Search in sources :

Example 16 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyUserChallengeAnswer.

/**
 * This method is to verify the user supplied answer for the challenge
 * question.
 *
 * @param userName
 * @param confirmation
 * @param questionId
 * @param answer
 * @return status and key details about the operation status.
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyUserChallengeAnswer(String userName, String confirmation, String questionId, String answer) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    if (log.isDebugEnabled()) {
        log.debug("User challenge answer request received with username :" + userName);
    }
    if (questionId == null || answer == null) {
        String error = "No challenge question id provided for verification";
        bean.setError(error);
        if (log.isDebugEnabled()) {
            log.debug(error);
        }
        return bean;
    }
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
        return bean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        try {
            bean = recoveryProcessor.verifyConfirmationCode(40, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
            if (bean == null) {
                bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
            }
            return bean;
        }
        ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
        UserChallengesDTO userChallengesDTO = new UserChallengesDTO();
        userChallengesDTO.setId(questionId);
        userChallengesDTO.setAnswer(answer);
        boolean verification = processor.verifyUserChallengeAnswer(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTO);
        if (verification) {
            bean.setError("");
            bean.setUserId(userName);
            if (log.isDebugEnabled()) {
                log.debug("User answer verification successful for user: " + userName);
            }
        } else {
            bean.setError("Challenge answer verification failed for user : " + userName);
            bean.setVerified(false);
            // clear the key to avoid returning to caller.
            bean.setKey("");
            log.error(bean.getError());
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 17 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyUserChallengeAnswers.

/**
 * Verifies challenge question answers.
 *
 * @param userName username of the user
 * @param confirmation confirmation code UserChallengesDTO instances which holds the question id and answer
 * @param userChallengesDTOs an array of
 * @return an instance of VerificationBean which denote the status
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyUserChallengeAnswers(String userName, String confirmation, UserChallengesDTO[] userChallengesDTOs) throws IdentityMgtServiceException {
    VerificationBean bean = new VerificationBean();
    bean.setVerified(false);
    if (log.isDebugEnabled()) {
        log.debug("User challenge answers request received with username :" + userName);
    }
    if (ArrayUtils.isEmpty(userChallengesDTOs)) {
        String errorMsg = "No challenge question id provided for verification";
        bean.setError(errorMsg);
        if (log.isDebugEnabled()) {
            log.debug(errorMsg);
        }
        return bean;
    }
    UserDTO userDTO;
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        bean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user: " + userName, e);
        return bean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor recoveryProcessor = IdentityMgtServiceComponent.getRecoveryProcessor();
        try {
            bean = recoveryProcessor.verifyConfirmationCode(20, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = recoveryProcessor.updateConfirmationCode(30, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            log.error("Error while verifying confirmation code.", e);
            bean = UserIdentityManagementUtil.getCustomErrorMessagesToVerifyCode(e, userName);
            if (bean == null) {
                bean = handleError(VerificationBean.ERROR_CODE_INVALID_CODE + " " + " Error verifying confirmation code for user : " + userName, e);
            }
            return bean;
        }
        ChallengeQuestionProcessor processor = recoveryProcessor.getQuestionProcessor();
        boolean verification = processor.verifyUserChallengeAnswers(userDTO.getUserId(), userDTO.getTenantId(), userChallengesDTOs);
        if (verification) {
            bean.setError("");
            bean.setUserId(userName);
            if (log.isDebugEnabled()) {
                log.debug("User answer verification successful for user: " + userName);
            }
        } else {
            bean.setError("Verification failed for one or more answers provided by user : " + userName);
            bean.setVerified(false);
            // clear the key to avoid returning to caller.
            bean.setKey("");
            if (log.isDebugEnabled()) {
                log.debug(bean.getError());
            }
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return bean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 18 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method getUserChallengeQuestions.

/**
 * Returns all the challenge questions configured for the user.
 *
 * @param userName     username of the user
 * @param confirmation confirmation code
 * @return an instance of UserChallengesCollectionDTO which holds the challenge questions and status
 * @throws IdentityMgtServiceException
 */
public UserChallengesCollectionDTO getUserChallengeQuestions(String userName, String confirmation) throws IdentityMgtServiceException {
    UserDTO userDTO = null;
    UserChallengesCollectionDTO userChallengesCollectionDTO = new UserChallengesCollectionDTO();
    if (log.isDebugEnabled()) {
        log.debug("User challenge question request received with username :" + userName);
    }
    try {
        userDTO = Utils.processUserId(userName);
    } catch (IdentityException e) {
        log.error("Error while validating user " + userName, e);
        return UserIdentityManagementUtil.handleChallengeQuestionSetError(VerificationBean.ERROR_CODE_INVALID_USER + " Error validating user : " + userName, null);
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(userDTO.getTenantId());
            carbonContext.setTenantDomain(userDTO.getTenantDomain());
        }
        RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
        VerificationBean bean;
        try {
            bean = processor.verifyConfirmationCode(1, userDTO.getUserId(), confirmation);
            if (bean.isVerified()) {
                bean = processor.updateConfirmationCode(20, userDTO.getUserId(), userDTO.getTenantId());
            } else {
                bean.setVerified(false);
            }
        } catch (IdentityException e) {
            log.error("Error while verifying confirmation code.", e);
            return UserIdentityManagementUtil.getCustomErrorMessagesForChallengeQuestionSet(e, userName);
        }
        if (bean.isVerified()) {
            UserChallengesDTO[] userChallengesDTOs = null;
            try {
                userChallengesDTOs = processor.getQuestionProcessor().getUserChallengeQuestions(userDTO.getUserId(), userDTO.getTenantId());
                userChallengesCollectionDTO.setKey(bean.getKey());
                userChallengesCollectionDTO.setUserChallengesDTOs(userChallengesDTOs);
            } catch (IdentityException e) {
                log.error("Error while retrieving challenge questions of the user " + userName, e);
                return UserIdentityManagementUtil.handleChallengeQuestionSetError(VerificationBean.ERROR_CODE_CHALLENGE_QUESTION_NOT_FOUND + " No associated challenge " + "questions found for the user : " + userName, null);
            }
            if (log.isDebugEnabled()) {
                log.debug("User challenge questions retrieved successfully");
            }
        } else {
            if (log.isDebugEnabled()) {
                log.debug("Verification failed for user. Error : " + bean.getError());
            }
            userChallengesCollectionDTO.setError(VerificationBean.ERROR_CODE_INVALID_USER + " " + bean.getError());
        }
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return userChallengesCollectionDTO;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) UserChallengesCollectionDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesCollectionDTO) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 19 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method validateSecurityQuestionDuplicate.

private void validateSecurityQuestionDuplicate(UserChallengesDTO[] challengesDTOs) throws IdentityMgtServiceException {
    Set<String> tmpMap = new HashSet<String>();
    for (int i = 0; i < challengesDTOs.length; i++) {
        UserChallengesDTO userChallengesDTO = challengesDTOs[i];
        if (tmpMap.contains(userChallengesDTO.getId())) {
            String errMsg = "Error while validating user challenges, because these can't be more than one security challenges for one claim uri";
            log.error(errMsg);
            throw new IdentityMgtServiceException(errMsg);
        }
        tmpMap.add(userChallengesDTO.getId());
    }
}
Also used : UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) HashSet(java.util.HashSet)

Example 20 with UserChallengesDTO

use of org.wso2.carbon.identity.mgt.dto.UserChallengesDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method getChallengeQuestionsOfUser.

/**
 * get challenges of user
 *
 * @param userName bean class that contains user and tenant Information
 * @return array of challenges  if null, return empty array
 * @throws org.wso2.carbon.identity.mgt.IdentityMgtServiceException if fails
 */
public UserChallengesDTO[] getChallengeQuestionsOfUser(String userName) throws IdentityMgtServiceException {
    int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
    String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
    String loggedInName = CarbonContext.getThreadLocalCarbonContext().getUsername();
    if (userName != null && !userName.equals(loggedInName)) {
        AuthorizationManager authzManager = null;
        try {
            authzManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getAuthorizationManager();
        } catch (UserStoreException e) {
            throw new IdentityMgtServiceException("Error occurred while retrieving AuthorizationManager for tenant " + tenantDomain, e);
        }
        boolean isAuthorized = false;
        try {
            isAuthorized = authzManager.isUserAuthorized(loggedInName, "/permission/admin/manage/identity/identitymgt/view", CarbonConstants.UI_PERMISSION_ACTION);
        } catch (UserStoreException e) {
            throw new IdentityMgtServiceException("Error occurred while checking access level for " + "user " + userName + " in tenant " + tenantDomain, e);
        }
        if (!isAuthorized) {
            throw new IdentityMgtServiceException("Unauthorized access!! Possible violation of confidentiality. " + "User " + loggedInName + " trying to get challenge questions for user " + userName);
        }
    } else if (userName == null) {
        userName = loggedInName;
    }
    ChallengeQuestionProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor().getQuestionProcessor();
    return processor.getChallengeQuestionsOfUser(userName, tenantId, true);
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) ChallengeQuestionProcessor(org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AuthorizationManager(org.wso2.carbon.user.api.AuthorizationManager)

Aggregations

UserChallengesDTO (org.wso2.carbon.identity.mgt.dto.UserChallengesDTO)17 IdentityException (org.wso2.carbon.identity.base.IdentityException)16 RegistryException (org.wso2.carbon.registry.core.exceptions.RegistryException)8 UserStoreException (org.wso2.carbon.user.core.UserStoreException)8 ArrayList (java.util.ArrayList)6 ChallengeQuestionProcessor (org.wso2.carbon.identity.mgt.ChallengeQuestionProcessor)6 IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)6 RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)6 VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)6 UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)6 HashMap (java.util.HashMap)4 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)4 Map (java.util.Map)3 UserChallengesDTO (org.wso2.carbon.identity.mgt.stub.dto.UserChallengesDTO)3 Test (org.testng.annotations.Test)2 SetEnvironment (org.wso2.carbon.automation.engine.annotations.SetEnvironment)2 ChallengeQuestionDTO (org.wso2.carbon.identity.mgt.dto.ChallengeQuestionDTO)2 AuthorizationManager (org.wso2.carbon.user.api.AuthorizationManager)2 UserStoreException (org.wso2.carbon.user.api.UserStoreException)2 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)2