Search in sources :

Example 21 with VerificationBean

use of org.wso2.carbon.identity.mgt.beans.VerificationBean in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method registerUser.

/**
 * This method is used to register an user in the system. The account will be locked if the
 * Authentication.Policy.Account.Lock.On.Creation is set to true. Else user will be able to
 * login after registration.
 *
 * @param userName
 * @param password
 * @param claims
 * @param profileName
 * @param tenantDomain
 * @return
 * @throws IdentityMgtServiceException
 */
public VerificationBean registerUser(String userName, String password, UserIdentityClaimDTO[] claims, String profileName, String tenantDomain) throws IdentityMgtServiceException {
    VerificationBean vBean = new VerificationBean();
    org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
    Permission permission = null;
    if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
        String loggedInTenant = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
            String msg = "Trying to create users in unauthorized tenant space";
            log.error(msg);
            throw new IdentityMgtServiceException(msg);
        }
        if (tenantDomain == null || tenantDomain.isEmpty()) {
            tenantDomain = loggedInTenant;
        }
    }
    RealmService realmService = IdentityMgtServiceComponent.getRealmService();
    int tenantId;
    try {
        tenantId = Utils.getTenantId(tenantDomain);
        if (realmService.getTenantUserRealm(tenantId) != null) {
            userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) realmService.getTenantUserRealm(tenantId).getUserStoreManager();
        }
    } catch (Exception e) {
        vBean = handleError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant", e);
        return vBean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(tenantId);
            carbonContext.setTenantDomain(tenantDomain);
        }
        if (userStoreManager == null) {
            vBean = new VerificationBean();
            vBean.setVerified(false);
            vBean.setError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant");
            return vBean;
        }
        Map<String, String> claimsMap = new HashMap<String, String>();
        for (UserIdentityClaimDTO userIdentityClaimDTO : claims) {
            claimsMap.put(userIdentityClaimDTO.getClaimUri(), userIdentityClaimDTO.getClaimValue());
        }
        userStoreManager.addUser(userName, password, null, claimsMap, profileName);
        String identityRoleName = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + IdentityConstants.IDENTITY_DEFAULT_ROLE;
        if (!userStoreManager.isExistingRole(identityRoleName, false)) {
            permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
            userStoreManager.addRole(identityRoleName, new String[] { userName }, new Permission[] { permission }, false);
        } else {
            userStoreManager.updateUserListOfRole(identityRoleName, new String[] {}, new String[] { userName });
        }
        String listenerClassName = IdentityMgtConfig.getInstance().getProperty(IdentityMgtConstants.PropertyConfig.IDENTITY_MGT_LISTENER_CLASS);
        if (StringUtils.isBlank(listenerClassName)) {
            listenerClassName = IdentityMgtEventListener.class.getName();
        }
        IdentityEventListenerConfig identityEventListenerConfig = IdentityUtil.readEventListenerProperty(UserOperationEventListener.class.getName(), listenerClassName);
        boolean isListenerEnable = true;
        if (identityEventListenerConfig != null) {
            if (StringUtils.isNotBlank(identityEventListenerConfig.getEnable())) {
                isListenerEnable = Boolean.parseBoolean(identityEventListenerConfig.getEnable());
            }
        }
        IdentityMgtConfig config = IdentityMgtConfig.getInstance();
        if (isListenerEnable && config.isAuthPolicyAccountLockOnCreation()) {
            UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
            userDTO.setTenantId(tenantId);
            UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
            dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
            dto.setNotificationType("EMAIL");
            RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
            vBean = processor.updateConfirmationCode(1, userName, tenantId);
            dto.setConfirmationCode(vBean.getKey());
            NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
            vBean.setVerified(notificationDto.isNotificationSent());
            // Send email data only if not internally managed.
            if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
                vBean.setNotificationData(notificationDto);
            }
        } else {
            vBean.setVerified(true);
        }
    } catch (UserStoreException | IdentityException e) {
        vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e, userName);
        // Rollback if user exists
        try {
            if (!e.getMessage().contains(IdentityCoreConstants.EXISTING_USER) && userStoreManager.isExistingUser(userName)) {
                userStoreManager.deleteUser(userName);
            }
        } catch (UserStoreException e1) {
            vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e1, userName);
        }
        return vBean;
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return vBean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener) HashMap(java.util.HashMap) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException) IdentityMgtEventListener(org.wso2.carbon.identity.mgt.IdentityMgtEventListener) Permission(org.wso2.carbon.user.core.Permission) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityEventListenerConfig(org.wso2.carbon.identity.core.model.IdentityEventListenerConfig) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) IdentityException(org.wso2.carbon.identity.base.IdentityException) RealmService(org.wso2.carbon.user.core.service.RealmService) UserIdentityClaimDTO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO) IdentityMgtConfig(org.wso2.carbon.identity.mgt.IdentityMgtConfig)

Example 22 with VerificationBean

use of org.wso2.carbon.identity.mgt.beans.VerificationBean in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method handleError.

private VerificationBean handleError(String error, Exception e) {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    if (error != null) {
        bean.setError(error);
        log.error(error, e);
    } else {
        bean.setError(e.getMessage());
        log.error(e.getMessage(), e);
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean)

Example 23 with VerificationBean

use of org.wso2.carbon.identity.mgt.beans.VerificationBean in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyUserChallengeAnswer.

/**
 * This method is to verify the user supplied answer for the challenge
 * question.
 *
 * @param userName
 * @param confirmation
 * @param questionId
 * @param answer
 * @return status and key details about the operation status.
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyUserChallengeAnswer(String userName, String confirmation, String questionId, String answer) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    if (log.isDebugEnabled()) {
        log.debug("User challenge answer request received with username :" + userName);
    }
    if (questionId == null || answer == null) {
        String error = "No challenge question id provided for verification";
        bean.setError(error);
        if (log.isDebugEnabled()) {
            log.debug(error);
        }
        return bean;
    }
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
        return bean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        try {
            bean = recoveryProcessor.verifyConfirmationCode(40, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
            if (bean == null) {
                bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
            }
            return bean;
        }
        ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
        UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
        userChallengesDTO.setId(questionId);
        userChallengesDTO.setAnswer(answer);
        boolean verification = processor.verifyUserChallengeAnswer(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTO);
        if (verification) {
            bean.setError("");
            bean.setUserId(userName);
            if (log.isDebugEnabled()) {
                log.debug("User answer verification successful for user: " + userName);
            }
        } else {
            bean.setError("Challenge answer verification failed for user : " + userName);
            bean.setVerified(false);
            // clear the key to avoid returning to caller.
            bean.setKey("");
            log.error(bean.getError());
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 24 with VerificationBean

use of org.wso2.carbon.identity.mgt.beans.VerificationBean in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyUserChallengeAnswers.

/**
 * Verifies challenge question answers.
 *
 * @param userName username of the user
 * @param confirmation confirmation code UserChallengesDTO instances which holds the question id and answer
 * @param userChallengesDTOs an array of
 * @return an instance of VerificationBean which denote the status
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyUserChallengeAnswers(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    if (log.isDebugEnabled()) {
        log.debug("User challenge answers request received with username :" + userName);
    }
    if (ArrayUtils.isEmpty(userChallengesDTOs)) {
        String errorMsg = "No challenge question id provided for verification";
        bean.setError(errorMsg);
        if (log.isDebugEnabled()) {
            log.debug(errorMsg);
        }
        return bean;
    }
    UserDTO userDTO;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
        return bean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        try {
            bean = recoveryProcessor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            log.error("Error while verifying confirmation code.", e);
            bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
            if (bean == null) {
                bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
            }
            return bean;
        }
        ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
        boolean verification = processor.verifyUserChallengeAnswers(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
        if (verification) {
            bean.setError("");
            bean.setUserId(userName);
            if (log.isDebugEnabled()) {
                log.debug("User answer verification successful for user: " + userName);
            }
        } else {
            bean.setError("Verification failed for one or more answers provided by user : " + userName);
            bean.setVerified(false);
            // clear the key to avoid returning to caller.
            bean.setKey("");
            if (log.isDebugEnabled()) {
                log.debug(bean.getError());
            }
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 25 with VerificationBean

use of org.wso2.carbon.identity.mgt.beans.VerificationBean in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method sendNotification.

private VerificationBean sendNotification(String username, String key, String notificationType, String notification) {
    UserDTO userDTO = null;
    VerificationBean bean = null;
    if (log.isDebugEnabled()) {
        log.debug("User recovery notification sending request received with username : " + username + " notification" + " type :" + notificationType);
    }
    try {
        userDTO = Utils.processUserId(username);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " invalid user : " + username, e);
        return bean;
    }
    RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        bean = processor.verifyConfirmationCode(1, userDTO.getUserId(), key);
        if (!bean.isVerified()) {
            log.error("Invalid user is trying to recover the password with username : " + username);
            bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Invalid user is trying to recover the password with username : " + username, null);
            return bean;
        }
    } catch (IdentityException e1) {
        bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e1, username);
        if (bean.getError() == null) {
            bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " Invalid confirmation code for user : " + username, e1);
        }
        return bean;
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
    dto.setNotification(notification);
    dto.setNotificationType(notificationType);
    NotificationDataDTO dataDTO = null;
    try {
        if (log.isDebugEnabled()) {
            log.debug("Initiating the notification sending process");
        }
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        dataDTO = processor.recoverWithNotification(dto);
        // Send email data only if not internally managed.
        if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
            bean.setNotificationData(dataDTO);
        }
    } catch (IdentityException e) {
        bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, username);
        if (bean.getError() == null) {
            bean = handleError(VerificationBean.ERROR_CODE_RECOVERY_NOTIFICATION_FAILURE + ": " + VerificationBean.ERROR_CODE_UNEXPECTED + " Error when sending recovery message for " + "user: " + username, e);
        }
        return bean;
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Aggregations

VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)23 IdentityException (org.wso2.carbon.identity.base.IdentityException)21 RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)17 UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)17 Test (org.testng.annotations.Test)14 SetEnvironment (org.wso2.carbon.automation.engine.annotations.SetEnvironment)14 VerificationBean (org.wso2.carbon.identity.mgt.stub.beans.VerificationBean)14 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)14 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)12 IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)11 UserStoreException (org.wso2.carbon.user.api.UserStoreException)10 UserIdentityClaimDTO (org.wso2.carbon.identity.mgt.stub.dto.UserIdentityClaimDTO)7 NotificationDataDTO (org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)5 UserRecoveryDTO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)5 UserChallengesDTO (org.wso2.carbon.identity.mgt.dto.UserChallengesDTO)4 UserRecoveryDataDO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO)4 ChallengeQuestionProcessor (org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 IdentityEventListenerConfig (org.wso2.carbon.identity.core.model.IdentityEventListenerConfig)2 IdentityMgtConfig (org.wso2.carbon.identity.mgt.IdentityMgtConfig)2