use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class PeopleSearchDataReader method doDetailLookup.
private UserSearchResults doDetailLookup(final UserIdentity userIdentity) throws PwmUnrecoverableException {
final List<FormConfiguration> detailFormConfig = pwmRequest.getConfig().readSettingAsForm(PwmSetting.PEOPLE_SEARCH_DETAIL_FORM);
final Map<String, String> attributeHeaderMap = UserSearchResults.fromFormConfiguration(detailFormConfig, pwmRequest.getLocale());
if (peopleSearchConfiguration.isOrgChartEnabled()) {
final String orgChartParentAttr = peopleSearchConfiguration.getOrgChartParentAttr();
if (!attributeHeaderMap.containsKey(orgChartParentAttr)) {
attributeHeaderMap.put(orgChartParentAttr, orgChartParentAttr);
}
final String orgChartChildAttr = peopleSearchConfiguration.getOrgChartParentAttr();
if (!attributeHeaderMap.containsKey(orgChartChildAttr)) {
attributeHeaderMap.put(orgChartChildAttr, orgChartChildAttr);
}
}
try {
final ChaiUser theUser = getChaiUser(userIdentity);
final Map<String, String> values = theUser.readStringAttributes(attributeHeaderMap.keySet());
return new UserSearchResults(attributeHeaderMap, Collections.singletonMap(userIdentity, values), false);
} catch (ChaiException e) {
LOGGER.error("unexpected error during detail lookup of '" + userIdentity + "', error: " + e.getMessage());
throw PwmUnrecoverableException.fromChaiException(e);
}
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class UpdateProfileServlet method nextStep.
protected void nextStep(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final UpdateProfileBean updateProfileBean = getBean(pwmRequest);
final UpdateProfileProfile updateProfileProfile = getProfile(pwmRequest);
final PwmSession pwmSession = pwmRequest.getPwmSession();
{
final String updateProfileAgreementText = updateProfileProfile.readSettingAsLocalizedString(PwmSetting.UPDATE_PROFILE_AGREEMENT_MESSAGE, pwmSession.getSessionStateBean().getLocale());
if (!StringUtil.isEmpty(updateProfileAgreementText)) {
if (!updateProfileBean.isAgreementPassed()) {
final MacroMachine macroMachine = pwmRequest.getPwmSession().getSessionManager().getMacroMachine(pwmRequest.getPwmApplication());
final String expandedText = macroMachine.expandMacros(updateProfileAgreementText);
pwmRequest.setAttribute(PwmRequestAttribute.AgreementText, expandedText);
pwmRequest.forwardToJsp(JspUrl.UPDATE_ATTRIBUTES_AGREEMENT);
return;
}
}
}
// make sure there is form data in the bean.
if (!updateProfileBean.isFormLdapLoaded()) {
updateProfileBean.getFormData().clear();
updateProfileBean.getFormData().putAll((UpdateProfileUtil.formDataFromLdap(pwmRequest, updateProfileProfile)));
updateProfileBean.setFormLdapLoaded(true);
UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
return;
}
if (!updateProfileBean.isFormSubmitted()) {
UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
return;
}
// validate the form data.
try {
// verify form meets the form requirements
final List<FormConfiguration> formFields = updateProfileProfile.readSettingAsForm(PwmSetting.UPDATE_PROFILE_FORM);
final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromMap(updateProfileBean.getFormData(), formFields, pwmRequest.getLocale());
UpdateProfileUtil.verifyFormAttributes(pwmRequest.getPwmApplication(), pwmRequest.getUserInfoIfLoggedIn(), pwmRequest.getLocale(), formValues, true);
} catch (PwmException e) {
LOGGER.error(pwmSession, e.getMessage());
setLastError(pwmRequest, e.getErrorInformation());
UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
return;
}
{
final boolean requireConfirmation = updateProfileProfile.readSettingAsBoolean(PwmSetting.UPDATE_PROFILE_SHOW_CONFIRMATION);
if (requireConfirmation && !updateProfileBean.isConfirmationPassed()) {
UpdateProfileUtil.forwardToConfirmForm(pwmRequest, updateProfileProfile, updateProfileBean);
return;
}
}
if (UpdateProfileUtil.checkForTokenVerificationProgress(pwmRequest, updateProfileBean, updateProfileProfile) == ProcessStatus.Halt) {
return;
}
try {
// write the form values
final ChaiUser theUser = pwmSession.getSessionManager().getActor(pwmApplication);
UpdateProfileUtil.doProfileUpdate(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), pwmRequest.getLocale(), pwmSession.getUserInfo(), pwmSession.getSessionManager().getMacroMachine(pwmApplication), updateProfileProfile, updateProfileBean.getFormData(), theUser);
// re-populate the uiBean because we have changed some values.
pwmSession.reloadUserInfoBean(pwmApplication);
// clear cached read attributes.
pwmRequest.getPwmSession().reloadUserInfoBean(pwmApplication);
// mark the event log
pwmApplication.getAuditManager().submit(AuditEvent.UPDATE_PROFILE, pwmSession.getUserInfo(), pwmSession);
// clear the bean
pwmApplication.getSessionStateService().clearBean(pwmRequest, UpdateProfileBean.class);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UpdateProfile);
return;
} catch (PwmException e) {
LOGGER.error(pwmSession, e.getMessage());
setLastError(pwmRequest, e.getErrorInformation());
} catch (ChaiException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UPDATE_ATTRS_FAILURE, e.toString());
LOGGER.error(pwmSession, errorInformation.toDebugStr());
setLastError(pwmRequest, errorInformation);
}
UpdateProfileUtil.forwardToForm(pwmRequest, updateProfileProfile, updateProfileBean);
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class LdapTokenMachine method storeToken.
public void storeToken(final TokenKey tokenKey, final TokenPayload tokenPayload) throws PwmOperationalException, PwmUnrecoverableException {
try {
final String md5sumToken = tokenKey.getStoredHash();
final String encodedTokenPayload = tokenService.toEncryptedString(tokenPayload);
final UserIdentity userIdentity = tokenPayload.getUserIdentity();
final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userIdentity);
chaiUser.writeStringAttribute(tokenAttribute, md5sumToken + KEY_VALUE_DELIMITER + encodedTokenPayload);
} catch (ChaiException e) {
final String errorMsg = "unexpected ldap error saving token: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmOperationalException(errorInformation);
}
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class SessionAuthenticator method simulateBadPassword.
public void simulateBadPassword(final UserIdentity userIdentity) throws PwmUnrecoverableException {
if (!pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.SECURITY_SIMULATE_LDAP_BAD_PASSWORD)) {
return;
} else {
LOGGER.trace(sessionLabel, "performing bad-password login attempt against ldap directory as a result of " + "forgotten password recovery invalid attempt against " + userIdentity);
}
if (userIdentity == null || userIdentity.getUserDN() == null || userIdentity.getUserDN().length() < 1) {
LOGGER.error(sessionLabel, "attempt to simulateBadPassword with null userDN");
return;
}
LOGGER.trace(sessionLabel, "beginning simulateBadPassword process");
final PasswordData bogusPassword = new PasswordData(PwmConstants.DEFAULT_BAD_PASSWORD_ATTEMPT);
// try authenticating the user using a normal ldap BIND operation.
LOGGER.trace(sessionLabel, "attempting authentication using ldap BIND");
ChaiProvider provider = null;
try {
// read a provider using the user's DN and password.
provider = LdapOperationsHelper.createChaiProvider(pwmApplication, sessionLabel, userIdentity.getLdapProfile(pwmApplication.getConfig()), pwmApplication.getConfig(), userIdentity.getUserDN(), bogusPassword);
// issue a read operation to trigger a bind.
provider.readStringAttribute(userIdentity.getUserDN(), ChaiConstant.ATTR_LDAP_OBJECTCLASS);
LOGGER.debug(sessionLabel, "bad-password login attempt succeeded for " + userIdentity);
} catch (ChaiException e) {
if (e.getErrorCode() == ChaiError.PASSWORD_BADPASSWORD) {
LOGGER.trace(sessionLabel, "bad-password login simulation succeeded for; " + userIdentity + " result: " + e.getMessage());
} else {
LOGGER.debug(sessionLabel, "unexpected error during simulated bad-password login attempt for " + userIdentity + "; result: " + e.getMessage());
}
} finally {
if (provider != null) {
try {
provider.close();
} catch (Throwable e) {
LOGGER.error(sessionLabel, "unexpected error closing invalid ldap connection after simulated bad-password failed login attempt: " + e.getMessage());
}
}
}
}
use of com.novell.ldapchai.exception.ChaiException in project pwm by pwm-project.
the class LdapPermissionTester method testQueryMatch.
public static boolean testQueryMatch(final PwmApplication pwmApplication, final SessionLabel pwmSession, final UserIdentity userIdentity, final String filterString) throws PwmUnrecoverableException {
final Instant startTime = Instant.now();
if (userIdentity == null) {
return false;
}
LOGGER.trace(pwmSession, "begin check for ldapQuery match for " + userIdentity + " using queryMatch: " + filterString);
boolean result = false;
if (filterString == null || filterString.length() < 1) {
LOGGER.trace(pwmSession, "missing queryMatch value, skipping check");
} else if ("(objectClass=*)".equalsIgnoreCase(filterString) || "objectClass=*".equalsIgnoreCase(filterString)) {
LOGGER.trace(pwmSession, "queryMatch check is guaranteed to be true, skipping ldap query");
result = true;
} else {
try {
LOGGER.trace(pwmSession, "checking ldap to see if " + userIdentity + " matches '" + filterString + "'");
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
final Map<String, Map<String, String>> results = theUser.getChaiProvider().search(theUser.getEntryDN(), filterString, Collections.emptySet(), SearchScope.BASE);
if (results.size() == 1 && results.keySet().contains(theUser.getEntryDN())) {
result = true;
}
} catch (ChaiException e) {
LOGGER.warn(pwmSession, "LDAP error during check for " + userIdentity + " using " + filterString + ", error:" + e.getMessage());
}
}
final String logMsg = "user " + userIdentity.toDisplayString() + " is " + (result ? "" : "not ") + "a match for filter '" + filterString + "'" + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
LOGGER.debug(pwmSession, logMsg);
return result;
}
Aggregations