use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project product-is by wso2.
the class UserInformationRecoveryServiceTestCase method testRegisterUser.
@SetEnvironment(executionEnvironments = { ExecutionEnvironment.ALL })
@Test(groups = "wso2.is", description = "Check user registration", dependsOnMethods = "testVerifyUserAccount")
public void testRegisterUser() throws Exception {
UserIdentityClaimDTO[] claims = new UserIdentityClaimDTO[2];
UserIdentityClaimDTO claimEmail = new UserIdentityClaimDTO();
claimEmail.setClaimUri("http://wso2.org/claims/emailaddress");
claimEmail.setClaimValue("user2@wso2.com");
UserIdentityClaimDTO claimLastName = new UserIdentityClaimDTO();
claimLastName.setClaimUri("http://wso2.org/claims/givenname");
claimLastName.setClaimValue("user2");
claims[0] = claimEmail;
claims[1] = claimLastName;
VerificationBean bean = infoRecoveryClient.registerUser("user2", "passWord1@", claims, "default", null);
Assert.assertNotNull(bean, "Registering user account has failed with null return");
confKey = bean.getKey();
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project product-is by wso2.
the class UserInformationRecoveryServiceTestCase method testRegisterUserWithEmptyUserName.
@SetEnvironment(executionEnvironments = { ExecutionEnvironment.ALL })
@Test(groups = "wso2.is", description = "Check user registration validation with empty password", dependsOnMethods = "testRegisterUser")
public void testRegisterUserWithEmptyUserName() throws Exception {
UserIdentityClaimDTO[] claims = new UserIdentityClaimDTO[2];
UserIdentityClaimDTO claimEmail = new UserIdentityClaimDTO();
claimEmail.setClaimUri("http://wso2.org/claims/emailaddress");
claimEmail.setClaimValue("user2@wso2.com");
UserIdentityClaimDTO claimLastName = new UserIdentityClaimDTO();
claimLastName.setClaimUri("http://wso2.org/claims/givenname");
claimLastName.setClaimValue("user2");
claims[0] = claimEmail;
claims[1] = claimLastName;
VerificationBean bean = infoRecoveryClient.registerUser(null, "passWord1@", claims, "default", null);
Assert.assertNotNull(bean.getError(), "The expected error message is null with null return");
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method authenticateWithTemporaryCredentials.
/**
* Authenticates the user with the temporary credentials and returns user
* identity recovery data such as primary email address, telephone number
* and all other identity claims of the user including the identity property
* "isUserMustChangePassword". These claims are useful when the user is
* recovering the identity using a temporary credential may be after
* forgetting their password or after the identity being stolen. Then they
* can update the values for these identity claims to keep their identity
* safe.
* TODO : Captcha must be considered
*
* @param userName
* @param tempCredential
* @return
* @throws IdentityMgtServiceException
*/
public UserIdentityClaimDTO[] authenticateWithTemporaryCredentials(String userName, String tempCredential) throws IdentityMgtServiceException {
try {
int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
boolean isValid = UserIdentityManagementUtil.isValidIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_TEMPORARY_CREDENTIAL, tempCredential);
if (!isValid) {
log.warn("WARNING: Invalidated temporary credential provided by " + userName);
throw new IdentityMgtServiceException("Invalid temporary credential provided");
}
UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
userStoreManager.authenticate(userName, tempCredential);
// this credential should not be used again
UserIdentityManagementUtil.invalidateUserIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_TEMPORARY_CREDENTIAL, tempCredential);
return UserIdentityManagementUtil.getAllUserIdentityClaims(userName);
} catch (UserStoreException e) {
log.error("Error while authenticating", e);
throw new IdentityMgtServiceException("Error while authenticating the user");
} catch (IdentityException e) {
log.error("Error while authenticating", e);
throw new IdentityMgtServiceException("Error while authenticating the user");
}
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method confirmUserRegistration.
/**
* Validates the confirmation code and then unlock the user account
*
* @param userName
* @param confirmationCode
* @return
* @throws IdentityMgtServiceException
*/
// TODO : expiration of confirmation code (1 time, 24hrs). Use only UserName
public UserIdentityClaimDTO[] confirmUserRegistration(String userName, String confirmationCode) throws IdentityMgtServiceException {
try {
int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
// throws an exception if invalid
boolean isValid = UserIdentityManagementUtil.isValidIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_CONFIRMATION_CODE, confirmationCode);
if (!isValid) {
log.warn("WARNING: Invalid confirmation code provided by " + userName);
throw new IdentityMgtServiceException("Invalid confirmation code provided");
}
UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
// update the user identity claim
UserIdentityManagementUtil.unlockUserAccount(userName, userStoreManager);
// invalidate the confirmation code
UserIdentityManagementUtil.invalidateUserIdentityMetadata(userName, tenantId, UserRecoveryDataDO.METADATA_CONFIRMATION_CODE, confirmationCode);
return UserIdentityManagementUtil.getAllUserIdentityClaims(userName);
} catch (UserStoreException e) {
log.error("Error while confirming the account", e);
throw new IdentityMgtServiceException("Error while confirming the account");
} catch (IdentityException e) {
log.error("Error while confirming the account", e);
throw new IdentityMgtServiceException("Error while confirming the account");
}
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method recoverUserIdentityWithSecurityQuestions.
/**
* Checks the security questions and their answerers against the user's
* stored questions and answerers. If not all security questions of the user
* are answered, an exception will be thrown. After all security questions
* are answered properly, then the system will generate a random password,
* and reset the user password with it and then will be returned the
* resulting DTO containing the temporary password.
* TODO : Re-think
*
* @param userName
* @param secQuesAnsweres
* @return
* @throws IdentityMgtServiceException
*/
public void recoverUserIdentityWithSecurityQuestions(String userName, UserIdentityClaimDTO[] secQuesAnsweres) throws IdentityMgtServiceException {
try {
int tenantId = Utils.getTenantId(MultitenantUtils.getTenantDomain(userName));
UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(tenantId).getUserStoreManager();
UserIdentityClaimDTO[] storedSecQuesAnswers = UserIdentityManagementUtil.getUserSecurityQuestions(userName, userStoreManager);
// have not answered all questions of the user
if (secQuesAnsweres.length < storedSecQuesAnswers.length) {
throw new IdentityMgtServiceException("All questions must be answered");
}
// NOW check the answer for every question
//
int numberOfAnsweredQuestions = 0;
// for every stored security question
for (UserIdentityClaimDTO storedSecQues : storedSecQuesAnswers) {
// for every answered security question
for (UserIdentityClaimDTO answredSecQues : secQuesAnsweres) {
// when the questions are equal, check for the answer
if (answredSecQues.getClaimUri().trim().equals(storedSecQues.getClaimUri().trim())) {
// if answerers are not equal, throw an exception
if (!answredSecQues.getClaimValue().trim().equals(storedSecQues.getClaimValue().trim())) {
throw new IdentityMgtServiceException("Invalid answeres. Identity recovery failed");
}
numberOfAnsweredQuestions++;
}
}
}
// not all USER's security questions has been answered
if (numberOfAnsweredQuestions < storedSecQuesAnswers.length) {
throw new IdentityMgtServiceException("All questions must be answered");
}
// now okay to recover
// reset the password with a random value
char[] tempPassword = UserIdentityManagementUtil.generateTemporaryPassword();
userStoreManager.updateCredentialByAdmin(userName, tempPassword);
// store the temp password as a Metadata
UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
metadataDO.setUserName(userName).setTenantId(tenantId).setCode(new String(tempPassword));
UserIdentityManagementUtil.storeUserIdentityMetadata(metadataDO);
// sending an email to the user
UserIdentityMgtBean bean = new UserIdentityMgtBean();
String email = userStoreManager.getUserClaimValue(userName, IdentityMgtConfig.getInstance().getAccountRecoveryClaim(), null);
log.debug("Sending email to " + email);
bean.setUserId(userName).setUserTemporaryPassword(new String(tempPassword)).setEmail(email);
UserIdentityManagementUtil.notifyViaEmail(bean);
} catch (UserStoreException e) {
log.error("Error while recovering user identity", e);
throw new IdentityMgtServiceException("Error while recovering user identity");
} catch (IdentityException e) {
log.error("Error while recovering user identity", e);
throw new IdentityMgtServiceException("Error while recovering user identity");
}
}
Aggregations