Examples with ChaiOperationException com.novell.ldapchai.exception.ChaiOperationException used on opensource projects

Example 26 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class LdapCrOperator method clearResponses.

public void clearResponses(final UserIdentity userIdentity, final ChaiUser theUser, final String userGuid) throws PwmUnrecoverableException {
    final LdapProfile ldapProfile = userIdentity.getLdapProfile(config);
    final String ldapStorageAttribute = ldapProfile.readSettingAsString(PwmSetting.CHALLENGE_USER_ATTRIBUTE);
    if (ldapStorageAttribute == null || ldapStorageAttribute.length() < 1) {
        final String errorMsg = "ldap storage attribute is not configured, unable to clear user responses";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        final String currentValue = theUser.readStringAttribute(ldapStorageAttribute);
        if (currentValue != null && currentValue.length() > 0) {
            theUser.deleteAttribute(ldapStorageAttribute, null);
        }
        LOGGER.info("cleared responses for user to chai-ldap format");
    } catch (ChaiOperationException e) {
        final String errorMsg;
        if (e.getErrorCode() == ChaiError.NO_ACCESS) {
            errorMsg = "permission error clearing responses to ldap attribute '" + ldapStorageAttribute + "', user does not appear to have correct permissions to clear responses: " + e.getMessage();
        } else {
            errorMsg = "error clearing responses to ldap attribute '" + ldapStorageAttribute + "': " + e.getMessage();
        }
        final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_WRITING_RESPONSES, errorMsg);
        final PwmUnrecoverableException pwmOE = new PwmUnrecoverableException(errorInfo);
        pwmOE.initCause(e);
        throw pwmOE;
    } catch (ChaiUnavailableException e) {
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_DIRECTORY_UNAVAILABLE, e.getMessage()));
    }
}

Example 27 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class ForgottenPasswordUtil method doActionSendNewPassword.

static void doActionSendNewPassword(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final ForgottenPasswordBean forgottenPasswordBean = ForgottenPasswordServlet.forgottenPasswordBean(pwmRequest);
    final ForgottenPasswordProfile forgottenPasswordProfile = forgottenPasswordProfile(pwmRequest.getPwmApplication(), forgottenPasswordBean);
    final RecoveryAction recoveryAction = ForgottenPasswordUtil.getRecoveryAction(pwmApplication.getConfig(), forgottenPasswordBean);
    LOGGER.trace(pwmRequest, "beginning process to send new password to user");
    if (!forgottenPasswordBean.getProgress().isAllPassed()) {
        return;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
    try {
        // try unlocking user
        theUser.unlockPassword();
        LOGGER.trace(pwmRequest, "unlock account succeeded");
    } catch (ChaiOperationException e) {
        final String errorMsg = "unable to unlock user " + theUser.getEntryDN() + " error: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNLOCK_FAILURE, errorMsg);
        LOGGER.error(pwmRequest.getPwmSession(), errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation);
        return;
    }
    try {
        final UserInfo userInfo = UserInfoFactory.newUserInfoUsingProxy(pwmApplication, pwmRequest.getSessionLabel(), userIdentity, pwmRequest.getLocale());
        LOGGER.info(pwmRequest, "user successfully supplied password recovery responses, emailing new password to: " + theUser.getEntryDN());
        // add post change actions
        ForgottenPasswordServlet.addPostChangeAction(pwmRequest, userIdentity);
        // create new password
        final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmRequest.getSessionLabel(), userInfo.getPasswordPolicy(), pwmApplication);
        LOGGER.trace(pwmRequest, "generated random password value based on password policy for " + userIdentity.toDisplayString());
        // set the password
        try {
            theUser.setPassword(newPassword.getStringValue());
            LOGGER.trace(pwmRequest, "set user " + userIdentity.toDisplayString() + " password to system generated random value");
        } catch (ChaiException e) {
            throw PwmUnrecoverableException.fromChaiException(e);
        }
        if (recoveryAction == RecoveryAction.SENDNEWPW_AND_EXPIRE) {
            LOGGER.debug(pwmRequest, "marking user " + userIdentity.toDisplayString() + " password as expired");
            theUser.expirePassword();
        }
        // mark the event log
        {
            final AuditRecord auditRecord = new AuditRecordFactory(pwmApplication).createUserAuditRecord(AuditEvent.RECOVER_PASSWORD, userIdentity, pwmRequest.getSessionLabel());
            pwmApplication.getAuditManager().submit(auditRecord);
        }
        final MessageSendMethod messageSendMethod = forgottenPasswordProfile.readSettingAsEnum(PwmSetting.RECOVERY_SENDNEWPW_METHOD, MessageSendMethod.class);
        // send email or SMS
        final String toAddress = PasswordUtility.sendNewPassword(userInfo, pwmApplication, newPassword, pwmRequest.getLocale(), messageSendMethod);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_PasswordSend, toAddress);
    } catch (PwmException e) {
        LOGGER.warn(pwmRequest, "unexpected error setting new password during recovery process for user: " + e.getMessage());
        pwmRequest.respondWithError(e.getErrorInformation());
    } catch (ChaiOperationException e) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected ldap error while processing recovery action " + recoveryAction + ", error: " + e.getMessage());
        LOGGER.warn(pwmRequest, errorInformation.toDebugStr());
        pwmRequest.respondWithError(errorInformation);
    } finally {
        ForgottenPasswordServlet.clearForgottenPasswordBean(pwmRequest);
        // the user should not be authenticated, this is a safety method
        pwmRequest.getPwmSession().unauthenticateUser(pwmRequest);
        // the password set flag should not have been set, this is a safety method
        pwmRequest.getPwmSession().getSessionStateBean().setPasswordModified(false);
    }
}

Example 28 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class ForgottenPasswordServlet method processCheckAttributes.

@ActionHandler(action = "checkAttributes")
private ProcessStatus processCheckAttributes(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    // final SessionStateBean ssBean = pwmRequest.getPwmSession().getSessionStateBean();
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.isBogusUser()) {
        final FormConfiguration formConfiguration = forgottenPasswordBean.getAttributeForm().iterator().next();
        // add a bit of jitter to pretend like we're checking a data source
        JavaHelper.pause(300 + PwmRandom.getInstance().nextInt(700));
        if (forgottenPasswordBean.getUserSearchValues() != null) {
            final List<FormConfiguration> formConfigurations = pwmRequest.getConfig().readSettingAsForm(PwmSetting.FORGOTTEN_PASSWORD_SEARCH_FORM);
            final Map<FormConfiguration, String> formMap = FormUtility.asFormConfigurationMap(formConfigurations, forgottenPasswordBean.getUserSearchValues());
            pwmRequest.getPwmApplication().getIntruderManager().convenience().markAttributes(formMap, pwmRequest.getPwmSession());
        }
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for attribute '" + formConfiguration.getName() + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) });
        forgottenPasswordBean.getProgress().setInProgressVerificationMethod(IdentityVerificationMethod.ATTRIBUTES);
        setLastError(pwmRequest, errorInformation);
        return ProcessStatus.Continue;
    }
    if (forgottenPasswordBean.getUserIdentity() == null) {
        return ProcessStatus.Continue;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    try {
        // check attributes
        final ChaiUser theUser = pwmRequest.getPwmApplication().getProxiedChaiUser(userIdentity);
        final Locale userLocale = pwmRequest.getLocale();
        final List<FormConfiguration> requiredAttributesForm = forgottenPasswordBean.getAttributeForm();
        if (requiredAttributesForm.isEmpty()) {
            return ProcessStatus.Continue;
        }
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, requiredAttributesForm, userLocale);
        for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
            final FormConfiguration formConfiguration = entry.getKey();
            final String attrName = formConfiguration.getName();
            try {
                if (theUser.compareStringAttribute(attrName, entry.getValue())) {
                    LOGGER.trace(pwmRequest, "successful validation of ldap attribute value for '" + attrName + "'");
                } else {
                    throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "incorrect value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
                }
            } catch (ChaiOperationException e) {
                LOGGER.error(pwmRequest, "error during param validation of '" + attrName + "', error: " + e.getMessage());
                throw new PwmDataValidationException(new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, "ldap error testing value for '" + attrName + "'", new String[] { formConfiguration.getLabel(pwmRequest.getLocale()) }));
            }
        }
        forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.ATTRIBUTES);
    } catch (PwmDataValidationException e) {
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, e.getErrorInformation().toDebugStr()));
    }
    return ProcessStatus.Continue;
}

Example 29 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class GuestRegistrationServlet method handleCreateRequest.

private void handleCreateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final Configuration config = pwmApplication.getConfig();
    final Locale locale = ssBean.getLocale();
    final List<FormConfiguration> guestUserForm = config.readSettingAsForm(PwmSetting.GUEST_FORM);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, guestUserForm, locale);
        // read the expiration date from the request.
        final Instant expirationDate = readExpirationFromRequest(pwmRequest);
        // see if the values meet form requirements.
        FormUtility.validateFormValues(config, formValues, locale);
        // read new user DN
        final String guestUserDN = determineUserDN(formValues, config);
        // read a chai provider to make the user
        final ChaiProvider provider = pwmSession.getSessionManager().getChaiProvider();
        // set up the user creation attributes
        final Map<String, String> createAttributes = new HashMap<>();
        for (final Map.Entry<FormConfiguration, String> entry : formValues.entrySet()) {
            final FormConfiguration formItem = entry.getKey();
            final String value = entry.getValue();
            LOGGER.debug(pwmSession, "Attribute from form: " + formItem.getName() + " = " + value);
            final String n = formItem.getName();
            final String v = formValues.get(formItem);
            if (n != null && n.length() > 0 && v != null && v.length() > 0) {
                createAttributes.put(n, v);
            }
        }
        // Write creator DN
        createAttributes.put(config.readSettingAsString(PwmSetting.GUEST_ADMIN_ATTRIBUTE), pwmSession.getUserInfo().getUserIdentity().getUserDN());
        // read the creation object classes.
        final Set<String> createObjectClasses = new HashSet<>(config.readSettingAsStringArray(PwmSetting.DEFAULT_OBJECT_CLASSES));
        provider.createEntry(guestUserDN, createObjectClasses, createAttributes);
        LOGGER.info(pwmSession, "created user object: " + guestUserDN);
        final ChaiUser theUser = provider.getEntryFactory().newChaiUser(guestUserDN);
        final UserIdentity userIdentity = new UserIdentity(guestUserDN, pwmSession.getUserInfo().getUserIdentity().getLdapProfileID());
        // write the expiration date:
        if (expirationDate != null) {
            final String expirationAttr = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
            theUser.writeDateAttribute(expirationAttr, expirationDate);
        }
        final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, pwmSession.getLabel(), userIdentity, theUser, locale);
        final PasswordData newPassword = RandomPasswordGenerator.createRandomPassword(pwmSession.getLabel(), passwordPolicy, pwmApplication);
        theUser.setPassword(newPassword.getStringValue());
        {
            // execute configured actions
            LOGGER.debug(pwmSession, "executing configured actions to user " + theUser.getEntryDN());
            final List<ActionConfiguration> actions = pwmApplication.getConfig().readSettingAsAction(PwmSetting.GUEST_WRITE_ATTRIBUTES);
            if (actions != null && !actions.isEmpty()) {
                final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest, userIdentity);
                final ActionExecutor actionExecutor = new ActionExecutor.ActionExecutorSettings(pwmApplication, theUser).setExpandPwmMacros(true).setMacroMachine(macroMachine).createActionExecutor();
                actionExecutor.executeActions(actions, pwmRequest.getSessionLabel());
            }
        }
        // everything good so forward to success page.
        this.sendGuestUserEmailConfirmation(pwmRequest, userIdentity);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.NEW_USERS);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_CreateGuest);
    } catch (ChaiOperationException e) {
        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_NEW_USER_FAILURE, "error creating user: " + e.getMessage());
        setLastError(pwmRequest, info);
        LOGGER.warn(pwmSession, info);
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
        setLastError(pwmRequest, e.getErrorInformation());
        this.forwardToJSP(pwmRequest, guestRegistrationBean);
    }
}

Example 30 with ChaiOperationException

use of com.novell.ldapchai.exception.ChaiOperationException in project pwm by pwm-project.

the class GuestRegistrationServlet method handleUpdateRequest.

protected void handleUpdateRequest(final PwmRequest pwmRequest, final GuestRegistrationBean guestRegistrationBean) throws ServletException, ChaiUnavailableException, IOException, PwmUnrecoverableException {
    // Fetch the session state bean.
    final PwmSession pwmSession = pwmRequest.getPwmSession();
    final LocalSessionStateBean ssBean = pwmSession.getSessionStateBean();
    final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
    final Configuration config = pwmApplication.getConfig();
    final List<FormConfiguration> formItems = pwmApplication.getConfig().readSettingAsForm(PwmSetting.GUEST_UPDATE_FORM);
    final String expirationAttribute = config.readSettingAsString(PwmSetting.GUEST_EXPIRATION_ATTRIBUTE);
    try {
        // read the values from the request
        final Map<FormConfiguration, String> formValues = FormUtility.readFormValuesFromRequest(pwmRequest, formItems, pwmRequest.getLocale());
        // see if the values meet form requirements.
        FormUtility.validateFormValues(config, formValues, ssBean.getLocale());
        // read current values from user.
        final ChaiUser theGuest = pwmSession.getSessionManager().getActor(pwmApplication, guestRegistrationBean.getUpdateUserIdentity());
        // check unique fields against ldap
        FormUtility.validateFormValueUniqueness(pwmApplication, formValues, ssBean.getLocale(), Collections.singletonList(guestRegistrationBean.getUpdateUserIdentity()));
        final Instant expirationDate = readExpirationFromRequest(pwmRequest);
        // Update user attributes
        LdapOperationsHelper.writeFormValuesToLdap(pwmApplication, pwmSession.getSessionManager().getMacroMachine(pwmApplication), theGuest, formValues, false);
        // Write expirationDate
        if (expirationDate != null) {
            theGuest.writeDateAttribute(expirationAttribute, expirationDate);
        }
        // send email.
        final UserInfo guestUserInfoBean = UserInfoFactory.newUserInfo(pwmApplication, pwmRequest.getSessionLabel(), pwmRequest.getLocale(), guestRegistrationBean.getUpdateUserIdentity(), theGuest.getChaiProvider());
        this.sendUpdateGuestEmailConfirmation(pwmRequest, guestUserInfoBean);
        pwmApplication.getStatisticsManager().incrementValue(Statistic.UPDATED_GUESTS);
        // everything good so forward to confirmation page.
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_UpdateGuest);
        return;
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmSession, e.getErrorInformation().toDebugStr());
        setLastError(pwmRequest, e.getErrorInformation());
    } catch (ChaiOperationException e) {
        final ErrorInformation info = new ErrorInformation(PwmError.ERROR_UNKNOWN, "unexpected error writing to ldap: " + e.getMessage());
        LOGGER.error(pwmSession, info);
        setLastError(pwmRequest, info);
    }
    this.forwardToUpdateJSP(pwmRequest, guestRegistrationBean);
}