Search in sources :

Example 1 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class CrService method applyPwmPolicyToNmasChallenges.

private static ChallengeSet applyPwmPolicyToNmasChallenges(final ChallengeSet challengeSet, final Configuration configuration) throws PwmUnrecoverableException {
    final List<Challenge> newChallenges = new ArrayList<>();
    final boolean applyWordlist = configuration.readSettingAsBoolean(PwmSetting.EDIRECTORY_CR_APPLY_WORDLIST);
    final int questionsInAnswer = (int) configuration.readSettingAsLong(PwmSetting.EDIRECTORY_CR_MAX_QUESTION_CHARS_IN__ANSWER);
    for (final Challenge challenge : challengeSet.getChallenges()) {
        newChallenges.add(new ChaiChallenge(challenge.isRequired(), challenge.getChallengeText(), challenge.getMinLength(), challenge.getMaxLength(), challenge.isAdminDefined(), questionsInAnswer, applyWordlist));
    }
    try {
        return new ChaiChallengeSet(newChallenges, challengeSet.getMinRandomRequired(), challengeSet.getLocale(), challengeSet.getIdentifier());
    } catch (ChaiValidationException e) {
        final String errorMsg = "unexpected error applying policies to nmas challengeset: " + e.getMessage();
        LOGGER.error(errorMsg, e);
        throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg));
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ArrayList(java.util.ArrayList) ChaiChallengeSet(com.novell.ldapchai.cr.ChaiChallengeSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) Challenge(com.novell.ldapchai.cr.Challenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge) ChaiChallenge(com.novell.ldapchai.cr.ChaiChallenge)

Example 2 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class ForgottenPasswordUtil method verifyRequirementsForAuthMethod.

static void verifyRequirementsForAuthMethod(final PwmRequest pwmRequest, final ForgottenPasswordBean forgottenPasswordBean, final IdentityVerificationMethod recoveryVerificationMethods) throws PwmUnrecoverableException {
    switch(recoveryVerificationMethods) {
        case TOKEN:
            {
                ForgottenPasswordUtil.figureAvailableTokenDestinations(pwmRequest, forgottenPasswordBean);
            }
            break;
        case ATTRIBUTES:
            {
                final List<FormConfiguration> formConfiguration = forgottenPasswordBean.getAttributeForm();
                if (formConfiguration == null || formConfiguration.isEmpty()) {
                    final String errorMsg = "user is required to complete LDAP attribute check, yet there are no LDAP attribute form items configured";
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INVALID_CONFIG, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            break;
        case OTP:
            {
                final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                if (userInfo.getOtpUserRecord() == null) {
                    final String errorMsg = "could not find a one time password configuration for " + userInfo.getUserIdentity();
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_OTP_CONFIGURATION, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            break;
        case CHALLENGE_RESPONSES:
            {
                final UserInfo userInfo = ForgottenPasswordUtil.readUserInfo(pwmRequest, forgottenPasswordBean);
                final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
                if (responseSet == null) {
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES);
                    throw new PwmUnrecoverableException(errorInformation);
                }
                final ChallengeSet challengeSet = userInfo.getChallengeProfile().getChallengeSet();
                try {
                    if (responseSet.meetsChallengeSetRequirements(challengeSet)) {
                        if (challengeSet.getRequiredChallenges().isEmpty() && (challengeSet.getMinRandomRequired() <= 0)) {
                            final String errorMsg = "configured challenge set policy for " + userInfo.getUserIdentity().toString() + " is empty, user not qualified to recover password";
                            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_NO_CHALLENGES, errorMsg);
                            throw new PwmUnrecoverableException(errorInformation);
                        }
                    }
                } catch (ChaiValidationException e) {
                    final String errorMsg = "stored response set for user '" + userInfo.getUserIdentity() + "' do not meet current challenge set requirements: " + e.getLocalizedMessage();
                    final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_RESPONSES_NORESPONSES, errorMsg);
                    throw new PwmUnrecoverableException(errorInformation);
                }
            }
            break;
        default:
            // continue, assume no data requirements for method.
            break;
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChallengeSet(com.novell.ldapchai.cr.ChallengeSet) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ResponseSet(com.novell.ldapchai.cr.ResponseSet) List(java.util.List) ArrayList(java.util.ArrayList) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) UserInfo(password.pwm.ldap.UserInfo)

Example 3 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class ForgottenPasswordServlet method processCheckResponses.

@ActionHandler(action = "checkResponses")
private ProcessStatus processCheckResponses(final PwmRequest pwmRequest) throws ChaiUnavailableException, IOException, ServletException, PwmUnrecoverableException {
    final ForgottenPasswordBean forgottenPasswordBean = forgottenPasswordBean(pwmRequest);
    if (forgottenPasswordBean.getUserIdentity() == null) {
        return ProcessStatus.Continue;
    }
    final UserIdentity userIdentity = forgottenPasswordBean.getUserIdentity();
    final ResponseSet responseSet = ForgottenPasswordUtil.readResponseSet(pwmRequest, forgottenPasswordBean);
    if (responseSet == null) {
        final String errorMsg = "attempt to check responses, but responses are not loaded into session bean";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        // read the supplied responses from the user
        final Map<Challenge, String> crMap = ForgottenPasswordUtil.readResponsesFromHttpRequest(pwmRequest, forgottenPasswordBean.getPresentableChallengeSet());
        final boolean responsesPassed;
        try {
            responsesPassed = responseSet.test(crMap);
        } catch (ChaiUnavailableException e) {
            if (e.getCause() instanceof PwmUnrecoverableException) {
                throw (PwmUnrecoverableException) e.getCause();
            }
            throw e;
        }
        // special case for nmas, clear out existing challenges and input fields.
        if (!responsesPassed && responseSet instanceof NMASCrOperator.NMASCRResponseSet) {
            forgottenPasswordBean.setPresentableChallengeSet(responseSet.getPresentableChallengeSet());
        }
        if (responsesPassed) {
            LOGGER.debug(pwmRequest, "user '" + userIdentity + "' has supplied correct responses");
        } else {
            final String errorMsg = "incorrect response to one or more challenges";
            final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_INCORRECT_RESPONSE, errorMsg);
            handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
            return ProcessStatus.Continue;
        }
    } catch (ChaiValidationException e) {
        LOGGER.debug(pwmRequest, "chai validation error checking user responses: " + e.getMessage());
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.forChaiError(e.getErrorCode()));
        handleUserVerificationBadAttempt(pwmRequest, forgottenPasswordBean, errorInformation);
        return ProcessStatus.Continue;
    }
    forgottenPasswordBean.getProgress().getSatisfiedMethods().add(IdentityVerificationMethod.CHALLENGE_RESPONSES);
    return ProcessStatus.Continue;
}
Also used : ChaiUnavailableException(com.novell.ldapchai.exception.ChaiUnavailableException) UserIdentity(password.pwm.bean.UserIdentity) ResponseSet(com.novell.ldapchai.cr.ResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) Challenge(com.novell.ldapchai.cr.Challenge) ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) NMASCrOperator(password.pwm.util.operations.cr.NMASCrOperator) ForgottenPasswordBean(password.pwm.http.bean.ForgottenPasswordBean)

Example 4 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class SetupResponsesServlet method nextStep.

@Override
protected void nextStep(final PwmRequest pwmRequest) throws PwmUnrecoverableException, IOException, ChaiUnavailableException, ServletException {
    final SetupResponsesBean setupResponsesBean = getSetupResponseBean(pwmRequest);
    initializeBean(pwmRequest, setupResponsesBean);
    pwmRequest.setAttribute(PwmRequestAttribute.ModuleBean, setupResponsesBean);
    pwmRequest.setAttribute(PwmRequestAttribute.ModuleBean_String, pwmRequest.getPwmApplication().getSecureService().encryptObjectToString(setupResponsesBean));
    pwmRequest.setAttribute(PwmRequestAttribute.SetupResponses_ResponseInfo, pwmRequest.getPwmSession().getUserInfo().getResponseInfoBean());
    if (setupResponsesBean.isHasExistingResponses() && !pwmRequest.getPwmSession().getUserInfo().isRequiresResponseConfig()) {
        pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES_EXISTING);
        return;
    }
    if (!setupResponsesBean.isResponsesSatisfied()) {
        pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES);
        return;
    }
    if (!setupResponsesBean.isHelpdeskResponsesSatisfied()) {
        if (setupResponsesBean.getHelpdeskResponseData().getChallengeSet() == null || setupResponsesBean.getHelpdeskResponseData().getChallengeSet().getChallenges().isEmpty()) {
            setupResponsesBean.setHelpdeskResponsesSatisfied(true);
        } else {
            pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES_HELPDESK);
            return;
        }
    }
    if (pwmRequest.getConfig().readSettingAsBoolean(PwmSetting.CHALLENGE_SHOW_CONFIRMATION)) {
        if (!setupResponsesBean.isConfirmed()) {
            pwmRequest.forwardToJsp(JspUrl.SETUP_RESPONSES_CONFIRM);
            return;
        }
    }
    try {
        // everything good, so lets save responses.
        final ResponseInfoBean responses = generateResponseInfoBean(pwmRequest, setupResponsesBean.getResponseData().getChallengeSet(), setupResponsesBean.getResponseData().getResponseMap(), setupResponsesBean.getHelpdeskResponseData().getResponseMap());
        saveResponses(pwmRequest, responses);
        pwmRequest.getPwmApplication().getSessionStateService().clearBean(pwmRequest, SetupResponsesBean.class);
        pwmRequest.getPwmResponse().forwardToSuccessPage(Message.Success_SetupResponse);
    } catch (PwmOperationalException e) {
        LOGGER.error(pwmRequest.getSessionLabel(), e.getErrorInformation());
        pwmRequest.respondWithError(e.getErrorInformation());
    } catch (ChaiValidationException e) {
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_RANDOM_RESPONSE, e.getMessage());
        LOGGER.error(pwmRequest.getSessionLabel(), errorInformation);
        pwmRequest.respondWithError(errorInformation);
    }
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) SetupResponsesBean(password.pwm.http.bean.SetupResponsesBean) ResponseInfoBean(password.pwm.bean.ResponseInfoBean) PwmOperationalException(password.pwm.error.PwmOperationalException)

Example 5 with ChaiValidationException

use of com.novell.ldapchai.exception.ChaiValidationException in project pwm by pwm-project.

the class DbCrOperator method readResponseSet.

public ResponseSet readResponseSet(final ChaiUser theUser, final UserIdentity userIdentity, final String userGUID) throws PwmUnrecoverableException {
    if (userGUID == null || userGUID.length() < 1) {
        final String errorMsg = "user " + theUser.getEntryDN() + " does not have a guid, unable to search for responses in remote database";
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_MISSING_GUID, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    try {
        final DatabaseAccessor databaseAccessor = pwmApplication.getDatabaseService().getAccessor();
        final String responseStringBlob = databaseAccessor.get(DatabaseTable.PWM_RESPONSES, userGUID);
        if (responseStringBlob != null && responseStringBlob.length() > 0) {
            final ResponseSet userResponseSet = ChaiResponseSet.parseChaiResponseSetXML(responseStringBlob, theUser);
            LOGGER.debug("found responses for " + theUser.getEntryDN() + " in remote database: " + userResponseSet.toString());
            return userResponseSet;
        } else {
            LOGGER.trace("user guid for " + theUser.getEntryDN() + " not found in remote database (key=" + userGUID + ")");
        }
    } catch (ChaiValidationException e) {
        final String errorMsg = "unexpected error reading responses for " + theUser.getEntryDN() + " from remote database: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(PwmError.ERROR_UNKNOWN, errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    } catch (PwmOperationalException e) {
        final String errorMsg = "unexpected error reading responses for " + theUser.getEntryDN() + " from remote database: " + e.getMessage();
        final ErrorInformation errorInformation = new ErrorInformation(e.getErrorInformation().getError(), errorMsg);
        throw new PwmUnrecoverableException(errorInformation);
    }
    return null;
}
Also used : ErrorInformation(password.pwm.error.ErrorInformation) ChaiValidationException(com.novell.ldapchai.exception.ChaiValidationException) ChaiResponseSet(com.novell.ldapchai.cr.ChaiResponseSet) ResponseSet(com.novell.ldapchai.cr.ResponseSet) PwmUnrecoverableException(password.pwm.error.PwmUnrecoverableException) DatabaseAccessor(password.pwm.util.db.DatabaseAccessor) PwmOperationalException(password.pwm.error.PwmOperationalException)

Aggregations

ChaiValidationException (com.novell.ldapchai.exception.ChaiValidationException)11 ErrorInformation (password.pwm.error.ErrorInformation)8 PwmUnrecoverableException (password.pwm.error.PwmUnrecoverableException)5 Challenge (com.novell.ldapchai.cr.Challenge)4 ResponseSet (com.novell.ldapchai.cr.ResponseSet)4 ChaiChallenge (com.novell.ldapchai.cr.ChaiChallenge)3 ChaiOperationException (com.novell.ldapchai.exception.ChaiOperationException)3 ChaiUnavailableException (com.novell.ldapchai.exception.ChaiUnavailableException)3 ArrayList (java.util.ArrayList)3 PwmOperationalException (password.pwm.error.PwmOperationalException)3 ChaiUser (com.novell.ldapchai.ChaiUser)2 ChaiChallengeSet (com.novell.ldapchai.cr.ChaiChallengeSet)2 ChaiResponseSet (com.novell.ldapchai.cr.ChaiResponseSet)2 ChallengeSet (com.novell.ldapchai.cr.ChallengeSet)2 ChaiProvider (com.novell.ldapchai.provider.ChaiProvider)2 ResponseInfoBean (password.pwm.bean.ResponseInfoBean)2 ChaiEntry (com.novell.ldapchai.ChaiEntry)1 Answer (com.novell.ldapchai.cr.Answer)1 NmasResponseSet (com.novell.ldapchai.impl.edir.NmasResponseSet)1 ChaiConfiguration (com.novell.ldapchai.provider.ChaiConfiguration)1