use of org.forgerock.openam.utils.CrestQuery in project OpenAM by OpenRock.
the class IdentityResourceV1 method generateNewPasswordEmail.
/**
* Generates the e-mail contents based on the incoming request.
*
* Will only send the e-mail if all the following conditions are true:
*
* - Forgotten Password service is enabled
* - User exists
* - User has an e-mail address in their profile
* - E-mail service is correctly configured.
*
* @param context Non null.
* @param request Non null.
* @param realm Used as part of user lookup.
* @param restSecurity Non null.
*/
private Promise<ActionResponse, ResourceException> generateNewPasswordEmail(final Context context, final ActionRequest request, final String realm, final RestSecurity restSecurity) {
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
final JsonValue jsonBody = request.getContent();
try {
// Check to make sure forgotPassword enabled
if (restSecurity == null) {
if (debug.warningEnabled()) {
debug.warning("Rest Security not created. restSecurity={}", restSecurity);
}
throw getException(UNAVAILABLE, "Rest Security Service not created");
}
if (!restSecurity.isForgotPassword()) {
if (debug.warningEnabled()) {
debug.warning("Forgot Password set to : {}", restSecurity.isForgotPassword());
}
throw getException(UNAVAILABLE, "Forgot password is not accessible.");
}
// Generate Admin Token
SSOToken adminToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
Map<String, Set<String>> searchAttributes = getIdentityServicesAttributes(realm);
searchAttributes.putAll(getAttributeFromRequest(jsonBody));
List searchResults = identityServices.search(new CrestQuery("*"), searchAttributes, adminToken);
if (searchResults.isEmpty()) {
throw new NotFoundException("User not found");
} else if (searchResults.size() > 1) {
throw new ConflictException("Multiple users found");
} else {
String username = (String) searchResults.get(0);
IdentityDetails identityDetails = identityServices.read(username, getIdentityServicesAttributes(realm), adminToken);
String email = null;
String uid = null;
for (Map.Entry<String, Set<String>> attribute : asMap(identityDetails.getAttributes()).entrySet()) {
String attributeName = attribute.getKey();
if (MAIL.equalsIgnoreCase(attributeName)) {
if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
email = attribute.getValue().iterator().next();
}
} else if (UNIVERSAL_ID.equalsIgnoreCase(attributeName)) {
if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
uid = attribute.getValue().iterator().next();
}
}
}
// Check to see if user is Active/Inactive
if (!isUserActive(uid)) {
throw new ForbiddenException("Request is forbidden for this user");
}
// Check if email is provided
if (email == null || email.isEmpty()) {
throw new BadRequestException("No email provided in profile.");
}
// Get full deployment URL
HttpContext header = context.asContext(HttpContext.class);
StringBuilder deploymentURL = RestUtils.getFullDeploymentURI(header.getPath());
String subject = jsonBody.get("subject").asString();
String message = jsonBody.get("message").asString();
// Retrieve email registration token life time
if (restSecurity == null) {
if (debug.warningEnabled()) {
debug.warning("Rest Security not created. restSecurity={}", restSecurity);
}
throw new NotFoundException("Rest Security Service not created");
}
Long tokenLifeTime = restSecurity.getForgotPassTLT();
// Generate Token
org.forgerock.openam.cts.api.tokens.Token ctsToken = generateToken(email, username, tokenLifeTime, realm);
// Store token in datastore
CTSHolder.getCTS().createAsync(ctsToken);
// Create confirmationId
String confirmationId = Hash.hash(ctsToken.getTokenId() + username + SystemProperties.get(AM_ENCRYPTION_PWD));
// Build Confirmation URL
String confURL = restSecurity.getForgotPasswordConfirmationUrl();
StringBuilder confURLBuilder = new StringBuilder(100);
if (confURL == null || confURL.isEmpty()) {
confURLBuilder.append(deploymentURL.append("/json/confirmation/forgotPassword").toString());
} else {
confURLBuilder.append(confURL);
}
String confirmationLink = confURLBuilder.append("?confirmationId=").append(requestParamEncode(confirmationId)).append("&tokenId=").append(requestParamEncode(ctsToken.getTokenId())).append("&username=").append(requestParamEncode(username)).append("&realm=").append(realm).toString();
// Send Registration
sendNotification(email, subject, message, realm, confirmationLink);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
if (debug.messageEnabled()) {
debug.message("IdentityResource.generateNewPasswordEmail :: ACTION of generate new password email " + " for username={} in realm={} performed by principalName={}", username, realm, principalName);
}
}
return newResultPromise(newActionResponse(result));
} catch (NotFoundException e) {
debug.warning("Could not find user", e);
return e.asPromise();
} catch (ResourceException re) {
// Service not available, Neither or both Username/Email provided, User inactive
debug.warning(re.getMessage(), re);
return re.asPromise();
} catch (Exception e) {
// Intentional - all other errors are considered Internal Error.
debug.error("Internal error : Failed to send mail", e);
return new InternalServerErrorException("Failed to send mail", e).asPromise();
}
}
use of org.forgerock.openam.utils.CrestQuery in project OpenAM by OpenRock.
the class IdentityResourceV2 method generateNewPasswordEmail.
/**
* Generates the e-mail contents based on the incoming request.
*
* Will only send the e-mail if all the following conditions are true:
*
* - Forgotten Password service is enabled
* - User exists
* - User has an e-mail address in their profile
* - E-mail service is correctly configured.
*
* @param context Non null.
* @param request Non null.
* @param realm Used as part of user lookup.
* @param restSecurity Non null.
*/
private Promise<ActionResponse, ResourceException> generateNewPasswordEmail(final Context context, final ActionRequest request, final String realm, final RestSecurity restSecurity) {
JsonValue result = new JsonValue(new LinkedHashMap<String, Object>(1));
final JsonValue jsonBody = request.getContent();
try {
// Check to make sure forgotPassword enabled
if (restSecurity == null) {
if (debug.warningEnabled()) {
debug.warning("Rest Security not created. restSecurity={}", restSecurity);
}
throw getException(UNAVAILABLE, "Rest Security Service not created");
}
if (!restSecurity.isSelfServiceRestEndpointEnabled()) {
if (debug.warningEnabled()) {
debug.warning("Forgot Password set to : {}", restSecurity.isSelfServiceRestEndpointEnabled());
}
throw getException(UNAVAILABLE, "Legacy Self Service REST Endpoint is not enabled.");
}
if (!restSecurity.isForgotPassword()) {
if (debug.warningEnabled()) {
debug.warning("Forgot Password set to : {}", restSecurity.isForgotPassword());
}
throw getException(UNAVAILABLE, "Forgot password is not accessible.");
}
// Generate Admin Token
SSOToken adminToken = getSSOToken(RestUtils.getToken().getTokenID().toString());
Map<String, Set<String>> searchAttributes = getIdentityServicesAttributes(realm, objectType);
searchAttributes.putAll(getAttributeFromRequest(jsonBody));
List<String> searchResults = identityServices.search(new CrestQuery("*"), searchAttributes, adminToken);
if (searchResults.isEmpty()) {
throw new NotFoundException("User not found");
} else if (searchResults.size() > 1) {
throw new ConflictException("Multiple users found");
} else {
String username = searchResults.get(0);
IdentityDetails identityDetails = identityServices.read(username, getIdentityServicesAttributes(realm, objectType), adminToken);
String email = null;
String uid = null;
for (Map.Entry<String, Set<String>> attribute : asMap(identityDetails.getAttributes()).entrySet()) {
String attributeName = attribute.getKey();
if (MAIL.equalsIgnoreCase(attributeName)) {
if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
email = attribute.getValue().iterator().next();
}
} else if (UNIVERSAL_ID.equalsIgnoreCase(attributeName)) {
if (attribute.getValue() != null && !attribute.getValue().isEmpty()) {
uid = attribute.getValue().iterator().next();
}
}
}
// Check to see if user is Active/Inactive
if (!isUserActive(uid)) {
throw new ForbiddenException("Request is forbidden for this user");
}
// Check if email is provided
if (email == null || email.isEmpty()) {
throw new BadRequestException("No email provided in profile.");
}
// Get full deployment URL
HttpContext header = context.asContext(HttpContext.class);
String baseURL = baseURLProviderFactory.get(realm).getRootURL(header);
String subject = jsonBody.get("subject").asString();
String message = jsonBody.get("message").asString();
// Retrieve email registration token life time
if (restSecurity == null) {
if (debug.warningEnabled()) {
debug.warning("Rest Security not created. restSecurity={}", restSecurity);
}
throw new NotFoundException("Rest Security Service not created");
}
Long tokenLifeTime = restSecurity.getForgotPassTLT();
// Generate Token
org.forgerock.openam.cts.api.tokens.Token ctsToken = generateToken(email, username, tokenLifeTime, realm);
// Store token in datastore
CTSHolder.getCTS().createAsync(ctsToken);
// Create confirmationId
String confirmationId = Hash.hash(ctsToken.getTokenId() + username + SystemProperties.get(AM_ENCRYPTION_PWD));
// Build Confirmation URL
String confURL = restSecurity.getForgotPasswordConfirmationUrl();
StringBuilder confURLBuilder = new StringBuilder(100);
if (StringUtils.isEmpty(confURL)) {
confURLBuilder.append(baseURL).append("/json/confirmation/forgotPassword");
} else if (confURL.startsWith("/")) {
confURLBuilder.append(baseURL).append(confURL);
} else {
confURLBuilder.append(confURL);
}
String confirmationLink = confURLBuilder.append("?confirmationId=").append(requestParamEncode(confirmationId)).append("&tokenId=").append(requestParamEncode(ctsToken.getTokenId())).append("&username=").append(requestParamEncode(username)).append("&realm=").append(realm).toString();
// Send Registration
sendNotification(email, subject, message, realm, confirmationLink);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
if (debug.messageEnabled()) {
debug.message("IdentityResource.generateNewPasswordEmail :: ACTION of generate new password email " + " for username={} in realm={} performed by principalName={}", username, realm, principalName);
}
}
return newResultPromise(newActionResponse(result));
} catch (ResourceException re) {
// Service not available, Neither or both Username/Email provided, User inactive
debug.warning(re.getMessage(), re);
return re.asPromise();
} catch (Exception e) {
// Intentional - all other errors are considered Internal Error.
debug.error("Internal error", e);
return new InternalServerErrorException("Failed to send mail", e).asPromise();
}
}
use of org.forgerock.openam.utils.CrestQuery in project OpenAM by OpenRock.
the class IdentityResourceV3 method queryCollection.
/*******************************************************************************************************************
* {@inheritDoc}
*/
public Promise<QueryResponse, ResourceException> queryCollection(final Context context, final QueryRequest request, final QueryResourceHandler handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
try {
SSOToken admin = getSSOToken(RestUtils.getToken().getTokenID().toString());
IdentityServicesImpl identityServices = getIdentityServices();
List<IdentityDetails> userDetails = null;
// If the user specified _queryFilter, then (convert and) use that, otherwise look for _queryID
// and if that isn't there either, pretend the user gave a _queryID of "*"
//
QueryFilter<JsonPointer> queryFilter = request.getQueryFilter();
if (queryFilter != null) {
CrestQuery crestQuery = new CrestQuery(queryFilter);
userDetails = identityServices.searchIdentityDetails(crestQuery, getIdentityServicesAttributes(realm, objectType), admin);
} else {
String queryId = request.getQueryId();
if (queryId == null || queryId.isEmpty()) {
queryId = "*";
}
CrestQuery crestQuery = new CrestQuery(queryId);
userDetails = identityServices.searchIdentityDetails(crestQuery, getIdentityServicesAttributes(realm, objectType), admin);
}
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
logger.message("IdentityResourceV3.queryCollection :: QUERY performed on realm " + realm + " by " + principalName);
for (IdentityDetails userDetail : userDetails) {
ResourceResponse resource;
resource = newResourceResponse(userDetail.getName(), "0", identityResourceV2.addRoleInformation(context, userDetail.getName(), identityDetailsToJsonValue(userDetail)));
handler.handleResource(resource);
}
} catch (ResourceException resourceException) {
logger.warning("IdentityResourceV3.queryCollection caught ResourceException", resourceException);
return resourceException.asPromise();
} catch (Exception exception) {
logger.error("IdentityResourceV3.queryCollection caught exception", exception);
return new InternalServerErrorException(exception.getMessage(), exception).asPromise();
}
return newResultPromise(newQueryResponse());
}
use of org.forgerock.openam.utils.CrestQuery in project OpenAM by OpenRock.
the class IdentityResourceV1 method queryCollection.
/**
* {@inheritDoc}
*/
@Override
public Promise<QueryResponse, ResourceException> queryCollection(final Context context, final QueryRequest request, final QueryResourceHandler handler) {
RealmContext realmContext = context.asContext(RealmContext.class);
final String realm = realmContext.getResolvedRealm();
try {
SSOToken admin = getSSOToken(getCookieFromServerContext(context));
// This will only return 1 user..
// getQueryFilter() is not implemented yet..returns dummy false value
String queryId = request.getQueryId();
if (queryId == null || queryId.isEmpty()) {
queryId = "*";
}
List<String> users = identityServices.search(new CrestQuery(queryId), getIdentityServicesAttributes(realm), admin);
String principalName = PrincipalRestUtils.getPrincipalNameFromServerContext(context);
debug.message("IdentityResource.queryCollection :: QUERY performed on realm={} by principalName={}", realm, principalName);
for (final String user : users) {
JsonValue val = new JsonValue(user);
ResourceResponse resource = newResourceResponse(user, "0", val);
handler.handleResource(resource);
}
} catch (Exception ex) {
}
return newResultPromise(newQueryResponse());
}
use of org.forgerock.openam.utils.CrestQuery in project OpenAM by OpenRock.
the class AgentsRepo method removeIdentityFromAgentAuthenticators.
private void removeIdentityFromAgentAuthenticators(String name) {
SSOToken superAdminToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
try {
Map map = new HashMap(2);
Set set = new HashSet(2);
set.add("SharedAgent");
map.put("AgentType", set);
CrestQuery crestQuery = new CrestQuery("*");
RepoSearchResults results = search(superAdminToken, IdType.AGENTONLY, crestQuery, 0, 0, null, true, 0, null, false);
Set res = results.getSearchResults();
if ((res != null) && !res.isEmpty()) {
for (Iterator i = res.iterator(); i.hasNext(); ) {
String agentName = (String) i.next();
Map attrValues = getAttributes(superAdminToken, IdType.AGENTONLY, agentName);
Set agentToReads = (Set) attrValues.get("AgentsAllowedToRead");
if ((agentToReads != null) && !agentToReads.isEmpty()) {
if (agentToReads.remove(name)) {
Map attrMap = new HashMap(2);
attrMap.put("AgentsAllowedToRead", agentToReads);
setAttributes(superAdminToken, IdType.AGENTONLY, agentName, attrMap, false);
}
}
}
}
} catch (IdRepoException e) {
debug.warning("AgentRepo.removeIdentityFromAgentAuthenticators", e);
} catch (SSOException e) {
debug.warning("AgentRepo.removeIdentityFromAgentAuthenticators", e);
}
}
Aggregations