Examples with ChaiOperationException com.novell.ldapchai.exception.ChaiOperationException used on opensource projects

Example 51 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class ForgottenPasswordServlet method executeUnlock.

private void executeUnlock(final PwmRequest pwmRequest) throws IOException, ServletException, ChaiUnavailableException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    try {
        final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
        theUser.unlockPassword();
        // mark the event log
        final UserInfo userInfoBean = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
        pwmApplication.getAuditManager().submit(AuditEvent.UNLOCK_PASSWORD, userInfoBean, pwmSession);
        ForgottenPasswordUtil.sendUnlockNoticeEmail(pwmRequest, forgottenPasswordBean);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UnlockAccount);
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + userIdentity + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmSession, errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation, true);
    } finally {
        clearForgottenPasswordBean(pwmRequest);
    }
}

Example 52 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class ForgottenPasswordUtil method initForgottenPasswordBean.

static void initForgottenPasswordBean(final PwmRequest pwmRequest, final UserIdentity userIdentity, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException, PwmOperationalException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Locale locale = pwmRequest.getLocale();
    final SessionLabel sessionLabel = pwmRequest.getSessionLabel();
    forgottenPasswordBean.setUserIdentity(userIdentity);
    final UserInfo userInfo = readUserInfo(pwmRequest, forgottenPasswordBean);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmApplication, pwmRequest.getSessionLabel(), userIdentity);
    final String forgottenProfileID = forgottenPasswordProfile.getIdentifier();
    forgottenPasswordBean.setForgottenPasswordProfileID(forgottenProfileID);
    final ForgottenPasswordBean.RecoveryFlags recoveryFlags = calculateRecoveryFlags(pwmApplication, forgottenProfileID);
    final ChallengeSet challengeSet;
    if (recoveryFlags.getRequiredAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES) || recoveryFlags.getOptionalAuthMethods().contains(IdentityVerificationMethod.CHALLENGE_RESPONSES)) {
        final ResponseSet responseSet;
        try {
            final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            responseSet = pwmApplication.getCrService().readUserResponseSet(sessionLabel, userInfo.getUserIdentity(), theUser);
            challengeSet = responseSet == null ? null : responseSet.getPresentableChallengeSet();
        } catch (ChaiValidationException e) {
            final String errorMsg = "unable to determine presentable challengeSet for stored responses: " + e.getMessage();
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    } else {
        challengeSet = null;
    }
    if (!recoveryFlags.isAllowWhenLdapIntruderLocked()) {
        try {
            final ChaiUser chaiUser = pwmApplication.getProxiedChaiUser(userInfo.getUserIdentity());
            if (chaiUser.isPasswordLocked()) {
                throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_INTRUDER_LDAP));
            }
        } catch (ChaiOperationException e) {
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "error checking user '" + userInfo.getUserIdentity() + "' ldap intruder lock status: " + e.getMessage());
            LOGGER.error(sessionLabel, errorInformation);
            throw new PwmUnrecoverableException(errorInformation);
        } catch (ChaiUnavailableException e) {
            throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
        }
    }
    final List<FormConfiguration> attributeForm;
    try {
        attributeForm = figureAttributeForm(forgottenPasswordProfile, forgottenPasswordBean, pwmRequest, userIdentity);
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
    }
    forgottenPasswordBean.setUserLocale(locale);
    forgottenPasswordBean.setPresentableChallengeSet(challengeSet);
    forgottenPasswordBean.setAttributeForm(attributeForm);
    forgottenPasswordBean.setRecoveryFlags(recoveryFlags);
    forgottenPasswordBean.setProgress(new ForgottenPasswordBean.Progress());
    for (final IdentityVerificationMethod recoveryVerificationMethods : recoveryFlags.getRequiredAuthMethods()) {
        verifyRequirementsForAuthMethod(pwmRequest, forgottenPasswordBean, recoveryVerificationMethods);
    }
}

Example 53 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class HelpdeskServlet method restUnlockIntruder.

@ActionHandler(action = "unlockIntruder")
private ProcessStatus restUnlockIntruder(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
    if (userKey.length() < 1) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
    if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_UNLOCK)) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password unlock request, but helpdesk unlock is not enabled");
        LOGGER.error(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation);
        return ProcessStatus.Halt;
    }
    // clear pwm intruder setting.
    {
        final IntruderManager intruderManager = pwmRequest.getPwmApplication().getIntruderManager();
        intruderManager.convenience().clearUserIdentity(userIdentity);
    }
    try {
        final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
        // send notice email
        HelpdeskServletUtil.sendUnlockNoticeEmail(pwmRequest, helpdeskProfile, userIdentity, chaiUser);
        chaiUser.unlockPassword();
        {
            // mark the event log
            final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_UNLOCK_PASSWORD, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
            pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
        }
    } catch (ChaiPasswordPolicyException e) {
        final ChaiError passwordError = e.getErrorCode();
        final PwmError pwmError = PwmError.forChaiError(passwordError);
        pwmRequest.respondWithError(new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError));
        LOGGER.trace(pwmRequest, "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString());
        return ProcessStatus.Halt;
    } catch (ChaiOperationException e) {
        final PwmError returnMsg = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
        final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
        pwmRequest.respondWithError(error);
        LOGGER.warn(pwmRequest, "error resetting password for user '" + userIdentity.toDisplayString() + "'' " + error.toDebugStr() + ", " + e.getMessage());
        return ProcessStatus.Halt;
    }
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}

Example 54 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class HelpdeskServlet method restDeleteUserRequest.

@ActionHandler(action = "deleteUser")
private ProcessStatus restDeleteUserRequest(final PwmRequest pwmRequest) throws ChaiUnavailableException, PwmUnrecoverableException, IOException, ServletException {
    final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
    if (userKey.length() < 1) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, PwmConstants.PARAM_USERKEY + " parameter is missing");
        setLastError(pwmRequest, errorInformation);
        pwmRequest.respondWithError(errorInformation, false);
        return ProcessStatus.Halt;
    }
    final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmApplication);
    LOGGER.info(pwmSession, "received deleteUser request by " + pwmSession.getUserInfo().getUserIdentity().toString() + " for user " + userIdentity.toString());
    // check if user should be seen by actor
    HelpdeskServletUtil.checkIfUserIdentityViewable(pwmRequest, helpdeskProfile, userIdentity);
    // read the userID for later logging.
    String userID = null;
    try {
        userID = pwmSession.getUserInfo().getUsername();
    } catch (PwmUnrecoverableException e) {
        LOGGER.warn(pwmSession, "unable to read username of deleted user while creating audit record");
    }
    // execute user delete operation
    final ChaiProvider provider = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_USE_PROXY) ? pwmApplication.getProxyChaiProvider(userIdentity.getLdapProfileID()) : pwmSession.getSessionManager().getChaiProvider();
    try {
        provider.deleteEntry(userIdentity.getUserDN());
    } catch (ChaiOperationException e) {
        final String errorMsg = "error while attempting to delete user " + userIdentity.toString() + ", error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        LOGGER.debug(pwmRequest, errorMsg);
        pwmRequest.outputJsonResult(RestResultBean.fromError(errorInformation, pwmRequest));
        return ProcessStatus.Halt;
    }
    // mark the event log
    {
        // normally the audit record builder reads the userID while constructing the record, but because the target user is already deleted,
        // it will be included here explicitly.
        final AuditRecordFactory.AuditUserDefinition auditUserDefinition = new AuditRecordFactory.AuditUserDefinition(userID, userIdentity.getUserDN(), userIdentity.getLdapProfileID());
        final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_DELETE_USER, pwmSession.getUserInfo().getUserIdentity(), null, auditUserDefinition, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
        pwmApplication.getAuditManager().submit(auditRecord);
    }
    LOGGER.info(pwmSession, "user " + userIdentity + " has been deleted");
    final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}

Example 55 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class HelpdeskServlet method restShowVerifications.

@ActionHandler(action = "showVerifications")
private ProcessStatus restShowVerifications(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException, ChaiUnavailableException {
    final Map<String, String> bodyMap = pwmRequest.readBodyAsJsonStringMap(PwmHttpRequestWrapper.Flag.BypassValidation);
    final String rawVerificationStr = bodyMap.get(HelpdeskVerificationStateBean.PARAMETER_VERIFICATION_STATE_KEY);
    final HelpdeskVerificationStateBean state = HelpdeskVerificationStateBean.fromClientString(pwmRequest, rawVerificationStr);
    final HashMap<String, Object> results = new HashMap<>();
    try {
        results.put("records", state.asViewableValidationRecords(pwmRequest.getPwmApplication(), pwmRequest.getLocale()));
    } catch (ChaiOperationException e) {
        throw PwmUnrecoverableException.fromChaiException(e);
    }
    final RestResultBean restResultBean = RestResultBean.withData(results);
    pwmRequest.outputJsonResult(restResultBean);
    return ProcessStatus.Halt;
}