Search in sources :

Example 1 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method getUserChallengeQuestion.

/**
 * To get the challenge question for the user.
 *
 * @param userName
 * @param confirmation
 * @param questionId   - Question id returned from the getUserChanllegneQuestionIds
 *                     method.
 * @return Populated question bean with the question details and the key.
 * @throws IdentityMgtServiceException
 */
public UserChallengesDTO getUserChallengeQuestion(String userName, String confirmation, String questionId) throws IdentityMgtServiceException {
    UserDTO userDTO = null;
    UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
    if (log.isDebugEnabled()) {
        log.debug("User challenge question request received with username :" + userName);
    }
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        return handleChallengesError(VerificationBean.ERROR_CODE_INVALID_USER + " Error validating user : " + userName, null);
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
        VerificationBean bean;
        try {
            bean = processor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
            } else if (processor.verifyConfirmationCode(30, userDTO.getUserId(), confirmation).isVerified()) {
                bean = processor.updateConfirmationCode(40, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            userChallengesDTO = UserIdentityManagementUtil.getCustomErrorMessagesForChallengQuestions(e, userName);
            if (userChallengesDTO == null) {
                userChallengesDTO = handleChallengesError(VerificationBean.ERROR_CODE_INVALID_CODE + " Invalid confirmation code for user : " + userName, e);
            }
            return userChallengesDTO;
        }
        if (bean.isVerified()) {
            userChallengesDTO = processor.getQuestionProcessor().getUserChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), questionId);
            userChallengesDTO.setKey(bean.getKey());
            userChallengesDTO.setVerfied(true);
            if (log.isDebugEnabled()) {
                log.debug("User challenge question retrieved successfully");
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Verification failed for user. Error : " + bean.getError());
            }
            userChallengesDTO.setError(VerificationBean.ERROR_CODE_INVALID_USER + " " + bean.getError());
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return userChallengesDTO;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 2 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method setChallengeQuestionsOfUser.

/**
 * set challenges of user
 *
 * @param userName bean class that contains user and tenant Information
 * @throws IdentityMgtServiceException if fails
 */
public void setChallengeQuestionsOfUser(String userName, UserChallengesDTO[] challengesDTOs) throws IdentityMgtServiceException {
    if (challengesDTOs == null || challengesDTOs.length < 1) {
        log.error("no challenges provided by user");
        throw new IdentityMgtServiceException("no challenges provided by user");
    }
    int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    String loggedInName = CarbonContext.getThreadLocalCarbonContext().getUsername();
    if (userName != null && !userName.equals(loggedInName)) {
        AuthorizationManager authzManager = null;
        try {
            authzManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
        } catch (UserStoreException e) {
            throw new IdentityMgtServiceException("Error occurred while retrieving AuthorizationManager for tenant " + tenantDomain, e);
        }
        boolean isAuthorized = false;
        try {
            isAuthorized = authzManager.isUserAuthorized(loggedInName, "/permission/admin/manage/identity/identitymgt/update", CarbonConstants.UI_PERMISSION_ACTION);
        } catch (UserStoreException e) {
            throw new IdentityMgtServiceException("Error occurred while checking access level for " + "user " + userName + " in tenant " + tenantDomain, e);
        }
        if (!isAuthorized) {
            throw new IdentityMgtServiceException("Unauthorized access!! Possible elevation of privilege attack. " + "User " + loggedInName + " trying to change challenge questions for user " + userName);
        }
    } else if (userName == null) {
        userName = loggedInName;
    }
    validateSecurityQuestionDuplicate(challengesDTOs);
    ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
    try {
        List<ChallengeQuestionDTO> challengeQuestionDTOs = processor.getAllChallengeQuestions();
        for (UserChallengesDTO userChallengesDTO : challengesDTOs) {
            boolean found = false;
            for (ChallengeQuestionDTO challengeQuestionDTO : challengeQuestionDTOs) {
                if (challengeQuestionDTO.getQuestion().equals(userChallengesDTO.getQuestion()) && challengeQuestionDTO.getQuestionSetId().equals(userChallengesDTO.getId())) {
                    found = true;
                    break;
                }
            }
            if (!found) {
                String errMsg = "Error while persisting user challenges for user : " + userName + ", because these user challengers are not registered with the tenant";
                log.error(errMsg);
                throw new IdentityMgtServiceException(errMsg);
            }
        }
        processor.setChallengesOfUser(userName, tenantId, challengesDTOs);
    } catch (IdentityException e) {
        String errorMessage = "Error while persisting user challenges for user : " + userName;
        log.error(errorMessage, e);
        throw new IdentityMgtServiceException(errorMessage);
    }
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AuthorizationManager(org.wso2.carbon.user.api.AuthorizationManager) IdentityException(org.wso2.carbon.identity.base.IdentityException) ChallengeQuestionDTO(org.wso2.carbon.identity.mgt.dto.ChallengeQuestionDTO)

Example 3 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method getAllPromotedUserChallenge.

/**
 * get all promoted user challenges
 *
 * @return array of user challenges
 * @throws IdentityMgtServiceException if fails
 */
public UserChallengesSetDTO[] getAllPromotedUserChallenge() throws IdentityMgtServiceException {
    ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
    List<UserChallengesSetDTO> challengeQuestionSetDTOs = new ArrayList<UserChallengesSetDTO>();
    List<ChallengeQuestionDTO> questionDTOs = null;
    try {
        questionDTOs = processor.getAllChallengeQuestions();
    } catch (IdentityException e) {
        log.error("Error while loading user challenges", e);
        throw new IdentityMgtServiceException("Error while loading user challenges");
    }
    Map<String, List<UserChallengesDTO>> listMap = new HashMap<String, List<UserChallengesDTO>>();
    for (ChallengeQuestionDTO dto : questionDTOs) {
        List<UserChallengesDTO> dtoList = listMap.get(dto.getQuestionSetId());
        if (dtoList == null) {
            dtoList = new ArrayList<UserChallengesDTO>();
        }
        UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
        userChallengesDTO.setId(dto.getQuestionSetId());
        userChallengesDTO.setQuestion(dto.getQuestion());
        userChallengesDTO.setOrder(dto.getOrder());
        dtoList.add(userChallengesDTO);
        listMap.put(dto.getQuestionSetId(), dtoList);
    }
    for (Map.Entry<String, List<UserChallengesDTO>> listEntry : listMap.entrySet()) {
        UserChallengesSetDTO dto = new UserChallengesSetDTO();
        dto.setId(listEntry.getKey());
        List<UserChallengesDTO> dtoList = listEntry.getValue();
        dto.setChallengesDTOs(dtoList.toArray(new UserChallengesDTO[dtoList.size()]));
        challengeQuestionSetDTOs.add(dto);
    }
    return challengeQuestionSetDTOs.toArray(new UserChallengesSetDTO[challengeQuestionSetDTOs.size()]);
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) HashMap(java.util.HashMap) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) ArrayList(java.util.ArrayList) IdentityException(org.wso2.carbon.identity.base.IdentityException) ChallengeQuestionDTO(org.wso2.carbon.identity.mgt.dto.ChallengeQuestionDTO) ArrayList(java.util.ArrayList) List(java.util.List) HashMap(java.util.HashMap) Map(java.util.Map) UserChallengesSetDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesSetDTO)

Example 4 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method verifyChallengeQuestion.

/**
 * verify challenge questions
 *
 * @return verification results as been
 * @throws IdentityException if any error occurs
 */
public VerificationBean verifyChallengeQuestion(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
    if (userChallengesDTOs == null || userChallengesDTOs.length < 1) {
        log.error("no challenges provided by user for verifications.");
        bean.setError("no challenges provided by user for verifications.");
        return bean;
    }
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("Invalid user name.", e);
    }
    if (recoveryProcessor.verifyConfirmationKey(confirmation).isVerified()) {
        log.warn("Invalid user is trying to verify user challenges.");
        bean.setError("Invalid user is trying to verify user challenges.");
        return bean;
    }
    ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
    boolean verification = processor.verifyChallengeQuestion(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
    if (verification) {
        String code = UUID.randomUUID().toString();
        try {
            recoveryProcessor.createConfirmationCode(userDTO, code);
        } catch (IdentityException e) {
            log.error("Error while creating confirmation code.", e);
        }
        bean = new VerificationBean(userName, code);
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 5 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method handleChallengesError.

private UserChallengesDTO handleChallengesError(String error, Exception e) {
    UserChallengesDTO bean = new UserChallengesDTO();
    if (error != null) {
        bean.setError(error);
        log.error(error, e);
    } else {
        bean.setError(e.getMessage());
        log.error(e.getMessage(), e);
    }
    return bean;
}
Also used : UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO)

Aggregations

UserChallengesDTO (org.wso2.carbon.identity.mgt.dto.UserChallengesDTO)17 IdentityException (org.wso2.carbon.identity.base.IdentityException)16 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)8 UserStoreException (org.wso2.carbon.user.core.UserStoreException)8 ArrayList (java.util.ArrayList)6 ChallengeQuestionProcessor (org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor)6 IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)6 RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)6 VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)6 UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)6 HashMap (java.util.HashMap)4 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)4 Map (java.util.Map)3 UserChallengesDTO (org.wso2.carbon.identity.mgt.stub.dto.UserChallengesDTO)3 Test (org.testng.annotations.Test)2 SetEnvironment (org.wso2.carbon.automation.engine.annotations.SetEnvironment)2 ChallengeQuestionDTO (org.wso2.carbon.identity.mgt.dto.ChallengeQuestionDTO)2 AuthorizationManager (org.wso2.carbon.user.api.AuthorizationManager)2 UserStoreException (org.wso2.carbon.user.api.UserStoreException)2 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)2