Search in sources :

Example 1 with UserRecoveryDTO

use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method unlockUserAccount.

/**
 * Admin unlocks the user account.
 *
 * @param userName
 * @throws IdentityMgtServiceException
 */
public void unlockUserAccount(String userName, String notificationType) throws IdentityMgtServiceException {
    try {
        UserStoreManager userStoreManager = getUserStore(userName);
        String userNameWithoutDomain = UserCoreUtil.removeDomainFromName(userName);
        UserIdentityManagementUtil.unlockUserAccount(userNameWithoutDomain, userStoreManager);
        int tenantID = userStoreManager.getTenantId();
        String tenantDomain = IdentityMgtServiceComponent.getRealmService().getTenantManager().getDomain(tenantID);
        boolean isNotificationSending = IdentityMgtConfig.getInstance().isNotificationSending();
        if (notificationType != null && isNotificationSending) {
            UserRecoveryDTO dto;
            if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
                dto = new UserRecoveryDTO(userName);
            } else {
                UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
                userDTO.setTenantId(tenantID);
                dto = new UserRecoveryDTO(userDTO);
            }
            dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_UNLOCK);
            dto.setNotificationType(notificationType);
            IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(dto);
        }
        log.info("Account unlocked for: " + userName);
    } catch (UserStoreException | IdentityException e) {
        String message = "Error occurred while unlocking account for: " + userName;
        log.error(message, e);
        throw new IdentityMgtServiceException(message, e);
    }
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 2 with UserRecoveryDTO

use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementAdminService method disableUserAccount.

/**
 * Admin disables the user account. Only the admin can enable the account using
 * the {@literal enableUserAccount} method.
 *
 * @param userName
 * @throws IdentityMgtServiceException
 */
public void disableUserAccount(String userName, String notificationType) throws IdentityMgtServiceException {
    try {
        UserStoreManager userStoreManager = getUserStore(userName);
        String userNameWithoutDomain = UserCoreUtil.removeDomainFromName(userName);
        UserIdentityManagementUtil.disableUserAccount(userNameWithoutDomain, userStoreManager);
        audit.info(String.format(AUDIT_MESSAGE, getUser(), "Disable user account", userName, "Notification type :" + notificationType, SUCCESS));
        int tenantID = userStoreManager.getTenantId();
        String tenantDomain = IdentityMgtServiceComponent.getRealmService().getTenantManager().getDomain(tenantID);
        boolean isNotificationSending = IdentityMgtConfig.getInstance().isAccountDisableNotificationSending();
        if (notificationType != null && isNotificationSending) {
            UserRecoveryDTO dto;
            if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
                dto = new UserRecoveryDTO(userName);
            } else {
                UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
                userDTO.setTenantId(tenantID);
                dto = new UserRecoveryDTO(userDTO);
            }
            dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_DISABLE);
            dto.setNotificationType(notificationType);
            IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(dto);
            if (log.isDebugEnabled()) {
                log.debug("Account enabled notification is sent in " + notificationType);
            }
        }
    } catch (UserStoreException | IdentityException e) {
        log.error("Error occurred while trying to disable the account " + userName, e);
        throw new IdentityMgtServiceException("Error occurred while trying to disable the account " + userName, e);
    }
}
Also used : IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) UserStoreException(org.wso2.carbon.user.api.UserStoreException) AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager) UserStoreManager(org.wso2.carbon.user.api.UserStoreManager) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 3 with UserRecoveryDTO

use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.

the class IdentityMgtEventListener method sendEmail.

private void sendEmail(String userName, int tenantId, String notification) {
    UserRecoveryDTO dto;
    String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId);
    if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
        dto = new UserRecoveryDTO(userName);
    } else {
        UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
        userDTO.setTenantId(tenantId);
        dto = new UserRecoveryDTO(userDTO);
    }
    dto.setNotification(notification);
    dto.setNotificationType(EMAIL_NOTIFICATION_TYPE);
    try {
        IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(dto);
    } catch (IdentityException e) {
        // proceed with the rest of the flow even if the email is not sent
        log.error("Email notification sending failed for user:" + userName + " for " + notification);
    }
}
Also used : UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 4 with UserRecoveryDTO

use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.

the class IdentityMgtEventListener method doPostAddUser.

/**
 * This method locks the created accounts based on the account policies or
 * based on the account confirmation method being used. Two account
 * confirmation methods are used : Temporary Password and Verification Code.
 * In the case of temporary password is used the temporary password will be
 * emailed to the user. In the case of verification code, the code will be
 * emailed to the user. The security questions filter ad doPreAddUser will
 * be persisted in this method.
 */
@Override
public boolean doPostAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims, String profile, UserStoreManager userStoreManager) throws UserStoreException {
    if (!isEnable()) {
        return true;
    }
    // Top level try and finally blocks are used to unset thread local variables
    try {
        if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_POST_ADD_USER)) {
            IdentityUtil.threadLocalProperties.get().put(DO_POST_ADD_USER, true);
            if (log.isDebugEnabled()) {
                log.debug("Post add user is called in IdentityMgtEventListener");
            }
            IdentityMgtConfig config = IdentityMgtConfig.getInstance();
            // reading the value from the thread local
            UserIdentityClaimsDO userIdentityClaimsDO = (UserIdentityClaimsDO) IdentityUtil.threadLocalProperties.get().get(USER_IDENTITY_DO);
            if (config.isEnableUserAccountVerification() && IdentityUtil.threadLocalProperties.get().containsKey(EMPTY_PASSWORD_USED)) {
                // empty password account creation
                String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
                if (!UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domainName)) {
                    userName = domainName + UserCoreConstants.DOMAIN_SEPARATOR + userName;
                }
                // store identity data
                userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, "");
                userIdentityClaimsDO.setAccountLock(false);
                try {
                    module.store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while saving user store for user : " + userName, e);
                }
                // store identity metadata
                UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
                metadataDO.setUserName(userName).setTenantId(userStoreManager.getTenantId()).setCode((String) credential);
                // set recovery data
                RecoveryProcessor processor = new RecoveryProcessor();
                UserRecoveryDTO recoveryDto = new UserRecoveryDTO(userName);
                recoveryDto.setNotification(IdentityMgtConstants.Notification.ASK_PASSWORD);
                recoveryDto.setNotificationType("EMAIL");
                recoveryDto.setTenantId(userStoreManager.getTenantId());
                NotificationDataDTO notificationDto = null;
                try {
                    notificationDto = processor.recoverWithNotification(recoveryDto);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while sending notification for user : " + userName, e);
                }
                return notificationDto != null && notificationDto.isNotificationSent();
            }
            // No account recoveries are defined, no email will be sent.
            if (config.isAuthPolicyAccountLockOnCreation()) {
                // accounts are locked. Admin should unlock
                userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, IdentityMgtConstants.LockedReason.UNVERIFIED.toString());
                userIdentityClaimsDO.setAccountLock(true);
                try {
                    config.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while saving user store data for user : " + userName, e);
                }
            }
            // When claims available in user add request like http://wso2.org/claims/identity/accountLocked
            if (!config.isEnableUserAccountVerification() && !config.isAuthPolicyAccountLockOnCreation() && userIdentityClaimsDO != null) {
                try {
                    if (log.isDebugEnabled()) {
                        log.debug("Storing identity-mgt claims since they are available in the addUser request");
                    }
                    module.store(userIdentityClaimsDO, userStoreManager);
                } catch (IdentityException e) {
                    // roleback user
                    userStoreManager.deleteUser(userName);
                    throw new UserStoreException("Error while saving user store data for user : " + userName, e);
                }
            }
        }
        return true;
    } finally {
        // Remove thread local variable
        IdentityUtil.threadLocalProperties.get().remove(DO_POST_ADD_USER);
        IdentityUtil.threadLocalProperties.get().remove(EMPTY_PASSWORD_USED);
        IdentityUtil.threadLocalProperties.get().remove(USER_IDENTITY_DO);
    }
}
Also used : UserRecoveryDataDO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO) UserStoreException(org.wso2.carbon.user.core.UserStoreException) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 5 with UserRecoveryDTO

use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.

the class UserIdentityManagementService method processPasswordRecovery.

/**
 * process password recovery for given user
 *
 * @return recovery process success or not
 * @throws IdentityException if fails
 */
public boolean processPasswordRecovery(String userId, String confirmationCode, String notificationType) throws IdentityMgtServiceException {
    UserDTO userDTO = null;
    try {
        userDTO = Utils.processUserId(userId);
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("invalid user name", e);
    }
    RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
    VerificationBean bean = processor.verifyConfirmationKey(confirmationCode);
    if (!bean.isVerified()) {
        log.warn("Invalid user is trying to recover the password : " + userId);
        return false;
    }
    UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
    dto.setNotification(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);
    dto.setNotificationType(notificationType);
    NotificationDataDTO dataDTO = null;
    try {
        dataDTO = processor.recoverWithNotification(dto);
    } catch (IdentityException e) {
        throw new IdentityMgtServiceException("Error while password recovery.", e);
    }
    return dataDTO.isNotificationSent();
}
Also used : VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean) IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException) UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO) NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO) RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor) UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Aggregations

IdentityException (org.wso2.carbon.identity.base.IdentityException)12 UserRecoveryDTO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)10 UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)9 NotificationDataDTO (org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)8 IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)7 UserStoreException (org.wso2.carbon.user.api.UserStoreException)7 RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)5 VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)5 HashMap (java.util.HashMap)3 PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)3 UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)3 AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 Map (java.util.Map)2 IdentityEventListenerConfig (org.wso2.carbon.identity.core.model.IdentityEventListenerConfig)2 IdentityMgtConfig (org.wso2.carbon.identity.mgt.IdentityMgtConfig)2 IdentityMgtEventListener (org.wso2.carbon.identity.mgt.IdentityMgtEventListener)2 Config (org.wso2.carbon.identity.mgt.config.Config)2 ConfigBuilder (org.wso2.carbon.identity.mgt.config.ConfigBuilder)2 UserRecoveryDataDO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO)2