use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method registerUser.
/**
* This method is used to register an user in the system. The account will be locked if the
* Authentication.Policy.Account.Lock.On.Creation is set to true. Else user will be able to
* login after registration.
*
* @param userName
* @param password
* @param claims
* @param profileName
* @param tenantDomain
* @return
* @throws IdentityMgtServiceException
*/
public VerificationBean registerUser(String userName, String password, UserIdentityClaimDTO[] claims, String profileName, String tenantDomain) throws IdentityMgtServiceException {
VerificationBean vBean = new VerificationBean();
org.wso2.carbon.user.core.UserStoreManager userStoreManager = null;
Permission permission = null;
if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
String loggedInTenant = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
String msg = "Trying to create users in unauthorized tenant space";
log.error(msg);
throw new IdentityMgtServiceException(msg);
}
if (tenantDomain == null || tenantDomain.isEmpty()) {
tenantDomain = loggedInTenant;
}
}
RealmService realmService = IdentityMgtServiceComponent.getRealmService();
int tenantId;
try {
tenantId = Utils.getTenantId(tenantDomain);
if (realmService.getTenantUserRealm(tenantId) != null) {
userStoreManager = (org.wso2.carbon.user.core.UserStoreManager) realmService.getTenantUserRealm(tenantId).getUserStoreManager();
}
} catch (Exception e) {
vBean = handleError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant", e);
return vBean;
}
try {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext carbonContext = PrivilegedCarbonContext.getThreadLocalCarbonContext();
carbonContext.setTenantId(tenantId);
carbonContext.setTenantDomain(tenantDomain);
}
if (userStoreManager == null) {
vBean = new VerificationBean();
vBean.setVerified(false);
vBean.setError(VerificationBean.ERROR_CODE_UNEXPECTED + " Error retrieving the user store manager for the tenant");
return vBean;
}
Map<String, String> claimsMap = new HashMap<String, String>();
for (UserIdentityClaimDTO userIdentityClaimDTO : claims) {
claimsMap.put(userIdentityClaimDTO.getClaimUri(), userIdentityClaimDTO.getClaimValue());
}
userStoreManager.addUser(userName, password, null, claimsMap, profileName);
String identityRoleName = UserCoreConstants.INTERNAL_DOMAIN + CarbonConstants.DOMAIN_SEPARATOR + IdentityConstants.IDENTITY_DEFAULT_ROLE;
if (!userStoreManager.isExistingRole(identityRoleName, false)) {
permission = new Permission("/permission/admin/login", UserMgtConstants.EXECUTE_ACTION);
userStoreManager.addRole(identityRoleName, new String[] { userName }, new Permission[] { permission }, false);
} else {
userStoreManager.updateUserListOfRole(identityRoleName, new String[] {}, new String[] { userName });
}
String listenerClassName = IdentityMgtConfig.getInstance().getProperty(IdentityMgtConstants.PropertyConfig.IDENTITY_MGT_LISTENER_CLASS);
if (StringUtils.isBlank(listenerClassName)) {
listenerClassName = IdentityMgtEventListener.class.getName();
}
IdentityEventListenerConfig identityEventListenerConfig = IdentityUtil.readEventListenerProperty(UserOperationEventListener.class.getName(), listenerClassName);
boolean isListenerEnable = true;
if (identityEventListenerConfig != null) {
if (StringUtils.isNotBlank(identityEventListenerConfig.getEnable())) {
isListenerEnable = Boolean.parseBoolean(identityEventListenerConfig.getEnable());
}
}
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
if (isListenerEnable && config.isAuthPolicyAccountLockOnCreation()) {
UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
userDTO.setTenantId(tenantId);
UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_CONFORM);
dto.setNotificationType("EMAIL");
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
vBean = processor.updateConfirmationCode(1, userName, tenantId);
dto.setConfirmationCode(vBean.getKey());
NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
vBean.setVerified(notificationDto.isNotificationSent());
// Send email data only if not internally managed.
if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
vBean.setNotificationData(notificationDto);
}
} else {
vBean.setVerified(true);
}
} catch (UserStoreException | IdentityException e) {
vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e, userName);
// Rollback if user exists
try {
if (!e.getMessage().contains(IdentityCoreConstants.EXISTING_USER) && userStoreManager.isExistingUser(userName)) {
userStoreManager.deleteUser(userName);
}
} catch (UserStoreException e1) {
vBean = UserIdentityManagementUtil.getCustomErrorMessagesWhenRegistering(e1, userName);
}
return vBean;
} finally {
if (IdentityMgtConfig.getInstance().isSaasEnabled()) {
PrivilegedCarbonContext.endTenantFlow();
}
}
return vBean;
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method getUserIdentitySupportedClaims.
/**
* This returns the user supported claims.
*
* @param dialect
* @return
* @throws IdentityException
*/
public UserIdentityClaimDTO[] getUserIdentitySupportedClaims(String dialect) throws IdentityException {
IdentityClaimManager claimManager = null;
Claim[] claims = null;
UserRealm realm = null;
claimManager = IdentityClaimManager.getInstance();
realm = IdentityTenantUtil.getRealm(null, null);
claims = claimManager.getAllSupportedClaims(dialect, realm);
if (claims == null || claims.length == 0) {
log.warn("Could not find any matching claims for requested dialect : " + dialect);
return new UserIdentityClaimDTO[0];
}
List<UserIdentityClaimDTO> claimList = new ArrayList<UserIdentityClaimDTO>();
for (int i = 0; i < claims.length; i++) {
if (claims[i].getDisplayTag() != null && !IdentityConstants.PPID_DISPLAY_VALUE.equals(claims[i].getDisplayTag())) {
if (UserCoreConstants.ClaimTypeURIs.ACCOUNT_STATUS.equals(claims[i].getClaimUri())) {
continue;
}
if (claims[i].isSupportedByDefault() && (!claims[i].isReadOnly())) {
UserIdentityClaimDTO claimDto = new UserIdentityClaimDTO();
claimDto.setClaimUri(claims[i].getClaimUri());
claimDto.setClaimValue(claims[i].getValue());
claimDto.setRequired(claims[i].isRequired());
claimDto.setDisplayName(claims[i].getDisplayTag());
claimList.add(claimDto);
}
}
}
return claimList.toArray(new UserIdentityClaimDTO[claimList.size()]);
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserInformationRecoveryService method verifyAccount.
/**
* Verifies the user against the provided claims and captcha information.
*
* @param claims
* @param captcha
* @param tenantDomain
* @return
* @throws IdentityMgtServiceException
*/
public VerificationBean verifyAccount(UserIdentityClaimDTO[] claims, CaptchaInfoBean captcha, String tenantDomain) throws IdentityMgtServiceException {
VerificationBean vBean = new VerificationBean();
if (IdentityMgtConfig.getInstance().isCaptchaVerificationInternallyManaged()) {
try {
CaptchaUtil.processCaptchaInfoBean(captcha);
} catch (Exception e) {
vBean = handleError(VerificationBean.ERROR_CODE_INVALID_CAPTCHA + " Error processing captcha", e);
return vBean;
}
}
if (!IdentityMgtConfig.getInstance().isSaasEnabled()) {
String loggedInTenant = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantDomain();
if (tenantDomain != null && !tenantDomain.isEmpty() && !loggedInTenant.equals(tenantDomain)) {
String msg = "Trying to verify account unauthorized tenant space";
log.error(msg);
throw new IdentityMgtServiceException(msg);
}
if (tenantDomain == null || tenantDomain.isEmpty()) {
tenantDomain = loggedInTenant;
}
}
try {
int tenantId = Utils.getTenantId(tenantDomain);
String userName = UserIdentityManagementUtil.getUsernameByClaims(claims, tenantId);
if (userName != null) {
UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
userDTO.setTenantId(tenantId);
UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_ID_RECOVERY);
dto.setNotificationType("EMAIL");
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
NotificationDataDTO notificationDto = processor.notifyWithEmail(dto);
vBean.setVerified(notificationDto.isNotificationSent());
// Send email data only if not internally managed.
if (!(IdentityMgtConfig.getInstance().isNotificationInternallyManaged())) {
vBean.setNotificationData(notificationDto);
}
} else {
vBean.setError("User not found");
vBean.setVerified(false);
}
} catch (Exception e) {
vBean = handleError(VerificationBean.ERROR_CODE_INVALID_USER + " Error verifying user account", e);
return vBean;
}
return vBean;
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method updateUserIdentityClaims.
/**
* User updates/add account recovery data such as the email address or the
* phone number etc.
*
* @param userIdentityClaims
* @throws IdentityMgtServiceException
*/
public void updateUserIdentityClaims(UserIdentityClaimDTO[] userIdentityClaims) throws IdentityMgtServiceException {
String userName = CarbonContext.getThreadLocalCarbonContext().getUsername();
try {
UserStoreManager userStoreManager = IdentityMgtServiceComponent.getRealmService().getTenantUserRealm(CarbonContext.getThreadLocalCarbonContext().getTenantId()).getUserStoreManager();
Map<String, String> claims = new HashMap<String, String>();
for (UserIdentityClaimDTO dto : userIdentityClaims) {
if (dto.getClaimUri().contains(UserCoreConstants.ClaimTypeURIs.IDENTITY_CLAIM_URI)) {
log.warn("WARNING! User " + userName + " tried to alter " + dto.getClaimUri());
throw IdentityException.error("Updates to the claim " + dto.getClaimUri() + " are not allowed");
}
claims.put(dto.getClaimUri(), dto.getClaimValue());
}
userStoreManager.setUserClaimValues(userName, claims, null);
} catch (UserStoreException | IdentityException e) {
String errorMessage = "Error while updating identity recovery data for : " + userName;
log.error(errorMessage, e);
throw new IdentityMgtServiceException(errorMessage, e);
}
}
use of org.wso2.carbon.identity.mgt.dto.UserIdentityClaimDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementUtil method updateUserSecurityQuestions.
// ---- Util methods for authenticated users ----///
/**
* Update security questions of the logged in user.
*
* @param securityQuestion
* @param userStoreManager
* @throws IdentityException
*/
public static void updateUserSecurityQuestions(String userName, UserIdentityClaimDTO[] securityQuestion, UserStoreManager userStoreManager) throws IdentityException {
UserIdentityDataStore store = IdentityMgtConfig.getInstance().getIdentityDataStore();
UserIdentityClaimsDO userIdentityDO = store.load(userName, userStoreManager);
if (userIdentityDO != null) {
userIdentityDO.updateUserSequeiryQuestions(securityQuestion);
store.store(userIdentityDO, userStoreManager);
} else {
throw IdentityException.error("No user account found for user " + userName);
}
}
Aggregations