use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class ForgottenPasswordUtil method readResponseSet.
static ResponseSet readResponseSet(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean) throws PwmUnrecoverableException {
if (forgottenPasswordBean.getUserIdentity() == null) {
return null;
}
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet;
try {
final ChaiUser theUser = pwmApplication.getProxiedChaiUser(userIdentity);
responseSet = pwmApplication.getCrService().readUserResponseSet(pwmRequest.getSessionLabel(), userIdentity, theUser);
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
return responseSet;
}
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class HelpdeskCardInfoBean method figurePhotoURL.
private static String figurePhotoURL(final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final ChaiUser chaiUser, final MacroMachine macroMachine, final UserIdentity userIdentity) throws PwmUnrecoverableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final boolean enabled = helpdeskProfile.readSettingAsBoolean(PwmSetting.HELPDESK_ENABLE_PHOTOS);
if (!enabled) {
LOGGER.debug(pwmRequest, "detailed user data lookup for " + userIdentity.toString() + ", failed photo query filter, denying photo view");
return null;
}
final LdapProfile ldapProfile = userIdentity.getLdapProfile(pwmApplication.getConfig());
final String overrideURL = ldapProfile.readSettingAsString(PwmSetting.PEOPLE_SEARCH_PHOTO_URL_OVERRIDE);
try {
if (!StringUtil.isEmpty(overrideURL)) {
return macroMachine.expandMacros(overrideURL);
}
try {
LdapOperationsHelper.readPhotoDataFromLdap(pwmApplication.getConfig(), chaiUser, userIdentity);
} catch (PwmOperationalException e) {
LOGGER.debug(pwmRequest, "determined " + userIdentity + " does not have photo data available while generating detail data");
return null;
}
} catch (ChaiUnavailableException e) {
throw PwmUnrecoverableException.fromChaiException(e);
}
String returnUrl = pwmRequest.getContextPath() + PwmServletDefinition.Helpdesk.servletUrl();
returnUrl = PwmURL.appendAndEncodeUrlParameters(returnUrl, PwmConstants.PARAM_ACTION_REQUEST, HelpdeskServlet.HelpdeskAction.photo.name());
returnUrl = PwmURL.appendAndEncodeUrlParameters(returnUrl, PwmConstants.PARAM_USERKEY, userIdentity.toObfuscatedKey(pwmApplication));
return returnUrl;
}
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class HelpdeskDetailInfoBean method makeHelpdeskDetailInfo.
static HelpdeskDetailInfoBean makeHelpdeskDetailInfo(final PwmRequest pwmRequest, final HelpdeskProfile helpdeskProfile, final UserIdentity userIdentity) throws PwmUnrecoverableException, ChaiUnavailableException {
final HelpdeskDetailInfoBeanBuilder builder = HelpdeskDetailInfoBean.builder();
final Instant startTime = Instant.now();
LOGGER.trace(pwmRequest, "beginning to assemble detail data report for user " + userIdentity);
final Locale actorLocale = pwmRequest.getLocale();
final ChaiUser theUser = HelpdeskServlet.getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
if (!theUser.exists()) {
return null;
}
final UserInfo userInfo = UserInfoFactory.newUserInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), actorLocale, userIdentity, theUser.getChaiProvider());
final MacroMachine macroMachine = MacroMachine.forUser(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userInfo, null);
try {
final List<AccountInformationBean.ActivityRecord> userHistory = AccountInformationBean.makeAuditInfo(pwmRequest.getPwmApplication(), pwmRequest.getSessionLabel(), userInfo, pwmRequest.getLocale());
builder.userHistory(userHistory);
} catch (Exception e) {
LOGGER.error(pwmRequest, "unexpected error reading userHistory for user '" + userIdentity + "', " + e.getMessage());
}
builder.userKey(userIdentity.toObfuscatedKey(pwmRequest.getPwmApplication()));
builder.profileData(getProfileData(helpdeskProfile, userInfo, pwmRequest.getSessionLabel(), pwmRequest.getLocale()));
builder.passwordPolicyRules(makePasswordPolicyRules(userInfo, pwmRequest.getLocale(), pwmRequest.getConfig()));
{
final List<String> requirementLines = PasswordRequirementsTag.getPasswordRequirementsStrings(userInfo.getPasswordPolicy(), pwmRequest.getConfig(), pwmRequest.getLocale(), macroMachine);
builder.passwordRequirements(Collections.unmodifiableList(requirementLines));
}
if ((userInfo.getPasswordPolicy() != null) && (userInfo.getPasswordPolicy().getChaiPasswordPolicy() != null) && (userInfo.getPasswordPolicy().getChaiPasswordPolicy().getPolicyEntry() != null) && (userInfo.getPasswordPolicy().getChaiPasswordPolicy().getPolicyEntry().getEntryDN() != null)) {
builder.passwordPolicyDN(userInfo.getPasswordPolicy().getChaiPasswordPolicy().getPolicyEntry().getEntryDN());
} else {
builder.passwordPolicyDN(LocaleHelper.getLocalizedMessage(Display.Value_NotApplicable, pwmRequest));
}
if ((userInfo.getPasswordPolicy() != null) && userInfo.getPasswordPolicy().getIdentifier() != null) {
builder.passwordPolicyID(userInfo.getPasswordPolicy().getIdentifier());
} else {
builder.passwordPolicyID(LocaleHelper.getLocalizedMessage(Display.Value_NotApplicable, pwmRequest));
}
{
final ResponseInfoBean responseInfoBean = userInfo.getResponseInfoBean();
if (responseInfoBean != null && responseInfoBean.getHelpdeskCrMap() != null) {
final List<DisplayElement> responseDisplay = new ArrayList<>();
int counter = 0;
for (final Map.Entry<Challenge, String> entry : responseInfoBean.getHelpdeskCrMap().entrySet()) {
counter++;
responseDisplay.add(new DisplayElement("item_" + counter, DisplayElement.Type.string, entry.getKey().getChallengeText(), entry.getValue()));
}
builder.helpdeskResponses = responseDisplay;
}
}
builder.userDisplayName(HelpdeskCardInfoBean.figureDisplayName(helpdeskProfile, macroMachine));
final TimeDuration timeDuration = TimeDuration.fromCurrent(startTime);
{
final Set<ViewStatusFields> viewStatusFields = helpdeskProfile.readSettingAsOptionList(PwmSetting.HELPDESK_VIEW_STATUS_VALUES, ViewStatusFields.class);
builder.statusData(ViewableUserInfoDisplayReader.makeDisplayData(viewStatusFields, pwmRequest.getConfig(), userInfo, null, pwmRequest.getLocale()));
}
{
final Set<HelpdeskDetailInfoBean.StandardButton> visibleButtons = determineVisibleButtons(helpdeskProfile);
builder.visibleButtons(visibleButtons);
builder.enabledButtons(determineEnabledButtons(visibleButtons, userInfo));
builder.customButtons(determineCustomButtons(helpdeskProfile));
}
final HelpdeskDetailInfoBean helpdeskDetailInfoBean = builder.build();
if (pwmRequest.getConfig().isDevDebugMode()) {
LOGGER.trace(pwmRequest, "completed assembly of detail data report for user " + userIdentity + " in " + timeDuration.asCompactString() + ", contents: " + JsonUtil.serialize(helpdeskDetailInfoBean));
}
return builder.build();
}
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class HelpdeskServlet method restValidateAttributes.
@ActionHandler(action = "validateAttributes")
private ProcessStatus restValidateAttributes(final PwmRequest pwmRequest) throws IOException, PwmUnrecoverableException, ServletException {
final HelpdeskProfile helpdeskProfile = getHelpdeskProfile(pwmRequest);
final Instant startTime = Instant.now();
final String bodyString = pwmRequest.readRequestBodyAsString();
final HelpdeskVerificationRequestBean helpdeskVerificationRequestBean = JsonUtil.deserialize(bodyString, HelpdeskVerificationRequestBean.class);
final UserIdentity userIdentity = UserIdentity.fromKey(helpdeskVerificationRequestBean.getUserKey(), pwmRequest.getPwmApplication());
boolean passed = false;
{
final List<FormConfiguration> verificationForms = helpdeskProfile.readSettingAsForm(PwmSetting.HELPDESK_VERIFICATION_FORM);
if (verificationForms == null || verificationForms.isEmpty()) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, "attempt to verify ldap attributes with no ldap verification attributes configured");
throw new PwmUnrecoverableException(errorInformation);
}
final Map<String, String> bodyMap = JsonUtil.deserializeStringMap(bodyString);
final ChaiUser chaiUser;
try {
chaiUser = getChaiUser(pwmRequest, helpdeskProfile, userIdentity);
} catch (ChaiUnavailableException e) {
throw new PwmUnrecoverableException(PwmError.forChaiError(e.getErrorCode()));
}
int successCount = 0;
for (final FormConfiguration formConfiguration : verificationForms) {
final String name = formConfiguration.getName();
final String suppliedValue = bodyMap.get(name);
try {
if (chaiUser.compareStringAttribute(name, suppliedValue)) {
successCount++;
}
} catch (ChaiException e) {
LOGGER.error(pwmRequest, "error comparing ldap attribute during verification " + e.getMessage());
}
}
if (successCount == verificationForms.size()) {
passed = true;
}
}
final HelpdeskVerificationStateBean verificationStateBean = HelpdeskVerificationStateBean.fromClientString(pwmRequest, helpdeskVerificationRequestBean.getVerificationState());
if (passed) {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
verificationStateBean.addRecord(userIdentity, IdentityVerificationMethod.ATTRIBUTES);
} else {
final PwmSession pwmSession = pwmRequest.getPwmSession();
final HelpdeskAuditRecord auditRecord = new AuditRecordFactory(pwmRequest).createHelpdeskAuditRecord(AuditEvent.HELPDESK_VERIFY_ATTRIBUTES_INCORRECT, pwmSession.getUserInfo().getUserIdentity(), null, userIdentity, pwmSession.getSessionStateBean().getSrcAddress(), pwmSession.getSessionStateBean().getSrcHostname());
pwmRequest.getPwmApplication().getAuditManager().submit(auditRecord);
}
// add a delay to prevent continuous checks
final long delayMs = Long.parseLong(pwmRequest.getConfig().readAppProperty(AppProperty.HELPDESK_VERIFICATION_INVALID_DELAY_MS));
while (TimeDuration.fromCurrent(startTime).isShorterThan(delayMs)) {
JavaHelper.pause(100);
}
final HelpdeskVerificationResponseBean responseBean = new HelpdeskVerificationResponseBean(passed, verificationStateBean.toClientString(pwmRequest.getPwmApplication()));
final RestResultBean restResultBean = RestResultBean.withData(responseBean);
pwmRequest.outputJsonResult(restResultBean);
return ProcessStatus.Halt;
}
use of com.novell.ldapchai.exception.ChaiUnavailableException in project pwm by pwm-project.
the class ConfigManagerServlet method restLockConfiguration.
private void restLockConfiguration(final PwmRequest pwmRequest) throws IOException, ServletException, PwmUnrecoverableException, ChaiUnavailableException {
final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
final PwmSession pwmSession = pwmRequest.getPwmSession();
if (PwmConstants.TRIAL_MODE) {
final String msg = LocaleHelper.getLocalizedMessage(Admin.Notice_TrialRestrictConfig, pwmRequest);
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_TRIAL_VIOLATION, msg);
final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
LOGGER.debug(pwmSession, errorInfo);
pwmRequest.outputJsonResult(restResultBean);
return;
}
if (!pwmSession.isAuthenticated()) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_AUTHENTICATION_REQUIRED, "You must be authenticated before restricting the configuration");
final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
LOGGER.debug(pwmSession, errorInfo);
pwmRequest.outputJsonResult(restResultBean);
return;
}
if (!pwmSession.getSessionManager().checkPermission(pwmApplication, Permission.PWMADMIN)) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_UNAUTHORIZED, "You must be authenticated with admin privileges before restricting the configuration");
final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
LOGGER.debug(pwmSession, errorInfo);
pwmRequest.outputJsonResult(restResultBean);
return;
}
try {
final StoredConfigurationImpl storedConfiguration = readCurrentConfiguration(pwmRequest);
if (!storedConfiguration.hasPassword()) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.CONFIG_FORMAT_ERROR, null, new String[] { "Please set a configuration password before restricting the configuration" });
final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
LOGGER.debug(pwmSession, errorInfo);
pwmRequest.outputJsonResult(restResultBean);
return;
}
storedConfiguration.writeConfigProperty(ConfigurationProperty.CONFIG_IS_EDITABLE, "false");
saveConfiguration(pwmRequest, storedConfiguration);
final ConfigManagerBean configManagerBean = pwmRequest.getPwmApplication().getSessionStateService().getBean(pwmRequest, ConfigManagerBean.class);
configManagerBean.setConfiguration(null);
} catch (PwmException e) {
final ErrorInformation errorInfo = e.getErrorInformation();
final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
LOGGER.debug(pwmSession, errorInfo.toDebugStr());
pwmRequest.outputJsonResult(restResultBean);
return;
} catch (Exception e) {
final ErrorInformation errorInfo = new ErrorInformation(PwmError.ERROR_UNKNOWN, e.getMessage());
final RestResultBean restResultBean = RestResultBean.fromError(errorInfo, pwmRequest);
LOGGER.debug(pwmSession, errorInfo.toDebugStr());
pwmRequest.outputJsonResult(restResultBean);
return;
}
final HashMap<String, String> resultData = new HashMap<>();
LOGGER.info(pwmSession, "Configuration Locked");
pwmRequest.outputJsonResult(RestResultBean.withData(resultData));
}
Aggregations