use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method getUserChallengeQuestion.
/**
* To get the challenge question for the user.
*
* @param userName
* @param confirmation
* @param questionId - Question id returned from the getUserChanllegneQuestionIds
* method.
* @return Populated question bean with the question details and the key.
* @throws IdentityMgtServiceException
*/
public UserChallengesDTO getUserChallengeQuestion(String userName, String confirmation, String questionId) throws IdentityMgtServiceException {
UserDTO userDTO = null;
UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
if (log.isDebugEnabled()) {
log.debug("User challenge question request received with username :" + userName);
}
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
return handleChallengesError(VerificationBean.ERROR_CODE_INVALID_USER + " Error validating user : " + userName, null);
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
VerificationBean bean;
try {
bean = processor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
} else if (processor.verifyConfirmationCode(30, userDTO.getUserId(), confirmation).isVerified()) {
bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
userChallengesDTO = UserIdentityManagementUtil.getCustomErrorMessagesForChallengQuestions(e, userName);
if (userChallengesDTO == null) {
userChallengesDTO = handleChallengesError(VerificationBean.ERROR_CODE_INVALID_CODE + " Invalid confirmation code for user : " + userName, e);
}
return userChallengesDTO;
}
if (bean.isVerified()) {
userChallengesDTO = processor.getQuestionProcessor().getUserChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), questionId);
userChallengesDTO.setKey(bean.getKey());
userChallengesDTO.setVerfied(true);
if (log.isDebugEnabled()) {
log.debug("User challenge question retrieved successfully");
}
} else {
if (log.isDebugEnabled()) {
log.debug("Verification failed for user. Error : " + bean.getError());
}
userChallengesDTO.setError(VerificationBean.ERROR_CODE_INVALID_USER + " " + bean.getError());
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return userChallengesDTO;
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method setChallengeQuestionsOfUser.
/**
* set challenges of user
*
* @param userName bean class that contains user and tenant Information
* @throws IdentityMgtServiceException if fails
*/
public void setChallengeQuestionsOfUser(String userName, UserChallengesDTO[] challengesDTOs) throws IdentityMgtServiceException {
if (challengesDTOs == null || challengesDTOs.length < 1) {
log.error("no challenges provided by user");
throw new IdentityMgtServiceException("no challenges provided by user");
}
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String loggedInName = CarbonContext.getThreadLocalCarbonContext().getUsername();
if (userName != null && !userName.equals(loggedInName)) {
AuthorizationManager authzManager = null;
try {
authzManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
throw new IdentityMgtServiceException("Error occurred while retrieving AuthorizationManager for tenant " + tenantDomain, e);
}
boolean isAuthorized = false;
try {
isAuthorized = authzManager.isUserAuthorized(loggedInName, "/permission/admin/manage/identity/identitymgt/update", CarbonConstants.UI_PERMISSION_ACTION);
} catch (UserStoreException e) {
throw new IdentityMgtServiceException("Error occurred while checking access level for " + "user " + userName + " in tenant " + tenantDomain, e);
}
if (!isAuthorized) {
throw new IdentityMgtServiceException("Unauthorized access!! Possible elevation of privilege attack. " + "User " + loggedInName + " trying to change challenge questions for user " + userName);
}
} else if (userName == null) {
userName = loggedInName;
}
validateSecurityQuestionDuplicate(challengesDTOs);
ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
try {
List<ChallengeQuestionDTO> challengeQuestionDTOs = processor.getAllChallengeQuestions();
for (UserChallengesDTO userChallengesDTO : challengesDTOs) {
boolean found = false;
for (ChallengeQuestionDTO challengeQuestionDTO : challengeQuestionDTOs) {
if (challengeQuestionDTO.getQuestion().equals(userChallengesDTO.getQuestion()) && challengeQuestionDTO.getQuestionSetId().equals(userChallengesDTO.getId())) {
found = true;
break;
}
}
if (!found) {
String errMsg = "Error while persisting user challenges for user : " + userName + ", because these user challengers are not registered with the tenant";
log.error(errMsg);
throw new IdentityMgtServiceException(errMsg);
}
}
processor.setChallengesOfUser(userName, tenantId, challengesDTOs);
} catch (IdentityException e) {
String errorMessage = "Error while persisting user challenges for user : " + userName;
log.error(errorMessage, e);
throw new IdentityMgtServiceException(errorMessage);
}
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method getAllPromotedUserChallenge.
/**
* get all promoted user challenges
*
* @return array of user challenges
* @throws IdentityMgtServiceException if fails
*/
public UserChallengesSetDTO[] getAllPromotedUserChallenge() throws IdentityMgtServiceException {
ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
List<UserChallengesSetDTO> challengeQuestionSetDTOs = new ArrayList<UserChallengesSetDTO>();
List<ChallengeQuestionDTO> questionDTOs = null;
try {
questionDTOs = processor.getAllChallengeQuestions();
} catch (IdentityException e) {
log.error("Error while loading user challenges", e);
throw new IdentityMgtServiceException("Error while loading user challenges");
}
Map<String, List<UserChallengesDTO>> listMap = new HashMap<String, List<UserChallengesDTO>>();
for (ChallengeQuestionDTO dto : questionDTOs) {
List<UserChallengesDTO> dtoList = listMap.get(dto.getQuestionSetId());
if (dtoList == null) {
dtoList = new ArrayList<UserChallengesDTO>();
}
UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
userChallengesDTO.setId(dto.getQuestionSetId());
userChallengesDTO.setQuestion(dto.getQuestion());
userChallengesDTO.setOrder(dto.getOrder());
dtoList.add(userChallengesDTO);
listMap.put(dto.getQuestionSetId(), dtoList);
}
for (Map.Entry<String, List<UserChallengesDTO>> listEntry : listMap.entrySet()) {
UserChallengesSetDTO dto = new UserChallengesSetDTO();
dto.setId(listEntry.getKey());
List<UserChallengesDTO> dtoList = listEntry.getValue();
dto.setChallengesDTOs(dtoList.toArray(new UserChallengesDTO[dtoList.size()]));
challengeQuestionSetDTOs.add(dto);
}
return challengeQuestionSetDTOs.toArray(new UserChallengesSetDTO[challengeQuestionSetDTOs.size()]);
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method verifyChallengeQuestion.
/**
* verify challenge questions
*
* @return verification results as been
* @throws IdentityException if any error occurs
*/
public VerificationBean verifyChallengeQuestion(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
if (userChallengesDTOs == null || userChallengesDTOs.length < 1) {
log.error("no challenges provided by user for verifications.");
bean.setError("no challenges provided by user for verifications.");
return bean;
}
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
throw new IdentityMgtServiceException("Invalid user name.", e);
}
if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
log.warn("Invalid user is trying to verify user challenges.");
bean.setError("Invalid user is trying to verify user challenges.");
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
boolean verification = processor.verifyChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
if (verification) {
String code = UUID.randomUUID().toString();
try {
recoveryProcessor.createConfirmationCode(userDTO, code);
} catch (IdentityException e) {
log.error("Error while creating confirmation code.", e);
}
bean = new VerificationBean(userName, code);
}
return bean;
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method handleChallengesError.
private UserChallengesDTO handleChallengesError(String error, Exception e) {
UserChallengesDTO bean = new UserChallengesDTO();
if (error != null) {
bean.setError(error);
log.error(error, e);
} else {
bean.setError(e.getMessage());
log.error(e.getMessage(), e);
}
return bean;
}
Aggregations