Search in sources :

Example 1 with ChallengeQuestionProcessor

use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method setChallengeQuestionsOfUser.

/**
 * set challenges of user
 *
 * @param userName bean class that contains user and tenant Information
 * @throws IdentityMgtServiceException if fails
 */
public void setChallengeQuestionsOfUser(String userName, UserChallengesDTO[] challengesDTOs) throws IdentityMgtServiceException {
    if (challengesDTOs == null || challengesDTOs.length < 1) {
        log.error("no challenges provided by user");
        throw new IdentityMgtServiceException("no challenges provided by user");
    }
    int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    String loggedInName = CarbonContext.getThreadLocalCarbonContext().getUsername();
    if (userName != null && !userName.equals(loggedInName)) {
        AuthorizationManager authzManager = null;
        try {
            authzManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
        } catch (UserStoreException e) {
            throw new IdentityMgtServiceException("Error occurred while retrieving AuthorizationManager for tenant " + tenantDomain, e);
        }
        boolean isAuthorized = false;
        try {
            isAuthorized = authzManager.isUserAuthorized(loggedInName, "/permission/admin/manage/identity/identitymgt/update", CarbonConstants.UI_PERMISSION_ACTION);
        } catch (UserStoreException e) {
            throw new IdentityMgtServiceException("Error occurred while checking access level for " + "user " + userName + " in tenant " + tenantDomain, e);
        }
        if (!isAuthorized) {
            throw new IdentityMgtServiceException("Unauthorized access!! Possible elevation of privilege attack. " + "User " + loggedInName + " trying to change challenge questions for user " + userName);
        }
    } else if (userName == null) {
        userName = loggedInName;
    }
    validateSecurityQuestionDuplicate(challengesDTOs);
    ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
    try {
        List<ChallengeQuestionDTO> challengeQuestionDTOs = processor.getAllChallengeQuestions();
        for (UserChallengesDTO userChallengesDTO : challengesDTOs) {
            boolean found = false;
            for (ChallengeQuestionDTO challengeQuestionDTO : challengeQuestionDTOs) {
                if (challengeQuestionDTO.getQuestion().equals(userChallengesDTO.getQuestion()) && challengeQuestionDTO.getQuestionSetId().equals(userChallengesDTO.getId())) {
                    found = true;
                    break;
                }
            }
            if (!found) {
                String errMsg = "Error while persisting user challenges for user : " + userName + ", because these user challengers are not registered with the tenant";
                log.error(errMsg);
                throw new IdentityMgtServiceException(errMsg);
            }
        }
        processor.setChallengesOfUser(userName, tenantId, challengesDTOs);
    } catch (IdentityException e) {
        String errorMessage = "Error while persisting user challenges for user : " + userName;
        log.error(errorMessage, e);
        throw new IdentityMgtServiceException(errorMessage);
    }
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AuthorizationManager(org.wso2.carbon.user.api.AuthorizationManager) IdentityException(org.wso2.carbon.identity.base.IdentityException) ChallengeQuestionDTO(org.wso2.carbon.identity.mgt.dto.ChallengeQuestionDTO)

Example 2 with ChallengeQuestionProcessor

use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method getAllPromotedUserChallenge.

/**
 * get all promoted user challenges
 *
 * @return array of user challenges
 * @throws IdentityMgtServiceException if fails
 */
public UserChallengesSetDTO[] getAllPromotedUserChallenge() throws IdentityMgtServiceException {
    ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
    List<UserChallengesSetDTO> challengeQuestionSetDTOs = new ArrayList<UserChallengesSetDTO>();
    List<ChallengeQuestionDTO> questionDTOs = null;
    try {
        questionDTOs = processor.getAllChallengeQuestions();
    } catch (IdentityException e) {
        log.error("Error while loading user challenges", e);
        throw new IdentityMgtServiceException("Error while loading user challenges");
    }
    Map<String, List<UserChallengesDTO>> listMap = new HashMap<String, List<UserChallengesDTO>>();
    for (ChallengeQuestionDTO dto : questionDTOs) {
        List<UserChallengesDTO> dtoList = listMap.get(dto.getQuestionSetId());
        if (dtoList == null) {
            dtoList = new ArrayList<UserChallengesDTO>();
        }
        UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
        userChallengesDTO.setId(dto.getQuestionSetId());
        userChallengesDTO.setQuestion(dto.getQuestion());
        userChallengesDTO.setOrder(dto.getOrder());
        dtoList.add(userChallengesDTO);
        listMap.put(dto.getQuestionSetId(), dtoList);
    }
    for (Map.Entry<String, List<UserChallengesDTO>> listEntry : listMap.entrySet()) {
        UserChallengesSetDTO dto = new UserChallengesSetDTO();
        dto.setId(listEntry.getKey());
        List<UserChallengesDTO> dtoList = listEntry.getValue();
        dto.setChallengesDTOs(dtoList.toArray(new UserChallengesDTO[dtoList.size()]));
        challengeQuestionSetDTOs.add(dto);
    }
    return challengeQuestionSetDTOs.toArray(new UserChallengesSetDTO[challengeQuestionSetDTOs.size()]);
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) HashMap(java.util.HashMap) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) ArrayList(java.util.ArrayList) IdentityException(org.wso2.carbon.identity.base.IdentityException) ChallengeQuestionDTO(org.wso2.carbon.identity.mgt.dto.ChallengeQuestionDTO) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) UserChallengesSetDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesSetDTO)

Example 3 with ChallengeQuestionProcessor

use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method verifyChallengeQuestion.

/**
 * verify challenge questions
 *
 * @return verification results as been
 * @throws IdentityException if any error occurs
 */
public VerificationBean verifyChallengeQuestion(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
    if (userChallengesDTOs == null || userChallengesDTOs.length < 1) {
        log.error("no challenges provided by user for verifications.");
        bean.setError("no challenges provided by user for verifications.");
        return bean;
    }
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("Invalid user name.", e);
    }
    if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
        log.warn("Invalid user is trying to verify user challenges.");
        bean.setError("Invalid user is trying to verify user challenges.");
        return bean;
    }
    ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
    boolean verification = processor.verifyChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
    if (verification) {
        String code = UUID.randomUUID().toString();
        try {
            recoveryProcessor.createConfirmationCode(userDTO, code);
        } catch (IdentityException e) {
            log.error("Error while creating confirmation code.", e);
        }
        bean = new VerificationBean(userName, code);
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 4 with ChallengeQuestionProcessor

use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyUserChallengeAnswer.

/**
 * This method is to verify the user supplied answer for the challenge
 * question.
 *
 * @param userName
 * @param confirmation
 * @param questionId
 * @param answer
 * @return status and key details about the operation status.
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyUserChallengeAnswer(String userName, String confirmation, String questionId, String answer) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    if (log.isDebugEnabled()) {
        log.debug("User challenge answer request received with username :" + userName);
    }
    if (questionId == null || answer == null) {
        String error = "No challenge question id provided for verification";
        bean.setError(error);
        if (log.isDebugEnabled()) {
            log.debug(error);
        }
        return bean;
    }
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
        return bean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        try {
            bean = recoveryProcessor.verifyConfirmationCode(40, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
            if (bean == null) {
                bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
            }
            return bean;
        }
        ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
        UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
        userChallengesDTO.setId(questionId);
        userChallengesDTO.setAnswer(answer);
        boolean verification = processor.verifyUserChallengeAnswer(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTO);
        if (verification) {
            bean.setError("");
            bean.setUserId(userName);
            if (log.isDebugEnabled()) {
                log.debug("User answer verification successful for user: " + userName);
            }
        } else {
            bean.setError("Challenge answer verification failed for user : " + userName);
            bean.setVerified(false);
            // clear the key to avoid returning to caller.
            bean.setKey("");
            log.error(bean.getError());
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 5 with ChallengeQuestionProcessor

use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyUserChallengeAnswers.

/**
 * Verifies challenge question answers.
 *
 * @param userName username of the user
 * @param confirmation confirmation code UserChallengesDTO instances which holds the question id and answer
 * @param userChallengesDTOs an array of
 * @return an instance of VerificationBean which denote the status
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyUserChallengeAnswers(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    if (log.isDebugEnabled()) {
        log.debug("User challenge answers request received with username :" + userName);
    }
    if (ArrayUtils.isEmpty(userChallengesDTOs)) {
        String errorMsg = "No challenge question id provided for verification";
        bean.setError(errorMsg);
        if (log.isDebugEnabled()) {
            log.debug(errorMsg);
        }
        return bean;
    }
    UserDTO userDTO;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
        return bean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        try {
            bean = recoveryProcessor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            log.error("Error while verifying confirmation code.", e);
            bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
            if (bean == null) {
                bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
            }
            return bean;
        }
        ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
        boolean verification = processor.verifyUserChallengeAnswers(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
        if (verification) {
            bean.setError("");
            bean.setUserId(userName);
            if (log.isDebugEnabled()) {
                log.debug("User answer verification successful for user: " + userName);
            }
        } else {
            bean.setError("Verification failed for one or more answers provided by user : " + userName);
            bean.setVerified(false);
            // clear the key to avoid returning to caller.
            bean.setKey("");
            if (log.isDebugEnabled()) {
                log.debug(bean.getError());
            }
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Aggregations

ChallengeQuestionProcessor (org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor)8 IdentityException (org.wso2.carbon.identity.base.IdentityException)7 IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)6 ChallengeQuestionDTO (org.wso2.carbon.identity.mgt.dto.ChallengeQuestionDTO)4 RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)3 VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)3 UserChallengesDTO (org.wso2.carbon.identity.mgt.dto.UserChallengesDTO)3 UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)3 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)2 AuthorizationManager (org.wso2.carbon.user.api.AuthorizationManager)2 UserStoreException (org.wso2.carbon.user.api.UserStoreException)2 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 List (java.util.List)1 Map (java.util.Map)1 UserChallengesSetDTO (org.wso2.carbon.identity.mgt.dto.UserChallengesSetDTO)1