use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method getUserChallengeQuestion.
/**
* To get the challenge question for the user.
*
* @param userName
* @param confirmation
* @param questionId - Question id returned from the getUserChanllegneQuestionIds
* method.
* @return Populated question bean with the question details and the key.
* @throws IdentityMgtServiceException
*/
public UserChallengesDTO getUserChallengeQuestion(String userName, String confirmation, String questionId) throws IdentityMgtServiceException {
UserDTO userDTO = null;
UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
if (log.isDebugEnabled()) {
log.debug("User challenge question request received with username :" + userName);
}
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
return handleChallengesError(VerificationBean.ERROR_CODE_INVALID_USER + " Error validating user : " + userName, null);
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
VerificationBean bean;
try {
bean = processor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
} else if (processor.verifyConfirmationCode(30, userDTO.getUserId(), confirmation).isVerified()) {
bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
userChallengesDTO = UserIdentityManagementUtil.getCustomErrorMessagesForChallengQuestions(e, userName);
if (userChallengesDTO == null) {
userChallengesDTO = handleChallengesError(VerificationBean.ERROR_CODE_INVALID_CODE + " Invalid confirmation code for user : " + userName, e);
}
return userChallengesDTO;
}
if (bean.isVerified()) {
userChallengesDTO = processor.getQuestionProcessor().getUserChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), questionId);
userChallengesDTO.setKey(bean.getKey());
userChallengesDTO.setVerfied(true);
if (log.isDebugEnabled()) {
log.debug("User challenge question retrieved successfully");
}
} else {
if (log.isDebugEnabled()) {
log.debug("Verification failed for user. Error : " + bean.getError());
}
userChallengesDTO.setError(VerificationBean.ERROR_CODE_INVALID_USER + " " + bean.getError());
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return userChallengesDTO;
}
use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method updateCredential.
/**
* proceed updating credentials of user
*
* @param captchaInfoBean bean class that contains captcha information
* @return True, if successful in verifying and hence updating the credentials.
*/
public VerificationBean updateCredential(String userName, String confirmation, String password, CaptchaInfoBean captchaInfoBean) {
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
try {
CaptchaUtil.processCaptchaInfoBean(captchaInfoBean);
} catch (Exception e) {
log.error("Error while processing captcha bean.", e);
return new VerificationBean(VerificationBean.ERROR_CODE_INVALID_CAPTCHA);
}
}
try {
UserDTO userDTO = Utils.processUserId(userName);
if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
Utils.updatePassword(userDTO.getUserId(), userDTO.getTenantId(), password);
log.info("Credential is updated for user : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain());
return new VerificationBean(true);
} else {
log.warn("Invalid user tried to update credential with user Id : " + userDTO.getUserId() + " and tenant domain : " + userDTO.getTenantDomain());
}
} catch (Exception e) {
log.error("Error while updating credential for user : " + userName, e);
}
return new VerificationBean(VerificationBean.ERROR_CODE_UNEXPECTED);
}
use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.
the class IdentityMgtEventListener method doPostAddUser.
/**
* This method locks the created accounts based on the account policies or
* based on the account confirmation method being used. Two account
* confirmation methods are used : Temporary Password and Verification Code.
* In the case of temporary password is used the temporary password will be
* emailed to the user. In the case of verification code, the code will be
* emailed to the user. The security questions filter ad doPreAddUser will
* be persisted in this method.
*/
@Override
public boolean doPostAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims, String profile, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
// Top level try and finally blocks are used to unset thread local variables
try {
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_POST_ADD_USER)) {
IdentityUtil.threadLocalProperties.get().put(DO_POST_ADD_USER, true);
if (log.isDebugEnabled()) {
log.debug("Post add user is called in IdentityMgtEventListener");
}
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
// reading the value from the thread local
UserIdentityClaimsDO userIdentityClaimsDO = (UserIdentityClaimsDO) IdentityUtil.threadLocalProperties.get().get(USER_IDENTITY_DO);
if (config.isEnableUserAccountVerification() && IdentityUtil.threadLocalProperties.get().containsKey(EMPTY_PASSWORD_USED)) {
// empty password account creation
String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
if (!UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domainName)) {
userName = domainName + UserCoreConstants.DOMAIN_SEPARATOR + userName;
}
// store identity data
userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, "");
userIdentityClaimsDO.setAccountLock(false);
try {
module.store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while saving user store for user : " + userName, e);
}
// store identity metadata
UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
metadataDO.setUserName(userName).setTenantId(userStoreManager.getTenantId()).setCode((String) credential);
// set recovery data
RecoveryProcessor processor = new RecoveryProcessor();
UserRecoveryDTO recoveryDto = new UserRecoveryDTO(userName);
recoveryDto.setNotification(IdentityMgtConstants.Notification.ASK_PASSWORD);
recoveryDto.setNotificationType("EMAIL");
recoveryDto.setTenantId(userStoreManager.getTenantId());
NotificationDataDTO notificationDto = null;
try {
notificationDto = processor.recoverWithNotification(recoveryDto);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while sending notification for user : " + userName, e);
}
return notificationDto != null && notificationDto.isNotificationSent();
}
// No account recoveries are defined, no email will be sent.
if (config.isAuthPolicyAccountLockOnCreation()) {
// accounts are locked. Admin should unlock
userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, IdentityMgtConstants.LockedReason.UNVERIFIED.toString());
userIdentityClaimsDO.setAccountLock(true);
try {
config.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while saving user store data for user : " + userName, e);
}
}
// When claims available in user add request like http://wso2.org/claims/identity/accountLocked
if (!config.isEnableUserAccountVerification() && !config.isAuthPolicyAccountLockOnCreation() && userIdentityClaimsDO != null) {
try {
if (log.isDebugEnabled()) {
log.debug("Storing identity-mgt claims since they are available in the addUser request");
}
module.store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while saving user store data for user : " + userName, e);
}
}
}
return true;
} finally {
// Remove thread local variable
IdentityUtil.threadLocalProperties.get().remove(DO_POST_ADD_USER);
IdentityUtil.threadLocalProperties.get().remove(EMPTY_PASSWORD_USED);
IdentityUtil.threadLocalProperties.get().remove(USER_IDENTITY_DO);
}
}
use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method verifyChallengeQuestion.
/**
* verify challenge questions
*
* @return verification results as been
* @throws IdentityException if any error occurs
*/
public VerificationBean verifyChallengeQuestion(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
if (userChallengesDTOs == null || userChallengesDTOs.length < 1) {
log.error("no challenges provided by user for verifications.");
bean.setError("no challenges provided by user for verifications.");
return bean;
}
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
throw new IdentityMgtServiceException("Invalid user name.", e);
}
if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
log.warn("Invalid user is trying to verify user challenges.");
bean.setError("Invalid user is trying to verify user challenges.");
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
boolean verification = processor.verifyChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
if (verification) {
String code = UUID.randomUUID().toString();
try {
recoveryProcessor.createConfirmationCode(userDTO, code);
} catch (IdentityException e) {
log.error("Error while creating confirmation code.", e);
}
bean = new VerificationBean(userName, code);
}
return bean;
}
use of org.wso2.carbon.identity.mgt.RecoveryProcessor in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method processPasswordRecovery.
/**
* process password recovery for given user
*
* @return recovery process success or not
* @throws IdentityException if fails
*/
public boolean processPasswordRecovery(String userId, String confirmationCode, String notificationType) throws IdentityMgtServiceException {
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userId);
} catch (IdentityException e) {
throw new IdentityMgtServiceException("invalid user name", e);
}
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
VerificationBean bean = processor.verifyConfirmationKey(confirmationCode);
if (!bean.isVerified()) {
log.warn("Invalid user is trying to recover the password : " + userId);
return false;
}
UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
dto.setNotification(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);
dto.setNotificationType(notificationType);
NotificationDataDTO dataDTO = null;
try {
dataDTO = processor.recoverWithNotification(dto);
} catch (IdentityException e) {
throw new IdentityMgtServiceException("Error while password recovery.", e);
}
return dataDTO.isNotificationSent();
}
Aggregations