Search in sources :

Example 16 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class PeopleSearchDataReader method doDetailLookup.

private UserSearchResults doDetailLookup(final UserIdentity userIdentity) throws PwmUnrecoverableException {
    final List<FormConfiguration> detailFormConfig = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PEOPLE_SEARCH_DETAIL_FORM);
    final Map<String, String> attributeHeaderMap = UserSearchResults.fromFormConfiguration(detailFormConfig, pwmRequest.getLocale());
    if (peopleSearchConfiguration.isOrgChartEnabled()) {
        final String orgChartParentAttr = peopleSearchConfiguration.getOrgChartParentAttr();
        if (!attributeHeaderMap.containsKey(orgChartParentAttr)) {
            attributeHeaderMap.put(orgChartParentAttr, orgChartParentAttr);
        }
        final String orgChartChildAttr = peopleSearchConfiguration.getOrgChartParentAttr();
        if (!attributeHeaderMap.containsKey(orgChartChildAttr)) {
            attributeHeaderMap.put(orgChartChildAttr, orgChartChildAttr);
        }
    }
    try {
        final ChaiUser theUser = getChaiUser(userIdentity);
        final Map<String, String> values = theUser.readStringAttributes(attributeHeaderMap.keySet());
        return new UserSearchResults(attributeHeaderMap, Collections.singletonMap(userIdentity, values), false);
    } catch (ChaiException e) {
        LOGGER.error("unexpected error during detail lookup of '" + userIdentity + "', error: " + e.getMessage());
        throw PwmUnrecoverableException.fromChaiException(e);
    }
}
Also used : ChaiUser(com.novell.ldapchai.ChaiUser) UserSearchResults(password.pwm.ldap.search.UserSearchResults) FormConfiguration(password.pwm.config.value.data.FormConfiguration) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 17 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class UpdateProfileServlet method nextStep.

protected void nextStep(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final UpdateProfileBean updateProfileBean = getBean(pwmRequest);
    final UpdateProfileProfile updateProfileProfile = getProfile(pwmRequest);
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    {
        final String updateProfileAgreementText = updateProfileProfile.readSettingAsLocalizedString(PwmSetting.UPDATE_PROFILE_AGREEMENT_MESSAGE, pwmSession.getSessionStateBean().getLocale());
        if (!StringUtil.isEmpty(updateProfileAgreementText)) {
            if (!updateProfileBean.isAgreementPassed()) {
                final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
                final String expandedText = macroMachine.expandMacros(updateProfileAgreementText);
                pwmRequest.setAttribute(PwmRequestAttribute.AgreementText, expandedText);
                pwmRequest.forwardToJsp(JspUrl.UPDATE_ATTRIBUTES_AGREEMENT);
                return;
            }
        }
    }
    // make sure there is form data in the bean.
    if (!updateProfileBean.isFormLdapLoaded()) {
        updateProfileBean.getFormData().clear();
        updateProfileBean.getFormData().putAll((UpdateProfileUtil.formDataFromLdap(pwmRequest, updateProfileProfile)));
        updateProfileBean.setFormLdapLoaded(true);
        UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
        return;
    }
    if (!updateProfileBean.isFormSubmitted()) {
        UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
        return;
    }
    // validate the form data.
    try {
        // verify form meets the form requirements
        final List<FormConfiguration> formFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromMap(updateProfileBean.getFormData(), formFields, pwmRequest.getLocale());
        UpdateProfileUtil.verifyFormAttributes(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn(), pwmRequest.getLocale(), formValues, true);
    } catch (PwmException e) {
        LOGGER.error(pwmSession, e.getMessage());
        setLastError(pwmRequest, e.getErrorInformation());
        UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
        return;
    }
    {
        final boolean requireConfirmation = updateProfileProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SHOW_CONFIRMATION);
        if (requireConfirmation && !updateProfileBean.isConfirmationPassed()) {
            UpdateProfileUtil.forwardToConfirmForm(pwmRequest, updateProfileProfile, updateProfileBean);
            return;
        }
    }
    if (UpdateProfileUtil.checkForTokenVerificationProgress(pwmRequest, updateProfileBean, updateProfileProfile) == ProcessStatus.Halt) {
        return;
    }
    try {
        // write the form values
        final ChaiUser theUser = pwmSession.getSessionManager().getActor(pwmApplication);
        UpdateProfileUtil.doProfileUpdate(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), pwmSession.getUserInfo(), pwmSession.getSessionManager().getMacroMachine(pwmApplication), updateProfileProfile, updateProfileBean.getFormData(), theUser);
        // re-populate the uiBean because we have changed some values.
        pwmSession.reloadUserInfoBean(pwmApplication);
        // clear cached read attributes.
        pwmRequest.getPwmSession().reloadUserInfoBean(pwmApplication);
        // mark the event log
        pwmApplication.getAuditManager().submit(AuditEvent.UPDATE_PROFILE, pwmSession.getUserInfo(), pwmSession);
        // clear the bean
        pwmApplication.getSessionStateService().clearBean(pwmRequest, UpdateProfileBean.class);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UpdateProfile);
        return;
    } catch (PwmException e) {
        LOGGER.error(pwmSession, e.getMessage());
        setLastError(pwmRequest, e.getErrorInformation());
    } catch (ChaiException e) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UPDATE_ATTRS_FAILURE, e.toString());
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
        setLastError(pwmRequest, errorInformation);
    }
    UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
}
Also used : PwmApplication(password.pwm.PwmApplication) PwmException(password.pwm.error.PwmException) ErrorInformation(password.pwm.error.ErrorInformation) UpdateProfileBean(password.pwm.http.bean.UpdateProfileBean) ChaiUser(com.novell.ldapchai.ChaiUser) MacroMachine(password.pwm.util.macro.MacroMachine) UpdateProfileProfile(password.pwm.config.profile.UpdateProfileProfile) FormConfiguration(password.pwm.config.value.data.FormConfiguration) PwmSession(password.pwm.http.PwmSession) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 18 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class LdapTokenMachine method storeToken.

public void storeToken(final TokenKey tokenKey, final TokenPayload tokenPayload) throws PwmOperationalException, PwmUnrecoverableException {
    try {
        final String md5sumToken = tokenKey.getStoredHash();
        final String encodedTokenPayload = tokenService.toEncryptedString(tokenPayload);
        final UserIdentity userIdentity = tokenPayload.getUserIdentity();
        final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userIdentity);
        chaiUser.writeStringAttribute(tokenAttribute, md5sumToken + KEY_VALUE_DELIMITER + encodedTokenPayload);
    } catch (ChaiException e) {
        final String errorMsg = "unexpected ldap error saving token: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmOperationalException(errorInformation);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiUser(com.novell.ldapchai.ChaiUser) UserIdentity(password.pwm.bean.UserIdentity) ChaiException(com.novell.ldapchai.exception.ChaiException) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 19 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class SessionAuthenticator method simulateBadPassword.

public void simulateBadPassword(final UserIdentity userIdentity) throws PwmUnrecoverableException {
    if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.SECURITY_SIMULATE_LDAP_BAD_PASSWORD)) {
        return;
    } else {
        LOGGER.trace(sessionLabel, "performing bad-password login attempt against ldap directory as a result of " + "forgotten password recovery invalid attempt against " + userIdentity);
    }
    if (userIdentity == null || userIdentity.getUserDN() == null || userIdentity.getUserDN().length() < 1) {
        LOGGER.error(sessionLabel, "attempt to simulateBadPassword with null userDN");
        return;
    }
    LOGGER.trace(sessionLabel, "beginning simulateBadPassword process");
    final PasswordData bogusPassword = new PasswordData(PwmConstants.DEFAULT_BAD_PASSWORD_ATTEMPT);
    // try authenticating the user using a normal ldap BIND operation.
    LOGGER.trace(sessionLabel, "attempting authentication using ldap BIND");
    ChaiProvider provider = null;
    try {
        // read a provider using the user's DN and password.
        provider = LdapOperationsHelper.createChaiProvider(pwmApplication, sessionLabel, userIdentity.getLdapProfile(pwmApplication.getConfig()), pwmApplication.getConfig(), userIdentity.getUserDN(), bogusPassword);
        // issue a read operation to trigger a bind.
        provider.readStringAttribute(userIdentity.getUserDN(), ChaiConstant.ATTR_LDAP_OBJECTCLASS);
        LOGGER.debug(sessionLabel, "bad-password login attempt succeeded for " + userIdentity);
    } catch (ChaiException e) {
        if (e.getErrorCode() == ChaiError.PASSWORD_BADPASSWORD) {
            LOGGER.trace(sessionLabel, "bad-password login simulation succeeded for; " + userIdentity + " result: " + e.getMessage());
        } else {
            LOGGER.debug(sessionLabel, "unexpected error during simulated bad-password login attempt for " + userIdentity + "; result: " + e.getMessage());
        }
    } finally {
        if (provider != null) {
            try {
                provider.close();
            } catch (Throwable e) {
                LOGGER.error(sessionLabel, "unexpected error closing invalid ldap connection after simulated bad-password failed login attempt: " + e.getMessage());
            }
        }
    }
}
Also used : ChaiProvider(com.novell.ldapchai.provider.ChaiProvider) PasswordData(password.pwm.util.PasswordData) ChaiException(com.novell.ldapchai.exception.ChaiException)

Example 20 with ChaiException

use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.

the class LdapPermissionTester method testQueryMatch.

public static boolean testQueryMatch(final PwmApplication pwmApplication, final SessionLabel pwmSession, final UserIdentity userIdentity, final String filterString) throws PwmUnrecoverableException {
    final Instant startTime = Instant.now();
    if (userIdentity == null) {
        return false;
    }
    LOGGER.trace(pwmSession, "begin check for ldapQuery match for " + userIdentity + " using queryMatch: " + filterString);
    boolean result = false;
    if (filterString == null || filterString.length() < 1) {
        LOGGER.trace(pwmSession, "missing queryMatch value, skipping check");
    } else if ("(objectClass=*)".equalsIgnoreCase(filterString) || "objectClass=*".equalsIgnoreCase(filterString)) {
        LOGGER.trace(pwmSession, "queryMatch check is guaranteed to be true, skipping ldap query");
        result = true;
    } else {
        try {
            LOGGER.trace(pwmSession, "checking ldap to see if " + userIdentity + " matches '" + filterString + "'");
            final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
            final Map<String, Map<String, String>> results = theUser.getChaiProvider().search(theUser.getEntryDN(), filterString, Collections.emptySet(), SearchScope.BASE);
            if (results.size() == 1 && results.keySet().contains(theUser.getEntryDN())) {
                result = true;
            }
        } catch (ChaiException e) {
            LOGGER.warn(pwmSession, "LDAP error during check for " + userIdentity + " using " + filterString + ", error:" + e.getMessage());
        }
    }
    final String logMsg = "user " + userIdentity.toDisplayString() + " is " + (result ? "" : "not ") + "a match for filter '" + filterString + "'" + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
    LOGGER.debug(pwmSession, logMsg);
    return result;
}
Also used : ChaiUser(com.novell.ldapchai.ChaiUser) Instant(java.time.Instant) ChaiException(com.novell.ldapchai.exception.ChaiException) TreeMap(java.util.TreeMap) Map(java.util.Map)

Aggregations

ChaiException (com.novell.ldapchai.exception.ChaiException)33 ErrorInformation (password.pwm.error.ErrorInformation)18 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)16 ChaiUser (com.novell.ldapchai.ChaiUser)15 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)9 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)6 UserIdentity (password.pwm.bean.UserIdentity)6 PwmOperationalException (password.pwm.error.PwmOperationalException)6 Instant (java.time.Instant)5 ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)4 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)4 ArrayList (java.util.ArrayList)4 FormConfiguration (password.pwm.config.value.data.FormConfiguration)4 PasswordData (password.pwm.util.PasswordData)4 ResponseSet (com.novell.ldapchai.cr.ResponseSet)3 List (java.util.List)3 Map (java.util.Map)3 PwmApplication (password.pwm.PwmApplication)3 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2 NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)2