Examples with ResourceException org.forgerock.json.resource.ResourceException used on opensource projects

Example 6 with ResourceException

use of org.forgerock.json.resource.ResourceException in project OpenAM by OpenRock.

the class IdentityResourceV1 method generateNewPasswordEmail.

/**
     * Generates the e-mail contents based on the incoming request.
     *
     * Will only send the e-mail if all the following conditions are true:
     *
     * - Forgotten Password service is enabled
     * - User exists
     * - User has an e-mail address in their profile
     * - E-mail service is correctly configured.
     *
     * @param context Non null.
     * @param request Non null.
     * @param realm Used as part of user lookup.
     * @param restSecurity Non null.
     */
private Promise<ActionResponse, ResourceException> generateNewPasswordEmail(final Context context, final ActionRequest request, final String realm, final RestSecurity restSecurity) {
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    final JsonValue jsonBody = request.getContent();
    try {
        // Check to make sure forgotPassword enabled
        if (restSecurity == null) {
            if (debug.warningEnabled()) {
                debug.warning("Rest Security not created. restSecurity={}", restSecurity);
            }
            throw getException(UNAVAILABLE, "Rest Security Service not created");
        }
        if (!restSecurity.isForgotPassword()) {
            if (debug.warningEnabled()) {
                debug.warning("Forgot Password set to : {}", restSecurity.isForgotPassword());
            }
            throw getException(UNAVAILABLE, "Forgot password is not accessible.");
        }
        // Generate Admin Token
        SSOToken adminToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
        Map<String, Set<String>> searchAttributes = getIdentityServicesAttributes(realm);
        searchAttributes.putAll(getAttributeFromRequest(jsonBody));
        List searchResults = identityServices.search(new CrestQuery("*"), searchAttributes, adminToken);
        if (searchResults.isEmpty()) {
            throw new NotFoundException("User not found");
        } else if (searchResults.size() > 1) {
            throw new ConflictException("Multiple users found");
        } else {
            String username = (String) searchResults.get(0);
            IdentityDetails identityDetails = identityServices.read(username, getIdentityServicesAttributes(realm), adminToken);
            String email = null;
            String uid = null;
            for (Map.Entry<String, Set<String>> attribute : asMap(identityDetails.getAttributes()).entrySet()) {
                String attributeName = attribute.getKey();
                if (MAIL.equalsIgnoreCase(attributeName)) {
                    if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
                        email = attribute.getValue().iterator().next();
                    }
                } else if (UNIVERSAL_ID.equalsIgnoreCase(attributeName)) {
                    if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
                        uid = attribute.getValue().iterator().next();
                    }
                }
            }
            // Check to see if user is Active/Inactive
            if (!isUserActive(uid)) {
                throw new ForbiddenException("Request is forbidden for this user");
            }
            // Check if email is provided
            if (email == null || email.isEmpty()) {
                throw new BadRequestException("No email provided in profile.");
            }
            // Get full deployment URL
            HttpContext header = context.asContext(HttpContext.class);
            StringBuilder deploymentURL = RestUtils.getFullDeploymentURI(header.getPath());
            String subject = jsonBody.get("subject").asString();
            String message = jsonBody.get("message").asString();
            // Retrieve email registration token life time
            if (restSecurity == null) {
                if (debug.warningEnabled()) {
                    debug.warning("Rest Security not created. restSecurity={}", restSecurity);
                }
                throw new NotFoundException("Rest Security Service not created");
            }
            Long tokenLifeTime = restSecurity.getForgotPassTLT();
            // Generate Token
            org.forgerock.openam.cts.api.tokens.Token ctsToken = generateToken(email, username, tokenLifeTime, realm);
            // Store token in datastore
            CTSHolder.getCTS().createAsync(ctsToken);
            // Create confirmationId
            String confirmationId = Hash.hash(ctsToken.getTokenId() + username + SystemProperties.get(AM_ENCRYPTION_PWD));
            // Build Confirmation URL
            String confURL = restSecurity.getForgotPasswordConfirmationUrl();
            StringBuilder confURLBuilder = new StringBuilder(100);
            if (confURL == null || confURL.isEmpty()) {
                confURLBuilder.append(deploymentURL.append("/json/confirmation/forgotPassword").toString());
            } else {
                confURLBuilder.append(confURL);
            }
            String confirmationLink = confURLBuilder.append("?confirmationId=").append(requestParamEncode(confirmationId)).append("&tokenId=").append(requestParamEncode(ctsToken.getTokenId())).append("&username=").append(requestParamEncode(username)).append("&realm=").append(realm).toString();
            // Send Registration
            sendNotification(email, subject, message, realm, confirmationLink);
            String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
            if (debug.messageEnabled()) {
                debug.message("IdentityResource.generateNewPasswordEmail :: ACTION of generate new password email " + " for username={} in realm={} performed by principalName={}", username, realm, principalName);
            }
        }
        return newResultPromise(newActionResponse(result));
    } catch (NotFoundException e) {
        debug.warning("Could not find user", e);
        return e.asPromise();
    } catch (ResourceException re) {
        // Service not available, Neither or both Username/Email provided, User inactive
        debug.warning(re.getMessage(), re);
        return re.asPromise();
    } catch (Exception e) {
        // Intentional - all other errors are considered Internal Error.
        debug.error("Internal error : Failed to send mail", e);
        return new InternalServerErrorException("Failed to send mail", e).asPromise();
    }
}

Example 7 with ResourceException

use of org.forgerock.json.resource.ResourceException in project OpenAM by OpenRock.

the class IdentityResourceV1 method readInstance.

/**
     * {@inheritDoc}
     */
@Override
public Promise<ResourceResponse, ResourceException> readInstance(final Context context, final String resourceId, final ReadRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    IdentityDetails dtls;
    try {
        SSOToken admin = getSSOToken(getCookieFromServerContext(context));
        dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
        String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
        debug.message("IdentityResource.readInstance :: READ of resourceId={} in realm={} performed by " + "principalName={}", resourceId, realm, principalName);
        return newResultPromise(buildResourceResponse(resourceId, context, dtls));
    } catch (final NeedMoreCredentials needMoreCredentials) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : User does not have enough " + "privileges.", resourceId, needMoreCredentials);
        return new ForbiddenException("User does not have enough privileges.", needMoreCredentials).asPromise();
    } catch (final ObjectNotFound objectNotFound) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Resource cannot be found.", resourceId, objectNotFound);
        return new NotFoundException("Resource cannot be found.", objectNotFound).asPromise();
    } catch (final TokenExpired tokenExpired) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Unauthorized", resourceId, tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final AccessDenied accessDenied) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={} : Access denied", resourceId, accessDenied);
        return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
    } catch (final GeneralFailure generalFailure) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={}", resourceId, generalFailure);
        return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
    } catch (final Exception e) {
        debug.error("IdentityResource.readInstance() :: Cannot READ resourceId={}", resourceId, e);
        return new NotFoundException(e.getMessage(), e).asPromise();
    }
}

Example 8 with ResourceException

use of org.forgerock.json.resource.ResourceException in project OpenAM by OpenRock.

the class IdentityResourceV1 method confirmationIdCheck.

/**
     * Will validate confirmationId is correct
     * @param context Current Server Context
     * @param request Request from client to confirm registration
     */
private Promise<ActionResponse, ResourceException> confirmationIdCheck(final Context context, final ActionRequest request, final String realm) {
    final String METHOD = "IdentityResource.confirmationIdCheck";
    final JsonValue jVal = request.getContent();
    String tokenID;
    String confirmationId;
    String email = null;
    String username = null;
    //email or username value used to create confirmationId
    String hashComponent = null;
    String hashComponentAttr = null;
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    try {
        tokenID = jVal.get(TOKEN_ID).asString();
        confirmationId = jVal.get(CONFIRMATION_ID).asString();
        email = jVal.get(EMAIL).asString();
        username = jVal.get(USERNAME).asString();
        if (StringUtils.isBlank(confirmationId)) {
            if (debug.errorEnabled()) {
                debug.error("{} :: Bad Request - confirmationId not found in request.", METHOD);
            }
            throw new BadRequestException("confirmationId not provided");
        }
        if (StringUtils.isBlank(email) && !StringUtils.isBlank(username)) {
            hashComponent = username;
            hashComponentAttr = USERNAME;
        }
        if (!StringUtils.isBlank(email) && StringUtils.isBlank(username)) {
            hashComponent = email;
            hashComponentAttr = EMAIL;
        }
        if (StringUtils.isBlank(hashComponent)) {
            if (debug.errorEnabled()) {
                debug.error("{} :: Bad Request - hashComponent not found in request.", METHOD);
            }
            throw new BadRequestException("Required information not provided");
        }
        if (StringUtils.isBlank(tokenID)) {
            if (debug.errorEnabled()) {
                debug.error("{} :: Bad Request - tokenID not found in request.", METHOD);
            }
            throw new BadRequestException("tokenId not provided");
        }
        validateToken(tokenID, realm, hashComponent, confirmationId);
        // build resource
        result.put(hashComponentAttr, hashComponent);
        result.put(TOKEN_ID, tokenID);
        result.put(CONFIRMATION_ID, confirmationId);
        if (debug.messageEnabled()) {
            debug.message("{} :: Confirmed for token '{}' with confirmation '{}'", METHOD, tokenID, confirmationId);
        }
        return newResultPromise(newActionResponse(result));
    } catch (BadRequestException bre) {
        debug.warning("{} :: Cannot confirm registration/forgotPassword for : {}", METHOD, hashComponent, bre);
        return bre.asPromise();
    } catch (ResourceException re) {
        debug.warning("{} :: Resource error for : {}", METHOD, hashComponent, re);
        return re.asPromise();
    } catch (CoreTokenException cte) {
        debug.error("{} :: CTE error for : {}", METHOD, hashComponent, cte);
        return new InternalServerErrorException(cte).asPromise();
    }
}

Example 9 with ResourceException

use of org.forgerock.json.resource.ResourceException in project OpenAM by OpenRock.

the class IdentityResourceV1 method createRegistrationEmail.

/**
     * This method will create a confirmation email that contains a {@link org.forgerock.openam.cts.api.tokens.Token},
     * confirmationId and email that was provided in the request.
     * @param context Current Server Context
     * @param request Request from client to retrieve id
     */
private Promise<ActionResponse, ResourceException> createRegistrationEmail(final Context context, final ActionRequest request, final String realm, final RestSecurity restSecurity) {
    JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
    final JsonValue jVal = request.getContent();
    String emailAddress = null;
    String confirmationLink;
    String tokenID;
    try {
        if (restSecurity == null) {
            if (debug.warningEnabled()) {
                debug.warning("IdentityResource.createRegistrationEmail(): Rest Security not created. " + "restSecurity={}", restSecurity);
            }
            throw new NotFoundException("Rest Security Service not created");
        }
        if (!restSecurity.isSelfRegistration()) {
            if (debug.warningEnabled()) {
                debug.warning("IdentityResource.createRegistrationEmail(): Self-Registration set to : {}", restSecurity.isSelfRegistration());
            }
            throw new NotSupportedException("Self Registration is not enabled.");
        }
        // Get full deployment URL
        HttpContext header = context.asContext(HttpContext.class);
        StringBuilder deploymentURL = RestUtils.getFullDeploymentURI(header.getPath());
        // Get the email address provided from registration page
        emailAddress = jVal.get(EMAIL).asString();
        if (StringUtils.isBlank(emailAddress)) {
            throw new BadRequestException("Email not provided");
        }
        String subject = jVal.get("subject").asString();
        String message = jVal.get("message").asString();
        // Retrieve email registration token life time
        Long tokenLifeTime = restSecurity.getSelfRegTLT();
        // Create CTS Token
        org.forgerock.openam.cts.api.tokens.Token ctsToken = generateToken(emailAddress, "anonymous", tokenLifeTime, realm);
        // Store token in datastore
        CTSHolder.getCTS().createAsync(ctsToken);
        tokenID = ctsToken.getTokenId();
        // Create confirmationId
        String confirmationId = Hash.hash(tokenID + emailAddress + SystemProperties.get(AM_ENCRYPTION_PWD));
        // Build Confirmation URL
        String confURL = restSecurity.getSelfRegistrationConfirmationUrl();
        StringBuilder confURLBuilder = new StringBuilder(100);
        if (StringUtils.isBlank(confURL)) {
            confURLBuilder.append(deploymentURL.append("/json/confirmation/register").toString());
        } else {
            confURLBuilder.append(confURL);
        }
        confirmationLink = confURLBuilder.append("?confirmationId=").append(requestParamEncode(confirmationId)).append("&email=").append(requestParamEncode(emailAddress)).append("&tokenId=").append(requestParamEncode(tokenID)).append("&realm=").append(realm).toString();
        // Send Registration
        sendNotification(emailAddress, subject, message, realm, confirmationLink);
        if (debug.messageEnabled()) {
            debug.message("IdentityResource.createRegistrationEmail() :: Sent notification to={} with subject={}. " + "In realm={} for token ID={}", emailAddress, subject, realm, tokenID);
        }
        return newResultPromise(newActionResponse(result));
    } catch (BadRequestException | NotFoundException be) {
        debug.warning("IdentityResource.createRegistrationEmail: Cannot send email to {}", emailAddress, be);
        return be.asPromise();
    } catch (NotSupportedException nse) {
        debug.error("IdentityResource.createRegistrationEmail: Operation not enabled", nse);
        return nse.asPromise();
    } catch (Exception e) {
        debug.error("IdentityResource.createRegistrationEmail: Cannot send email to {}", emailAddress, e);
        return new NotFoundException("Email not sent").asPromise();
    }
}

Example 10 with ResourceException

use of org.forgerock.json.resource.ResourceException in project OpenAM by OpenRock.

the class IdentityResourceV1 method updateInstance.

@Override
public Promise<ResourceResponse, ResourceException> updateInstance(final Context context, final String resourceId, final UpdateRequest request) {
    RealmContext realmContext = context.asContext(RealmContext.class);
    final String realm = realmContext.getResolvedRealm();
    final JsonValue jsonValue = request.getContent();
    final String rev = request.getRevision();
    IdentityDetails dtls, newDtls;
    ResourceResponse resource;
    try {
        SSOToken admin = getSSOToken(getCookieFromServerContext(context));
        // Retrieve details about user to be updated
        dtls = identityServices.read(resourceId, getIdentityServicesAttributes(realm), admin);
        //be removed from the IdentityDetails object.
        if (!isAdmin(context)) {
            for (String attrName : jsonValue.keys()) {
                if ("userpassword".equalsIgnoreCase(attrName)) {
                    String newPassword = jsonValue.get(attrName).asString();
                    if (!StringUtils.isBlank(newPassword)) {
                        String oldPassword = RestUtils.getMimeHeaderValue(context, OLD_PASSWORD);
                        if (StringUtils.isBlank(oldPassword)) {
                            throw new BadRequestException("The old password is missing from the request");
                        }
                        //This is an end-user trying to change the password, so let's change the password by
                        //verifying that the provided old password is correct. We also remove the password from the
                        //list of attributes to prevent the administrative password reset via the update call.
                        jsonValue.remove(attrName);
                        IdentityRestUtils.changePassword(context, realm, resourceId, oldPassword, newPassword);
                    }
                    break;
                }
            }
        }
        newDtls = jsonValueToIdentityDetails(objectType, jsonValue, realm);
        if (newDtls.getName() != null && !resourceId.equalsIgnoreCase(newDtls.getName())) {
            throw new BadRequestException("id in path does not match id in request body");
        }
        newDtls.setName(resourceId);
        // update resource with new details
        identityServices.update(newDtls, admin);
        // read updated identity back to client
        IdentityDetails checkIdent = identityServices.read(dtls.getName(), getIdentityServicesAttributes(realm), admin);
        // handle updated resource
        resource = newResourceResponse(resourceId, "0", identityDetailsToJsonValue(checkIdent));
        return newResultPromise(resource);
    } catch (final ObjectNotFound onf) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, onf);
        return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", onf).asPromise();
    } catch (final NeedMoreCredentials needMoreCredentials) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Token is not authorized", resourceId, needMoreCredentials);
        return new ForbiddenException("Token is not authorized", needMoreCredentials).asPromise();
    } catch (final TokenExpired tokenExpired) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Unauthorized", resourceId, tokenExpired);
        return new PermanentException(401, "Unauthorized", null).asPromise();
    } catch (final AccessDenied accessDenied) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Access denied", resourceId, accessDenied);
        return new ForbiddenException(accessDenied.getMessage(), accessDenied).asPromise();
    } catch (final GeneralFailure generalFailure) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, generalFailure);
        return new BadRequestException(generalFailure.getMessage(), generalFailure).asPromise();
    } catch (NotFoundException e) {
        debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} : Could not find the " + "resource", resourceId, e);
        return new NotFoundException("Could not find the resource [ " + resourceId + " ] to update", e).asPromise();
    } catch (ResourceException re) {
        debug.warning("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={} ", resourceId, re);
        return re.asPromise();
    } catch (SSOException ssoe) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, ssoe);
        return new ForbiddenException(ssoe).asPromise();
    } catch (final Exception e) {
        debug.error("IdentityResource.updateInstance() :: Cannot UPDATE resourceId={}", resourceId, e);
        return new NotFoundException(e).asPromise();
    }
}