Search in sources :

Example 1 with GenPasswd

use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.

the class AttributeChange method createInternalUser.

private void createInternalUser(User user, Set<String> attributes, Map<String, Object> request, int approvalID, Workflow workflow) throws ProvisioningException {
    JSONObject root = new JSONObject();
    if (user.getAttribs().get("accountEnabled") != null) {
        root.put("accountEnabled", user.getAttribs().get("accountEnabled").getValues().get(0).equalsIgnoreCase("true"));
    }
    root.put("displayName", user.getAttribs().get("displayName").getValues().get(0));
    if (user.getAttribs().get("onPremisesImmutableId") != null) {
        root.put("onPremisesImmutableId", user.getAttribs().get("onPremisesImmutableId").getValues().get(0));
    }
    String mail;
    if (user.getAttribs().get("mail") != null) {
        mail = user.getAttribs().get("mail").getValues().get(0);
    } else {
        mail = user.getAttribs().get("userPrincipalName").getValues().get(0);
    }
    String mailNickName = mail.substring(0, mail.indexOf('@'));
    root.put("mailNickname", mailNickName);
    root.put("userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
    JSONObject passwordPolicy = new JSONObject();
    if (user.getPassword() != null && !user.getPassword().isEmpty()) {
        passwordPolicy.put("password", user.getPassword());
    } else {
        passwordPolicy.put("password", new GenPasswd(50, true, true, true, true).getPassword());
    }
    passwordPolicy.put("forceChangePasswordNextSignIn", request.get("tremolo.azuread.create.forceChangePasswordNextSignIn") != null && request.get("tremolo.azuread.create.forceChangePasswordNextSignIn").equals("true"));
    passwordPolicy.put("forceChangePasswordNextSignInWithMfa", request.get("tremolo.azuread.create.forceChangePasswordNextSignInWithMfa") != null && request.get("tremolo.azuread.create.forceChangePasswordNextSignInWithMfa").equals("true"));
    root.put("passwordProfile", passwordPolicy);
    HttpCon con = null;
    try {
        con = this.createClient();
        String json = this.callWSPostJsonReesponseExpected(con, "/users", root.toString());
        JSONObject resp = (JSONObject) new JSONParser().parse(json);
        user.getAttribs().put("id", new Attribute("id", (String) resp.get("id")));
        this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
        this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "userPrincipalName", user.getAttribs().get("userPrincipalName").getValues().get(0));
        this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "password", "*********8");
        if (user.getAttribs().get("accountEnabled") != null) {
            this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "accountEnabled", user.getAttribs().get("accountEnabled").getValues().get(0));
        }
        if (user.getAttribs().get("onPremisesImmutableId") != null) {
            this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "onPremisesImmutableId", user.getAttribs().get("onPremisesImmutableId").getValues().get(0));
        }
        User fromAzure = new User(user.getUserID());
        fromAzure.getAttribs().put("id", new Attribute("id", user.getAttribs().get("id").getValues().get(0)));
        fromAzure.getAttribs().put("userPrincipalName", new Attribute("displayName", user.getAttribs().get("userPrincipalName").getValues().get(0)));
        this.synUser(user, true, attributes, fromAzure, approvalID, workflow);
    } catch (Exception e) {
        throw new ProvisioningException("Could not create user", e);
    } finally {
        try {
            con.getHttp().close();
        } catch (IOException e) {
        }
        con.getBcm().close();
    }
}
Also used : GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) HttpCon(com.tremolosecurity.provisioning.util.HttpCon) User(com.tremolosecurity.provisioning.core.User) JSONObject(org.json.simple.JSONObject) Attribute(com.tremolosecurity.saml.Attribute) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) JSONParser(org.json.simple.parser.JSONParser) IOException(java.io.IOException) ClientProtocolException(org.apache.http.client.ClientProtocolException) ParseException(org.json.simple.parser.ParseException) MalformedURLException(java.net.MalformedURLException) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) IOException(java.io.IOException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Example 2 with GenPasswd

use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.

the class GitlabUserProvider method createUser.

@Override
public void createUser(User user, Set<String> attributes, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    org.gitlab4j.api.models.User newUser = new org.gitlab4j.api.models.User();
    newUser.setUsername(user.getUserID());
    for (String attrName : attributes) {
        Attribute attr = user.getAttribs().get(attrName);
        if (attr != null) {
            try {
                this.beanUtils.setProperty(newUser, attrName, attr.getValues().get(0));
            } catch (IllegalAccessException | InvocationTargetException e) {
                throw new ProvisioningException("Could not set " + attrName + " for " + user.getUserID(), e);
            }
        }
    }
    try {
        this.userApi.createUser(newUser, new GenPasswd(50).getPassword(), false);
    } catch (GitLabApiException e) {
        throw new ProvisioningException("Could not create user", e);
    }
    newUser = this.findUserByName(user.getUserID());
    int numTries = 0;
    while (newUser == null) {
        if (numTries > 10) {
            throw new ProvisioningException("User " + user.getUserID() + " never created");
        }
        try {
            Thread.sleep(1000);
        } catch (InterruptedException e) {
        }
        newUser = this.findUserByName(user.getUserID());
        numTries++;
    }
    this.cfgMgr.getProvisioningEngine().logAction(this.name, true, ActionType.Add, approvalID, workflow, "id", newUser.getId().toString());
    for (String attrName : attributes) {
        Attribute attr = user.getAttribs().get(attrName);
        if (attr != null) {
            this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, attrName, attr.getValues().get(0));
        }
    }
    List<GitlabFedIdentity> ids = (List<GitlabFedIdentity>) request.get(GitlabUserProvider.GITLAB_IDENTITIES);
    if (ids != null) {
        ArrayList<Header> defheaders = new ArrayList<Header>();
        defheaders.add(new BasicHeader("Private-Token", this.token));
        BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(cfgMgr.getHttpClientSocketRegistry());
        RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).setRedirectsEnabled(false).build();
        CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultHeaders(defheaders).setDefaultRequestConfig(rc).build();
        try {
            for (GitlabFedIdentity id : ids) {
                HttpPut getmembers = new HttpPut(new StringBuilder().append(this.url).append("/api/v4/users/").append(newUser.getId()).append("?provider=").append(id.getProvider()).append("&extern_uid=").append(URLEncoder.encode(user.getUserID(), "UTF-8")).toString());
                CloseableHttpResponse resp = http.execute(getmembers);
                if (resp.getStatusLine().getStatusCode() != 200) {
                    throw new IOException("Invalid response " + resp.getStatusLine().getStatusCode());
                }
                this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "identity-provider", id.getProvider());
                this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "identity-externid", id.getExternalUid());
            }
        } catch (IOException e) {
            throw new ProvisioningException("Could not set identity", e);
        } finally {
            try {
                http.close();
            } catch (IOException e) {
            }
            bhcm.close();
        }
    }
    HashMap<String, Integer> groupmap = (HashMap<String, Integer>) request.get(GitlabUserProvider.GITLAB_GROUP_ENTITLEMENTS);
    if (groupmap == null) {
        groupmap = new HashMap<String, Integer>();
    }
    for (String group : user.getGroups()) {
        try {
            Group groupObj = this.findGroupByName(group);
            if (groupObj == null) {
                logger.warn("Group " + group + " does not exist");
            } else {
                int accessLevel = AccessLevel.DEVELOPER.ordinal();
                if (groupmap.containsKey(group)) {
                    accessLevel = groupmap.get(group);
                }
                this.groupApi.addMember(groupObj.getId(), newUser.getId(), accessLevel);
                this.cfgMgr.getProvisioningEngine().logAction(this.name, false, ActionType.Add, approvalID, workflow, "group", group);
            }
        } catch (GitLabApiException e) {
            throw new ProvisioningException("Could not find group " + group, e);
        }
    }
}
Also used : Group(org.gitlab4j.api.models.Group) UserStoreProviderWithAddGroup(com.tremolosecurity.provisioning.core.UserStoreProviderWithAddGroup) User(com.tremolosecurity.provisioning.core.User) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) HttpPut(org.apache.http.client.methods.HttpPut) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) ArrayList(java.util.ArrayList) List(java.util.List) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager) GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) RequestConfig(org.apache.http.client.config.RequestConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) Workflow(com.tremolosecurity.provisioning.core.Workflow) GitLabApiException(org.gitlab4j.api.GitLabApiException) IOException(java.io.IOException) InvocationTargetException(java.lang.reflect.InvocationTargetException) Header(org.apache.http.Header) BasicHeader(org.apache.http.message.BasicHeader) BasicHeader(org.apache.http.message.BasicHeader)

Example 3 with GenPasswd

use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.

the class SMSAuth method doGet.

@Override
public void doGet(HttpServletRequest request, HttpServletResponse response, AuthStep as) throws IOException, ServletException {
    HttpSession session = ((HttpServletRequest) request).getSession();
    HashMap<String, Attribute> authParams = (HashMap<String, Attribute>) session.getAttribute(ProxyConstants.AUTH_MECH_PARAMS);
    String from = authParams.get("fromNumber").getValues().get(0);
    String toAttrName = authParams.get("toAttrName").getValues().get(0);
    String redirectForm = authParams.get("redirectForm").getValues().get(0);
    String message = authParams.get("message").getValues().get(0);
    // Key Options
    if (authParams.get("keyLength") == null) {
        throw new ServletException("Key Length not set");
    }
    int keyLen = Integer.parseInt(authParams.get("keyLength").getValues().get(0));
    boolean useLowerCase = authParams.get("useLowerCase") != null && authParams.get("useLowerCase").getValues().get(0).equalsIgnoreCase("true");
    boolean useUpperCase = authParams.get("useUpperCase") != null && authParams.get("useUpperCase").getValues().get(0).equalsIgnoreCase("true");
    boolean useNumbers = authParams.get("useNumbers") != null && authParams.get("useNumbers").getValues().get(0).equalsIgnoreCase("true");
    // authParams.get("useSpecial") != null && authParams.get("useSpecial").getValues().get(0).equalsIgnoreCase("true");
    boolean useSpecial = false;
    if (!(useLowerCase || useUpperCase || useNumbers || useSpecial)) {
        throw new ServletException("At least one character type must be chosen");
    }
    UrlHolder holder = (UrlHolder) request.getAttribute(ProxyConstants.AUTOIDM_CFG);
    RequestHolder reqHolder = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getHolder();
    String urlChain = holder.getUrl().getAuthChain();
    AuthChainType act = holder.getConfig().getAuthChains().get(reqHolder.getAuthChainName());
    AuthMechType amt = act.getAuthMech().get(as.getId());
    if (session.getAttribute("TREMOLO_SMS_KEY") == null) {
        GenPasswd gp = new GenPasswd(keyLen, useUpperCase, useLowerCase, useNumbers, useSpecial);
        AuthInfo user = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
        String to = user.getAttribs().get(toAttrName).getValues().get(0);
        String key = gp.getPassword();
        message = message.replaceAll("[$][{]key[}]", key);
        session.setAttribute("TREMOLO_SMS_KEY", key);
        sendSMS(authParams, from, message, to);
    }
    response.sendRedirect(redirectForm);
}
Also used : GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) Attribute(com.tremolosecurity.saml.Attribute) HashMap(java.util.HashMap) HttpSession(javax.servlet.http.HttpSession) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) HttpServletRequest(javax.servlet.http.HttpServletRequest) ServletException(javax.servlet.ServletException) UrlHolder(com.tremolosecurity.config.util.UrlHolder) AuthChainType(com.tremolosecurity.config.xml.AuthChainType)

Example 4 with GenPasswd

use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.

the class SendMessageThread method sendPasswordReset.

private void sendPasswordReset(org.hibernate.Session con, String uid, String emailAddress) throws SQLException, Exception {
    GenPasswd gp = new GenPasswd(30);
    String key = gp.getPassword();
    DateTime now = new DateTime();
    PasswordResetRequest req = new PasswordResetRequest();
    req.setEmail(uid);
    req.setResetKey(key);
    req.setTs(new Timestamp(now.getMillis()));
    con.beginTransaction();
    con.save(req);
    con.getTransaction().commit();
    this.sendEmail(emailAddress, key);
}
Also used : PasswordResetRequest(com.tremolosecurity.proxy.auth.passwordreset.PasswordResetRequest) GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) Timestamp(java.sql.Timestamp) DateTime(org.joda.time.DateTime)

Example 5 with GenPasswd

use of com.tremolosecurity.provisioning.util.GenPasswd in project OpenUnison by TremoloSecurity.

the class ADProvider method doCreate.

private void doCreate(User user, String dn, LDAPAttributeSet attrs, LDAPConnection con, Map<String, Object> request) throws ProvisioningException {
    int approvalID = 0;
    if (request.containsKey("APPROVAL_ID")) {
        approvalID = (Integer) request.get("APPROVAL_ID");
    }
    Workflow workflow = (Workflow) request.get("WORKFLOW");
    try {
        if (logger.isDebugEnabled()) {
            logger.debug("To Add : '" + attrs + "'");
        }
        con.add(new LDAPEntry(dn, attrs));
        this.cfgMgr.getProvisioningEngine().logAction(name, true, ActionType.Add, approvalID, workflow, "dn", dn);
        for (Object obj : attrs) {
            LDAPAttribute attr = (LDAPAttribute) obj;
            String[] vals = attr.getStringValueArray();
            for (String val : vals) {
                this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, attr.getName(), val);
            }
        }
    } catch (LDAPException e) {
        StringBuffer b = new StringBuffer();
        b.append("Could not add user ").append(user.getUserID());
        throw new ProvisioningException(b.toString(), e);
    }
    if (this.createShadowAccounts) {
        StringBuffer password = new StringBuffer();
        GenPasswd gp = new GenPasswd(15);
        password.append('"').append(gp.getPassword()).append('"');
        byte[] unicodePwd;
        try {
            unicodePwd = password.toString().getBytes("UTF-16LE");
        } catch (UnsupportedEncodingException e) {
            throw new ProvisioningException("Could not generate password", e);
        }
        LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("unicodePwd", unicodePwd));
        try {
            con.modify(dn, mod);
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "unicodePwd", "*******");
        } catch (LDAPException e) {
            throw new ProvisioningException("Could not set password", e);
        }
        try {
            LDAPSearchResults res = con.search(dn, 0, "(objectClass=*)", new String[] { "userAccountControl" }, false);
            res.hasMore();
            LDAPEntry entry = res.next();
            LDAPAttribute attr = entry.getAttribute("userAccountControl");
            int val = Integer.parseInt(attr.getStringValue());
            if ((val & 2) == 2) {
                val -= 2;
            }
            if ((val & 65536) != 65536) {
                val += 65536;
            }
            mod = new LDAPModification(LDAPModification.REPLACE, new LDAPAttribute("userAccountControl", Integer.toString(val)));
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Replace, approvalID, workflow, "userAccountControl", Integer.toString(val));
            con.modify(dn, mod);
        } catch (LDAPException e) {
            throw new ProvisioningException("Could not set userAccountControl", e);
        }
    }
    try {
        Iterator<String> groupNames = user.getGroups().iterator();
        while (groupNames.hasNext()) {
            String groupName = groupNames.next();
            StringBuffer b = new StringBuffer();
            b.append("(cn=").append(groupName).append(")");
            LDAPSearchResults res = con.search(searchBase, 2, b.toString(), new String[] { "1.1" }, false);
            if (!res.hasMore()) {
                b.setLength(0);
                b.append("Group ").append(groupName).append(" does not exist");
                throw new ProvisioningException(b.toString());
            }
            String groupDN = res.next().getDN();
            try {
                while (res.hasMore()) res.next();
            } catch (LDAPReferralException e) {
            }
            LDAPAttribute attr = new LDAPAttribute("member", dn);
            LDAPModification mod = new LDAPModification(LDAPModification.ADD, attr);
            con.modify(groupDN, mod);
            this.cfgMgr.getProvisioningEngine().logAction(name, false, ActionType.Add, approvalID, workflow, "group", groupName);
        }
    } catch (LDAPException e) {
        StringBuffer b = new StringBuffer();
        b.append("Could not provision groups for user ").append(user.getUserID());
        throw new ProvisioningException(b.toString(), e);
    }
}
Also used : LDAPAttribute(com.novell.ldap.LDAPAttribute) GenPasswd(com.tremolosecurity.provisioning.util.GenPasswd) Workflow(com.tremolosecurity.provisioning.core.Workflow) UnsupportedEncodingException(java.io.UnsupportedEncodingException) LDAPReferralException(com.novell.ldap.LDAPReferralException) LDAPEntry(com.novell.ldap.LDAPEntry) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) LDAPException(com.novell.ldap.LDAPException) LDAPModification(com.novell.ldap.LDAPModification) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException)

Aggregations

GenPasswd (com.tremolosecurity.provisioning.util.GenPasswd)6 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)4 Workflow (com.tremolosecurity.provisioning.core.Workflow)3 Attribute (com.tremolosecurity.saml.Attribute)3 IOException (java.io.IOException)3 UnsupportedEncodingException (java.io.UnsupportedEncodingException)3 User (com.tremolosecurity.provisioning.core.User)2 HashMap (java.util.HashMap)2 GitLabApiException (org.gitlab4j.api.GitLabApiException)2 LDAPAttribute (com.novell.ldap.LDAPAttribute)1 LDAPEntry (com.novell.ldap.LDAPEntry)1 LDAPException (com.novell.ldap.LDAPException)1 LDAPModification (com.novell.ldap.LDAPModification)1 LDAPReferralException (com.novell.ldap.LDAPReferralException)1 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1 UrlHolder (com.tremolosecurity.config.util.UrlHolder)1 AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1 UserStoreProviderWithAddGroup (com.tremolosecurity.provisioning.core.UserStoreProviderWithAddGroup)1 HttpCon (com.tremolosecurity.provisioning.util.HttpCon)1