Example 1 with PolicyViolationException
use of org.wso2.carbon.identity.mgt.policy.PolicyViolationException in project carbon-apimgt by wso2.
the class APIConsumerImpl method changeUserPassword.
/**
* Change user's password
*
* @param currentPassword Current password of the user
* @param newPassword New password of the user
*/
@Override
public void changeUserPassword(String currentPassword, String newPassword) throws APIManagementException {
// check whether EnablePasswordChange configuration is set to 'true'
APIManagerConfiguration config = ServiceReferenceHolder.getInstance().getAPIManagerConfigurationService().getAPIManagerConfiguration();
boolean enableChangePassword = Boolean.parseBoolean(config.getFirstProperty(APIConstants.ENABLE_CHANGE_PASSWORD));
if (!enableChangePassword) {
throw new APIManagementException("Password change operation is disabled in the system", ExceptionCodes.PASSWORD_CHANGE_DISABLED);
}
UserAdmin userAdmin = new UserAdmin();
try {
userAdmin.changePasswordByUser(userNameWithoutChange, currentPassword, newPassword);
} catch (UserAdminException e) {
String genericErrorMessage = "Error occurred while changing the user password";
if (log.isDebugEnabled()) {
log.debug(genericErrorMessage, e);
}
// filter the exception message
String exceptionMessage = e.getMessage();
if (exceptionMessage.matches("(?i:.*\\b(current)\\b.*\\b(password)\\b.*\\b(incorrect)\\b.*)")) {
String errorMessage = "The current user password entered is incorrect";
throw new APIManagementException(errorMessage, ExceptionCodes.CURRENT_PASSWORD_INCORRECT);
} else if ((exceptionMessage.matches("(?i:.*\\b(password)\\b.*\\b(length)\\b.*)")) || (ExceptionUtils.getStackTrace(e).contains("PolicyViolationException"))) {
String errorMessage = "The new password entered is invalid since it doesn't comply with the password " + "pattern/policy configured";
throw new APIManagementException(errorMessage, ExceptionCodes.PASSWORD_PATTERN_INVALID);
} else {
throw new APIManagementException(genericErrorMessage);
}
}
}
Also used :
APIManagementException(org.wso2.carbon.apimgt.api.APIManagementException)
UserAdmin(org.wso2.carbon.user.mgt.UserAdmin)
UserAdminException(org.wso2.carbon.user.mgt.common.UserAdminException)
Example 2 with PolicyViolationException
use of org.wso2.carbon.identity.mgt.policy.PolicyViolationException in project carbon-identity-framework by wso2.
the class UniqueClaimUserOperationEventListener method checkClaimUniqueness.
private void checkClaimUniqueness(String username, Map<String, String> claims, String profile, UserStoreManager userStoreManager, Object credential) throws UserStoreException {
String errorMessage = StringUtils.EMPTY;
String tenantDomain = getTenantDomain(userStoreManager);
List<String> duplicateClaim = new ArrayList<>();
Claim claimObject = null;
for (Map.Entry<String, String> claim : claims.entrySet()) {
try {
if (isUniqueClaim(claim.getKey(), tenantDomain)) {
try {
claimObject = userStoreManager.getClaimManager().getClaim(claim.getKey());
} catch (org.wso2.carbon.user.api.UserStoreException e) {
log.error("Error while getting claim from claimUri: " + claim.getKey() + ".", e);
}
if (claimObject == null) {
continue;
}
// checks whether allowed login identifiers are equal to the password
if (credential != null && (credential.toString()).equals(claim.getValue())) {
errorMessage = "Password can not be equal to the value defined for " + claimObject.getDisplayTag() + "!";
throw new UserStoreException(errorMessage, new PolicyViolationException(errorMessage));
}
if (isClaimDuplicated(username, claim.getKey(), claim.getValue(), profile, userStoreManager)) {
String displayTag = claimObject.getDisplayTag();
if (StringUtils.isBlank(displayTag)) {
displayTag = claim.getKey();
}
duplicateClaim.add(displayTag);
}
}
} catch (ClaimMetadataException e) {
log.error("Error while getting claim metadata for claimUri : " + claim.getKey() + ".", e);
}
}
if (StringUtils.isNotBlank(errorMessage)) {
throw new UserStoreException(errorMessage, new PolicyViolationException(errorMessage));
}
if (duplicateClaim.size() == 0) {
return;
} else if (duplicateClaim.size() == 1) {
errorMessage = "The value defined for " + duplicateClaim.get(0) + " is already in use by different user!";
} else {
String claimList = String.join(", ", duplicateClaim);
errorMessage = "The values defined for " + claimList + " are already in use by a different users!";
}
throw new UserStoreException(errorMessage, new PolicyViolationException(errorMessage));
}
Also used :
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
ArrayList(java.util.ArrayList)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
PolicyViolationException(org.wso2.carbon.identity.mgt.policy.PolicyViolationException)
HashMap(java.util.HashMap)
Map(java.util.Map)
LocalClaim(org.wso2.carbon.identity.claim.metadata.mgt.model.LocalClaim)
Claim(org.wso2.carbon.user.api.Claim)
Example 3 with PolicyViolationException
use of org.wso2.carbon.identity.mgt.policy.PolicyViolationException in project carbon-identity-framework by wso2.
the class UniqueClaimUserOperationEventListener method checkUsernameUniqueness.
private void checkUsernameUniqueness(String username, UserStoreManager userStoreManager) throws UserStoreException {
String errorMessage;
String tenantDomain = getTenantDomain(userStoreManager);
try {
if (isUniqueClaim(USERNAME_CLAIM, tenantDomain) && isClaimDuplicated(username, USERNAME_CLAIM, username, null, userStoreManager)) {
errorMessage = "Username " + username + " is already in use by a different user!";
throw new UserStoreException(errorMessage, new PolicyViolationException(errorMessage));
}
} catch (ClaimMetadataException e) {
log.error("Error while getting claim metadata for claimUri : " + USERNAME_CLAIM + ".", e);
}
}
Also used :
ClaimMetadataException(org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
PolicyViolationException(org.wso2.carbon.identity.mgt.policy.PolicyViolationException)
Example 4 with PolicyViolationException
use of org.wso2.carbon.identity.mgt.policy.PolicyViolationException in project carbon-identity-framework by wso2.
the class IdentityMgtEventListener method doPreUpdateCredential.
/**
* This method is used to check pre conditions when changing the user
* password.
*/
@Override
public boolean doPreUpdateCredential(String userName, Object newCredential, Object oldCredential, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
if (log.isDebugEnabled()) {
log.debug("Pre update credential is called in IdentityMgtEventListener");
}
try {
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_PRE_UPDATE_CREDENTIAL)) {
IdentityUtil.threadLocalProperties.get().put(DO_PRE_UPDATE_CREDENTIAL, true);
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
UserIdentityClaimsDO identityDTO = identityDataStore.load(userName, userStoreManager);
boolean isAccountDisabled = false;
if (identityDTO != null) {
isAccountDisabled = identityDTO.getIsAccountDisabled();
} else {
throw new UserStoreException("Cannot get the user account active status.");
}
if (isAccountDisabled) {
IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(IdentityCoreConstants.USER_ACCOUNT_DISABLED_ERROR_CODE);
IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
// account is already disabled and trying to update the credential without enabling it
log.warn("Trying to update credential of a disabled user account. This is not permitted.");
throw new UserStoreException("User account is disabled, can't update credential without enabling.");
}
try {
// Enforcing the password policies.
if (newCredential != null && (newCredential instanceof String && (newCredential.toString().trim().length() > 0))) {
policyRegistry.enforcePasswordPolicies(newCredential.toString(), userName);
}
} catch (PolicyViolationException pe) {
throw new UserStoreException(pe.getMessage(), pe);
}
}
return true;
} finally {
// Remove thread local variable
IdentityUtil.threadLocalProperties.get().remove(DO_PRE_UPDATE_CREDENTIAL);
}
}
Also used :
UserIdentityDataStore(org.wso2.carbon.identity.mgt.store.UserIdentityDataStore)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)
PolicyViolationException(org.wso2.carbon.identity.mgt.policy.PolicyViolationException)
IdentityErrorMsgContext(org.wso2.carbon.identity.core.model.IdentityErrorMsgContext)
Example 5 with PolicyViolationException
use of org.wso2.carbon.identity.mgt.policy.PolicyViolationException in project carbon-identity-framework by wso2.
the class IdentityMgtEventListener method doPreUpdateCredentialByAdmin.
/**
* This method is used when the admin is updating the credentials with an
* empty credential. A random password will be generated and will be mailed
* to the user.
*/
@Override
public boolean doPreUpdateCredentialByAdmin(String userName, Object newCredential, UserStoreManager userStoreManager) throws UserStoreException {
if (!isEnable()) {
return true;
}
if (log.isDebugEnabled()) {
log.debug("Pre update credential by admin is called in IdentityMgtEventListener");
}
// Top level try and finally blocks are used to unset thread local variables
try {
if (!IdentityUtil.threadLocalProperties.get().containsKey(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN)) {
IdentityUtil.threadLocalProperties.get().put(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN, true);
IdentityMgtConfig config = IdentityMgtConfig.getInstance();
UserIdentityDataStore identityDataStore = IdentityMgtConfig.getInstance().getIdentityDataStore();
UserIdentityClaimsDO identityDTO = identityDataStore.load(userName, userStoreManager);
boolean isAccountDisabled = false;
if (identityDTO != null) {
isAccountDisabled = identityDTO.getIsAccountDisabled();
} else {
throw new UserStoreException("Cannot get the user account active status.");
}
if (isAccountDisabled) {
IdentityErrorMsgContext customErrorMessageContext = new IdentityErrorMsgContext(IdentityCoreConstants.USER_ACCOUNT_DISABLED_ERROR_CODE);
IdentityUtil.setIdentityErrorMsg(customErrorMessageContext);
// account is already disabled and trying to update the credential without enabling it
log.warn("Trying to update credential of a disabled user account. This is not permitted.");
throw new UserStoreException("User account is disabled, can't update credential without enabling.");
}
try {
// Enforcing the password policies.
if (newCredential != null && (newCredential instanceof StringBuffer && (newCredential.toString().trim().length() > 0))) {
policyRegistry.enforcePasswordPolicies(newCredential.toString(), userName);
}
} catch (PolicyViolationException pe) {
throw new UserStoreException(pe.getMessage(), pe);
}
if (newCredential == null || (newCredential instanceof StringBuffer && ((StringBuffer) newCredential).toString().trim().length() < 1)) {
if (!config.isEnableTemporaryPassword()) {
log.error("Empty passwords are not allowed");
return false;
}
if (log.isDebugEnabled()) {
log.debug("Credentials are null. Using a temporary password as credentials");
}
// temporary passwords will be used
char[] temporaryPassword = UserIdentityManagementUtil.generateTemporaryPassword();
// setting the password value
((StringBuffer) newCredential).replace(0, temporaryPassword.length, new String(temporaryPassword));
UserIdentityMgtBean bean = new UserIdentityMgtBean();
bean.setUserId(userName);
bean.setConfirmationCode(newCredential.toString());
bean.setRecoveryType(IdentityMgtConstants.Notification.TEMPORARY_PASSWORD);
if (log.isDebugEnabled()) {
log.debug("Sending the temporary password to the user " + userName);
}
UserIdentityManagementUtil.notifyViaEmail(bean);
} else {
if (log.isDebugEnabled()) {
log.debug("Updating credentials of user " + userName + " by admin with a non-empty password");
}
}
}
return true;
} finally {
// Remove thread local variable
IdentityUtil.threadLocalProperties.get().remove(DO_PRE_UPDATE_CREDENTIAL_BY_ADMIN);
}
}
Also used :
UserIdentityMgtBean(org.wso2.carbon.identity.mgt.beans.UserIdentityMgtBean)
UserIdentityDataStore(org.wso2.carbon.identity.mgt.store.UserIdentityDataStore)
UserStoreException(org.wso2.carbon.user.core.UserStoreException)
UserIdentityClaimsDO(org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)
PolicyViolationException(org.wso2.carbon.identity.mgt.policy.PolicyViolationException)
IdentityErrorMsgContext(org.wso2.carbon.identity.core.model.IdentityErrorMsgContext)
Aggregations
PolicyViolationException (org.wso2.carbon.identity.mgt.policy.PolicyViolationException)8
HashMap (java.util.HashMap)5
UserStoreException (org.wso2.carbon.user.core.UserStoreException)5
IdentityEventException (org.wso2.carbon.identity.event.IdentityEventException)3
UserIdentityClaimsDO (org.wso2.carbon.identity.mgt.dto.UserIdentityClaimsDO)3
Claim (org.wso2.carbon.user.api.Claim)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
MalformedURLException (java.net.MalformedURLException)2
PrivilegedCarbonContext (org.wso2.carbon.context.PrivilegedCarbonContext)2
ClaimMetadataException (org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException)2
IdentityErrorMsgContext (org.wso2.carbon.identity.core.model.IdentityErrorMsgContext)2
NotificationChannelManagerException (org.wso2.carbon.identity.governance.exceptions.notiification.NotificationChannelManagerException)2
NotificationChannelManager (org.wso2.carbon.identity.governance.service.notification.NotificationChannelManager)2
UserIdentityDataStore (org.wso2.carbon.identity.mgt.store.UserIdentityDataStore)2
IdentityRecoveryClientException (org.wso2.carbon.identity.recovery.IdentityRecoveryClientException)2
NotificationResponseBean (org.wso2.carbon.identity.recovery.bean.NotificationResponseBean)2
UserStoreException (org.wso2.carbon.user.api.UserStoreException)2
UserStoreManager (org.wso2.carbon.user.api.UserStoreManager)2
AbstractUserStoreManager (org.wso2.carbon.user.core.common.AbstractUserStoreManager)2
RealmService (org.wso2.carbon.user.core.service.RealmService)2
