Search in sources :

Example 1 with UserIdentityMgtBean

use of org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean in project carbon-identity-framework by wso2.

the class IdentityMgtEventListener method doPreUpdateCredentialByAdmin.

/**
 * This method is used when the admin is updating the credentials with an
 * empty credential. A random password will be generated and will be mailed
 * to the user.
 */
@Override
public boolean doPreUpdateCredentialByAdmin(String userName, Object newCredential, UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    if (log.isDebugEnabled()) {
        log.debug("Pre update credential by admin is called in IdentityMgtEventListener");
    }
    // Top level try and finally blocks are used to unset thread local variables
    try {
        if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN)) {
            IdentityUtil.threadLocalProperties.get().put(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN, true);
            IdentityMgtConfig config = IdentityMgtConfig.getInstance();
            UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
            UserIdentityClaimsDO identityDTO = identityDataStore.load(userName, userStoreManager);
            boolean isAccountDisabled = false;
            if (identityDTO != null) {
                isAccountDisabled = identityDTO.getIsAccountDisabled();
            } else {
                throw new UserStoreException("Cannot get the user account active status.");
            }
            if (isAccountDisabled) {
                IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(IdentityCoreConstants.USER_ACCOUNT_DISABLED_ERROR_CODE);
                IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
                // account is already disabled and trying to update the credential without enabling it
                log.warn("Trying to update credential of a disabled user account. This is not permitted.");
                throw new UserStoreException("User account is disabled, can't update credential without enabling.");
            }
            try {
                // Enforcing the password policies.
                if (newCredential != null && (newCredential instanceof StringBuffer && (newCredential.toString().trim().length() > 0))) {
                    policyRegistry.enforcePasswordPolicies(newCredential.toString(), userName);
                }
            } catch (PolicyViolationException pe) {
                throw new UserStoreException(pe.getMessage(), pe);
            }
            if (newCredential == null || (newCredential instanceof StringBuffer && ((StringBuffer) newCredential).toString().trim().length() < 1)) {
                if (!config.isEnableTemporaryPassword()) {
                    log.error("Empty passwords are not allowed");
                    return false;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Credentials are null. Using a temporary password as credentials");
                }
                // temporary passwords will be used
                char[] temporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
                // setting the password value
                ((StringBuffer) newCredential).replace(0, temporaryPassword.length, new String(temporaryPassword));
                UserIdentityMgtBean bean = new UserIdentityMgtBean();
                bean.setUserId(userName);
                bean.setConfirmationCode(newCredential.toString());
                bean.setRecoveryType(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD);
                if (log.isDebugEnabled()) {
                    log.debug("Sending the temporary password to the user " + userName);
                }
                UserIdentityManagementUtil.notifyViaEmail(bean);
            } else {
                if (log.isDebugEnabled()) {
                    log.debug("Updating credentials of user " + userName + " by admin with a non-empty password");
                }
            }
        }
        return true;
    } finally {
        // Remove thread local variable
        IdentityUtil.threadLocalProperties.get().remove(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN);
    }
}
Also used : UserIdentityMgtBean(org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean) UserIdentityDataStore(org.wso2.carbon.identity.mgt.store.UserIdentityDataStore) UserStoreException(org.wso2.carbon.user.core.UserStoreException) UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO) PolicyViolationException(org.wso2.carbon.identity.mgt.policy.PolicyViolationException) IdentityErrorMsgContext(org.wso2.carbon.identity.core.model.IdentityErrorMsgContext)

Example 2 with UserIdentityMgtBean

use of org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method recoverUserIdentityWithSecurityQuestions.

/**
 * Checks the security questions and their answerers against the user's
 * stored questions and answerers. If not all security questions of the user
 * are answered, an exception will be thrown. After all security questions
 * are answered properly, then the system will generate a random password,
 * and reset the user password with it and then will be returned the
 * resulting DTO containing the temporary password.
 * TODO : Re-think
 *
 * @param userName
 * @param secQuesAnsweres
 * @return
 * @throws IdentityMgtServiceException
 */
public void recoverUserIdentityWithSecurityQuestions(String userName, UserIdentityClaimDTO[] secQuesAnsweres) throws IdentityMgtServiceException {
    try {
        int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
        UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
        UserIdentityClaimDTO[] storedSecQuesAnswers = UserIdentityManagementUtil.getUserSecurityQuestions(userName, userStoreManager);
        // have not answered all questions of the user
        if (secQuesAnsweres.length < storedSecQuesAnswers.length) {
            throw new IdentityMgtServiceException("All questions must be answered");
        }
        // NOW check the answer for every question
        // 
        int numberOfAnsweredQuestions = 0;
        // for every stored security question
        for (UserIdentityClaimDTO storedSecQues : storedSecQuesAnswers) {
            // for every answered security question
            for (UserIdentityClaimDTO answredSecQues : secQuesAnsweres) {
                // when the questions are equal, check for the answer
                if (answredSecQues.getClaimUri().trim().equals(storedSecQues.getClaimUri().trim())) {
                    // if answerers are not equal, throw an exception
                    if (!answredSecQues.getClaimValue().trim().equals(storedSecQues.getClaimValue().trim())) {
                        throw new IdentityMgtServiceException("Invalid answeres. Identity recovery failed");
                    }
                    numberOfAnsweredQuestions++;
                }
            }
        }
        // not all USER's security questions has been answered
        if (numberOfAnsweredQuestions < storedSecQuesAnswers.length) {
            throw new IdentityMgtServiceException("All questions must be answered");
        }
        // now okay to recover
        // reset the password with a random value
        char[] tempPassword = UserIdentityManagementUtil.generateTemporaryPassword();
        userStoreManager.updateCredentialByAdmin(userName, tempPassword);
        // store the temp password as a Metadata
        UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
        metadataDO.setUserName(userName).setTenantId(tenantId).setCode(new String(tempPassword));
        UserIdentityManagementUtil.storeUserIdentityMetadata(metadataDO);
        // sending an email to the user
        UserIdentityMgtBean bean = new UserIdentityMgtBean();
        String email = userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), null);
        log.debug("Sending email to " + email);
        bean.setUserId(userName).setUserTemporaryPassword(new String(tempPassword)).setEmail(email);
        UserIdentityManagementUtil.notifyViaEmail(bean);
    } catch (UserStoreException e) {
        log.error("Error while recovering user identity", e);
        throw new IdentityMgtServiceException("Error while recovering user identity");
    } catch (IdentityException e) {
        log.error("Error while recovering user identity", e);
        throw new IdentityMgtServiceException("Error while recovering user identity");
    }
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserRecoveryDataDO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO) UserIdentityMgtBean(org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean) UserStoreException(org.wso2.carbon.user.api.UserStoreException) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) UserIdentityClaimDTO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 3 with UserIdentityMgtBean

use of org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method recoverUserIdentityWithEmail.

/**
 * Recovers the account with user email
 * TODO : what if the user name is invalid, send the error code over mail. TODO : store the temp in metadata, DONOT update.
 *
 * @param userName
 * @throws IdentityMgtServiceException
 */
public void recoverUserIdentityWithEmail(String userName) throws IdentityMgtServiceException {
    int tenantId;
    try {
        tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
        UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
        // reset the password with a random value
        char[] tempPassword = UserIdentityManagementUtil.generateTemporaryPassword();
        userStoreManager.updateCredentialByAdmin(userName, new String(tempPassword));
        // sending email
        UserIdentityMgtBean bean = new UserIdentityMgtBean();
        String email = userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), null);
        log.debug("Sending email to " + email);
        bean.setUserId(userName).setUserTemporaryPassword(new String(tempPassword)).setEmail(email);
        UserIdentityManagementUtil.notifyViaEmail(bean);
    } catch (UserStoreException e) {
        log.error("Error while recovering user identity", e);
        throw new IdentityMgtServiceException("Error while recovering user identity");
    } catch (IdentityException e) {
        log.error("Error while recovering user identity", e);
        throw new IdentityMgtServiceException("Error while recovering user identity");
    }
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserIdentityMgtBean(org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean) UserStoreException(org.wso2.carbon.user.api.UserStoreException) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Aggregations

UserIdentityMgtBean (org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean)3 IdentityException (org.wso2.carbon.identity.base.IdentityException)2 IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)2 UserStoreException (org.wso2.carbon.user.api.UserStoreException)2 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)2 IdentityErrorMsgContext (org.wso2.carbon.identity.core.model.IdentityErrorMsgContext)1 UserIdentityClaimDTO (org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO)1 UserIdentityClaimsDO (org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)1 UserRecoveryDataDO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO)1 PolicyViolationException (org.wso2.carbon.identity.mgt.policy.PolicyViolationException)1 UserIdentityDataStore (org.wso2.carbon.identity.mgt.store.UserIdentityDataStore)1 UserStoreException (org.wso2.carbon.user.core.UserStoreException)1