Examples with IdentityMgtServiceException org.wso2.carbon.identity.mgt.IdentityMgtServiceException used on opensource projects

Example 21 with IdentityMgtServiceException

use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.

the class ChallengeQuestionProcessor method getUserChallengeQuestion.

public UserChallengesDTO getUserChallengeQuestion(String userName, int tenantId, boolean adminService) throws IdentityMgtServiceException {
    UserChallengesDTO dto = null;
    List<UserChallengesDTO> challengesDTOs = new ArrayList<UserChallengesDTO>();
    try {
        if (log.isDebugEnabled()) {
            log.debug("Retrieving Challenge question from the user profile.");
        }
        List<String> challengesUris = getChallengeQuestionUris(userName, tenantId);
        for (int i = 0; i < challengesUris.size(); i++) {
            String challengesUri = challengesUris.get(i).trim();
            String challengeValue = Utils.getClaimFromUserStoreManager(userName, tenantId, challengesUri);
            String[] challengeValues = challengeValue.split(IdentityMgtConfig.getInstance().getChallengeQuestionSeparator());
            if (challengeValues != null && challengeValues.length == 2) {
                dto = new UserChallengesDTO();
                dto.setId(challengesUri);
                dto.setQuestion(challengeValues[0].trim());
                if (adminService) {
                    dto.setAnswer(challengeValues[1].trim());
                }
                dto.setOrder(i);
                dto.setPrimary(false);
                challengesDTOs.add(dto);
            }
        }
    } catch (Exception e) {
        String msg = "No associated challenge question found for the user";
        if (log.isDebugEnabled()) {
            log.debug(msg, e);
        }
    }
    return dto;
}

Example 22 with IdentityMgtServiceException

use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method authenticateWithTemporaryCredentials.

/**
 * Authenticates the user with the temporary credentials and returns user
 * identity recovery data such as primary email address, telephone number
 * and all other identity claims of the user including the identity property
 * "isUserMustChangePassword". These claims are useful when the user is
 * recovering the identity using a temporary credential may be after
 * forgetting their password or after the identity being stolen. Then they
 * can update the values for these identity claims to keep their identity
 * safe.
 * TODO : Captcha must be considered
 *
 * @param userName
 * @param tempCredential
 * @return
 * @throws IdentityMgtServiceException
 */
public UserIdentityClaimDTO[] authenticateWithTemporaryCredentials(String userName, String tempCredential) throws IdentityMgtServiceException {
    try {
        int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
        boolean isValid = UserIdentityManagementUtil.isValidIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_TEMPORARY_CREDENTIAL, tempCredential);
        if (!isValid) {
            log.warn("WARNING: Invalidated temporary credential provided by " + userName);
            throw new IdentityMgtServiceException("Invalid temporary credential provided");
        }
        UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
        userStoreManager.authenticate(userName, tempCredential);
        // this credential should not be used again
        UserIdentityManagementUtil.invalidateUserIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_TEMPORARY_CREDENTIAL, tempCredential);
        return UserIdentityManagementUtil.getAllUserIdentityClaims(userName);
    } catch (UserStoreException e) {
        log.error("Error while authenticating", e);
        throw new IdentityMgtServiceException("Error while authenticating the user");
    } catch (IdentityException e) {
        log.error("Error while authenticating", e);
        throw new IdentityMgtServiceException("Error while authenticating the user");
    }
}

Example 23 with IdentityMgtServiceException

use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method confirmUserRegistration.

/**
 * Validates the confirmation code and then unlock the user account
 *
 * @param userName
 * @param confirmationCode
 * @return
 * @throws IdentityMgtServiceException
 */
// TODO : expiration of confirmation code (1 time, 24hrs). Use only UserName
public UserIdentityClaimDTO[] confirmUserRegistration(String userName, String confirmationCode) throws IdentityMgtServiceException {
    try {
        int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
        // throws an exception if invalid
        boolean isValid = UserIdentityManagementUtil.isValidIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_CONFIRMATION_CODE, confirmationCode);
        if (!isValid) {
            log.warn("WARNING: Invalid confirmation code provided by " + userName);
            throw new IdentityMgtServiceException("Invalid confirmation code provided");
        }
        UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
        // update the user identity claim
        UserIdentityManagementUtil.unlockUserAccount(userName, userStoreManager);
        // invalidate the confirmation code
        UserIdentityManagementUtil.invalidateUserIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_CONFIRMATION_CODE, confirmationCode);
        return UserIdentityManagementUtil.getAllUserIdentityClaims(userName);
    } catch (UserStoreException e) {
        log.error("Error while confirming the account", e);
        throw new IdentityMgtServiceException("Error while confirming the account");
    } catch (IdentityException e) {
        log.error("Error while confirming the account", e);
        throw new IdentityMgtServiceException("Error while confirming the account");
    }
}

Example 24 with IdentityMgtServiceException

use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method recoverUserIdentityWithSecurityQuestions.

/**
 * Checks the security questions and their answerers against the user's
 * stored questions and answerers. If not all security questions of the user
 * are answered, an exception will be thrown. After all security questions
 * are answered properly, then the system will generate a random password,
 * and reset the user password with it and then will be returned the
 * resulting DTO containing the temporary password.
 * TODO : Re-think
 *
 * @param userName
 * @param secQuesAnsweres
 * @return
 * @throws IdentityMgtServiceException
 */
public void recoverUserIdentityWithSecurityQuestions(String userName, UserIdentityClaimDTO[] secQuesAnsweres) throws IdentityMgtServiceException {
    try {
        int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
        UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
        UserIdentityClaimDTO[] storedSecQuesAnswers = UserIdentityManagementUtil.getUserSecurityQuestions(userName, userStoreManager);
        // have not answered all questions of the user
        if (secQuesAnsweres.length < storedSecQuesAnswers.length) {
            throw new IdentityMgtServiceException("All questions must be answered");
        }
        // NOW check the answer for every question
        // 
        int numberOfAnsweredQuestions = 0;
        // for every stored security question
        for (UserIdentityClaimDTO storedSecQues : storedSecQuesAnswers) {
            // for every answered security question
            for (UserIdentityClaimDTO answredSecQues : secQuesAnsweres) {
                // when the questions are equal, check for the answer
                if (answredSecQues.getClaimUri().trim().equals(storedSecQues.getClaimUri().trim())) {
                    // if answerers are not equal, throw an exception
                    if (!answredSecQues.getClaimValue().trim().equals(storedSecQues.getClaimValue().trim())) {
                        throw new IdentityMgtServiceException("Invalid answeres. Identity recovery failed");
                    }
                    numberOfAnsweredQuestions++;
                }
            }
        }
        // not all USER's security questions has been answered
        if (numberOfAnsweredQuestions < storedSecQuesAnswers.length) {
            throw new IdentityMgtServiceException("All questions must be answered");
        }
        // now okay to recover
        // reset the password with a random value
        char[] tempPassword = UserIdentityManagementUtil.generateTemporaryPassword();
        userStoreManager.updateCredentialByAdmin(userName, tempPassword);
        // store the temp password as a Metadata
        UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
        metadataDO.setUserName(userName).setTenantId(tenantId).setCode(new String(tempPassword));
        UserIdentityManagementUtil.storeUserIdentityMetadata(metadataDO);
        // sending an email to the user
        UserIdentityMgtBean bean = new UserIdentityMgtBean();
        String email = userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), null);
        log.debug("Sending email to " + email);
        bean.setUserId(userName).setUserTemporaryPassword(new String(tempPassword)).setEmail(email);
        UserIdentityManagementUtil.notifyViaEmail(bean);
    } catch (UserStoreException e) {
        log.error("Error while recovering user identity", e);
        throw new IdentityMgtServiceException("Error while recovering user identity");
    } catch (IdentityException e) {
        log.error("Error while recovering user identity", e);
        throw new IdentityMgtServiceException("Error while recovering user identity");
    }
}

Example 25 with IdentityMgtServiceException

use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyConfirmationCode.

/**
 * This method is used to verify the confirmation code sent to user is
 * correct and validates. Before calling this method it needs to supply a
 * Captcha and should call getCaptcha().
 *
 * @param username - username of whom the password needs to be recovered.
 * @param code     - confirmation code sent to user by notification.
 * @param captcha  - generated captcha with answer for this communication.
 * @return - VerificationBean with new code to be used in updatePassword().
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyConfirmationCode(String username, String code, CaptchaInfoBean captcha) throws IdentityMgtServiceException {
    UserDTO userDTO;
    VerificationBean bean = new VerificationBean();
    if (log.isDebugEnabled()) {
        log.debug("User confirmation code verification request received with username :" + username);
    }
    if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
        try {
            CaptchaUtil.processCaptchaInfoBean(captcha);
        } catch (Exception e) {
            bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " Error while validating captcha for user : " + username, e);
            return bean;
        }
    }
    try {
        userDTO = Utils.processUserId(username);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " invalid user : " + username, e);
        return bean;
    }
    RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
    if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
        PrivilegedCarbonContext.startTenantFlow();
        PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
        carbonContext.setTenantId(userDTO.getTenantId());
        carbonContext.setTenantDomain(userDTO.getTenantDomain());
    }
    try {
        bean = processor.verifyConfirmationCode(2, userDTO.getUserId(), code);
        if (bean.isVerified()) {
            bean = processor.updateConfirmationCode(3, userDTO.getUserId(), userDTO.getTenantId());
            if (log.isDebugEnabled()) {
                log.debug("User confirmation code verification successful for user: " + username);
            }
        } else {
            bean.setVerified(false);
            bean.setKey("");
            log.error(bean.getError());
        }
    } catch (IdentityException e) {
        bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, username);
        if (bean.getError() == null) {
            bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " Error verifying confirmation code for " + "user : " + username, e);
        }
        return bean;
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}