use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class CrService method applyPwmPolicyToNmasChallenges.
private static ChallengeSet applyPwmPolicyToNmasChallenges(final ChallengeSet challengeSet, final Configuration configuration) throws PwmUnrecoverableException {
final List<Challenge> newChallenges = new ArrayList<>();
final boolean applyWordlist = configuration.readSettingAsBoolean(PwmSetting.EDIRECTORY_CR_APPLY_WORDLIST);
final int questionsInAnswer = (int) configuration.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MAX_QUESTION_CHARS_IN__ANSWER);
for (final Challenge challenge : challengeSet.getChallenges()) {
newChallenges.add(new ChaiChallenge(challenge.isRequired(), challenge.getChallengeText(), challenge.getMinLength(), challenge.getMaxLength(), challenge.isAdminDefined(), questionsInAnswer, applyWordlist));
}
try {
return new ChaiChallengeSet(newChallenges, challengeSet.getMinRandomRequired(), challengeSet.getLocale(), challengeSet.getIdentifier());
} catch (ChaiValidationException e) {
final String errorMsg = "unexpected error applying policies to nmas challengeset: " + e.getMessage();
LOGGER.error(errorMsg, e);
throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
}
}
use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class ForgottenPasswordUtil method verifyRequirementsForAuthMethod.
static void verifyRequirementsForAuthMethod(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final IdentityVerificationMethod recoveryVerificationMethods) throws PwmUnrecoverableException {
switch(recoveryVerificationMethods) {
case TOKEN:
{
ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
}
break;
case ATTRIBUTES:
{
final List<FormConfiguration> formConfiguration = forgottenPasswordBean.getAttributeForm();
if (formConfiguration == null || formConfiguration.isEmpty()) {
final String errorMsg = "user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case OTP:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
if (userInfo.getOtpUserRecord() == null) {
final String errorMsg = "could not find a one time password configuration for " + userInfo.getUserIdentity();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_OTP_CONFIGURATION, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
case CHALLENGE_RESPONSES:
{
final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES);
throw new PwmUnrecoverableException(errorInformation);
}
final ChallengeSet challengeSet = userInfo.getChallengeProfile().getChallengeSet();
try {
if (responseSet.meetsChallengeSetRequirements(challengeSet)) {
if (challengeSet.getRequiredChallenges().isEmpty() && (challengeSet.getMinRandomRequired() <= 0)) {
final String errorMsg = "configured challenge set policy for " + userInfo.getUserIdentity().toString() + " is empty, user not qualified to recover password";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
} catch (ChaiValidationException e) {
final String errorMsg = "stored response set for user '" + userInfo.getUserIdentity() + "' do not meet current challenge set requirements: " + e.getLocalizedMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
}
break;
default:
// continue, assume no data requirements for method.
break;
}
}
use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class ForgottenPasswordServlet method processCheckResponses.
@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
if (forgottenPasswordBean.getUserIdentity() == null) {
return ProcessStatus.Continue;
}
final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
if (responseSet == null) {
final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
// read the supplied responses from the user
final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
final boolean responsesPassed;
try {
responsesPassed = responseSet.test(crMap);
} catch (ChaiUnavailableException e) {
if (e.getCause() instanceof PwmUnrecoverableException) {
throw (PwmUnrecoverableException) e.getCause();
}
throw e;
}
// special case for nmas, clear out existing challenges and input fields.
if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
}
if (responsesPassed) {
LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
} else {
final String errorMsg = "incorrect response to one or more challenges";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
} catch (ChaiValidationException e) {
LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
return ProcessStatus.Continue;
}
forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
return ProcessStatus.Continue;
}
use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class SetupResponsesServlet method nextStep.
@Override
protected void nextStep(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ChaiUnavailableException, ServletException {
final SetupResponsesBean setupResponsesBean = getSetupResponseBean(pwmRequest);
initializeBean(pwmRequest, setupResponsesBean);
pwmRequest.setAttribute(PwmRequestAttribute.ModuleBean, setupResponsesBean);
pwmRequest.setAttribute(PwmRequestAttribute.ModuleBean_String, pwmRequest.getPwmApplication().getSecureService().encryptObjectToString(setupResponsesBean));
pwmRequest.setAttribute(PwmRequestAttribute.SetupResponses_ResponseInfo, pwmRequest.getPwmSession().getUserInfo().getResponseInfoBean());
if (setupResponsesBean.isHasExistingResponses() && !pwmRequest.getPwmSession().getUserInfo().isRequiresResponseConfig()) {
pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES_EXISTING);
return;
}
if (!setupResponsesBean.isResponsesSatisfied()) {
pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES);
return;
}
if (!setupResponsesBean.isHelpdeskResponsesSatisfied()) {
if (setupResponsesBean.getHelpdeskResponseData().getChallengeSet() == null || setupResponsesBean.getHelpdeskResponseData().getChallengeSet().getChallenges().isEmpty()) {
setupResponsesBean.setHelpdeskResponsesSatisfied(true);
} else {
pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES_HELPDESK);
return;
}
}
if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.CHALLENGE_SHOW_CONFIRMATION)) {
if (!setupResponsesBean.isConfirmed()) {
pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES_CONFIRM);
return;
}
}
try {
// everything good, so lets save responses.
final ResponseInfoBean responses = generateResponseInfoBean(pwmRequest, setupResponsesBean.getResponseData().getChallengeSet(), setupResponsesBean.getResponseData().getResponseMap(), setupResponsesBean.getHelpdeskResponseData().getResponseMap());
saveResponses(pwmRequest, responses);
pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, SetupResponsesBean.class);
pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_SetupResponse);
} catch (PwmOperationalException e) {
LOGGER.error(pwmRequest.getSessionLabel(), e.getErrorInformation());
pwmRequest.respondWithError(e.getErrorInformation());
} catch (ChaiValidationException e) {
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, e.getMessage());
LOGGER.error(pwmRequest.getSessionLabel(), errorInformation);
pwmRequest.respondWithError(errorInformation);
}
}
use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.
the class DbCrOperator method readResponseSet.
public ResponseSet readResponseSet(final ChaiUser theUser, final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
if (userGUID == null || userGUID.length() < 1) {
final String errorMsg = "user " + theUser.getEntryDN() + " does not have a guid, unable to search for responses in remote database";
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_GUID, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
try {
final DatabaseAccessor databaseAccessor = pwmApplication.getDatabaseService().getAccessor();
final String responseStringBlob = databaseAccessor.get(DatabaseTable.PWM_RESPONSES, userGUID);
if (responseStringBlob != null && responseStringBlob.length() > 0) {
final ResponseSet userResponseSet = ChaiResponseSet.parseChaiResponseSetXML(responseStringBlob, theUser);
LOGGER.debug("found responses for " + theUser.getEntryDN() + " in remote database: " + userResponseSet.toString());
return userResponseSet;
} else {
LOGGER.trace("user guid for " + theUser.getEntryDN() + " not found in remote database (key=" + userGUID + ")");
}
} catch (ChaiValidationException e) {
final String errorMsg = "unexpected error reading responses for " + theUser.getEntryDN() + " from remote database: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
throw new PwmUnrecoverableException(errorInformation);
} catch (PwmOperationalException e) {
final String errorMsg = "unexpected error reading responses for " + theUser.getEntryDN() + " from remote database: " + e.getMessage();
final ErrorInformation errorInformation = new ErrorInformation(e.getErrorInformation().getError(), errorMsg);
throw new PwmUnrecoverableException(errorInformation);
}
return null;
}
Aggregations