use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.
the class AttributeChange method createInternalUser.
private void createInternalUser(User user, Set<String> attributes, Map<String, Object> request, int approvalID, Workflow workflow) throws ProvisioningException {
JSONObject root = new JSONObject();
if (user.getAttribs().get("accountEnabled") != null) {
root.put("accountEnabled", user.getAttribs().get("accountEnabled").getValues().get(0).equalsIgnoreCase("true"));
}
root.put("displayName", user.getAttribs().get("displayName").getValues().get(0));
if (user.getAttribs().get("onPremisesImmutableId") != null) {
root.put("onPremisesImmutableId", user.getAttribs().get("onPremisesImmutableId").getValues().get(0));
}
String mail;
if (user.getAttribs().get("mail") != null) {
mail = user.getAttribs().get("mail").getValues().get(0);
} else {
mail = user.getAttribs().get("userPrincipalName").getValues().get(0);
}
String mailNickName = mail.substring(0, mail.indexOf('@'));
root.put("mailNickname", mailNickName);
root.put("userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
JSONObject passwordPolicy = new JSONObject();
if (user.getPassword() != null && !user.getPassword().isEmpty()) {
passwordPolicy.put("password", user.getPassword());
} else {
passwordPolicy.put("password", new GenPasswd(50, true, true, true, true).getPassword());
}
passwordPolicy.put("forceChangePasswordNextSignIn", request.get("tremolo.azuread.create.forceChangePasswordNextSignIn") != null && request.get("tremolo.azuread.create.forceChangePasswordNextSignIn").equals("true"));
passwordPolicy.put("forceChangePasswordNextSignInWithMfa", request.get("tremolo.azuread.create.forceChangePasswordNextSignInWithMfa") != null && request.get("tremolo.azuread.create.forceChangePasswordNextSignInWithMfa").equals("true"));
root.put("passwordProfile", passwordPolicy);
HttpCon con = null;
try {
con = this.createClient();
String json = this.callWSPostJsonReesponseExpected(con, "/users", root.toString());
JSONObject resp = (JSONObject) new JSONParser().parse(json);
user.getAttribs().put("id", new Attribute("id", (String) resp.get("id")));
this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "password", "*********8");
if (user.getAttribs().get("accountEnabled") != null) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "accountEnabled", user.getAttribs().get("accountEnabled").getValues().get(0));
}
if (user.getAttribs().get("onPremisesImmutableId") != null) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "onPremisesImmutableId", user.getAttribs().get("onPremisesImmutableId").getValues().get(0));
}
User fromAzure = new User(user.getUserID());
fromAzure.getAttribs().put("id", new Attribute("id", user.getAttribs().get("id").getValues().get(0)));
fromAzure.getAttribs().put("userPrincipalName", new Attribute("displayName", user.getAttribs().get("userPrincipalName").getValues().get(0)));
this.synUser(user, true, attributes, fromAzure, approvalID, workflow);
} catch (Exception e) {
throw new ProvisioningException("Could not create user", e);
} finally {
try {
con.getHttp().close();
} catch (IOException e) {
}
con.getBcm().close();
}
}
use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.
the class GitlabUserProvider method createUser.
@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
org.gitlab4j.api.models.User newUser = new org.gitlab4j.api.models.User();
newUser.setUsername(user.getUserID());
for (String attrName : attributes) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
try {
this.beanUtils.setProperty(newUser, attrName, attr.getValues().get(0));
} catch (IllegalAccessException | InvocationTargetException e) {
throw new ProvisioningException("Could not set " + attrName + " for " + user.getUserID(), e);
}
}
}
try {
this.userApi.createUser(newUser, new GenPasswd(50).getPassword(), false);
} catch (GitLabApiException e) {
throw new ProvisioningException("Could not create user", e);
}
newUser = this.findUserByName(user.getUserID());
int numTries = 0;
while (newUser == null) {
if (numTries > 10) {
throw new ProvisioningException("User " + user.getUserID() + " never created");
}
try {
Thread.sleep(1000);
} catch (InterruptedException e) {
}
newUser = this.findUserByName(user.getUserID());
numTries++;
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "id", newUser.getId().toString());
for (String attrName : attributes) {
Attribute attr = user.getAttribs().get(attrName);
if (attr != null) {
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, attr.getValues().get(0));
}
}
List<GitlabFedIdentity> ids = (List<GitlabFedIdentity>) request.get(GitlabUserProvider.GITLAB_IDENTITIES);
if (ids != null) {
ArrayList<Header> defheaders = new ArrayList<Header>();
defheaders.add(new BasicHeader("Private-Token", this.token));
BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).build();
CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultHeaders(defheaders).setDefaultRequestConfig(rc).build();
try {
for (GitlabFedIdentity id : ids) {
HttpPut getmembers = new HttpPut(new StringBuilder().append(this.url).append("/api/v4/users/").append(newUser.getId()).append("?provider=").append(id.getProvider()).append("&extern_uid=").append(URLEncoder.encode(user.getUserID(), "UTF-8")).toString());
CloseableHttpResponse resp = http.execute(getmembers);
if (resp.getStatusLine().getStatusCode() != 200) {
throw new IOException("Invalid response " + resp.getStatusLine().getStatusCode());
}
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "identity-provider", id.getProvider());
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "identity-externid", id.getExternalUid());
}
} catch (IOException e) {
throw new ProvisioningException("Could not set identity", e);
} finally {
try {
http.close();
} catch (IOException e) {
}
bhcm.close();
}
}
HashMap<String, Integer> groupmap = (HashMap<String, Integer>) request.get(GitlabUserProvider.GITLAB_GROUP_ENTITLEMENTS);
if (groupmap == null) {
groupmap = new HashMap<String, Integer>();
}
for (String group : user.getGroups()) {
try {
Group groupObj = this.findGroupByName(group);
if (groupObj == null) {
logger.warn("Group " + group + " does not exist");
} else {
int accessLevel = AccessLevel.DEVELOPER.ordinal();
if (groupmap.containsKey(group)) {
accessLevel = groupmap.get(group);
}
this.groupApi.addMember(groupObj.getId(), newUser.getId(), accessLevel);
this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
}
} catch (GitLabApiException e) {
throw new ProvisioningException("Could not find group " + group, e);
}
}
}
use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.
the class SMSAuth method doGet.
@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
HttpSession session = ((HttpServletRequest) request).getSession();
HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
String from = authParams.get("fromNumber").getValues().get(0);
String toAttrName = authParams.get("toAttrName").getValues().get(0);
String redirectForm = authParams.get("redirectForm").getValues().get(0);
String message = authParams.get("message").getValues().get(0);
// Key Options
if (authParams.get("keyLength") == null) {
throw new ServletException("Key Length not set");
}
int keyLen = Integer.parseInt(authParams.get("keyLength").getValues().get(0));
boolean useLowerCase = authParams.get("useLowerCase") != null && authParams.get("useLowerCase").getValues().get(0).equalsIgnoreCase("true");
boolean useUpperCase = authParams.get("useUpperCase") != null && authParams.get("useUpperCase").getValues().get(0).equalsIgnoreCase("true");
boolean useNumbers = authParams.get("useNumbers") != null && authParams.get("useNumbers").getValues().get(0).equalsIgnoreCase("true");
// authParams.get("useSpecial") != null && authParams.get("useSpecial").getValues().get(0).equalsIgnoreCase("true");
boolean useSpecial = false;
if (!(useLowerCase || useUpperCase || useNumbers || useSpecial)) {
throw new ServletException("At least one character type must be chosen");
}
UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
String urlChain = holder.getUrl().getAuthChain();
AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
AuthMechType amt = act.getAuthMech().get(as.getId());
if (session.getAttribute("TREMOLO_SMS_KEY") == null) {
GenPasswd gp = new GenPasswd(keyLen, useUpperCase, useLowerCase, useNumbers, useSpecial);
AuthInfo user = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
String to = user.getAttribs().get(toAttrName).getValues().get(0);
String key = gp.getPassword();
message = message.replaceAll("[$][{]key[}]", key);
session.setAttribute("TREMOLO_SMS_KEY", key);
sendSMS(authParams, from, message, to);
}
response.sendRedirect(redirectForm);
}
use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.
the class SendMessageThread method sendPasswordReset.
private void sendPasswordReset(org.hibernate.Session con, String uid, String emailAddress) throws SQLException, Exception {
GenPasswd gp = new GenPasswd(30);
String key = gp.getPassword();
DateTime now = new DateTime();
PasswordResetRequest req = new PasswordResetRequest();
req.setEmail(uid);
req.setResetKey(key);
req.setTs(new Timestamp(now.getMillis()));
con.beginTransaction();
con.save(req);
con.getTransaction().commit();
this.sendEmail(emailAddress, key);
}
use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.
the class ADProvider method doCreate.
private void doCreate(User user, String dn, LDAPAttributeSet attrs, LDAPConnection con, Map<String, Object> request) throws ProvisioningException {
int approvalID = 0;
if (request.containsKey("APPROVAL_ID")) {
approvalID = (Integer) request.get("APPROVAL_ID");
}
Workflow workflow = (Workflow) request.get("WORKFLOW");
try {
if (logger.isDebugEnabled()) {
logger.debug("To Add : '" + attrs + "'");
}
con.add(new LDAPEntry(dn, attrs));
this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "dn", dn);
for (Object obj : attrs) {
LDAPAttribute attr = (LDAPAttribute) obj;
String[] vals = attr.getStringValueArray();
for (String val : vals) {
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attr.getName(), val);
}
}
} catch (LDAPException e) {
StringBuffer b = new StringBuffer();
b.append("Could not add user ").append(user.getUserID());
throw new ProvisioningException(b.toString(), e);
}
if (this.createShadowAccounts) {
StringBuffer password = new StringBuffer();
GenPasswd gp = new GenPasswd(15);
password.append('"').append(gp.getPassword()).append('"');
byte[] unicodePwd;
try {
unicodePwd = password.toString().getBytes("UTF-16LE");
} catch (UnsupportedEncodingException e) {
throw new ProvisioningException("Could not generate password", e);
}
LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("unicodePwd", unicodePwd));
try {
con.modify(dn, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "unicodePwd", "*******");
} catch (LDAPException e) {
throw new ProvisioningException("Could not set password", e);
}
try {
LDAPSearchResults res = con.search(dn, 0, "(objectClass=*)", new String[] { "userAccountControl" }, false);
res.hasMore();
LDAPEntry entry = res.next();
LDAPAttribute attr = entry.getAttribute("userAccountControl");
int val = Integer.parseInt(attr.getStringValue());
if ((val & 2) == 2) {
val -= 2;
}
if ((val & 65536) != 65536) {
val += 65536;
}
mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("userAccountControl", Integer.toString(val)));
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userAccountControl", Integer.toString(val));
con.modify(dn, mod);
} catch (LDAPException e) {
throw new ProvisioningException("Could not set userAccountControl", e);
}
}
try {
Iterator<String> groupNames = user.getGroups().iterator();
while (groupNames.hasNext()) {
String groupName = groupNames.next();
StringBuffer b = new StringBuffer();
b.append("(cn=").append(groupName).append(")");
LDAPSearchResults res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
if (!res.hasMore()) {
b.setLength(0);
b.append("Group ").append(groupName).append(" does not exist");
throw new ProvisioningException(b.toString());
}
String groupDN = res.next().getDN();
try {
while (res.hasMore()) res.next();
} catch (LDAPReferralException e) {
}
LDAPAttribute attr = new LDAPAttribute("member", dn);
LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr);
con.modify(groupDN, mod);
this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
}
} catch (LDAPException e) {
StringBuffer b = new StringBuffer();
b.append("Could not provision groups for user ").append(user.getUserID());
throw new ProvisioningException(b.toString(), e);
}
}
Aggregations