Example 1 with UserRecoveryDTO
use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method unlockUserAccount.
/**
* Admin unlocks the user account.
*
* @param userName
* @throws IdentityMgtServiceException
*/
public void unlockUserAccount(String userName, String notificationType) throws IdentityMgtServiceException {
try {
UserStoreManager userStoreManager = getUserStore(userName);
String userNameWithoutDomain = UserCoreUtil.removeDomainFromName(userName);
UserIdentityManagementUtil.unlockUserAccount(userNameWithoutDomain, userStoreManager);
int tenantID = userStoreManager.getTenantId();
String tenantDomain = IdentityMgtServiceComponent.getRealmService().getTenantManager().getDomain(tenantID);
boolean isNotificationSending = IdentityMgtConfig.getInstance().isNotificationSending();
if (notificationType != null && isNotificationSending) {
UserRecoveryDTO dto;
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
dto = new UserRecoveryDTO(userName);
} else {
UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
userDTO.setTenantId(tenantID);
dto = new UserRecoveryDTO(userDTO);
}
dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_UNLOCK);
dto.setNotificationType(notificationType);
IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(dto);
}
log.info("Account unlocked for: " + userName);
} catch (UserStoreException | IdentityException e) {
String message = "Error occurred while unlocking account for: " + userName;
log.error(message, e);
throw new IdentityMgtServiceException(message, e);
}
}
Also used :
IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException)
UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
Example 2 with UserRecoveryDTO
use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementAdminService method disableUserAccount.
/**
* Admin disables the user account. Only the admin can enable the account using
* the {@literal enableUserAccount} method.
*
* @param userName
* @throws IdentityMgtServiceException
*/
public void disableUserAccount(String userName, String notificationType) throws IdentityMgtServiceException {
try {
UserStoreManager userStoreManager = getUserStore(userName);
String userNameWithoutDomain = UserCoreUtil.removeDomainFromName(userName);
UserIdentityManagementUtil.disableUserAccount(userNameWithoutDomain, userStoreManager);
audit.info(String.format(AUDIT_MESSAGE, getUser(), "Disable user account", userName, "Notification type :" + notificationType, SUCCESS));
int tenantID = userStoreManager.getTenantId();
String tenantDomain = IdentityMgtServiceComponent.getRealmService().getTenantManager().getDomain(tenantID);
boolean isNotificationSending = IdentityMgtConfig.getInstance().isAccountDisableNotificationSending();
if (notificationType != null && isNotificationSending) {
UserRecoveryDTO dto;
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
dto = new UserRecoveryDTO(userName);
} else {
UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
userDTO.setTenantId(tenantID);
dto = new UserRecoveryDTO(userDTO);
}
dto.setNotification(IdentityMgtConstants.Notification.ACCOUNT_DISABLE);
dto.setNotificationType(notificationType);
IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(dto);
if (log.isDebugEnabled()) {
log.debug("Account enabled notification is sent in " + notificationType);
}
}
} catch (UserStoreException | IdentityException e) {
log.error("Error occurred while trying to disable the account " + userName, e);
throw new IdentityMgtServiceException("Error occurred while trying to disable the account " + userName, e);
}
}
Also used :
IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException)
UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO)
UserStoreException(org.wso2.carbon.user.api.UserStoreException)
AbstractUserStoreManager(org.wso2.carbon.user.core.common.AbstractUserStoreManager)
UserStoreManager(org.wso2.carbon.user.api.UserStoreManager)
UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
Example 3 with UserRecoveryDTO
use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.
the class IdentityMgtEventListener method sendEmail.
private void sendEmail(String userName, int tenantId, String notification) {
UserRecoveryDTO dto;
String tenantDomain = IdentityTenantUtil.getTenantDomain(tenantId);
if (MultitenantConstants.SUPER_TENANT_DOMAIN_NAME.equals(tenantDomain)) {
dto = new UserRecoveryDTO(userName);
} else {
UserDTO userDTO = new UserDTO(UserCoreUtil.addTenantDomainToEntry(userName, tenantDomain));
userDTO.setTenantId(tenantId);
dto = new UserRecoveryDTO(userDTO);
}
dto.setNotification(notification);
dto.setNotificationType(EMAIL_NOTIFICATION_TYPE);
try {
IdentityMgtServiceComponent.getRecoveryProcessor().recoverWithNotification(dto);
} catch (IdentityException e) {
// proceed with the rest of the flow even if the email is not sent
log.error("Email notification sending failed for user:" + userName + " for " + notification);
}
}
Also used :
UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO)
UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
Example 4 with UserRecoveryDTO
use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.
the class IdentityMgtEventListener method doPostAddUser.
/**
* This method locks the created accounts based on the account policies or
* based on the account confirmation method being used. Two account
* confirmation methods are used : Temporary Password and Verification Code.
* In the case of temporary password is used the temporary password will be
* emailed to the user. In the case of verification code, the code will be
* emailed to the user. The security questions filter ad doPreAddUser will
* be persisted in this method.
*/
@Override
public boolean doPostAddUser(String userName, Object credential, String[] roleList, Map<String, String> claims, String profile, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
// Top level try and finally blocks are used to unset thread local variables
try {
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_POST_ADD_USER)) {
IdentityUtil.threadLocalProperties.get().put(DO_POST_ADD_USER, true);
if (log.isDebugEnabled()) {
log.debug("Post add user is called in IdentityMgtEventListener");
}
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
// reading the value from the thread local
UserIdentityClaimsDO userIdentityClaimsDO = (UserIdentityClaimsDO) IdentityUtil.threadLocalProperties.get().get(USER_IDENTITY_DO);
if (config.isEnableUserAccountVerification() && IdentityUtil.threadLocalProperties.get().containsKey(EMPTY_PASSWORD_USED)) {
// empty password account creation
String domainName = ((org.wso2.carbon.user.core.UserStoreManager) userStoreManager).getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME);
if (!UserCoreConstants.PRIMARY_DEFAULT_DOMAIN_NAME.equals(domainName)) {
userName = domainName + UserCoreConstants.DOMAIN_SEPARATOR + userName;
}
// store identity data
userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, "");
userIdentityClaimsDO.setAccountLock(false);
try {
module.store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while saving user store for user : " + userName, e);
}
// store identity metadata
UserRecoveryDataDO metadataDO = new UserRecoveryDataDO();
metadataDO.setUserName(userName).setTenantId(userStoreManager.getTenantId()).setCode((String) credential);
// set recovery data
RecoveryProcessor processor = new RecoveryProcessor();
UserRecoveryDTO recoveryDto = new UserRecoveryDTO(userName);
recoveryDto.setNotification(IdentityMgtConstants.Notification.ASK_PASSWORD);
recoveryDto.setNotificationType("EMAIL");
recoveryDto.setTenantId(userStoreManager.getTenantId());
NotificationDataDTO notificationDto = null;
try {
notificationDto = processor.recoverWithNotification(recoveryDto);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while sending notification for user : " + userName, e);
}
return notificationDto != null && notificationDto.isNotificationSent();
}
// No account recoveries are defined, no email will be sent.
if (config.isAuthPolicyAccountLockOnCreation()) {
// accounts are locked. Admin should unlock
userIdentityClaimsDO.getUserDataMap().put(UserIdentityDataStore.ACCOUNT_LOCKED_REASON, IdentityMgtConstants.LockedReason.UNVERIFIED.toString());
userIdentityClaimsDO.setAccountLock(true);
try {
config.getIdentityDataStore().store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while saving user store data for user : " + userName, e);
}
}
// When claims available in user add request like http://wso2.org/claims/identity/accountLocked
if (!config.isEnableUserAccountVerification() && !config.isAuthPolicyAccountLockOnCreation() && userIdentityClaimsDO != null) {
try {
if (log.isDebugEnabled()) {
log.debug("Storing identity-mgt claims since they are available in the addUser request");
}
module.store(userIdentityClaimsDO, userStoreManager);
} catch (IdentityException e) {
// roleback user
userStoreManager.deleteUser(userName);
throw new UserStoreException("Error while saving user store data for user : " + userName, e);
}
}
}
return true;
} finally {
// Remove thread local variable
IdentityUtil.threadLocalProperties.get().remove(DO_POST_ADD_USER);
IdentityUtil.threadLocalProperties.get().remove(EMPTY_PASSWORD_USED);
IdentityUtil.threadLocalProperties.get().remove(USER_IDENTITY_DO);
}
}
Also used :
UserRecoveryDataDO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)
UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)
UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
Example 5 with UserRecoveryDTO
use of org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO in project carbon-identity-framework by wso2.
the class UserIdentityManagementService method processPasswordRecovery.
/**
* process password recovery for given user
*
* @return recovery process success or not
* @throws IdentityException if fails
*/
public boolean processPasswordRecovery(String userId, String confirmationCode, String notificationType) throws IdentityMgtServiceException {
UserDTO userDTO = null;
try {
userDTO = Utils.processUserId(userId);
} catch (IdentityException e) {
throw new IdentityMgtServiceException("invalid user name", e);
}
RecoveryProcessor processor = IdentityMgtServiceComponent.getRecoveryProcessor();
VerificationBean bean = processor.verifyConfirmationKey(confirmationCode);
if (!bean.isVerified()) {
log.warn("Invalid user is trying to recover the password : " + userId);
return false;
}
UserRecoveryDTO dto = new UserRecoveryDTO(userDTO);
dto.setNotification(IdentityMgtConstants.Notification.PASSWORD_RESET_RECOVERY);
dto.setNotificationType(notificationType);
NotificationDataDTO dataDTO = null;
try {
dataDTO = processor.recoverWithNotification(dto);
} catch (IdentityException e) {
throw new IdentityMgtServiceException("Error while password recovery.", e);
}
return dataDTO.isNotificationSent();
}
Also used :
VerificationBean(org.wso2.carbon.identity.mgt.beans.VerificationBean)
IdentityMgtServiceException(org.wso2.carbon.identity.mgt.IdentityMgtServiceException)
UserDTO(org.wso2.carbon.identity.mgt.dto.UserDTO)
NotificationDataDTO(org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)
RecoveryProcessor(org.wso2.carbon.identity.mgt.RecoveryProcessor)
UserRecoveryDTO(org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)
IdentityException(org.wso2.carbon.identity.base.IdentityException)
Aggregations
IdentityException (org.wso2.carbon.identity.base.IdentityException)12
UserRecoveryDTO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDTO)10
UserDTO (org.wso2.carbon.identity.mgt.dto.UserDTO)9
NotificationDataDTO (org.wso2.carbon.identity.mgt.dto.NotificationDataDTO)8
IdentityMgtServiceException (org.wso2.carbon.identity.mgt.IdentityMgtServiceException)7
UserStoreException (org.wso2.carbon.user.api.UserStoreException)7
RecoveryProcessor (org.wso2.carbon.identity.mgt.RecoveryProcessor)5
VerificationBean (org.wso2.carbon.identity.mgt.beans.VerificationBean)5
HashMap (java.util.HashMap)3
PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)3
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)3
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)3
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
Map (java.util.Map)2
IdentityEventListenerConfig (org.wso2.carbon.identity.core.model.IdentityEventListenerConfig)2
IdentityMgtConfig (org.wso2.carbon.identity.mgt.IdentityMgtConfig)2
IdentityMgtEventListener (org.wso2.carbon.identity.mgt.IdentityMgtEventListener)2
Config (org.wso2.carbon.identity.mgt.config.Config)2
ConfigBuilder (org.wso2.carbon.identity.mgt.config.ConfigBuilder)2
UserRecoveryDataDO (org.wso2.carbon.identity.mgt.dto.UserRecoveryDataDO)2
