Search in sources :

Example 46 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class PasswordUtility method readLdapPasswordPolicy.

public static PwmPasswordPolicy readLdapPasswordPolicy(final PwmApplication pwmApplication, final ChaiUser theUser) throws PwmUnrecoverableException {
    try {
        final Map<String, String> ruleMap = new HashMap<>();
        final ChaiPasswordPolicy chaiPolicy;
        try {
            chaiPolicy = theUser.getPasswordPolicy();
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
        if (chaiPolicy != null) {
            for (final String key : chaiPolicy.getKeys()) {
                ruleMap.put(key, chaiPolicy.getValue(key));
            }
            if (!"read".equals(pwmApplication.getConfig().readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY))) {
                ruleMap.put(PwmPasswordRule.CaseSensitive.getKey(), pwmApplication.getConfig().readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY));
            }
            return PwmPasswordPolicy.createPwmPasswordPolicy(ruleMap, chaiPolicy);
        }
    } catch (ChaiOperationException e) {
        LOGGER.warn("error reading password policy for user " + theUser.getEntryDN() + ", error: " + e.getMessage());
    }
    return PwmPasswordPolicy.defaultPolicy();
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) ChaiPasswordPolicy(com.novell.ldapchai.ChaiPasswordPolicy) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)

Example 47 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class ActionExecutor method writeLdapAttribute.

private static void writeLdapAttribute(final SessionLabel sessionLabel, final ChaiUser theUser, final String attrName, final String attrValue, final ActionConfiguration.LdapMethod ldapMethod, final MacroMachine macroMachine) throws PwmOperationalException, ChaiUnavailableException {
    final ActionConfiguration.LdapMethod effectiveLdapMethod = (ldapMethod == null) ? ActionConfiguration.LdapMethod.replace : ldapMethod;
    final String effectiveAttrValue = (macroMachine != null) ? macroMachine.expandMacros(attrValue) : attrValue;
    LOGGER.trace(sessionLabel, "beginning ldap " + effectiveLdapMethod.toString() + " operation on " + theUser.getEntryDN() + ", attribute " + attrName);
    switch(effectiveLdapMethod) {
        case replace:
            {
                try {
                    theUser.writeStringAttribute(attrName, effectiveAttrValue);
                    LOGGER.info(sessionLabel, "replaced attribute on user " + theUser.getEntryDN() + " (" + attrName + "=" + effectiveAttrValue + ")");
                } catch (ChaiOperationException e) {
                    final String errorMsg = "error setting '" + attrName + "' attribute on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
                    final PwmOperationalException newException = new PwmOperationalException(errorInformation);
                    newException.initCause(e);
                    throw newException;
                }
            }
            break;
        case add:
            {
                try {
                    theUser.addAttribute(attrName, effectiveAttrValue);
                    LOGGER.info(sessionLabel, "added attribute on user " + theUser.getEntryDN() + " (" + attrName + "=" + effectiveAttrValue + ")");
                } catch (ChaiOperationException e) {
                    final String errorMsg = "error adding '" + attrName + "' attribute value from user " + theUser.getEntryDN() + ", error: " + e.getMessage();
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
                    final PwmOperationalException newException = new PwmOperationalException(errorInformation);
                    newException.initCause(e);
                    throw newException;
                }
            }
            break;
        case remove:
            {
                try {
                    theUser.deleteAttribute(attrName, effectiveAttrValue);
                    LOGGER.info(sessionLabel, "deleted attribute value on user " + theUser.getEntryDN() + " (" + attrName + ")");
                } catch (ChaiOperationException e) {
                    final String errorMsg = "error deletig '" + attrName + "' attribute value on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
                    final PwmOperationalException newException = new PwmOperationalException(errorInformation);
                    newException.initCause(e);
                    throw newException;
                }
            }
            break;
        default:
            throw new IllegalStateException("unexpected ldap method type " + effectiveLdapMethod);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) ActionConfiguration(password.pwm.config.value.data.ActionConfiguration) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 48 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class LdapOtpOperator method clearOtpUserConfiguration.

@Override
public void clearOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity userIdentity, final String userGuid) throws PwmUnrecoverableException {
    final Configuration config = pwmApplication.getConfig();
    final LdapProfile ldapProfile = config.getLdapProfiles().get(userIdentity.getLdapProfileID());
    final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.OTP_SECRET_LDAP_ATTRIBUTE);
    if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
        final String errorMsg = "ldap storage attribute is not configured, unable to clear OTP secret";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        final ChaiUser theUser = pwmSession == null ? pwmApplication.getProxiedChaiUser(userIdentity) : pwmSession.getSessionManager().getActor(pwmApplication, userIdentity);
        theUser.deleteAttribute(ldapStorageAttribute, null);
        LOGGER.info("cleared OTP secret for user to chai-ldap format");
    } catch (ChaiOperationException e) {
        final String errorMsg;
        if (e.getErrorCode() == ChaiError.NO_ACCESS) {
            errorMsg = "permission error clearing responses to ldap attribute '" + ldapStorageAttribute + "', user does not appear to have correct permissions to clear OTP secret: " + e.getMessage();
        } else {
            errorMsg = "error clearing OTP secret to ldap attribute '" + ldapStorageAttribute + "': " + e.getMessage();
        }
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, errorMsg);
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(e);
        throw pwmOE;
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Configuration(password.pwm.config.Configuration) ChaiUser(com.novell.ldapchai.ChaiUser) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) LdapProfile(password.pwm.config.profile.LdapProfile)

Example 49 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class LdapOtpOperator method readOtpUserConfiguration.

/**
 * Read OTP secret and instantiate a OTP User Configuration object.
 */
@Override
public OTPUserRecord readOtpUserConfiguration(final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
    final Configuration config = getPwmApplication().getConfig();
    final LdapProfile ldapProfile = config.getLdapProfiles().get(userIdentity.getLdapProfileID());
    final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.OTP_SECRET_LDAP_ATTRIBUTE);
    if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
        final String errorMsg = "ldap storage attribute is not configured, unable to read OTP secret";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    OTPUserRecord otp = null;
    try {
        final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
        String value = theUser.readStringAttribute(ldapStorageAttribute);
        if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
            value = decryptAttributeValue(value);
        }
        if (value != null) {
            otp = decomposeOtpAttribute(value);
        }
    } catch (ChaiOperationException e) {
        final String errorMsg = "unexpected LDAP error reading responses: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    } catch (ChaiUnavailableException e) {
        final String errorMsg = "unexpected LDAP error reading responses: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    } catch (PwmOperationalException e) {
        final String errorMsg = "unexpected error reading responses: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return otp;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) Configuration(password.pwm.config.Configuration) ChaiUser(com.novell.ldapchai.ChaiUser) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) LdapProfile(password.pwm.config.profile.LdapProfile) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 50 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class ForgottenPasswordServlet method executeResetPassword.

private void executeResetPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        return;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
    try {
        // try unlocking user
        theUser.unlockPassword();
        LOGGER.trace(pwmSession, "unlock account succeeded");
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
    }
    try {
        final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.FORGOTTEN_PASSWORD);
        sessionAuthenticator.authUserWithUnknownPassword(userIdentity, AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
        pwmSession.getLoginInfoBean().getAuthFlags().add(AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
        LOGGER.info(pwmSession, "user successfully supplied password recovery responses, forward to change password page: " + theUser.getEntryDN());
        // mark the event log
        pwmApplication.getAuditManager().submit(AuditEvent.RECOVER_PASSWORD, pwmSession.getUserInfo(), pwmSession);
        // add the post-forgotten password actions
        addPostChangeAction(pwmRequest, userIdentity);
        // mark user as requiring a new password.
        pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
        // redirect user to change password screen.
        pwmRequest.sendRedirect(PwmServletDefinition.PublicChangePassword.servletUrlName());
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmSession, "unexpected error authenticating during forgotten password recovery process user: " + e.getMessage());
        pwmRequest.respondWithError(e.getErrorInformation());
    } finally {
        clearForgottenPasswordBean(pwmRequest);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) PwmApplication(password.pwm.PwmApplication) ChaiUser(com.novell.ldapchai.ChaiUser) SessionAuthenticator(password.pwm.ldap.auth.SessionAuthenticator) UserIdentity(password.pwm.bean.UserIdentity) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException) PwmSession(password.pwm.http.PwmSession) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Aggregations

ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)66 ErrorInformation (password.pwm.error.ErrorInformation)31 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)28 ChaiUser (com.novell.ldapchai.ChaiUser)24 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)21 UserIdentity (password.pwm.bean.UserIdentity)16 PwmOperationalException (password.pwm.error.PwmOperationalException)15 Map (java.util.Map)12 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)11 IOException (java.io.IOException)10 HashMap (java.util.HashMap)10 LinkedHashMap (java.util.LinkedHashMap)10 PwmApplication (password.pwm.PwmApplication)10 LdapProfile (password.pwm.config.profile.LdapProfile)10 FormConfiguration (password.pwm.config.value.data.FormConfiguration)9 List (java.util.List)8 PwmSession (password.pwm.http.PwmSession)8 UnsupportedEncodingException (java.io.UnsupportedEncodingException)7 ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)6 Instant (java.time.Instant)6