use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.
the class UserPrincipal method addGroup.
@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
IPACall groupSearch = new IPACall();
groupSearch.setId(0);
groupSearch.setMethod("group_add");
ArrayList<String> groupArray = new ArrayList<String>();
groupArray.add(name);
groupSearch.getParams().add(groupArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
for (String key : additionalAttributes.keySet()) {
additionalParams.put(key, additionalAttributes.get(key));
}
groupSearch.getParams().add(additionalParams);
HttpCon con = null;
try {
con = this.createClient();
IPAResponse resp = this.executeIPACall(groupSearch, con);
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "group-object", name);
} catch (Exception e) {
throw new ProvisioningException("Could not find groups", e);
} finally {
if (con != null) {
con.getBcm().close();
}
}
}
use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.
the class UserPrincipal method syncUser.
public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
User fromIPA = null;
HttpCon con = null;
try {
con = this.createClient();
try {
fromIPA = this.findUser(user.getUserID(), attributes, request);
} catch (IPAException ipaException) {
if (ipaException.getCode() != 4001) {
throw ipaException;
}
}
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
if (fromIPA == null) {
if (principal.isPrimaryDomain()) {
this.createUser(user, attributes, request);
}
} else {
if (!principal.isPrimaryDomain() && request.get("freeipa.exists") != null && ((Boolean) request.get("freeipa.exists")) == false) {
this.createUser(user, attributes, request);
return;
}
// check to see if the attributes from the incoming object match
for (String attrName : attributes) {
if (attrName.equalsIgnoreCase("uid")) {
continue;
}
Attribute attrNew = checkAttribute(principal, user, fromIPA, con, approvalID, workflow, attrName, addOnly);
}
if (!addOnly) {
for (String attrToDel : fromIPA.getAttribs().keySet()) {
if (!attrToDel.equalsIgnoreCase("uid")) {
// These attributes were no longer on the user, delete them
this.deleteAttribute(principal, attrToDel, con, approvalID, workflow);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, attrToDel, "");
}
}
}
// }
// check groups
HashSet<String> curGroups = new HashSet<String>();
curGroups.addAll(fromIPA.getGroups());
for (String group : user.getGroups()) {
if (curGroups.contains(group)) {
curGroups.remove(group);
} else {
this.addGroup(principal, group, con, approvalID, workflow);
}
}
if (!addOnly) {
for (String group : curGroups) {
this.removeGroup(principal, group, con, approvalID, workflow);
}
}
if (principal.isPrimaryDomain()) {
if (this.createShadowAccount) {
String password = new BigInteger(130, random).toString(32);
password = PBKDF2.generateHash(password);
user.setPassword(password);
this.setUserPassword(user, request);
}
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not sync user", e);
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
}
use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.
the class UserPrincipal method setUserPassword.
public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
if (!principal.isPrimaryDomain()) {
throw new ProvisioningException("Can not set password on users outside of the primary domain");
}
if (user.getPassword() != null && !user.getPassword().isEmpty()) {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
HttpCon con = this.createClient();
try {
IPACall setPassword = new IPACall();
setPassword.setId(0);
setPassword.setMethod("passwd");
ArrayList<String> userArray = new ArrayList<String>();
userArray.add(principal.getUid());
setPassword.getParams().add(userArray);
HashMap<String, String> additionalParams = new HashMap<String, String>();
additionalParams.put("password", user.getPassword());
setPassword.getParams().add(additionalParams);
IPAResponse resp = this.executeIPACall(setPassword, con);
con.getBcm().shutdown();
// no we need to reset the password, this is a hack. right way is to tell IPA the user doesn't need to reset their password
HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
httppost.addHeader("Referer", this.url + "/ipa/ui/");
List<NameValuePair> formparams = new ArrayList<NameValuePair>();
formparams.add(new BasicNameValuePair("user", principal.getUid()));
formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
httppost.setEntity(entity);
con = this.createClient(principal.getUid(), user.getPassword());
CloseableHttpClient http = con.getHttp();
CloseableHttpResponse httpResp = http.execute(httppost);
if (logger.isDebugEnabled()) {
logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
}
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
} finally {
if (con != null) {
con.getBcm().shutdown();
}
}
} catch (Exception e) {
throw new ProvisioningException("Could not run search", e);
}
}
}
use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.
the class MailChimp method createUser.
@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
String listID = (String) request.get("listID");
JSONObject member = new JSONObject();
member.put("email_address", user.getUserID());
JSONObject merge = new JSONObject();
member.put("merge_fields", merge);
for (Attribute attr : user.getAttribs().values()) {
if (attributes.contains(attr.getName())) {
if (attr.getName().equals("tags")) {
JSONArray tagList = new JSONArray();
for (String tagName : attr.getValues()) {
tagList.add(tagName);
}
member.put("tags", tagList);
} else if (this.mergeAttributes.contains(attr.getName())) {
merge.put(attr.getName(), attr.getValues().get(0));
} else {
member.put(attr.getName(), attr.getValues().get(0));
}
}
}
String json = member.toJSONString();
StringBuffer sb = new StringBuffer();
try {
sb.append("https://").append(this.host).append("/3.0/lists/").append(URLEncoder.encode(listID, "UTF-8")).append("/members");
} catch (UnsupportedEncodingException e1) {
}
String url = sb.toString();
HttpCon con = null;
try {
con = this.createClient();
HttpPost post = new HttpPost(sb.toString());
post.addHeader("Authorization", "Basic " + new String(java.util.Base64.getEncoder().encode(("x:" + apiKey).getBytes("UTF-8"))));
StringEntity str = new StringEntity(json, ContentType.APPLICATION_JSON);
post.setEntity(str);
CloseableHttpResponse resp = con.getHttp().execute(post);
if (resp.getStatusLine().getStatusCode() != 200) {
logger.error("Could not create '" + user.getUserID() + "' - " + resp.getStatusLine().getStatusCode() + " - " + EntityUtils.toString(resp.getEntity()));
}
String jsonResp = EntityUtils.toString(resp.getEntity());
} catch (Exception e) {
logger.warn("Could not get connection", e);
} finally {
if (con != null) {
try {
con.getHttp().close();
} catch (IOException e) {
}
con.getBcm().close();
}
}
}
use of com.tremolosecurity.provisioning.core.ProvisioningException in project OpenUnison by TremoloSecurity.
the class MailChimp method deleteUser.
@Override
public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
CloseableHttpResponse resp = null;
String respJson = getUserJSON(user.getUserID(), request, resp);
if (respJson == null) {
return;
}
JSONObject root;
try {
root = (JSONObject) new JSONParser().parse(respJson);
} catch (ParseException | org.json.simple.parser.ParseException e) {
logger.warn("Could not parse json", e);
return;
}
JSONObject exactMatches = (JSONObject) root.get("exact_matches");
JSONArray members = (JSONArray) exactMatches.get("members");
if (members.size() == 0) {
logger.error("Could not find '" + user.getUserID() + "'");
return;
}
JSONObject member = (JSONObject) members.get(0);
String id = (String) member.get("id");
String listID = (String) request.get("listID");
StringBuffer sb = new StringBuffer();
try {
sb.append("https://").append(this.host).append("/3.0/lists/").append(URLEncoder.encode(listID, "UTF-8")).append("/members/").append(URLEncoder.encode(id, "UTF-8"));
} catch (UnsupportedEncodingException e1) {
}
String url = sb.toString();
HttpCon con = null;
try {
con = this.createClient();
HttpDelete post = new HttpDelete(sb.toString());
post.addHeader("Authorization", "Basic " + new String(java.util.Base64.getEncoder().encode(("x:" + apiKey).getBytes("UTF-8"))));
resp = con.getHttp().execute(post);
if (resp.getStatusLine().getStatusCode() != 204) {
logger.error("Could not create '" + user.getUserID() + "' - " + resp.getStatusLine().getStatusCode());
}
} catch (Exception e) {
logger.warn("Could not get connection", e);
} finally {
if (con != null) {
try {
con.getHttp().close();
} catch (IOException e) {
}
con.getBcm().close();
}
}
}
Aggregations