use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyUserChallengeAnswer.
/**
* This method is to verify the user supplied answer for the challenge
* question.
*
* @param userName
* @param confirmation
* @param questionId
* @param answer
* @return status and key details about the operation status.
* @throws IdentityMgtServiceException
*/
public VerificationBean verifyUserChallengeAnswer(String userName, String confirmation, String questionId, String answer) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
if (log.isDebugEnabled()) {
log.debug("User challenge answer request received with username :" + userName);
}
if (questionId == null || answer == null) {
String error = "No challenge question id provided for verification";
bean.setError(error);
if (log.isDebugEnabled()) {
log.debug(error);
}
return bean;
}
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
return bean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
try {
bean = recoveryProcessor.verifyConfirmationCode(40, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
if (bean == null) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
}
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
userChallengesDTO.setId(questionId);
userChallengesDTO.setAnswer(answer);
boolean verification = processor.verifyUserChallengeAnswer(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTO);
if (verification) {
bean.setError("");
bean.setUserId(userName);
if (log.isDebugEnabled()) {
log.debug("User answer verification successful for user: " + userName);
}
} else {
bean.setError("Challenge answer verification failed for user : " + userName);
bean.setVerified(false);
// clear the key to avoid returning to caller.
bean.setKey("");
log.error(bean.getError());
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return bean;
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyUserChallengeAnswers.
/**
* Verifies challenge question answers.
*
* @param userName username of the user
* @param confirmation confirmation code UserChallengesDTO instances which holds the question id and answer
* @param userChallengesDTOs an array of
* @return an instance of VerificationBean which denote the status
* @throws IdentityMgtServiceException
*/
public VerificationBean verifyUserChallengeAnswers(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
VerificationBean bean = new VerificationBean();
bean.setVerified(false);
if (log.isDebugEnabled()) {
log.debug("User challenge answers request received with username :" + userName);
}
if (ArrayUtils.isEmpty(userChallengesDTOs)) {
String errorMsg = "No challenge question id provided for verification";
bean.setError(errorMsg);
if (log.isDebugEnabled()) {
log.debug(errorMsg);
}
return bean;
}
UserDTO userDTO;
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
return bean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
try {
bean = recoveryProcessor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
log.error("Error while verifying confirmation code.", e);
bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
if (bean == null) {
bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
}
return bean;
}
ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
boolean verification = processor.verifyUserChallengeAnswers(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
if (verification) {
bean.setError("");
bean.setUserId(userName);
if (log.isDebugEnabled()) {
log.debug("User answer verification successful for user: " + userName);
}
} else {
bean.setError("Verification failed for one or more answers provided by user : " + userName);
bean.setVerified(false);
// clear the key to avoid returning to caller.
bean.setKey("");
if (log.isDebugEnabled()) {
log.debug(bean.getError());
}
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return bean;
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method getUserChallengeQuestions.
/**
* Returns all the challenge questions configured for the user.
*
* @param userName username of the user
* @param confirmation confirmation code
* @return an instance of UserChallengesCollectionDTO which holds the challenge questions and status
* @throws IdentityMgtServiceException
*/
public UserChallengesCollectionDTO getUserChallengeQuestions(String userName, String confirmation) throws IdentityMgtServiceException {
UserDTO userDTO = null;
UserChallengesCollectionDTO userChallengesCollectionDTO = new UserChallengesCollectionDTO();
if (log.isDebugEnabled()) {
log.debug("User challenge question request received with username :" + userName);
}
try {
userDTO = Utils.processUserId(userName);
} catch (IdentityException e) {
log.error("Error while validating user " + userName, e);
return UserIdentityManagementUtil.handleChallengeQuestionSetError(VerificationBean.ERROR_CODE_INVALID_USER + " Error validating user : " + userName, null);
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(userDTO.getTenantId());
carbonContext.setTenantDomain(userDTO.getTenantDomain());
}
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
VerificationBean bean;
try {
bean = processor.verifyConfirmationCode(1, userDTO.getUserId(), confirmation);
if (bean.isVerified()) {
bean = processor.updateConfirmationCode(20, userDTO.getUserId(), userDTO.getTenantId());
} else {
bean.setVerified(false);
}
} catch (IdentityException e) {
log.error("Error while verifying confirmation code.", e);
return UserIdentityManagementUtil.getCustomErrorMessagesForChallengeQuestionSet(e, userName);
}
if (bean.isVerified()) {
UserChallengesDTO[] userChallengesDTOs = null;
try {
userChallengesDTOs = processor.getQuestionProcessor().getUserChallengeQuestions(userDTO.getUserId(), userDTO.getTenantId());
userChallengesCollectionDTO.setKey(bean.getKey());
userChallengesCollectionDTO.setUserChallengesDTOs(userChallengesDTOs);
} catch (IdentityException e) {
log.error("Error while retrieving challenge questions of the user " + userName, e);
return UserIdentityManagementUtil.handleChallengeQuestionSetError(VerificationBean.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND + " No associated challenge " + "questions found for the user : " + userName, null);
}
if (log.isDebugEnabled()) {
log.debug("User challenge questions retrieved successfully");
}
} else {
if (log.isDebugEnabled()) {
log.debug("Verification failed for user. Error : " + bean.getError());
}
userChallengesCollectionDTO.setError(VerificationBean.ERROR_CODE_INVALID_USER + " " + bean.getError());
}
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return userChallengesCollectionDTO;
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method validateSecurityQuestionDuplicate.
private void validateSecurityQuestionDuplicate(UserChallengesDTO[] challengesDTOs) throws IdentityMgtServiceException {
Set<String> tmpMap = new HashSet<String>();
for (int i = 0; i < challengesDTOs.length; i++) {
UserChallengesDTO userChallengesDTO = challengesDTOs[i];
if (tmpMap.contains(userChallengesDTO.getId())) {
String errMsg = "Error while validating user challenges, because these can't be more than one security challenges for one claim uri";
log.error(errMsg);
throw new IdentityMgtServiceException(errMsg);
}
tmpMap.add(userChallengesDTO.getId());
}
}
use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method getChallengeQuestionsOfUser.
/**
* get challenges of user
*
* @param userName bean class that contains user and tenant Information
* @return array of challenges if null, return empty array
* @throws org.wso2.carbon.identity.mgt.IdentityMgtServiceException if fails
*/
public UserChallengesDTO[] getChallengeQuestionsOfUser(String userName) throws IdentityMgtServiceException {
int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
String loggedInName = CarbonContext.getThreadLocalCarbonContext().getUsername();
if (userName != null && !userName.equals(loggedInName)) {
AuthorizationManager authzManager = null;
try {
authzManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
} catch (UserStoreException e) {
throw new IdentityMgtServiceException("Error occurred while retrieving AuthorizationManager for tenant " + tenantDomain, e);
}
boolean isAuthorized = false;
try {
isAuthorized = authzManager.isUserAuthorized(loggedInName, "/permission/admin/manage/identity/identitymgt/view", CarbonConstants.UI_PERMISSION_ACTION);
} catch (UserStoreException e) {
throw new IdentityMgtServiceException("Error occurred while checking access level for " + "user " + userName + " in tenant " + tenantDomain, e);
}
if (!isAuthorized) {
throw new IdentityMgtServiceException("Unauthorized access!! Possible violation of confidentiality. " + "User " + loggedInName + " trying to get challenge questions for user " + userName);
}
} else if (userName == null) {
userName = loggedInName;
}
ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
return processor.getChallengeQuestionsOfUser(userName, tenantId, true);
}
Aggregations