Search in sources :

Example 11 with UserIdentityClaimDTO

use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method registerUser.

/**
 * This method is used to register an user in the system. The account will be locked if the
 * Authentication.Policy.Account.Lock.On.Creation is set to true. Else user will be able to
 * login after registration.
 *
 * @param userName
 * @param password
 * @param claims
 * @param profileName
 * @param tenantDomain
 * @return
 * @throws IdentityMgtServiceException
 */
public VerificationBean registerUser(String userName, String password, UserIdentityClaimDTO[] claims, String profileName, String tenantDomain) throws IdentityMgtServiceException {
    VerificationBean vBean = new VerificationBean();
    org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
    Permission permission = null;
    if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
        String loggedInTenant = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
            String msg = "Trying to create users in unauthorized tenant space";
            log.error(msg);
            throw new IdentityMgtServiceException(msg);
        }
        if (tenantDomain == null || tenantDomain.isEmpty()) {
            tenantDomain = loggedInTenant;
        }
    }
    RealmService realmService = IdentityMgtServiceComponent.getRealmService();
    int tenantId;
    try {
        tenantId = Utils.getTenantId(tenantDomain);
        if (realmService.getTenantUserRealm(tenantId) != null) {
            userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) realmService.getTenantUserRealm(tenantId).getUserStoreManager();
        }
    } catch (Exception e) {
        vBean = handleError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant", e);
        return vBean;
    }
    try {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.startTenantFlow();
            PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
            carbonContext.setTenantId(tenantId);
            carbonContext.setTenantDomain(tenantDomain);
        }
        if (userStoreManager == null) {
            vBean = new VerificationBean();
            vBean.setVerified(false);
            vBean.setError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant");
            return vBean;
        }
        Map<String, String> claimsMap = new HashMap<String, String>();
        for (UserIdentityClaimDTO userIdentityClaimDTO : claims) {
            claimsMap.put(userIdentityClaimDTO.getClaimUri(), userIdentityClaimDTO.getClaimValue());
        }
        userStoreManager.addUser(userName, password, null, claimsMap, profileName);
        String identityRoleName = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + IdentityConstants.IDENTITY_DEFAULT_ROLE;
        if (!userStoreManager.isExistingRole(identityRoleName, false)) {
            permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
            userStoreManager.addRole(identityRoleName, new String[] { userName }, new Permission[] { permission }, false);
        } else {
            userStoreManager.updateUserListOfRole(identityRoleName, new String[] {}, new String[] { userName });
        }
        String listenerClassName = IdentityMgtConfig.getInstance().getProperty(IdentityMgtConstants.PropertyConfig.IDENTITY_MGT_LISTENER_CLASS);
        if (StringUtils.isBlank(listenerClassName)) {
            listenerClassName = IdentityMgtEventListener.class.getName();
        }
        IdentityEventListenerConfig identityEventListenerConfig = IdentityUtil.readEventListenerProperty(UserOperationEventListener.class.getName(), listenerClassName);
        boolean isListenerEnable = true;
        if (identityEventListenerConfig != null) {
            if (StringUtils.isNotBlank(identityEventListenerConfig.getEnable())) {
                isListenerEnable = Boolean.parseBoolean(identityEventListenerConfig.getEnable());
            }
        }
        IdentityMgtConfig config = IdentityMgtConfig.getInstance();
        if (isListenerEnable && config.isAuthPolicyAccountLockOnCreation()) {
            UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
            userDTO.setTenantId(tenantId);
            UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
            dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
            dto.setNotificationType("EMAIL");
            RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
            vBean = processor.updateConfirmationCode(1, userName, tenantId);
            dto.setConfirmationCode(vBean.getKey());
            NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
            vBean.setVerified(notificationDto.isNotificationSent());
            // Send email data only if not internally managed.
            if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
                vBean.setNotificationData(notificationDto);
            }
        } else {
            vBean.setVerified(true);
        }
    } catch (UserStoreException | IdentityException e) {
        vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e, userName);
        // Rollback if user exists
        try {
            if (!e.getMessage().contains(IdentityCoreConstants.EXISTING_USER) && userStoreManager.isExistingUser(userName)) {
                userStoreManager.deleteUser(userName);
            }
        } catch (UserStoreException e1) {
            vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e1, userName);
        }
        return vBean;
    } finally {
        if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
            PrivilegedCarbonContext.endTenantFlow();
        }
    }
    return vBean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserOperationEventListener(org.wso2.carbon.user.core.listener.UserOperationEventListener) HashMap(java.util.HashMap) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException) IdentityMgtEventListener(org.wso2.carbon.identity.mgt.IdentityMgtEventListener) Permission(org.wso2.carbon.user.core.Permission) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityEventListenerConfig(org.wso2.carbon.identity.core.model.IdentityEventListenerConfig) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) PrivilegedCarbonContext(org.wso2.carbon.context.PrivilegedCarbonContext) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) IdentityException(org.wso2.carbon.identity.base.IdentityException) RealmService(org.wso2.carbon.user.core.service.RealmService) UserIdentityClaimDTO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO) IdentityMgtConfig(org.wso2.carbon.identity.mgt.IdentityMgtConfig)

Example 12 with UserIdentityClaimDTO

use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method getUserIdentitySupportedClaims.

/**
 * This returns the user supported claims.
 *
 * @param dialect
 * @return
 * @throws IdentityException
 */
public UserIdentityClaimDTO[] getUserIdentitySupportedClaims(String dialect) throws IdentityException {
    IdentityClaimManager claimManager = null;
    Claim[] claims = null;
    UserRealm realm = null;
    claimManager = IdentityClaimManager.getInstance();
    realm = IdentityTenantUtil.getRealm(null, null);
    claims = claimManager.getAllSupportedClaims(dialect, realm);
    if (claims == null || claims.length == 0) {
        log.warn("Could not find any matching claims for requested dialect : " + dialect);
        return new UserIdentityClaimDTO[0];
    }
    List<UserIdentityClaimDTO> claimList = new ArrayList<UserIdentityClaimDTO>();
    for (int i = 0; i < claims.length; i++) {
        if (claims[i].getDisplayTag() != null && !IdentityConstants.PPID_DISPLAY_VALUE.equals(claims[i].getDisplayTag())) {
            if (UserCoreConstants.ClaimTypeURIs.ACCOUNT_STATUS.equals(claims[i].getClaimUri())) {
                continue;
            }
            if (claims[i].isSupportedByDefault() && (!claims[i].isReadOnly())) {
                UserIdentityClaimDTO claimDto = new UserIdentityClaimDTO();
                claimDto.setClaimUri(claims[i].getClaimUri());
                claimDto.setClaimValue(claims[i].getValue());
                claimDto.setRequired(claims[i].isRequired());
                claimDto.setDisplayName(claims[i].getDisplayTag());
                claimList.add(claimDto);
            }
        }
    }
    return claimList.toArray(new UserIdentityClaimDTO[claimList.size()]);
}
Also used : UserRealm(org.wso2.carbon.user.core.UserRealm) ArrayList(java.util.ArrayList) IdentityClaimManager(org.wso2.carbon.identity.core.IdentityClaimManager) UserIdentityClaimDTO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO) Claim(org.wso2.carbon.user.core.claim.Claim)

Example 13 with UserIdentityClaimDTO

use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.

the class UserInformationRecoveryService method verifyAccount.

/**
 * Verifies the user against the provided claims and captcha information.
 *
 * @param claims
 * @param captcha
 * @param tenantDomain
 * @return
 * @throws IdentityMgtServiceException
 */
public VerificationBean verifyAccount(UserIdentityClaimDTO[] claims, CaptchaInfoBean captcha, String tenantDomain) throws IdentityMgtServiceException {
    VerificationBean vBean = new VerificationBean();
    if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
        try {
            CaptchaUtil.processCaptchaInfoBean(captcha);
        } catch (Exception e) {
            vBean = handleError(VerificationBean.ERROR_CODE_INVALID_CAPTCHA + " Error processing captcha", e);
            return vBean;
        }
    }
    if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
        String loggedInTenant = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
        if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
            String msg = "Trying to verify account unauthorized tenant space";
            log.error(msg);
            throw new IdentityMgtServiceException(msg);
        }
        if (tenantDomain == null || tenantDomain.isEmpty()) {
            tenantDomain = loggedInTenant;
        }
    }
    try {
        int tenantId = Utils.getTenantId(tenantDomain);
        String userName = UserIdentityManagementUtil.getUsernameByClaims(claims, tenantId);
        if (userName != null) {
            UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
            userDTO.setTenantId(tenantId);
            UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
            dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY);
            dto.setNotificationType("EMAIL");
            RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
            NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
            vBean.setVerified(notificationDto.isNotificationSent());
            // Send email data only if not internally managed.
            if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
                vBean.setNotificationData(notificationDto);
            }
        } else {
            vBean.setError("User not found");
            vBean.setVerified(false);
        }
    } catch (Exception e) {
        vBean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user account", e);
        return vBean;
    }
    return vBean;
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) UserStoreException(org.wso2.carbon.user.api.UserStoreException) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 14 with UserIdentityClaimDTO

use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method updateUserIdentityClaims.

/**
 * User updates/add account recovery data such as the email address or the
 * phone number etc.
 *
 * @param userIdentityClaims
 * @throws IdentityMgtServiceException
 */
public void updateUserIdentityClaims(UserIdentityClaimDTO[] userIdentityClaims) throws IdentityMgtServiceException {
    String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
    try {
        UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId()).getUserStoreManager();
        Map<String, String> claims = new HashMap<String, String>();
        for (UserIdentityClaimDTO dto : userIdentityClaims) {
            if (dto.getClaimUri().contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
                log.warn("WARNING! User " + userName + " tried to alter " + dto.getClaimUri());
                throw IdentityException.error("Updates to the claim " + dto.getClaimUri() + " are not allowed");
            }
            claims.put(dto.getClaimUri(), dto.getClaimValue());
        }
        userStoreManager.setUserClaimValues(userName, claims, null);
    } catch (UserStoreException | IdentityException e) {
        String errorMessage = "Error while updating identity recovery data for : " + userName;
        log.error(errorMessage, e);
        throw new IdentityMgtServiceException(errorMessage, e);
    }
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) HashMap(java.util.HashMap) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) UserIdentityClaimDTO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 15 with UserIdentityClaimDTO

use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementUtil method updateUserSecurityQuestions.

// ---- Util methods for authenticated users ----///
/**
 * Update security questions of the logged in user.
 *
 * @param securityQuestion
 * @param userStoreManager
 * @throws IdentityException
 */
public static void updateUserSecurityQuestions(String userName, UserIdentityClaimDTO[] securityQuestion, UserStoreManager userStoreManager) throws IdentityException {
    UserIdentityDataStore store = IdentityMgtConfig.getInstance().getIdentityDataStore();
    UserIdentityClaimsDO userIdentityDO = store.load(userName, userStoreManager);
    if (userIdentityDO != null) {
        userIdentityDO.updateUserSequeiryQuestions(securityQuestion);
        store.store(userIdentityDO, userStoreManager);
    } else {
        throw IdentityException.error("No user account found for user " + userName);
    }
}
Also used : UserIdentityDataStore(org.wso2.carbon.identity.mgt.store.UserIdentityDataStore) UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)

Aggregations

IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)9 Test (org.testng.annotations.Test)7 SetEnvironment (org.wso2.carbon.automation.engine.annotations.SetEnvironment)7 VerificationBean (org.wso2.carbon.identity.mgt.stub.beans.VerificationBean)7 UserIdentityClaimDTO (org.wso2.carbon.identity.mgt.stub.dto.UserIdentityClaimDTO)7 UserStoreException (org.wso2.carbon.user.api.UserStoreException)7 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)7 IdentityException (org.wso2.carbon.identity.base.IdentityException)6 UserIdentityClaimDTO (org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO)6 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)5 UserIdentityClaimsDO (org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)4 UserIdentityDataStore (org.wso2.carbon.identity.mgt.store.UserIdentityDataStore)4 ArrayList (java.util.ArrayList)2 HashMap (java.util.HashMap)2 RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)2 VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)2 NotificationDataDTO (org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)2 UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)2 UserRecoveryDTO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)2 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)1