Example 1 with ChaiPasswordPolicyException
use of com.novell.ldapchai.exception.ChaiPasswordPolicyException in project ldapchai by ldapchai.
the class InetOrgPersonImpl method changePassword.
public final void changePassword(final String oldPassword, final String newPassword) throws ChaiUnavailableException, ChaiPasswordPolicyException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
try {
replaceAttribute(ATTR_PASSWORD, oldPassword, newPassword);
} catch (ChaiOperationException e) {
throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
}
} else {
final ChangePwdRequest request = new ChangePwdRequest();
request.setNewPwd(newPassword);
request.setObjectDN(this.getEntryDN());
request.setOldPwd(oldPassword);
final ExtendedResponse response;
try {
response = getChaiProvider().extendedOperation(request);
} catch (ChaiOperationException e) {
throw new ChaiPasswordPolicyException(e.getMessage(), ChaiErrors.getErrorForMessage(e.getMessage()));
}
if (response != null) {
final ChangePwdResponse changeResponse = (ChangePwdResponse) response;
final int responseCode = changeResponse.getNmasRetCode();
if (responseCode != 0) {
LOGGER.debug("error changing nmas password: " + responseCode);
final String errorString = "nmas error " + responseCode;
throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
}
}
}
}
Also used :
ChangePwdResponse(com.novell.security.nmas.jndi.ldap.ext.ChangePwdResponse)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
ExtendedResponse(javax.naming.ldap.ExtendedResponse)
ChangePwdRequest(com.novell.security.nmas.jndi.ldap.ext.ChangePwdRequest)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 2 with ChaiPasswordPolicyException
use of com.novell.ldapchai.exception.ChaiPasswordPolicyException in project ldapchai by ldapchai.
the class InetOrgPersonImpl method testPasswordPolicy.
public boolean testPasswordPolicy(final String password) throws ChaiUnavailableException, ChaiPasswordPolicyException {
final boolean useNmasSetting = this.getChaiProvider().getChaiConfiguration().getBooleanSetting(ChaiSetting.EDIRECTORY_ENABLE_NMAS);
if (!useNmasSetting) {
return true;
}
final PwdPolicyCheckRequest request = new PwdPolicyCheckRequest();
request.setData(password);
request.setObjectDN(this.getEntryDN());
final ExtendedResponse response;
try {
response = getChaiProvider().extendedOperation(request);
} catch (ChaiOperationException e) {
LOGGER.debug("unexpected error while checking [nmas] password policy: " + e.getMessage());
return true;
}
if (response != null) {
final PwdPolicyCheckResponse setResponse = (PwdPolicyCheckResponse) response;
final int responseCode = setResponse.getNmasRetCode();
if (responseCode != 0) {
LOGGER.debug("nmas response code returned from server while testing nmas password: " + responseCode);
final String errorString = "nmas error " + responseCode;
throw new ChaiPasswordPolicyException(errorString, ChaiErrors.getErrorForMessage(errorString));
}
}
return true;
}
Also used :
PwdPolicyCheckResponse(com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckResponse)
ExtendedResponse(javax.naming.ldap.ExtendedResponse)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
PwdPolicyCheckRequest(com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckRequest)
Example 3 with ChaiPasswordPolicyException
use of com.novell.ldapchai.exception.ChaiPasswordPolicyException in project pwm by pwm-project.
the class PwmPasswordRuleValidator method testPassword.
public boolean testPassword(final PasswordData password, final PasswordData oldPassword, final UserInfo userInfo, final ChaiUser user) throws PwmDataValidationException, ChaiUnavailableException, PwmUnrecoverableException {
final List<ErrorInformation> errorResults = validate(password, oldPassword, userInfo);
if (!errorResults.isEmpty()) {
throw new PwmDataValidationException(errorResults.iterator().next());
}
if (user != null) {
try {
LOGGER.trace("calling chai directory password validation checker");
user.testPasswordPolicy(password.getStringValue());
} catch (UnsupportedOperationException e) {
LOGGER.trace("Unsupported operation was thrown while validating password: " + e.toString());
} catch (ChaiUnavailableException e) {
pwmApplication.getStatisticsManager().incrementValue(Statistic.LDAP_UNAVAILABLE_COUNT);
LOGGER.warn("ChaiUnavailableException was thrown while validating password: " + e.toString());
throw e;
} catch (ChaiPasswordPolicyException e) {
final ChaiError passwordError = e.getErrorCode();
final PwmError pwmError = PwmError.forChaiError(passwordError);
final ErrorInformation info = new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError);
LOGGER.trace("ChaiPasswordPolicyException was thrown while validating password: " + e.toString());
errorResults.add(info);
}
}
if (!errorResults.isEmpty()) {
throw new PwmDataValidationException(errorResults.iterator().next());
}
return true;
}
Also used :
ErrorInformation(password.pwm.error.ErrorInformation)
PwmDataValidationException(password.pwm.error.PwmDataValidationException)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
ChaiError(com.novell.ldapchai.exception.ChaiError)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
PwmError(password.pwm.error.PwmError)
Example 4 with ChaiPasswordPolicyException
use of com.novell.ldapchai.exception.ChaiPasswordPolicyException in project pwm by pwm-project.
the class PasswordUtility method setPassword.
public static void setPassword(final PwmApplication pwmApplication, final SessionLabel sessionLabel, final ChaiProvider chaiProvider, final UserInfo userInfo, final PasswordData oldPassword, final PasswordData newPassword) throws PwmUnrecoverableException, PwmOperationalException {
final UserIdentity userIdentity = userInfo.getUserIdentity();
final Instant startTime = Instant.now();
final boolean bindIsSelf;
final String bindDN;
try {
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
final Locale locale = PwmConstants.DEFAULT_LOCALE;
final PwmPasswordPolicy passwordPolicy = PasswordUtility.readPasswordPolicyForUser(pwmApplication, sessionLabel, userIdentity, theUser, locale);
final PwmPasswordRuleValidator pwmPasswordRuleValidator = new PwmPasswordRuleValidator(pwmApplication, passwordPolicy);
pwmPasswordRuleValidator.testPassword(newPassword, null, userInfo, theUser);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
} catch (PwmException e) {
throw new PwmUnrecoverableException(e.getErrorInformation());
}
try {
final ChaiUser theUser = chaiProvider.getEntryFactory().newChaiUser(userIdentity.getUserDN());
bindDN = chaiProvider.getChaiConfiguration().getSetting(ChaiSetting.BIND_DN);
bindIsSelf = userIdentity.canonicalEquals(new UserIdentity(bindDN, userIdentity.getLdapProfileID()), pwmApplication);
LOGGER.trace(sessionLabel, "preparing to setActorPassword for '" + theUser.getEntryDN() + "', using bind DN: " + bindDN);
final boolean settingEnableChange = Boolean.parseBoolean(pwmApplication.getConfig().readAppProperty(AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE));
if (settingEnableChange) {
if (oldPassword == null) {
theUser.setPassword(newPassword.getStringValue(), true);
} else {
theUser.changePassword(oldPassword.getStringValue(), newPassword.getStringValue());
}
} else {
LOGGER.debug(sessionLabel, "skipping actual ldap password change operation due to app property " + AppProperty.LDAP_PASSWORD_CHANGE_SELF_ENABLE.getKey() + "=false");
}
} catch (ChaiPasswordPolicyException e) {
final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.toString();
final PwmError pwmError = PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError, errorMsg);
throw new PwmOperationalException(error);
} catch (ChaiOperationException e) {
final String errorMsg = "error setting password for user '" + userIdentity.toDisplayString() + "'' " + e.getMessage();
final PwmError pwmError = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(pwmError, errorMsg);
throw new PwmOperationalException(error);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
// add the old password to the global history list (if the old password is known)
if (oldPassword != null && pwmApplication.getConfig().readSettingAsBoolean(PwmSetting.PASSWORD_SHAREDHISTORY_ENABLE)) {
pwmApplication.getSharedHistoryManager().addWord(sessionLabel, oldPassword.getStringValue());
}
// update stats
pwmApplication.getStatisticsManager().updateEps(EpsStatistic.PASSWORD_CHANGES, 1);
final int passwordStrength = PasswordUtility.judgePasswordStrength(pwmApplication.getConfig(), newPassword.getStringValue());
pwmApplication.getStatisticsManager().updateAverageValue(Statistic.AVG_PASSWORD_STRENGTH, passwordStrength);
// at this point the password has been changed, so log it.
final String msg = (bindIsSelf ? "user " + userIdentity.toDisplayString() + " has changed own password" : "password for user '" + userIdentity.toDisplayString() + "' has been changed by " + bindDN) + " (" + TimeDuration.fromCurrent(startTime).asCompactString() + ")";
LOGGER.info(sessionLabel, msg);
}
Also used :
Locale(java.util.Locale)
ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException)
UserIdentity(password.pwm.bean.UserIdentity)
Instant(java.time.Instant)
PwmError(password.pwm.error.PwmError)
PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException)
PwmOperationalException(password.pwm.error.PwmOperationalException)
PwmException(password.pwm.error.PwmException)
PwmPasswordRuleValidator(password.pwm.util.PwmPasswordRuleValidator)
ErrorInformation(password.pwm.error.ErrorInformation)
ChaiUser(com.novell.ldapchai.ChaiUser)
PwmPasswordPolicy(password.pwm.config.profile.PwmPasswordPolicy)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
Example 5 with ChaiPasswordPolicyException
use of com.novell.ldapchai.exception.ChaiPasswordPolicyException in project pwm by pwm-project.
the class HelpdeskServlet method restUnlockIntruder.
@ActionHandler(action = "unlockIntruder")
private ProcessStatus restUnlockIntruder(final PwmRequest pwmRequest) throws PwmUnrecoverableException, ChaiUnavailableException, IOException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final String userKey = pwmRequest.readParameterAsString(PwmConstants.PARAM_USERKEY, PwmHttpRequestWrapper.Flag.BypassValidation);
if (userKey.length() < 1) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_PARAMETER, "userKey parameter is missing");
pwmRequest.respondWithError(errorInformation, false);
return ProcessStatus.Halt;
}
final UserIdentity userIdentity = UserIdentity.fromKey(userKey, pwmRequest.getPwmApplication());
if (!helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_UNLOCK)) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "password unlock request, but helpdesk unlock is not enabled");
LOGGER.error(pwmRequest, errorInformation);
pwmRequest.respondWithError(errorInformation);
return ProcessStatus.Halt;
}
// clear pwm intruder setting.
{
final IntruderManager intruderManager = pwmRequest.getPwmApplication().getIntruderManager();
intruderManager.convenience().clearUserIdentity(userIdentity);
}
try {
final ChaiUser chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
// send notice email
HelpdeskServletUtil.sendUnlockNoticeEmail(pwmRequest, helpdeskProfile, userIdentity, chaiUser);
chaiUser.unlockPassword();
{
// mark the event log
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_UNLOCK_PASSWORD, pwmRequest.getPwmSession().getUserInfo().getUserIdentity(), null, userIdentity, pwmRequest.getSessionLabel().getSrcAddress(), pwmRequest.getSessionLabel().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
} catch (ChaiPasswordPolicyException e) {
final ChaiError passwordError = e.getErrorCode();
final PwmError pwmError = PwmError.forChaiError(passwordError);
pwmRequest.respondWithError(new ErrorInformation(pwmError == null ? PwmError.PASSWORD_UNKNOWN_VALIDATION : pwmError));
LOGGER.trace(pwmRequest, "ChaiPasswordPolicyException was thrown while resetting password: " + e.toString());
return ProcessStatus.Halt;
} catch (ChaiOperationException e) {
final PwmError returnMsg = PwmError.forChaiError(e.getErrorCode()) == null ? PwmError.ERROR_UNKNOWN : PwmError.forChaiError(e.getErrorCode());
final ErrorInformation error = new ErrorInformation(returnMsg, e.getMessage());
pwmRequest.respondWithError(error);
LOGGER.warn(pwmRequest, "error resetting password for user '" + userIdentity.toDisplayString() + "'' " + error.toDebugStr() + ", " + e.getMessage());
return ProcessStatus.Halt;
}
final RestResultBean restResultBean = RestResultBean.forSuccessMessage(pwmRequest, Message.Success_Unknown);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
Also used :
UserIdentity(password.pwm.bean.UserIdentity)
PwmError(password.pwm.error.PwmError)
HelpdeskProfile(password.pwm.config.profile.HelpdeskProfile)
HelpdeskAuditRecord(password.pwm.svc.event.HelpdeskAuditRecord)
ErrorInformation(password.pwm.error.ErrorInformation)
AuditRecordFactory(password.pwm.svc.event.AuditRecordFactory)
ChaiUser(com.novell.ldapchai.ChaiUser)
ChaiError(com.novell.ldapchai.exception.ChaiError)
ChaiPasswordPolicyException(com.novell.ldapchai.exception.ChaiPasswordPolicyException)
IntruderManager(password.pwm.svc.intruder.IntruderManager)
ChaiOperationException(com.novell.ldapchai.exception.ChaiOperationException)
RestResultBean(password.pwm.ws.server.RestResultBean)
Aggregations
ChaiPasswordPolicyException (com.novell.ldapchai.exception.ChaiPasswordPolicyException)7
ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)6
ExtendedResponse (javax.naming.ldap.ExtendedResponse)3
ErrorInformation (password.pwm.error.ErrorInformation)3
PwmError (password.pwm.error.PwmError)3
ChaiUser (com.novell.ldapchai.ChaiUser)2
ChaiError (com.novell.ldapchai.exception.ChaiError)2
ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)2
UserIdentity (password.pwm.bean.UserIdentity)2
ChangePwdRequest (com.novell.security.nmas.jndi.ldap.ext.ChangePwdRequest)1
ChangePwdResponse (com.novell.security.nmas.jndi.ldap.ext.ChangePwdResponse)1
PwdPolicyCheckRequest (com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckRequest)1
PwdPolicyCheckResponse (com.novell.security.nmas.jndi.ldap.ext.PwdPolicyCheckResponse)1
SetPwdRequest (com.novell.security.nmas.jndi.ldap.ext.SetPwdRequest)1
SetPwdResponse (com.novell.security.nmas.jndi.ldap.ext.SetPwdResponse)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
Instant (java.time.Instant)1
Locale (java.util.Locale)1
HelpdeskProfile (password.pwm.config.profile.HelpdeskProfile)1
PwmPasswordPolicy (password.pwm.config.profile.PwmPasswordPolicy)1
