use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method registerUser.
/**
* This method is used to register an user in the system. The account will be locked if the
* Authentication.Policy.Account.Lock.On.Creation is set to true. Else user will be able to
* login after registration.
*
* @param userName
* @param password
* @param claims
* @param profileName
* @param tenantDomain
* @return
* @throws IdentityMgtServiceException
*/
public VerificationBean registerUser(String userName, String password, UserIdentityClaimDTO[] claims, String profileName, String tenantDomain) throws IdentityMgtServiceException {
VerificationBean vBean = new VerificationBean();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
Permission permission = null;
if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
String loggedInTenant = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
String msg = "Trying to create users in unauthorized tenant space";
log.error(msg);
throw new IdentityMgtServiceException(msg);
}
if (tenantDomain == null || tenantDomain.isEmpty()) {
tenantDomain = loggedInTenant;
}
}
RealmService realmService = IdentityMgtServiceComponent.getRealmService();
int tenantId;
try {
tenantId = Utils.getTenantId(tenantDomain);
if (realmService.getTenantUserRealm(tenantId) != null) {
userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) realmService.getTenantUserRealm(tenantId).getUserStoreManager();
}
} catch (Exception e) {
vBean = handleError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant", e);
return vBean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(tenantId);
carbonContext.setTenantDomain(tenantDomain);
}
if (userStoreManager == null) {
vBean = new VerificationBean();
vBean.setVerified(false);
vBean.setError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant");
return vBean;
}
Map<String, String> claimsMap = new HashMap<String, String>();
for (UserIdentityClaimDTO userIdentityClaimDTO : claims) {
claimsMap.put(userIdentityClaimDTO.getClaimUri(), userIdentityClaimDTO.getClaimValue());
}
userStoreManager.addUser(userName, password, null, claimsMap, profileName);
String identityRoleName = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + IdentityConstants.IDENTITY_DEFAULT_ROLE;
if (!userStoreManager.isExistingRole(identityRoleName, false)) {
permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
userStoreManager.addRole(identityRoleName, new String[] { userName }, new Permission[] { permission }, false);
} else {
userStoreManager.updateUserListOfRole(identityRoleName, new String[] {}, new String[] { userName });
}
String listenerClassName = IdentityMgtConfig.getInstance().getProperty(IdentityMgtConstants.PropertyConfig.IDENTITY_MGT_LISTENER_CLASS);
if (StringUtils.isBlank(listenerClassName)) {
listenerClassName = IdentityMgtEventListener.class.getName();
}
IdentityEventListenerConfig identityEventListenerConfig = IdentityUtil.readEventListenerProperty(UserOperationEventListener.class.getName(), listenerClassName);
boolean isListenerEnable = true;
if (identityEventListenerConfig != null) {
if (StringUtils.isNotBlank(identityEventListenerConfig.getEnable())) {
isListenerEnable = Boolean.parseBoolean(identityEventListenerConfig.getEnable());
}
}
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
if (isListenerEnable && config.isAuthPolicyAccountLockOnCreation()) {
UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
userDTO.setTenantId(tenantId);
UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
dto.setNotificationType("EMAIL");
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
vBean = processor.updateConfirmationCode(1, userName, tenantId);
dto.setConfirmationCode(vBean.getKey());
NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
vBean.setVerified(notificationDto.isNotificationSent());
// Send email data only if not internally managed.
if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
vBean.setNotificationData(notificationDto);
}
} else {
vBean.setVerified(true);
}
} catch (UserStoreException | IdentityException e) {
vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e, userName);
// Rollback if user exists
try {
if (!e.getMessage().contains(IdentityCoreConstants.EXISTING_USER) && userStoreManager.isExistingUser(userName)) {
userStoreManager.deleteUser(userName);
}
} catch (UserStoreException e1) {
vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e1, userName);
}
return vBean;
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return vBean;
}
use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyUserChallengeAnswer.
/**
* This method is to verify the user supplied answer for the challenge
* question.
*
* @param userName
* @param confirmation
* @param questionId
* @param answer
* @return status and key details about the operation status.
* @throws IdentityMgtServiceException
*/
public VerificationBean verifyUserChallengeAnswer(String userName, String confirmation, String questionId, String answer) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
if (log.isDebugEnabled()) {
log.debug("User challenge answer request received with username :" + userName);
}
if (questionId == null || answer == null) {
String error = "No challenge question id provided for verification";
bean.setError(error);
if (log.isDebugEnabled()) {
log.debug(error);
}
return bean;
}
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
return bean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
try {
bean = recoveryProcessor.verifyConfirmationCode(40, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
if (bean == null) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
}
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
userChallengesDTO.setId(questionId);
userChallengesDTO.setAnswer(answer);
boolean verification = processor.verifyUserChallengeAnswer(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTO);
if (verification) {
bean.setError("");
bean.setUserId(userName);
if (log.isDebugEnabled()) {
log.debug("User answer verification successful for user: " + userName);
}
} else {
bean.setError("Challenge answer verification failed for user : " + userName);
bean.setVerified(false);
// clear the key to avoid returning to caller.
bean.setKey("");
log.error(bean.getError());
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return bean;
}
use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyUserChallengeAnswers.
/**
* Verifies challenge question answers.
*
* @param userName username of the user
* @param confirmation confirmation code UserChallengesDTO instances which holds the question id and answer
* @param userChallengesDTOs an array of
* @return an instance of VerificationBean which denote the status
* @throws IdentityMgtServiceException
*/
public VerificationBean verifyUserChallengeAnswers(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
if (log.isDebugEnabled()) {
log.debug("User challenge answers request received with username :" + userName);
}
if (ArrayUtils.isEmpty(userChallengesDTOs)) {
String errorMsg = "No challenge question id provided for verification";
bean.setError(errorMsg);
if (log.isDebugEnabled()) {
log.debug(errorMsg);
}
return bean;
}
UserDTO userDTO;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
return bean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
try {
bean = recoveryProcessor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
log.error("Error while verifying confirmation code.", e);
bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
if (bean == null) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
}
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
boolean verification = processor.verifyUserChallengeAnswers(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
if (verification) {
bean.setError("");
bean.setUserId(userName);
if (log.isDebugEnabled()) {
log.debug("User answer verification successful for user: " + userName);
}
} else {
bean.setError("Verification failed for one or more answers provided by user : " + userName);
bean.setVerified(false);
// clear the key to avoid returning to caller.
bean.setKey("");
if (log.isDebugEnabled()) {
log.debug(bean.getError());
}
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return bean;
}
use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyUser.
public VerificationBean verifyUser(String username, CaptchaInfoBean captcha) throws IdentityMgtServiceException {
UserDTO userDTO;
VerificationBean bean;
if (log.isDebugEnabled()) {
log.debug("User verification request received with username : " + username);
}
if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
try {
CaptchaUtil.processCaptchaInfoBean(captcha);
} catch (Exception e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_CAPTCHA + " Error while validating captcha", e);
return bean;
}
}
try {
userDTO = Utils.processUserId(username);
} catch (IdentityException e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " invalid user : " + username, e);
return bean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
bean = processor.verifyUserForRecovery(1, userDTO);
if (bean.getError() != null) {
if (bean.getError().contains(VerificationBean.ERROR_CODE_INVALID_USER)) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " User does not exist : " + username, null);
} else if (bean.getError().contains(VerificationBean.ERROR_CODE_DISABLED_ACCOUNT)) {
bean = handleError(VerificationBean.ERROR_CODE_DISABLED_ACCOUNT + " Account is disabled for user " + username + ". Can not allow to recover.", null);
} else {
bean = handleError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error verifying user : " + username, null);
}
}
return bean;
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
}
use of org.wso2.carbon.identity.mgt.IdentityMgtServiceException in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method updatePassword.
/**
* This method is used to update the password in the system for password
* recovery process. Before calling this method caller needs to call
* verifyConfirmationCode and get the newly generated confirmation code.
*
* @param username - username
* @param confirmationCode - newly generated confirmation code
* @param newPassword - new password
* @return - VerificationBean with operation status true or false.
* @throws IdentityMgtServiceException
*/
public VerificationBean updatePassword(String username, String confirmationCode, String newPassword) throws IdentityMgtServiceException {
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
VerificationBean bean = null;
if (log.isDebugEnabled()) {
log.debug("User update password request received with username: " + username);
}
try {
UserDTO userDTO = Utils.processUserId(username);
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
TenantManager tenantManager = IdentityMgtServiceComponent.getRealmService().getTenantManager();
int tenantId = 0;
try {
tenantId = tenantManager.getTenantId(userDTO.getTenantDomain());
} catch (UserStoreException e) {
log.warn("No Tenant id for tenant domain " + userDTO.getTenantDomain());
return handleError(VerificationBean.ERROR_CODE_INVALID_TENANT + " No Tenant id for tenant domain : " + userDTO.getTenantDomain(), e);
}
if (recoveryProcessor.verifyConfirmationCode(30, userDTO.getUserId(), confirmationCode).isVerified()) {
Utils.updatePassword(userDTO.getUserId(), tenantId, newPassword);
log.info("Credential is updated for user : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain());
IdentityMgtConfig.getInstance().getRecoveryDataStore().invalidate(userDTO.getUserId(), tenantId);
bean = new VerificationBean(true);
} else if (recoveryProcessor.verifyConfirmationCode(3, userDTO.getUserId(), confirmationCode).isVerified()) {
Utils.updatePassword(userDTO.getUserId(), tenantId, newPassword);
log.info("Credential is updated for user : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain());
IdentityMgtConfig.getInstance().getRecoveryDataStore().invalidate(userDTO.getUserId(), tenantId);
bean = new VerificationBean(true);
} else {
String msg = "Invalid user tried to update credential with user Id : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain();
bean = new VerificationBean(VerificationBean.ERROR_CODE_INVALID_USER + " " + msg);
bean.setVerified(false);
log.error(msg);
}
} catch (IdentityException e) {
bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, username);
if (bean.getError() == null) {
bean = handleError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error while updating credential " + "for user: " + username, e);
}
return bean;
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return bean;
}
Aggregations