use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class NMASCrOperator method clearResponses.
public void clearResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String user) throws PwmUnrecoverableException {
try {
if (theUser.getChaiProvider().getDirectoryVendor() == DirectoryVendor.EDIRECTORY) {
NmasCrFactory.clearResponseSet(theUser);
LOGGER.info("cleared responses for user " + theUser.getEntryDN() + " using NMAS method ");
}
} catch (ChaiException e) {
final String errorMsg = "error clearing responses from nmas: " + e.getMessage();
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_CLEARING_RESPONSES, errorMsg);
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(e);
throw pwmOE;
}
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class ForgottenPasswordUtil method doActionSendNewPassword.
static void doActionSendNewPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final ForgottenPasswordBean forgottenPasswordBean = ForgottenPasswordServlet.forgottenPasswordBean(pwmRequest);
final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(pwmApplication.getConfig(), forgottenPasswordBean);
LOGGER.trace(pwmRequest, "beginning process to send new password to user");
if (!forgottenPasswordBean.getProgress().isAllPassed()) {
return;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
try {
// try unlocking user
theUser.unlockPassword();
LOGGER.trace(pwmRequest, "unlock account succeeded");
} catch (ChaiOperationException e) {
final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
return;
}
try {
final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
LOGGER.info(pwmRequest, "user successfully supplied password recovery responses, emailing new password to: " + theUser.getEntryDN());
// add post change actions
ForgottenPasswordServlet.addPostChangeAction(pwmRequest, userIdentity);
// create new password
final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), userInfo.getPasswordPolicy(), pwmApplication);
LOGGER.trace(pwmRequest, "generated random password value based on password policy for " + userIdentity.toDisplayString());
// set the password
try {
theUser.setPassword(newPassword.getStringValue());
LOGGER.trace(pwmRequest, "set user " + userIdentity.toDisplayString() + " password to system generated random value");
} catch (ChaiException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
if (recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
LOGGER.debug(pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired");
theUser.expirePassword();
}
// mark the event log
{
final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.RECOVER_PASSWORD, userIdentity, pwmRequest.getSessionLabel());
pwmApplication.getAuditManager().submit(auditRecord);
}
final MessageSendMethod messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
// send email or SMS
final String toAddress = PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmRequest.getLocale(), messageSendMethod);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordSend, toAddress);
} catch (PwmException e) {
LOGGER.warn(pwmRequest, "unexpected error setting new password during recovery process for user: " + e.getMessage());
pwmRequest.respondWithError(e.getErrorInformation());
} catch (ChaiOperationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ldap error while processing recovery action " + recoveryAction + ", error: " + e.getMessage());
LOGGER.warn(pwmRequest, errorInformation.toDebugStr());
pwmRequest.respondWithError(errorInformation);
} finally {
ForgottenPasswordServlet.clearForgottenPasswordBean(pwmRequest);
// the user should not be authenticated, this is a safety method
pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
// the password set flag should not have been set, this is a safety method
pwmRequest.getPwmSession().getSessionStateBean().setPasswordModified(false);
}
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class HelpdeskServlet method restValidateAttributes.
@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Instant startTime = Instant.now();
final String bodyString = pwmRequest.readRequestBodyAsString();
final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
boolean passed = false;
{
final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
if (verificationForms == null || verificationForms.isEmpty()) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
throw new PwmUnrecoverableException(errorInformation);
}
final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
final ChaiUser chaiUser;
try {
chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
int successCount = 0;
for (final FormConfiguration formConfiguration : verificationForms) {
final String name = formConfiguration.getName();
final String suppliedValue = bodyMap.get(name);
try {
if (chaiUser.compareStringAttribute(name, suppliedValue)) {
successCount++;
}
} catch (ChaiException e) {
LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
}
}
if (successCount == verificationForms.size()) {
passed = true;
}
}
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
if (passed) {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
} else {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
// add a delay to prevent continuous checks
final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
JavaHelper.pause(100);
}
final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
final RestResultBean restResultBean = RestResultBean.withData(responseBean);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class DeleteAccountServlet method handleDeleteRequest.
@ActionHandler(action = "delete")
private ProcessStatus handleDeleteRequest(final PwmRequest pwmRequest) throws ServletException, IOException, PwmUnrecoverableException, ChaiUnavailableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final DeleteAccountProfile deleteAccountProfile = getProfile(pwmRequest);
final UserIdentity userIdentity = pwmRequest.getUserInfoIfLoggedIn();
{
// execute configured actions
final List<ActionConfiguration> actions = deleteAccountProfile.readSettingAsAction(PwmSetting.DELETE_ACCOUNT_ACTIONS);
if (actions != null && !actions.isEmpty()) {
LOGGER.debug(pwmRequest, "executing configured actions to user " + userIdentity);
final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, userIdentity).setExpandPwmMacros(true).setMacroMachine(pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication)).createActionExecutor();
try {
actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
} catch (PwmOperationalException e) {
LOGGER.error("error during user delete action execution: " + e.getMessage());
throw new PwmUnrecoverableException(e.getErrorInformation(), e.getCause());
}
}
}
// send notification
sendProfileUpdateEmailNotice(pwmRequest);
// mark the event log
pwmApplication.getAuditManager().submit(AuditEvent.DELETE_ACCOUNT, pwmRequest.getPwmSession().getUserInfo(), pwmRequest.getPwmSession());
final String nextUrl = deleteAccountProfile.readSettingAsString(PwmSetting.DELETE_ACCOUNT_NEXT_URL);
if (nextUrl != null && !nextUrl.isEmpty()) {
final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmApplication);
final String macroedUrl = macroMachine.expandMacros(nextUrl);
LOGGER.debug(pwmRequest, "settinging forward url to post-delete next url: " + macroedUrl);
pwmRequest.getPwmSession().getSessionStateBean().setForwardURL(macroedUrl);
}
// perform ldap entry delete.
if (deleteAccountProfile.readSettingAsBoolean(PwmSetting.DELETE_ACCOUNT_DELETE_USER_ENTRY)) {
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(pwmRequest.getUserInfoIfLoggedIn());
try {
chaiUser.getChaiProvider().deleteEntry(chaiUser.getEntryDN());
} catch (ChaiException e) {
final PwmUnrecoverableException pwmException = PwmUnrecoverableException.fromChaiException(e);
LOGGER.error("error during user delete", pwmException);
throw pwmException;
}
}
// clear the delete bean
pwmApplication.getSessionStateService().clearBean(pwmRequest, DeleteAccountBean.class);
// delete finished, so logout and redirect.
pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
pwmRequest.sendRedirectToContinue();
return ProcessStatus.Halt;
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class RestChallengesServer method doFormGetChallengeData.
@RestMethodHandler(method = HttpMethod.GET, produces = HttpContentType.json)
public RestResultBean doFormGetChallengeData(final RestRequest restRequest) throws PwmUnrecoverableException {
final boolean answers = restRequest.readParameterAsBoolean("answers");
final boolean helpdesk = restRequest.readParameterAsBoolean("helpdesk");
final String username = restRequest.readParameterAsString(FIELD_USERNAME, PwmHttpRequestWrapper.Flag.BypassValidation);
try {
if (answers && !restRequest.getPwmApplication().getConfig().readSettingAsBoolean(PwmSetting.ENABLE_WEBSERVICES_READANSWERS)) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_SERVICE_NOT_AVAILABLE, "retrieval of answers is not permitted"));
}
final TargetUserIdentity targetUserIdentity = RestUtility.resolveRequestedUsername(restRequest, username);
// gather data
final ResponseSet responseSet;
final ChallengeSet challengeSet;
final ChallengeSet helpdeskChallengeSet;
final String outputUsername;
final ChaiUser chaiUser = targetUserIdentity.getChaiUser();
final Locale userLocale = restRequest.getLocale();
final CrService crService = restRequest.getPwmApplication().getCrService();
responseSet = crService.readUserResponseSet(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser);
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(restRequest.getPwmApplication(), restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, userLocale);
final ChallengeProfile challengeProfile = crService.readUserChallengeProfile(restRequest.getSessionLabel(), targetUserIdentity.getUserIdentity(), chaiUser, passwordPolicy, userLocale);
challengeSet = challengeProfile.getChallengeSet();
helpdeskChallengeSet = challengeProfile.getHelpdeskChallengeSet();
outputUsername = targetUserIdentity.getUserIdentity().toDelimitedKey();
// build output
final JsonChallengesData jsonData = new JsonChallengesData();
{
jsonData.username = outputUsername;
if (responseSet != null) {
jsonData.challenges = responseSet.asChallengeBeans(answers);
if (helpdesk) {
jsonData.helpdeskChallenges = responseSet.asHelpdeskChallengeBeans(answers);
}
jsonData.minimumRandoms = responseSet.getChallengeSet().getMinRandomRequired();
}
final Policy policy = new Policy();
if (challengeSet != null) {
policy.challenges = challengesToBeans(challengeSet.getChallenges());
policy.minimumRandoms = challengeSet.getMinRandomRequired();
}
if (helpdeskChallengeSet != null && helpdesk) {
policy.helpdeskChallenges = challengesToBeans(helpdeskChallengeSet.getChallenges());
}
if (policy.challenges != null || policy.helpdeskChallenges != null) {
jsonData.policy = policy;
}
}
// update statistics
StatisticsManager.incrementStat(restRequest.getPwmApplication(), Statistic.REST_CHALLENGES);
return RestResultBean.withData(jsonData);
} catch (ChaiException e) {
final String errorMsg = "unexpected error building json response: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
return RestResultBean.fromError(restRequest, errorInformation);
}
}
Aggregations