use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method setChallengeQuestionsOfUser.
/**
* set challenges of user
*
* @param userName bean class that contains user and tenant Information
* @throws IdentityMgtServiceException if fails
*/
public void setChallengeQuestionsOfUser(String userName, UserChallengesDTO[] challengesDTOs) throws IdentityMgtServiceException {
if (challengesDTOs == null || challengesDTOs.length < 1) {
log.error("no challenges provided by user");
throw new IdentityMgtServiceException("no challenges provided by user");
}
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String loggedInName = CarbonContext.getThreadLocalCarbonContext().getUsername();
if (userName != null && !userName.equals(loggedInName)) {
AuthorizationManager authzManager = null;
try {
authzManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
throw new IdentityMgtServiceException("Error occurred while retrieving AuthorizationManager for tenant " + tenantDomain, e);
}
boolean isAuthorized = false;
try {
isAuthorized = authzManager.isUserAuthorized(loggedInName, "/permission/admin/manage/identity/identitymgt/update", CarbonConstants.UI_PERMISSION_ACTION);
} catch (UserStoreException e) {
throw new IdentityMgtServiceException("Error occurred while checking access level for " + "user " + userName + " in tenant " + tenantDomain, e);
}
if (!isAuthorized) {
throw new IdentityMgtServiceException("Unauthorized access!! Possible elevation of privilege attack. " + "User " + loggedInName + " trying to change challenge questions for user " + userName);
}
} else if (userName == null) {
userName = loggedInName;
}
validateSecurityQuestionDuplicate(challengesDTOs);
ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
try {
List<ChallengeQuestionDTO> challengeQuestionDTOs = processor.getAllChallengeQuestions();
for (UserChallengesDTO userChallengesDTO : challengesDTOs) {
boolean found = false;
for (ChallengeQuestionDTO challengeQuestionDTO : challengeQuestionDTOs) {
if (challengeQuestionDTO.getQuestion().equals(userChallengesDTO.getQuestion()) && challengeQuestionDTO.getQuestionSetId().equals(userChallengesDTO.getId())) {
found = true;
break;
}
}
if (!found) {
String errMsg = "Error while persisting user challenges for user : " + userName + ", because these user challengers are not registered with the tenant";
log.error(errMsg);
throw new IdentityMgtServiceException(errMsg);
}
}
processor.setChallengesOfUser(userName, tenantId, challengesDTOs);
} catch (IdentityException e) {
String errorMessage = "Error while persisting user challenges for user : " + userName;
log.error(errorMessage, e);
throw new IdentityMgtServiceException(errorMessage);
}
}
use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method getAllPromotedUserChallenge.
/**
* get all promoted user challenges
*
* @return array of user challenges
* @throws IdentityMgtServiceException if fails
*/
public UserChallengesSetDTO[] getAllPromotedUserChallenge() throws IdentityMgtServiceException {
ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
List<UserChallengesSetDTO> challengeQuestionSetDTOs = new ArrayList<UserChallengesSetDTO>();
List<ChallengeQuestionDTO> questionDTOs = null;
try {
questionDTOs = processor.getAllChallengeQuestions();
} catch (IdentityException e) {
log.error("Error while loading user challenges", e);
throw new IdentityMgtServiceException("Error while loading user challenges");
}
Map<String, List<UserChallengesDTO>> listMap = new HashMap<String, List<UserChallengesDTO>>();
for (ChallengeQuestionDTO dto : questionDTOs) {
List<UserChallengesDTO> dtoList = listMap.get(dto.getQuestionSetId());
if (dtoList == null) {
dtoList = new ArrayList<UserChallengesDTO>();
}
UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
userChallengesDTO.setId(dto.getQuestionSetId());
userChallengesDTO.setQuestion(dto.getQuestion());
userChallengesDTO.setOrder(dto.getOrder());
dtoList.add(userChallengesDTO);
listMap.put(dto.getQuestionSetId(), dtoList);
}
for (Map.Entry<String, List<UserChallengesDTO>> listEntry : listMap.entrySet()) {
UserChallengesSetDTO dto = new UserChallengesSetDTO();
dto.setId(listEntry.getKey());
List<UserChallengesDTO> dtoList = listEntry.getValue();
dto.setChallengesDTOs(dtoList.toArray(new UserChallengesDTO[dtoList.size()]));
challengeQuestionSetDTOs.add(dto);
}
return challengeQuestionSetDTOs.toArray(new UserChallengesSetDTO[challengeQuestionSetDTOs.size()]);
}
use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method verifyChallengeQuestion.
/**
* verify challenge questions
*
* @return verification results as been
* @throws IdentityException if any error occurs
*/
public VerificationBean verifyChallengeQuestion(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
if (userChallengesDTOs == null || userChallengesDTOs.length < 1) {
log.error("no challenges provided by user for verifications.");
bean.setError("no challenges provided by user for verifications.");
return bean;
}
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
throw new IdentityMgtServiceException("Invalid user name.", e);
}
if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
log.warn("Invalid user is trying to verify user challenges.");
bean.setError("Invalid user is trying to verify user challenges.");
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
boolean verification = processor.verifyChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
if (verification) {
String code = UUID.randomUUID().toString();
try {
recoveryProcessor.createConfirmationCode(userDTO, code);
} catch (IdentityException e) {
log.error("Error while creating confirmation code.", e);
}
bean = new VerificationBean(userName, code);
}
return bean;
}
use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyUserChallengeAnswer.
/**
* This method is to verify the user supplied answer for the challenge
* question.
*
* @param userName
* @param confirmation
* @param questionId
* @param answer
* @return status and key details about the operation status.
* @throws IdentityMgtServiceException
*/
public VerificationBean verifyUserChallengeAnswer(String userName, String confirmation, String questionId, String answer) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
if (log.isDebugEnabled()) {
log.debug("User challenge answer request received with username :" + userName);
}
if (questionId == null || answer == null) {
String error = "No challenge question id provided for verification";
bean.setError(error);
if (log.isDebugEnabled()) {
log.debug(error);
}
return bean;
}
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
return bean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
try {
bean = recoveryProcessor.verifyConfirmationCode(40, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
if (bean == null) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
}
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
userChallengesDTO.setId(questionId);
userChallengesDTO.setAnswer(answer);
boolean verification = processor.verifyUserChallengeAnswer(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTO);
if (verification) {
bean.setError("");
bean.setUserId(userName);
if (log.isDebugEnabled()) {
log.debug("User answer verification successful for user: " + userName);
}
} else {
bean.setError("Challenge answer verification failed for user : " + userName);
bean.setVerified(false);
// clear the key to avoid returning to caller.
bean.setKey("");
log.error(bean.getError());
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return bean;
}
use of org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyUserChallengeAnswers.
/**
* Verifies challenge question answers.
*
* @param userName username of the user
* @param confirmation confirmation code UserChallengesDTO instances which holds the question id and answer
* @param userChallengesDTOs an array of
* @return an instance of VerificationBean which denote the status
* @throws IdentityMgtServiceException
*/
public VerificationBean verifyUserChallengeAnswers(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
if (log.isDebugEnabled()) {
log.debug("User challenge answers request received with username :" + userName);
}
if (ArrayUtils.isEmpty(userChallengesDTOs)) {
String errorMsg = "No challenge question id provided for verification";
bean.setError(errorMsg);
if (log.isDebugEnabled()) {
log.debug(errorMsg);
}
return bean;
}
UserDTO userDTO;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
return bean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
try {
bean = recoveryProcessor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
log.error("Error while verifying confirmation code.", e);
bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
if (bean == null) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
}
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
boolean verification = processor.verifyUserChallengeAnswers(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
if (verification) {
bean.setError("");
bean.setUserId(userName);
if (log.isDebugEnabled()) {
log.debug("User answer verification successful for user: " + userName);
}
} else {
bean.setError("Verification failed for one or more answers provided by user : " + userName);
bean.setVerified(false);
// clear the key to avoid returning to caller.
bean.setKey("");
if (log.isDebugEnabled()) {
log.debug(bean.getError());
}
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return bean;
}
Aggregations