Search in sources :

Example 6 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapPasswordManagementService method getSecurityQuestions.

@Override
public Map<String, String> getSecurityQuestions(final String username) {
    final Map<String, String> set = new LinkedHashMap<>();
    try {
        final PasswordManagementProperties.Ldap ldap = passwordManagementProperties.getLdap();
        final SearchFilter filter = Beans.newLdaptiveSearchFilter(ldap.getUserFilter(), Beans.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, Arrays.asList(username));
        LOGGER.debug("Constructed LDAP filter [{}] to locate security questions", filter);
        final ConnectionFactory factory = Beans.newLdaptivePooledConnectionFactory(ldap);
        final Response<SearchResult> response = LdapUtils.executeSearchOperation(factory, ldap.getBaseDn(), filter);
        LOGGER.debug("LDAP response for security questions [{}]", response);
        if (LdapUtils.containsResultEntry(response)) {
            final LdapEntry entry = response.getResult().getEntry();
            LOGGER.debug("Located LDAP entry [{}] in the response", entry);
            final Map<String, String> qs = passwordManagementProperties.getLdap().getSecurityQuestionsAttributes();
            LOGGER.debug("Security question attributes are defined to be [{}]", qs);
            qs.forEach((k, v) -> {
                final LdapAttribute q = entry.getAttribute(k);
                final LdapAttribute a = entry.getAttribute(v);
                if (q != null && a != null && StringUtils.isNotBlank(q.getStringValue()) && StringUtils.isNotBlank(a.getStringValue())) {
                    LOGGER.debug("Added security question [{}]", q.getStringValue());
                    set.put(q.getStringValue(), a.getStringValue());
                }
            });
        } else {
            LOGGER.debug("LDAP response did not contain a result for security questions");
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return set;
}
Also used : ConnectionFactory(org.ldaptive.ConnectionFactory) PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties) LdapAttribute(org.ldaptive.LdapAttribute) SearchFilter(org.ldaptive.SearchFilter) SearchResult(org.ldaptive.SearchResult) LdapEntry(org.ldaptive.LdapEntry) LinkedHashMap(java.util.LinkedHashMap)

Example 7 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapPasswordManagementService method findEmail.

@Override
public String findEmail(final String username) {
    try {
        final PasswordManagementProperties.Ldap ldap = passwordManagementProperties.getLdap();
        final SearchFilter filter = Beans.newLdaptiveSearchFilter(ldap.getUserFilter(), Beans.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, Arrays.asList(username));
        LOGGER.debug("Constructed LDAP filter [{}] to locate account email", filter);
        final ConnectionFactory factory = Beans.newLdaptivePooledConnectionFactory(ldap);
        final Response<SearchResult> response = LdapUtils.executeSearchOperation(factory, ldap.getBaseDn(), filter);
        LOGGER.debug("LDAP response to locate account email is [{}]", response);
        if (LdapUtils.containsResultEntry(response)) {
            final LdapEntry entry = response.getResult().getEntry();
            LOGGER.debug("Found LDAP entry [{}] to use for the account email", entry);
            final String attributeName = passwordManagementProperties.getReset().getEmailAttribute();
            final LdapAttribute attr = entry.getAttribute(attributeName);
            if (attr != null) {
                final String email = attr.getStringValue();
                LOGGER.debug("Found email address [{}] for user [{}]. Validating...", email, username);
                if (EmailValidator.getInstance().isValid(email)) {
                    LOGGER.debug("Email address [{}] matches a valid email address", email);
                    return email;
                } else {
                    LOGGER.error("Email [{}] is not a valid address", email);
                }
            } else {
                LOGGER.error("Could not locate an LDAP attribute [{}] for [{}] and base DN [{}]", attributeName, filter.format(), ldap.getBaseDn());
            }
            return null;
        } else {
            LOGGER.error("Could not locate an LDAP entry for [{}] and base DN [{}]", filter.format(), ldap.getBaseDn());
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}
Also used : ConnectionFactory(org.ldaptive.ConnectionFactory) PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties) LdapAttribute(org.ldaptive.LdapAttribute) SearchFilter(org.ldaptive.SearchFilter) SearchResult(org.ldaptive.SearchResult) LdapEntry(org.ldaptive.LdapEntry)

Example 8 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapConsentRepository method findConsentDecision.

@Override
public ConsentDecision findConsentDecision(final Service service, final RegisteredService registeredService, final Authentication authentication) {
    final String principal = authentication.getPrincipal().getId();
    final LdapEntry entry = readConsentEntry(principal);
    if (entry != null) {
        final LdapAttribute consentDecisions = entry.getAttribute(this.ldap.getConsentAttributeName());
        if (consentDecisions != null) {
            final Collection<String> values = consentDecisions.getStringValues();
            LOGGER.debug("Locating consent decision(s) for [{}] and service [{}]", principal, service.getId());
            return values.stream().map(LdapConsentRepository::mapFromJson).filter(d -> d.getService().equals(service.getId())).findFirst().orElse(null);
        }
    }
    return null;
}
Also used : LdapAttribute(org.ldaptive.LdapAttribute) LdapEntry(org.ldaptive.LdapEntry)

Example 9 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapPasswordManagementService method findEmail.

@Override
public String findEmail(final String username) {
    try {
        final PasswordManagementProperties.Ldap ldap = properties.getLdap();
        final SearchFilter filter = LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, CollectionUtils.wrap(username));
        LOGGER.debug("Constructed LDAP filter [{}] to locate account email", filter);
        final ConnectionFactory factory = LdapUtils.newLdaptivePooledConnectionFactory(ldap);
        final Response<SearchResult> response = LdapUtils.executeSearchOperation(factory, ldap.getBaseDn(), filter);
        LOGGER.debug("LDAP response to locate account email is [{}]", response);
        if (LdapUtils.containsResultEntry(response)) {
            final LdapEntry entry = response.getResult().getEntry();
            LOGGER.debug("Found LDAP entry [{}] to use for the account email", entry);
            final String attributeName = properties.getReset().getEmailAttribute();
            final LdapAttribute attr = entry.getAttribute(attributeName);
            if (attr != null) {
                final String email = attr.getStringValue();
                LOGGER.debug("Found email address [{}] for user [{}]. Validating...", email, username);
                if (EmailValidator.getInstance().isValid(email)) {
                    LOGGER.debug("Email address [{}] matches a valid email address", email);
                    return email;
                }
                LOGGER.error("Email [{}] is not a valid address", email);
            } else {
                LOGGER.error("Could not locate an LDAP attribute [{}] for [{}] and base DN [{}]", attributeName, filter.format(), ldap.getBaseDn());
            }
            return null;
        }
        LOGGER.error("Could not locate an LDAP entry for [{}] and base DN [{}]", filter.format(), ldap.getBaseDn());
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return null;
}
Also used : ConnectionFactory(org.ldaptive.ConnectionFactory) PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties) LdapAttribute(org.ldaptive.LdapAttribute) SearchFilter(org.ldaptive.SearchFilter) SearchResult(org.ldaptive.SearchResult) LdapEntry(org.ldaptive.LdapEntry)

Example 10 with LdapAttribute

use of org.ldaptive.LdapAttribute in project cas by apereo.

the class LdapPasswordManagementService method getSecurityQuestions.

@Override
public Map<String, String> getSecurityQuestions(final String username) {
    final Map<String, String> set = new LinkedHashMap<>();
    try {
        final PasswordManagementProperties.Ldap ldap = properties.getLdap();
        final SearchFilter filter = LdapUtils.newLdaptiveSearchFilter(ldap.getSearchFilter(), LdapUtils.LDAP_SEARCH_FILTER_DEFAULT_PARAM_NAME, CollectionUtils.wrap(username));
        LOGGER.debug("Constructed LDAP filter [{}] to locate security questions", filter);
        final ConnectionFactory factory = LdapUtils.newLdaptivePooledConnectionFactory(ldap);
        final Response<SearchResult> response = LdapUtils.executeSearchOperation(factory, ldap.getBaseDn(), filter);
        LOGGER.debug("LDAP response for security questions [{}]", response);
        if (LdapUtils.containsResultEntry(response)) {
            final LdapEntry entry = response.getResult().getEntry();
            LOGGER.debug("Located LDAP entry [{}] in the response", entry);
            final Map<String, String> qs = properties.getLdap().getSecurityQuestionsAttributes();
            LOGGER.debug("Security question attributes are defined to be [{}]", qs);
            qs.forEach((k, v) -> {
                final LdapAttribute q = entry.getAttribute(k);
                final LdapAttribute a = entry.getAttribute(v);
                if (q != null && a != null && StringUtils.isNotBlank(q.getStringValue()) && StringUtils.isNotBlank(a.getStringValue())) {
                    LOGGER.debug("Added security question [{}]", q.getStringValue());
                    set.put(q.getStringValue(), a.getStringValue());
                }
            });
        } else {
            LOGGER.debug("LDAP response did not contain a result for security questions");
        }
    } catch (final Exception e) {
        LOGGER.error(e.getMessage(), e);
    }
    return set;
}
Also used : ConnectionFactory(org.ldaptive.ConnectionFactory) PasswordManagementProperties(org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties) LdapAttribute(org.ldaptive.LdapAttribute) SearchFilter(org.ldaptive.SearchFilter) SearchResult(org.ldaptive.SearchResult) LdapEntry(org.ldaptive.LdapEntry) LinkedHashMap(java.util.LinkedHashMap)

Aggregations

LdapAttribute (org.ldaptive.LdapAttribute)27 LdapEntry (org.ldaptive.LdapEntry)18 SearchResult (org.ldaptive.SearchResult)11 SearchFilter (org.ldaptive.SearchFilter)7 ArrayList (java.util.ArrayList)6 ConnectionFactory (org.ldaptive.ConnectionFactory)5 LinkedHashMap (java.util.LinkedHashMap)4 PasswordManagementProperties (org.apereo.cas.configuration.model.support.pm.PasswordManagementProperties)4 MessageDescriptor (org.apereo.cas.authentication.MessageDescriptor)3 AbstractLdapProperties (org.apereo.cas.configuration.model.support.ldap.AbstractLdapProperties)3 Test (org.junit.Test)3 BindRequest (org.ldaptive.BindRequest)3 CompareRequest (org.ldaptive.CompareRequest)3 LdapException (org.ldaptive.LdapException)3 URI (java.net.URI)2 URL (java.net.URL)2 StandardCharsets (java.nio.charset.StandardCharsets)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 List (java.util.List)2