Examples with Workflow com.tremolosecurity.provisioning.core.Workflow used on opensource projects

Example 31 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method deleteUser.

public void deleteUser(User user, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        HttpCon con = this.createClient();
        try {
            if (principal.isPrimaryDomain()) {
                IPACall deleteUser = new IPACall();
                deleteUser.setId(0);
                deleteUser.setMethod("user_del");
                ArrayList<String> userArray = new ArrayList<String>();
                userArray.add(principal.getUid());
                deleteUser.getParams().add(userArray);
                HashMap<String, String> additionalParams = new HashMap<String, String>();
                deleteUser.getParams().add(additionalParams);
                IPAResponse resp = this.executeIPACall(deleteUser, con);
                this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Delete, approvalID, workflow, "uid", user.getUserID());
            } else {
                IPACall idOveride = new IPACall();
                idOveride.setId(0);
                idOveride.setMethod("idoverrideuser_del");
                List<String> params = new ArrayList<String>();
                params.add(this.trustViewName);
                params.add(principal.getUPN());
                idOveride.getParams().add(params);
                Map<String, Object> param2 = new HashMap<String, Object>();
                idOveride.getParams().add(param2);
                try {
                    IPAResponse resp = this.executeIPACall(idOveride, con);
                } catch (IPAException e) {
                    if (!e.getMessage().equalsIgnoreCase("no modifications to be performed")) {
                        throw e;
                    }
                }
            }
        } finally {
            if (con != null) {
                con.getBcm().shutdown();
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not run search", e);
    }
}

Example 32 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method addGroup.

@Override
public void addGroup(String name, Map<String, String> additionalAttributes, User user, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    IPACall groupSearch = new IPACall();
    groupSearch.setId(0);
    groupSearch.setMethod("group_add");
    ArrayList<String> groupArray = new ArrayList<String>();
    groupArray.add(name);
    groupSearch.getParams().add(groupArray);
    HashMap<String, String> additionalParams = new HashMap<String, String>();
    for (String key : additionalAttributes.keySet()) {
        additionalParams.put(key, additionalAttributes.get(key));
    }
    groupSearch.getParams().add(additionalParams);
    HttpCon con = null;
    try {
        con = this.createClient();
        IPAResponse resp = this.executeIPACall(groupSearch, con);
        this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "group-object", name);
    } catch (Exception e) {
        throw new ProvisioningException("Could not find groups", e);
    } finally {
        if (con != null) {
            con.getBcm().close();
        }
    }
}

Example 33 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method syncUser.

public void syncUser(User user, boolean addOnly, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    User fromIPA = null;
    HttpCon con = null;
    try {
        con = this.createClient();
        try {
            fromIPA = this.findUser(user.getUserID(), attributes, request);
        } catch (IPAException ipaException) {
            if (ipaException.getCode() != 4001) {
                throw ipaException;
            }
        }
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        if (fromIPA == null) {
            if (principal.isPrimaryDomain()) {
                this.createUser(user, attributes, request);
            }
        } else {
            if (!principal.isPrimaryDomain() && request.get("freeipa.exists") != null && ((Boolean) request.get("freeipa.exists")) == false) {
                this.createUser(user, attributes, request);
                return;
            }
            // check to see if the attributes from the incoming object match
            for (String attrName : attributes) {
                if (attrName.equalsIgnoreCase("uid")) {
                    continue;
                }
                Attribute attrNew = checkAttribute(principal, user, fromIPA, con, approvalID, workflow, attrName, addOnly);
            }
            if (!addOnly) {
                for (String attrToDel : fromIPA.getAttribs().keySet()) {
                    if (!attrToDel.equalsIgnoreCase("uid")) {
                        // These attributes were no longer on the user, delete them
                        this.deleteAttribute(principal, attrToDel, con, approvalID, workflow);
                        this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Delete, approvalID, workflow, attrToDel, "");
                    }
                }
            }
            // }
            // check groups
            HashSet<String> curGroups = new HashSet<String>();
            curGroups.addAll(fromIPA.getGroups());
            for (String group : user.getGroups()) {
                if (curGroups.contains(group)) {
                    curGroups.remove(group);
                } else {
                    this.addGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (!addOnly) {
                for (String group : curGroups) {
                    this.removeGroup(principal, group, con, approvalID, workflow);
                }
            }
            if (principal.isPrimaryDomain()) {
                if (this.createShadowAccount) {
                    String password = new BigInteger(130, random).toString(32);
                    password = PBKDF2.generateHash(password);
                    user.setPassword(password);
                    this.setUserPassword(user, request);
                }
            }
        }
    } catch (Exception e) {
        throw new ProvisioningException("Could not sync user", e);
    } finally {
        if (con != null) {
            con.getBcm().shutdown();
        }
    }
}

Example 34 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class UserPrincipal method setUserPassword.

public void setUserPassword(User user, Map<String, Object> request) throws ProvisioningException {
    UserPrincipal principal = new UserPrincipal(user.getUserID(), multiDomain, primaryDomain);
    if (!principal.isPrimaryDomain()) {
        throw new ProvisioningException("Can not set password on users outside of the primary domain");
    }
    if (user.getPassword() != null && !user.getPassword().isEmpty()) {
        int approvalID = 0;
        if (request.containsKey("APPROVAL_ID")) {
            approvalID = (Integer) request.get("APPROVAL_ID");
        }
        Workflow workflow = (Workflow) request.get("WORKFLOW");
        try {
            HttpCon con = this.createClient();
            try {
                IPACall setPassword = new IPACall();
                setPassword.setId(0);
                setPassword.setMethod("passwd");
                ArrayList<String> userArray = new ArrayList<String>();
                userArray.add(principal.getUid());
                setPassword.getParams().add(userArray);
                HashMap<String, String> additionalParams = new HashMap<String, String>();
                additionalParams.put("password", user.getPassword());
                setPassword.getParams().add(additionalParams);
                IPAResponse resp = this.executeIPACall(setPassword, con);
                con.getBcm().shutdown();
                // no we need to reset the password, this is a hack.  right way is to tell IPA the user doesn't need to reset their password
                HttpPost httppost = new HttpPost(this.url + "/ipa/session/change_password");
                httppost.addHeader("Referer", this.url + "/ipa/ui/");
                List<NameValuePair> formparams = new ArrayList<NameValuePair>();
                formparams.add(new BasicNameValuePair("user", principal.getUid()));
                formparams.add(new BasicNameValuePair("old_password", user.getPassword()));
                formparams.add(new BasicNameValuePair("new_password", user.getPassword()));
                UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
                httppost.setEntity(entity);
                con = this.createClient(principal.getUid(), user.getPassword());
                CloseableHttpClient http = con.getHttp();
                CloseableHttpResponse httpResp = http.execute(httppost);
                if (logger.isDebugEnabled()) {
                    logger.debug("Response of password reset : " + httpResp.getStatusLine().getStatusCode());
                }
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userPassword", "********************************");
            } finally {
                if (con != null) {
                    con.getBcm().shutdown();
                }
            }
        } catch (Exception e) {
            throw new ProvisioningException("Could not run search", e);
        }
    }
}

Example 35 with Workflow

use of com.tremolosecurity.provisioning.core.Workflow in project OpenUnison by TremoloSecurity.

the class CallWorkflow method doTask.

@Override
public boolean doTask(User user, Map<String, Object> request) throws ProvisioningException {
    Workflow toCall = super.getConfigManager().getProvisioningEngine().getWorkflowCopy(this.workflowName);
    if (toCall == null) {
        throw new ProvisioningException("workflow '" + this.workflowName + "' does not exist");
    }
    ArrayList<WorkflowTask> tasksFromWf = toCall.getTasks();
    for (WorkflowTask task : tasksFromWf) {
        task.reInit(getConfigManager(), getWorkflow());
    }
    super.setOnSuccess(tasksFromWf);
    super.markComplete(true);
    // this.getOnSuccess().addAll(toCall.getTasks());
    boolean doContinue = super.runSubTasks(super.getOnSuccess(), user, request);
    return doContinue;
}