Search in sources :

Example 1 with RecoveryProcessor

use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method getUserChallengeQuestion.

/**
 * To get the challenge question for the user.
 *
 * @param userName
 * @param confirmation
 * @param questionId   - Question id returned from the getUserChanllegneQuestionIds
 *                     method.
 * @return Populated question bean with the question details and the key.
 * @throws IdentityMgtServiceException
 */
public UserChallengesDTO getUserChallengeQuestion(String userName, String confirmation, String questionId) throws IdentityMgtServiceException {
    UserDTO userDTO = null;
    UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
    if (log.isDebugEnabled()) {
        log.debug("User challenge question request received with username :" + userName);
    }
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        return handleChallengesError(VerificationBean.ERROR_CODE_INVALID_USER + " Error validating user : " + userName, null);
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
        VerificationBean bean;
        try {
            bean = processor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
            } else if (processor.verifyConfirmationCode(30, userDTO.getUserId(), confirmation).isVerified()) {
                bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            userChallengesDTO = UserIdentityManagementUtil.getCustomErrorMessagesForChallengQuestions(e, userName);
            if (userChallengesDTO == null) {
                userChallengesDTO = handleChallengesError(VerificationBean.ERROR_CODE_INVALID_CODE + " Invalid confirmation code for user : " + userName, e);
            }
            return userChallengesDTO;
        }
        if (bean.isVerified()) {
            userChallengesDTO = processor.getQuestionProcessor().getUserChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), questionId);
            userChallengesDTO.setKey(bean.getKey());
            userChallengesDTO.setVerfied(true);
            if (log.isDebugEnabled()) {
                log.debug("User challenge question retrieved successfully");
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Verification failed for user. Error : " + bean.getError());
            }
            userChallengesDTO.setError(VerificationBean.ERROR_CODE_INVALID_USER + " " + bean.getError());
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return userChallengesDTO;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 2 with RecoveryProcessor

use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method updateCredential.

/**
 * proceed updating credentials of user
 *
 * @param captchaInfoBean bean class that contains captcha information
 * @return True, if successful in verifying and hence updating the credentials.
 */
public VerificationBean updateCredential(String userName, String confirmation, String password, CaptchaInfoBean captchaInfoBean) {
    RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
    if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
        try {
            CaptchaUtil.processCaptchaInfoBean(captchaInfoBean);
        } catch (Exception e) {
            log.error("Error while processing captcha bean.", e);
            return new VerificationBean(VerificationBean.ERROR_CODE_INVALID_CAPTCHA);
        }
    }
    try {
        UserDTO userDTO = Utils.processUserId(userName);
        if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
            Utils.updatePassword(userDTO.getUserId(), userDTO.getTenantId(), password);
            log.info("Credential is updated for user : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain());
            return new VerificationBean(true);
        } else {
            log.warn("Invalid user tried to update credential with user Id : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain());
        }
    } catch (Exception e) {
        log.error("Error while updating credential for user : " + userName, e);
    }
    return new VerificationBean(VerificationBean.ERROR_CODE_UNEXPECTED);
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 3 with RecoveryProcessor

use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.

the class IdentityMgtEventListener method doPostAddUser.

/**
 * This method locks the created accounts based on the account policies or
 * based on the account confirmation method being used. Two account
 * confirmation methods are used : Temporary Password and Verification Code.
 * In the case of temporary password is used the temporary password will be
 * emailed to the user. In the case of verification code, the code will be
 * emailed to the user. The security questions filter ad doPreAddUser will
 * be persisted in this method.
 */
@Override
public boolean doPostAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims, String profile, UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    // Top level try and finally blocks are used to unset thread local variables
    try {
        if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_POST_ADD_USER)) {
            IdentityUtil.threadLocalProperties.get().put(DO_POST_ADD_USER, true);
            if (log.isDebugEnabled()) {
                log.debug("Post add user is called in IdentityMgtEventListener");
            }
            IdentityMgtConfig config = IdentityMgtConfig.getInstance();
            // reading the value from the thread local
            UserIdentityClaimsDO userIdentityClaimsDO = (UserIdentityClaimsDO) IdentityUtil.threadLocalProperties.get().get(USER_IDENTITY_DO);
            if (config.isEnableUserAccountVerification() && IdentityUtil.threadLocalProperties.get().containsKey(EMPTY_PASSWORD_USED)) {
                // empty password account creation
                String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
                if (!UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domainName)) {
                    userName = domainName + UserCoreConstants.DOMAIN_SEPARATOR + userName;
                }
                // store identity data
                userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, "");
                userIdentityClaimsDO.setAccountLock(false);
                try {
                    module.store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while saving user store for user : " + userName, e);
                }
                // store identity metadata
                UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
                metadataDO.setUserName(userName).setTenantId(userStoreManager.getTenantId()).setCode((String) credential);
                // set recovery data
                RecoveryProcessor processor = new RecoveryProcessor();
                UserRecoveryDTO recoveryDto = new UserRecoveryDTO(userName);
                recoveryDto.setNotification(IdentityMgtConstants.Notification.ASK_PASSWORD);
                recoveryDto.setNotificationType("EMAIL");
                recoveryDto.setTenantId(userStoreManager.getTenantId());
                NotificationDataDTO notificationDto = null;
                try {
                    notificationDto = processor.recoverWithNotification(recoveryDto);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while sending notification for user : " + userName, e);
                }
                return notificationDto != null && notificationDto.isNotificationSent();
            }
            // No account recoveries are defined, no email will be sent.
            if (config.isAuthPolicyAccountLockOnCreation()) {
                // accounts are locked. Admin should unlock
                userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, IdentityMgtConstants.LockedReason.UNVERIFIED.toString());
                userIdentityClaimsDO.setAccountLock(true);
                try {
                    config.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while saving user store data for user : " + userName, e);
                }
            }
            // When claims available in user add request like http://wso2.org/claims/identity/accountLocked
            if (!config.isEnableUserAccountVerification() && !config.isAuthPolicyAccountLockOnCreation() && userIdentityClaimsDO != null) {
                try {
                    if (log.isDebugEnabled()) {
                        log.debug("Storing identity-mgt claims since they are available in the addUser request");
                    }
                    module.store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while saving user store data for user : " + userName, e);
                }
            }
        }
        return true;
    } finally {
        // Remove thread local variable
        IdentityUtil.threadLocalProperties.get().remove(DO_POST_ADD_USER);
        IdentityUtil.threadLocalProperties.get().remove(EMPTY_PASSWORD_USED);
        IdentityUtil.threadLocalProperties.get().remove(USER_IDENTITY_DO);
    }
}
Also used : UserRecoveryDataDO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO) UserStoreException(org.wso2.carbon.user.core.UserStoreException) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 4 with RecoveryProcessor

use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method verifyChallengeQuestion.

/**
 * verify challenge questions
 *
 * @return verification results as been
 * @throws IdentityException if any error occurs
 */
public VerificationBean verifyChallengeQuestion(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
    if (userChallengesDTOs == null || userChallengesDTOs.length < 1) {
        log.error("no challenges provided by user for verifications.");
        bean.setError("no challenges provided by user for verifications.");
        return bean;
    }
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("Invalid user name.", e);
    }
    if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
        log.warn("Invalid user is trying to verify user challenges.");
        bean.setError("Invalid user is trying to verify user challenges.");
        return bean;
    }
    ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
    boolean verification = processor.verifyChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
    if (verification) {
        String code = UUID.randomUUID().toString();
        try {
            recoveryProcessor.createConfirmationCode(userDTO, code);
        } catch (IdentityException e) {
            log.error("Error while creating confirmation code.", e);
        }
        bean = new VerificationBean(userName, code);
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 5 with RecoveryProcessor

use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method processPasswordRecovery.

/**
 * process password recovery for given user
 *
 * @return recovery process success or not
 * @throws IdentityException if fails
 */
public boolean processPasswordRecovery(String userId, String confirmationCode, String notificationType) throws IdentityMgtServiceException {
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userId);
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("invalid user name", e);
    }
    RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
    VerificationBean bean = processor.verifyConfirmationKey(confirmationCode);
    if (!bean.isVerified()) {
        log.warn("Invalid user is trying to recover the password : " + userId);
        return false;
    }
    UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
    dto.setNotification(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);
    dto.setNotificationType(notificationType);
    NotificationDataDTO dataDTO = null;
    try {
        dataDTO = processor.recoverWithNotification(dto);
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("Error while password recovery.", e);
    }
    return dataDTO.isNotificationSent();
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Aggregations

IdentityException (org.wso2.carbon.identity.base.IdentityException)18 RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)18 VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)17 UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)17 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)12 IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)11 UserStoreException (org.wso2.carbon.user.api.UserStoreException)8 NotificationDataDTO (org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)6 UserRecoveryDTO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)6 UserChallengesDTO (org.wso2.carbon.identity.mgt.dto.UserChallengesDTO)4 IdentityEventListenerConfig (org.wso2.carbon.identity.core.model.IdentityEventListenerConfig)3 ChallengeQuestionProcessor (org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor)3 IdentityMgtConfig (org.wso2.carbon.identity.mgt.IdentityMgtConfig)3 IdentityMgtEventListener (org.wso2.carbon.identity.mgt.IdentityMgtEventListener)3 UserOperationEventListener (org.wso2.carbon.user.core.listener.UserOperationEventListener)3 RealmService (org.wso2.carbon.user.core.service.RealmService)2 HashMap (java.util.HashMap)1 IdentityMgtConfigException (org.wso2.carbon.identity.mgt.IdentityMgtConfigException)1 Config (org.wso2.carbon.identity.mgt.config.Config)1 EmailNotificationConfig (org.wso2.carbon.identity.mgt.config.EmailNotificationConfig)1