use of org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean in project carbon-identity-framework by wso2.
the class IdentityMgtEventListener method doPreUpdateCredentialByAdmin.
/**
* This method is used when the admin is updating the credentials with an
* empty credential. A random password will be generated and will be mailed
* to the user.
*/
@Override
public boolean doPreUpdateCredentialByAdmin(String userName, Object newCredential, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
if (log.isDebugEnabled()) {
log.debug("Pre update credential by admin is called in IdentityMgtEventListener");
}
// Top level try and finally blocks are used to unset thread local variables
try {
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN)) {
IdentityUtil.threadLocalProperties.get().put(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN, true);
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
UserIdentityClaimsDO identityDTO = identityDataStore.load(userName, userStoreManager);
boolean isAccountDisabled = false;
if (identityDTO != null) {
isAccountDisabled = identityDTO.getIsAccountDisabled();
} else {
throw new UserStoreException("Cannot get the user account active status.");
}
if (isAccountDisabled) {
IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(IdentityCoreConstants.USER_ACCOUNT_DISABLED_ERROR_CODE);
IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
// account is already disabled and trying to update the credential without enabling it
log.warn("Trying to update credential of a disabled user account. This is not permitted.");
throw new UserStoreException("User account is disabled, can't update credential without enabling.");
}
try {
// Enforcing the password policies.
if (newCredential != null && (newCredential instanceof StringBuffer && (newCredential.toString().trim().length() > 0))) {
policyRegistry.enforcePasswordPolicies(newCredential.toString(), userName);
}
} catch (PolicyViolationException pe) {
throw new UserStoreException(pe.getMessage(), pe);
}
if (newCredential == null || (newCredential instanceof StringBuffer && ((StringBuffer) newCredential).toString().trim().length() < 1)) {
if (!config.isEnableTemporaryPassword()) {
log.error("Empty passwords are not allowed");
return false;
}
if (log.isDebugEnabled()) {
log.debug("Credentials are null. Using a temporary password as credentials");
}
// temporary passwords will be used
char[] temporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
// setting the password value
((StringBuffer) newCredential).replace(0, temporaryPassword.length, new String(temporaryPassword));
UserIdentityMgtBean bean = new UserIdentityMgtBean();
bean.setUserId(userName);
bean.setConfirmationCode(newCredential.toString());
bean.setRecoveryType(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD);
if (log.isDebugEnabled()) {
log.debug("Sending the temporary password to the user " + userName);
}
UserIdentityManagementUtil.notifyViaEmail(bean);
} else {
if (log.isDebugEnabled()) {
log.debug("Updating credentials of user " + userName + " by admin with a non-empty password");
}
}
}
return true;
} finally {
// Remove thread local variable
IdentityUtil.threadLocalProperties.get().remove(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN);
}
}
use of org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method recoverUserIdentityWithSecurityQuestions.
/**
* Checks the security questions and their answerers against the user's
* stored questions and answerers. If not all security questions of the user
* are answered, an exception will be thrown. After all security questions
* are answered properly, then the system will generate a random password,
* and reset the user password with it and then will be returned the
* resulting DTO containing the temporary password.
* TODO : Re-think
*
* @param userName
* @param secQuesAnsweres
* @return
* @throws IdentityMgtServiceException
*/
public void recoverUserIdentityWithSecurityQuestions(String userName, UserIdentityClaimDTO[] secQuesAnsweres) throws IdentityMgtServiceException {
try {
int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
UserIdentityClaimDTO[] storedSecQuesAnswers = UserIdentityManagementUtil.getUserSecurityQuestions(userName, userStoreManager);
// have not answered all questions of the user
if (secQuesAnsweres.length < storedSecQuesAnswers.length) {
throw new IdentityMgtServiceException("All questions must be answered");
}
// NOW check the answer for every question
//
int numberOfAnsweredQuestions = 0;
// for every stored security question
for (UserIdentityClaimDTO storedSecQues : storedSecQuesAnswers) {
// for every answered security question
for (UserIdentityClaimDTO answredSecQues : secQuesAnsweres) {
// when the questions are equal, check for the answer
if (answredSecQues.getClaimUri().trim().equals(storedSecQues.getClaimUri().trim())) {
// if answerers are not equal, throw an exception
if (!answredSecQues.getClaimValue().trim().equals(storedSecQues.getClaimValue().trim())) {
throw new IdentityMgtServiceException("Invalid answeres. Identity recovery failed");
}
numberOfAnsweredQuestions++;
}
}
}
// not all USER's security questions has been answered
if (numberOfAnsweredQuestions < storedSecQuesAnswers.length) {
throw new IdentityMgtServiceException("All questions must be answered");
}
// now okay to recover
// reset the password with a random value
char[] tempPassword = UserIdentityManagementUtil.generateTemporaryPassword();
userStoreManager.updateCredentialByAdmin(userName, tempPassword);
// store the temp password as a Metadata
UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
metadataDO.setUserName(userName).setTenantId(tenantId).setCode(new String(tempPassword));
UserIdentityManagementUtil.storeUserIdentityMetadata(metadataDO);
// sending an email to the user
UserIdentityMgtBean bean = new UserIdentityMgtBean();
String email = userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), null);
log.debug("Sending email to " + email);
bean.setUserId(userName).setUserTemporaryPassword(new String(tempPassword)).setEmail(email);
UserIdentityManagementUtil.notifyViaEmail(bean);
} catch (UserStoreException e) {
log.error("Error while recovering user identity", e);
throw new IdentityMgtServiceException("Error while recovering user identity");
} catch (IdentityException e) {
log.error("Error while recovering user identity", e);
throw new IdentityMgtServiceException("Error while recovering user identity");
}
}
use of org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method recoverUserIdentityWithEmail.
/**
* Recovers the account with user email
* TODO : what if the user name is invalid, send the error code over mail. TODO : store the temp in metadata, DONOT update.
*
* @param userName
* @throws IdentityMgtServiceException
*/
public void recoverUserIdentityWithEmail(String userName) throws IdentityMgtServiceException {
int tenantId;
try {
tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
// reset the password with a random value
char[] tempPassword = UserIdentityManagementUtil.generateTemporaryPassword();
userStoreManager.updateCredentialByAdmin(userName, new String(tempPassword));
// sending email
UserIdentityMgtBean bean = new UserIdentityMgtBean();
String email = userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), null);
log.debug("Sending email to " + email);
bean.setUserId(userName).setUserTemporaryPassword(new String(tempPassword)).setEmail(email);
UserIdentityManagementUtil.notifyViaEmail(bean);
} catch (UserStoreException e) {
log.error("Error while recovering user identity", e);
throw new IdentityMgtServiceException("Error while recovering user identity");
} catch (IdentityException e) {
log.error("Error while recovering user identity", e);
throw new IdentityMgtServiceException("Error while recovering user identity");
}
}
Aggregations