Search in sources :

Example 1 with ReCaptchaResponse

use of com.tremolosecurity.scalejs.register.data.ReCaptchaResponse in project OpenUnison by TremoloSecurity.

the class ScaleRegister method doFilter.

@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
    Gson gson = new Gson();
    request.getServletRequest().setAttribute("com.tremolosecurity.unison.proxy.noRedirectOnError", "com.tremolosecurity.unison.proxy.noRedirectOnError");
    if (request.getRequestURI().endsWith("/register/config")) {
        response.setContentType("application/json");
        ScaleJSUtils.addCacheHeaders(response);
        ScaleJSRegisterConfig localCfg = gson.fromJson(gson.toJson(this.scaleConfig), ScaleJSRegisterConfig.class);
        for (String attrName : scaleConfig.getAttributes().keySet()) {
            ScaleAttribute fromMainCfg = scaleConfig.getAttributes().get(attrName);
            if (fromMainCfg.getDynamicSource() != null) {
                ScaleAttribute fromLocalCfg = localCfg.getAttributes().get(attrName);
                fromLocalCfg.setValues(fromMainCfg.getDynamicSource().getSourceList(request));
            }
        }
        response.getWriter().println(gson.toJson(localCfg).trim());
    } else if (request.getRequestURI().endsWith("/register/values")) {
        String attributeName = request.getParameter("name").getValues().get(0);
        List<NVP> values = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().getSourceList(request);
        response.setContentType("application/json");
        ScaleJSUtils.addCacheHeaders(response);
        response.getWriter().println(gson.toJson(values).trim());
    } else if (request.getRequestURI().endsWith("/register/submit")) {
        ScaleError errors = new ScaleError();
        String json = new String((byte[]) request.getAttribute(ProxySys.MSG_BODY));
        NewUserRequest newUser = gson.fromJson(json, NewUserRequest.class);
        if (scaleConfig.isRequireReCaptcha()) {
            if (newUser.getReCaptchaCode() == null || newUser.getReCaptchaCode().isEmpty()) {
                errors.getErrors().add("Please verify you are not a robot");
            } else {
                BasicHttpClientConnectionManager bhcm = new BasicHttpClientConnectionManager(GlobalEntries.getGlobalEntries().getConfigManager().getHttpClientSocketRegistry());
                RequestConfig rc = RequestConfig.custom().setCookieSpec(CookieSpecs.STANDARD).build();
                CloseableHttpClient http = HttpClients.custom().setConnectionManager(bhcm).setDefaultRequestConfig(rc).build();
                HttpPost httppost = new HttpPost("https://www.google.com/recaptcha/api/siteverify");
                List<NameValuePair> formparams = new ArrayList<NameValuePair>();
                formparams.add(new BasicNameValuePair("secret", scaleConfig.getRcSecretKey()));
                formparams.add(new BasicNameValuePair("response", newUser.getReCaptchaCode()));
                UrlEncodedFormEntity entity = new UrlEncodedFormEntity(formparams, "UTF-8");
                httppost.setEntity(entity);
                CloseableHttpResponse resp = http.execute(httppost);
                ReCaptchaResponse res = gson.fromJson(EntityUtils.toString(resp.getEntity()), ReCaptchaResponse.class);
                if (!res.isSuccess()) {
                    errors.getErrors().add("Human validation failed");
                }
                http.close();
                bhcm.close();
            }
        }
        if (scaleConfig.isRequireTermsAndConditions() && !newUser.isCheckedTermsAndConditions()) {
            errors.getErrors().add("You must accept the terms and conditions to register");
        }
        if (this.scaleConfig.isRequireReason() && (newUser.getReason() == null || newUser.getReason().isEmpty())) {
            errors.getErrors().add("Reason is required");
        }
        if (this.scaleConfig.isPreSetPassword()) {
            if (newUser.getPassword() == null || newUser.getPassword().isEmpty()) {
                errors.getErrors().add("Password is required");
            } else if (!newUser.getPassword().equals(newUser.getPassword2())) {
                errors.getErrors().add("Passwords must match");
            }
        }
        for (String attributeName : this.scaleConfig.getAttributes().keySet()) {
            String value = newUser.getAttributes().get(attributeName);
            if (this.scaleConfig.getAttributes().get(attributeName) == null) {
                errors.getErrors().add("Invalid attribute : '" + attributeName + "'");
            }
            if (this.scaleConfig.getAttributes().get(attributeName).isReadOnly()) {
                errors.getErrors().add("Attribute is read only : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
            }
            if (this.scaleConfig.getAttributes().get(attributeName).isRequired() && (value == null || value.length() == 0)) {
                errors.getErrors().add("Attribute is required : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "'");
            }
            if (this.scaleConfig.getAttributes().get(attributeName).getMinChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMinChars() > value.length()) {
                errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at least " + this.scaleConfig.getAttributes().get(attributeName).getMinChars() + " characters");
            }
            if (this.scaleConfig.getAttributes().get(attributeName).getMaxChars() > 0 && this.scaleConfig.getAttributes().get(attributeName).getMaxChars() < value.length()) {
                errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " must have at most " + this.scaleConfig.getAttributes().get(attributeName).getMaxChars() + " characters");
            }
            if (this.scaleConfig.getAttributes().get(attributeName).getType().equalsIgnoreCase("list")) {
                if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() == null) {
                    boolean found = false;
                    for (NVP nvp : this.scaleConfig.getAttributes().get(attributeName).getValues()) {
                        if (nvp.getValue().equalsIgnoreCase(value)) {
                            found = true;
                        }
                    }
                    if (!found) {
                        errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " has an invalid value");
                    }
                }
            }
            if (this.scaleConfig.getAttributes().get(attributeName).getPattern() != null) {
                boolean ok = true;
                try {
                    Matcher m = this.scaleConfig.getAttributes().get(attributeName).getPattern().matcher(value);
                    if (m == null || !m.matches()) {
                        ok = false;
                    }
                } catch (Exception e) {
                    ok = false;
                }
                if (!ok) {
                    errors.getErrors().add("Attribute value not valid : '" + this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + "' - " + this.scaleConfig.getAttributes().get(attributeName).getRegExFailedMsg());
                }
            }
            if (this.scaleConfig.getAttributes().get(attributeName).isUnique()) {
                String filter = equal(attributeName, value).toString();
                LDAPSearchResults res = GlobalEntries.getGlobalEntries().getConfigManager().getMyVD().search(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getLdapRoot(), 2, filter, new ArrayList<String>());
                if (res.hasMore()) {
                    errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " is not available");
                }
                while (res.hasMore()) res.next();
            }
            if (this.scaleConfig.getAttributes().get(attributeName).getDynamicSource() != null) {
                String error = this.scaleConfig.getAttributes().get(attributeName).getDynamicSource().validate(value, request);
                if (error != null) {
                    errors.getErrors().add(this.scaleConfig.getAttributes().get(attributeName).getDisplayName() + " - " + error);
                }
            }
        }
        WFCall wfcall = null;
        String wfName = this.scaleConfig.getWorkflowName();
        if (errors.getErrors().isEmpty()) {
            if (scaleConfig.isUseCustomSubmission()) {
                AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
                wfName = cru.createTremoloUser(newUser, errors.getErrors(), userData);
            }
        }
        if (errors.getErrors().isEmpty()) {
            TremoloUser user = new TremoloUser();
            AuthInfo userData = ((AuthController) request.getSession().getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
            if (this.scaleConfig.isSubmitLoggedInUser()) {
                user.setUid(userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0));
                user.getAttributes().add(new Attribute(this.scaleConfig.getUidAttributeName(), userData.getAttribs().get(this.scaleConfig.getUidAttributeName()).getValues().get(0)));
            } else {
                user.setUid(newUser.getAttributes().get(this.scaleConfig.getUidAttributeName()));
            }
            for (String attrName : newUser.getAttributes().keySet()) {
                user.getAttributes().add(new Attribute(attrName, newUser.getAttributes().get(attrName)));
            }
            if (this.scaleConfig.isPreSetPassword()) {
                user.setUserPassword(newUser.getPassword());
            }
            wfcall = new WFCall();
            wfcall.setUidAttributeName(this.scaleConfig.getUidAttributeName());
            wfcall.setReason(newUser.getReason());
            wfcall.setName(wfName);
            wfcall.setUser(user);
            HashMap<String, Object> params = new HashMap<String, Object>();
            wfcall.setRequestParams(params);
            if (userData.getAuthLevel() != 0 && !this.scaleConfig.isSubmitLoggedInUser()) {
                wfcall.setRequestor(userData.getAttribs().get(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getApprovalDB().getUserIdAttribute()).getValues().get(0));
                wfcall.getRequestParams().put(Approval.SEND_NOTIFICATION, "false");
                wfcall.getRequestParams().put(Approval.REASON, newUser.getReason());
                wfcall.getRequestParams().put(Approval.IMMEDIATE_ACTION, "true");
            }
            if (scaleConfig.isUseCustomSubmission()) {
                cru.setWorkflowParameters(params, newUser, userData);
            }
            ExecuteWorkflow exec = new ExecuteWorkflow();
            try {
                exec.execute(wfcall, GlobalEntries.getGlobalEntries().getConfigManager());
            } catch (Exception e) {
                throw new ProvisioningException("Could not complete registration", e);
            }
            SubmitResponse res = new SubmitResponse();
            res.setAddNewUsers(userData.getAuthLevel() != 0);
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(res));
            response.getWriter().flush();
        } else {
            response.setStatus(500);
            ScaleJSUtils.addCacheHeaders(response);
            response.getWriter().print(gson.toJson(errors).trim());
            response.getWriter().flush();
        }
    } else {
        response.setStatus(500);
        ScaleJSUtils.addCacheHeaders(response);
        ScaleError error = new ScaleError();
        error.getErrors().add("Operation not supported");
        response.getWriter().print(gson.toJson(error).trim());
        response.getWriter().flush();
    }
}
Also used : ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) HttpPost(org.apache.http.client.methods.HttpPost) Matcher(java.util.regex.Matcher) Attribute(com.tremolosecurity.saml.Attribute) ScaleAttribute(com.tremolosecurity.scalejs.cfg.ScaleAttribute) HashMap(java.util.HashMap) ScaleJSRegisterConfig(com.tremolosecurity.scalejs.register.cfg.ScaleJSRegisterConfig) SubmitResponse(com.tremolosecurity.scalejs.register.data.SubmitResponse) ArrayList(java.util.ArrayList) Gson(com.google.gson.Gson) NVP(com.tremolosecurity.util.NVP) ReCaptchaResponse(com.tremolosecurity.scalejs.register.data.ReCaptchaResponse) TremoloUser(com.tremolosecurity.provisioning.service.util.TremoloUser) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) ArrayList(java.util.ArrayList) SourceList(com.tremolosecurity.scalejs.sdk.SourceList) List(java.util.List) BasicHttpClientConnectionManager(org.apache.http.impl.conn.BasicHttpClientConnectionManager) RequestConfig(org.apache.http.client.config.RequestConfig) CloseableHttpClient(org.apache.http.impl.client.CloseableHttpClient) BasicNameValuePair(org.apache.http.message.BasicNameValuePair) NameValuePair(org.apache.http.NameValuePair) WFCall(com.tremolosecurity.provisioning.service.util.WFCall) AuthInfo(com.tremolosecurity.proxy.auth.AuthInfo) ScaleError(com.tremolosecurity.scalejs.data.ScaleError) UrlEncodedFormEntity(org.apache.http.client.entity.UrlEncodedFormEntity) AuthController(com.tremolosecurity.proxy.auth.AuthController) ProvisioningException(com.tremolosecurity.provisioning.core.ProvisioningException) LDAPSearchResults(com.novell.ldap.LDAPSearchResults) ExecuteWorkflow(com.tremolosecurity.provisioning.workflow.ExecuteWorkflow) NewUserRequest(com.tremolosecurity.scalejs.register.data.NewUserRequest)

Aggregations

Gson (com.google.gson.Gson)1 LDAPSearchResults (com.novell.ldap.LDAPSearchResults)1 ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)1 TremoloUser (com.tremolosecurity.provisioning.service.util.TremoloUser)1 WFCall (com.tremolosecurity.provisioning.service.util.WFCall)1 ExecuteWorkflow (com.tremolosecurity.provisioning.workflow.ExecuteWorkflow)1 AuthController (com.tremolosecurity.proxy.auth.AuthController)1 AuthInfo (com.tremolosecurity.proxy.auth.AuthInfo)1 Attribute (com.tremolosecurity.saml.Attribute)1 ScaleAttribute (com.tremolosecurity.scalejs.cfg.ScaleAttribute)1 ScaleError (com.tremolosecurity.scalejs.data.ScaleError)1 ScaleJSRegisterConfig (com.tremolosecurity.scalejs.register.cfg.ScaleJSRegisterConfig)1 NewUserRequest (com.tremolosecurity.scalejs.register.data.NewUserRequest)1 ReCaptchaResponse (com.tremolosecurity.scalejs.register.data.ReCaptchaResponse)1 SubmitResponse (com.tremolosecurity.scalejs.register.data.SubmitResponse)1 SourceList (com.tremolosecurity.scalejs.sdk.SourceList)1 NVP (com.tremolosecurity.util.NVP)1 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1