use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class PasswordUtility method readLdapPasswordPolicy.
public static PwmPasswordPolicy readLdapPasswordPolicy(final PwmApplication pwmApplication, final ChaiUser theUser) throws PwmUnrecoverableException {
try {
final Map<String, String> ruleMap = new HashMap<>();
final ChaiPasswordPolicy chaiPolicy;
try {
chaiPolicy = theUser.getPasswordPolicy();
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
if (chaiPolicy != null) {
for (final String key : chaiPolicy.getKeys()) {
ruleMap.put(key, chaiPolicy.getValue(key));
}
if (!"read".equals(pwmApplication.getConfig().readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY))) {
ruleMap.put(PwmPasswordRule.CaseSensitive.getKey(), pwmApplication.getConfig().readSettingAsString(PwmSetting.PASSWORD_POLICY_CASE_SENSITIVITY));
}
return PwmPasswordPolicy.createPwmPasswordPolicy(ruleMap, chaiPolicy);
}
} catch (ChaiOperationException e) {
LOGGER.warn("error reading password policy for user " + theUser.getEntryDN() + ", error: " + e.getMessage());
}
return PwmPasswordPolicy.defaultPolicy();
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class ActionExecutor method writeLdapAttribute.
private static void writeLdapAttribute(final SessionLabel sessionLabel, final ChaiUser theUser, final String attrName, final String attrValue, final ActionConfiguration.LdapMethod ldapMethod, final MacroMachine macroMachine) throws PwmOperationalException, ChaiUnavailableException {
final ActionConfiguration.LdapMethod effectiveLdapMethod = (ldapMethod == null) ? ActionConfiguration.LdapMethod.replace : ldapMethod;
final String effectiveAttrValue = (macroMachine != null) ? macroMachine.expandMacros(attrValue) : attrValue;
LOGGER.trace(sessionLabel, "beginning ldap " + effectiveLdapMethod.toString() + " operation on " + theUser.getEntryDN() + ", attribute " + attrName);
switch(effectiveLdapMethod) {
case replace:
{
try {
theUser.writeStringAttribute(attrName, effectiveAttrValue);
LOGGER.info(sessionLabel, "replaced attribute on user " + theUser.getEntryDN() + " (" + attrName + "=" + effectiveAttrValue + ")");
} catch (ChaiOperationException e) {
final String errorMsg = "error setting '" + attrName + "' attribute on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
final PwmOperationalException newException = new PwmOperationalException(errorInformation);
newException.initCause(e);
throw newException;
}
}
break;
case add:
{
try {
theUser.addAttribute(attrName, effectiveAttrValue);
LOGGER.info(sessionLabel, "added attribute on user " + theUser.getEntryDN() + " (" + attrName + "=" + effectiveAttrValue + ")");
} catch (ChaiOperationException e) {
final String errorMsg = "error adding '" + attrName + "' attribute value from user " + theUser.getEntryDN() + ", error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
final PwmOperationalException newException = new PwmOperationalException(errorInformation);
newException.initCause(e);
throw newException;
}
}
break;
case remove:
{
try {
theUser.deleteAttribute(attrName, effectiveAttrValue);
LOGGER.info(sessionLabel, "deleted attribute value on user " + theUser.getEntryDN() + " (" + attrName + ")");
} catch (ChaiOperationException e) {
final String errorMsg = "error deletig '" + attrName + "' attribute value on user " + theUser.getEntryDN() + ", error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
final PwmOperationalException newException = new PwmOperationalException(errorInformation);
newException.initCause(e);
throw newException;
}
}
break;
default:
throw new IllegalStateException("unexpected ldap method type " + effectiveLdapMethod);
}
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class LdapOtpOperator method clearOtpUserConfiguration.
@Override
public void clearOtpUserConfiguration(final PwmSession pwmSession, final UserIdentity userIdentity, final String userGuid) throws PwmUnrecoverableException {
final Configuration config = pwmApplication.getConfig();
final LdapProfile ldapProfile = config.getLdapProfiles().get(userIdentity.getLdapProfileID());
final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.OTP_SECRET_LDAP_ATTRIBUTE);
if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
final String errorMsg = "ldap storage attribute is not configured, unable to clear OTP secret";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
final ChaiUser theUser = pwmSession == null ? pwmApplication.getProxiedChaiUser(userIdentity) : pwmSession.getSessionManager().getActor(pwmApplication, userIdentity);
theUser.deleteAttribute(ldapStorageAttribute, null);
LOGGER.info("cleared OTP secret for user to chai-ldap format");
} catch (ChaiOperationException e) {
final String errorMsg;
if (e.getErrorCode() == ChaiError.NO_ACCESS) {
errorMsg = "permission error clearing responses to ldap attribute '" + ldapStorageAttribute + "', user does not appear to have correct permissions to clear OTP secret: " + e.getMessage();
} else {
errorMsg = "error clearing OTP secret to ldap attribute '" + ldapStorageAttribute + "': " + e.getMessage();
}
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_OTP_SECRET, errorMsg);
final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
pwmOE.initCause(e);
throw pwmOE;
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
}
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class LdapOtpOperator method readOtpUserConfiguration.
/**
* Read OTP secret and instantiate a OTP User Configuration object.
*/
@Override
public OTPUserRecord readOtpUserConfiguration(final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
final Configuration config = getPwmApplication().getConfig();
final LdapProfile ldapProfile = config.getLdapProfiles().get(userIdentity.getLdapProfileID());
final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.OTP_SECRET_LDAP_ATTRIBUTE);
if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
final String errorMsg = "ldap storage attribute is not configured, unable to read OTP secret";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
OTPUserRecord otp = null;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
String value = theUser.readStringAttribute(ldapStorageAttribute);
if (config.readSettingAsBoolean(PwmSetting.OTP_SECRET_ENCRYPT)) {
value = decryptAttributeValue(value);
}
if (value != null) {
otp = decomposeOtpAttribute(value);
}
} catch (ChaiOperationException e) {
final String errorMsg = "unexpected LDAP error reading responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (ChaiUnavailableException e) {
final String errorMsg = "unexpected LDAP error reading responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (PwmOperationalException e) {
final String errorMsg = "unexpected error reading responses: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
return otp;
}
use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.
the class ForgottenPasswordServlet method executeResetPassword.
private void executeResetPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (!forgottenPasswordBean.getProgress().isAllPassed()) {
return;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
try {
// try unlocking user
theUser.unlockPassword();
LOGGER.trace(pwmSession, "unlock account succeeded");
} catch (ChaiOperationException e) {
final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
LOGGER.error(pwmSession, errorInformation.toDebugStr());
}
try {
final SessionAuthenticator sessionAuthenticator = new SessionAuthenticator(pwmApplication, pwmSession, PwmAuthenticationSource.FORGOTTEN_PASSWORD);
sessionAuthenticator.authUserWithUnknownPassword(userIdentity, AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
pwmSession.getLoginInfoBean().getAuthFlags().add(AuthenticationType.AUTH_FROM_PUBLIC_MODULE);
LOGGER.info(pwmSession, "user successfully supplied password recovery responses, forward to change password page: " + theUser.getEntryDN());
// mark the event log
pwmApplication.getAuditManager().submit(AuditEvent.RECOVER_PASSWORD, pwmSession.getUserInfo(), pwmSession);
// add the post-forgotten password actions
addPostChangeAction(pwmRequest, userIdentity);
// mark user as requiring a new password.
pwmSession.getLoginInfoBean().getLoginFlags().add(LoginInfoBean.LoginFlag.forcePwChange);
// redirect user to change password screen.
pwmRequest.sendRedirect(PwmServletDefinition.PublicChangePassword.servletUrlName());
} catch (PwmUnrecoverableException e) {
LOGGER.warn(pwmSession, "unexpected error authenticating during forgotten password recovery process user: " + e.getMessage());
pwmRequest.respondWithError(e.getErrorInformation());
} finally {
clearForgottenPasswordBean(pwmRequest);
}
}
Aggregations