallengeSet challengeSet;
        final ChallengeSet helpdeskChallengeSet;
        final String outputUsername;
        final ChaiUser chaiUser = targetUserIdentity.getChaiUser();
        final Locale userLocale = restRequest.getLocale();
        final CrService crService = restRequest.getPwmApplication().getCrService();
        responseSet = crService.readUserResponseSet(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser);
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userLocale);
        final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, passwordPolicy, userLocale);
        challengeSet = challengeProfile.getChallengeSet();
        helpdeskChallengeSet = challengeProfile.getHelpdeskChallengeSet();
        outputUsername = targetUserIdentity.getUserIdentity().toDelimitedKey();
        // build output
        final JsonChallengesData jsonData = new JsonChallengesData();
        {
            jsonData.username = outputUsername;
            if (responseSet != null) {
                jsonData.challenges = responseSet.asChallengeBeans(answers);
                if (helpdesk) {
                    jsonData.helpdeskChallenges = responseSet.asHelpdeskChallengeBeans(answers);
                }
                jsonData.minimumRandoms = responseSet.getChallengeSet().getMinRandomRequired();
            }
            final Policy policy = new Policy();
            if (challengeSet != null) {
                policy.challenges = challengesToBeans(challengeSet.getChallenges());
                policy.minimumRandoms = challengeSet.getMinRandomRequired();
            }
            if (helpdeskChallengeSet != null && helpdesk) {
                policy.helpdeskChallenges = challengesToBeans(helpdeskChallengeSet.getChallenges());
            }
            if (policy.challenges != null || policy.helpdeskChallenges != null) {
                jsonData.policy = policy;
            }
        }
        // update statistics
        StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
        return RestResultBean.withData(jsonData);
    } catch (ChaiException e) {
        final String errorMsg = "unexpected error building json response: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        return RestResultBean.fromError(restRequest, errorInformation);
    }
}
Also used : Locale(java.util.Locale) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChallengeProfile(password.pwm.config.profile.ChallengeProfile) ResponseSet(com.novell.ldapchai.cr.ResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) CrService(password.pwm.util.operations.CrService) ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy) ChaiException(com.novell.ldapchai.exception.ChaiException) RestMethodHandler(password.pwm.ws.server.RestMethodHandler)

Aggregations

ChaiException (com.novell.ldapchai.exception.ChaiException)33 ErrorInformation (password.pwm.error.ErrorInformation)18 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16 ChaiUser (com.novell.ldapchai.ChaiUser)15 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)9 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)6 UserIdentity (password.pwm.bean.UserIdentity)6 PwmOperationalException (password.pwm.error.PwmOperationalException)6 Instant (java.time.Instant)5 ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)4 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)4 ArrayList (java.util.ArrayList)4 FormConfiguration (password.pwm.config.value.data.FormConfiguration)4 PasswordData (password.pwm.util.PasswordData)4 ResponseSet (com.novell.ldapchai.cr.ResponseSet)3 List (java.util.List)3 Map (java.util.Map)3 PwmApplication (password.pwm.PwmApplication)3 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2 NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)2