Examples with UserAccountRecoveryManager org.wso2.carbon.identity.recovery.internal.service.impl.UserAccountRecoveryManager used on opensource projects

Example 1 with UserAccountRecoveryManager

use of org.wso2.carbon.identity.recovery.internal.service.impl.UserAccountRecoveryManager in project identity-governance by wso2-extensions.

the class UserAccountRecoveryManagerTest method testNoClaimsProvidedToRetrieveMatchingUsers.

/**
 * Test no claims provided to retrieve a matching user for the given set of claims.
 */
private void testNoClaimsProvidedToRetrieveMatchingUsers() {
    // Test no claims provided scenario.
    try {
        mockedUtils.when(() -> Utils.prependOperationScenarioToErrorCode(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_FIELD_FOUND_FOR_USER_RECOVERY.getCode(), IdentityRecoveryConstants.USER_ACCOUNT_RECOVERY)).thenReturn(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_FIELD_FOUND_FOR_USER_RECOVERY.getCode());
        mockedUtils.when(() -> Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_FIELD_FOUND_FOR_USER_RECOVERY.getCode(), IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_FIELD_FOUND_FOR_USER_RECOVERY.getMessage(), null)).thenReturn(IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_FIELD_FOUND_FOR_USER_RECOVERY.getCode(), ""));
        String username = userAccountRecoveryManager.getUsernameByClaims(new HashMap<String, String>(), MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
        assertNull(username, "UserAccountRecoveryManager: No claims have provided to retrieve the user : ");
    } catch (IdentityRecoveryException e) {
        // Get error code with scenario.
        String errorCode = Utils.prependOperationScenarioToErrorCode(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_FIELD_FOUND_FOR_USER_RECOVERY.getCode(), IdentityRecoveryConstants.USER_ACCOUNT_RECOVERY);
        assertEquals(e.getErrorCode(), errorCode, "UserAccountRecoveryManager: No claims have provided to retrieve the user : ");
    }
}

Example 2 with UserAccountRecoveryManager

use of org.wso2.carbon.identity.recovery.internal.service.impl.UserAccountRecoveryManager in project identity-governance by wso2-extensions.

the class UserAccountRecoveryManagerTest method testMultipleUsersMatchingForGivenClaims.

/**
 * Test multiple users matching for the given set of claims error.
 *
 * @throws Exception Error while checking for matched users.
 */
private void testMultipleUsersMatchingForGivenClaims() throws Exception {
    mockGetUserList(new String[] { "Sominda1", "Sominda2" });
    try {
        mockedUtils.when(() -> Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_MULTIPLE_MATCHING_USERS, null)).thenReturn(IdentityException.error(IdentityRecoveryClientException.class, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_MULTIPLE_MATCHING_USERS.getCode(), ""));
        String username = userAccountRecoveryManager.getUsernameByClaims(userClaims, MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
        assertNull(username, "UserAccountRecoveryManager: Exception should be thrown. Therefore, a " + "value for an identified user cannot be returned : ");
    } catch (IdentityRecoveryException e) {
        assertEquals(e.getErrorCode(), IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_MULTIPLE_MATCHING_USERS.getCode(), "Invalid error code for existing multiple users for given set of claims");
    }
}

Example 3 with UserAccountRecoveryManager

use of org.wso2.carbon.identity.recovery.internal.service.impl.UserAccountRecoveryManager in project identity-governance by wso2-extensions.

the class PasswordRecoveryManagerImpl method initiate.

/**
 * Get the username recovery information with available verified channel details.
 *
 * @param claims       User Claims
 * @param tenantDomain Tenant domain
 * @param properties   Meta properties
 * @return RecoveryInformationDTO {@link RecoveryInformationDTO} object that contains
 * recovery information of a  verified user
 * @throws IdentityRecoveryException Error while initiating password recovery
 */
@Override
public RecoveryInformationDTO initiate(Map<String, String> claims, String tenantDomain, Map<String, String> properties) throws IdentityRecoveryException {
    validateTenantDomain(tenantDomain);
    UserAccountRecoveryManager userAccountRecoveryManager = UserAccountRecoveryManager.getInstance();
    boolean isQuestionBasedRecoveryEnabled = isQuestionBasedRecoveryEnabled(tenantDomain);
    boolean isNotificationBasedRecoveryEnabled = isNotificationBasedRecoveryEnabled(tenantDomain);
    if (!isNotificationBasedRecoveryEnabled && !isQuestionBasedRecoveryEnabled) {
        if (log.isDebugEnabled()) {
            log.debug("User password recovery is not enabled for the tenant: " + tenantDomain);
        }
        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_PASSWORD_RECOVERY_NOT_ENABLED, null);
    }
    // Get recovery channel information.
    RecoveryChannelInfoDTO recoveryChannelInfoDTO = userAccountRecoveryManager.retrieveUserRecoveryInformation(claims, tenantDomain, RecoveryScenarios.NOTIFICATION_BASED_PW_RECOVERY, properties);
    RecoveryInformationDTO recoveryInformationDTO = new RecoveryInformationDTO();
    String username = recoveryChannelInfoDTO.getUsername();
    recoveryInformationDTO.setUsername(username);
    // Do not add recovery channel information if Notification based recovery is not enabled.
    recoveryInformationDTO.setNotificationBasedRecoveryEnabled(isNotificationBasedRecoveryEnabled);
    if (isNotificationBasedRecoveryEnabled) {
        recoveryInformationDTO.setRecoveryChannelInfoDTO(recoveryChannelInfoDTO);
    }
    if (isSkipRecoveryWithChallengeQuestionsForInsufficientAnswersEnabled) {
        recoveryInformationDTO.setQuestionBasedRecoveryAllowedForUser(isQuestionBasedRecoveryEnabled && isMinNoOfRecoveryQuestionsAnswered(username, tenantDomain));
    } else {
        recoveryInformationDTO.setQuestionBasedRecoveryAllowedForUser(isQuestionBasedRecoveryEnabled);
    }
    // Check if question based password recovery is unlocked in per-user functionality locking mode.
    if (isPerUserFunctionalityLockingEnabled) {
        boolean isQuestionBasedRecoveryLocked = getFunctionalityStatusOfUser(tenantDomain, recoveryChannelInfoDTO.getUsername(), IdentityRecoveryConstants.FunctionalityTypes.FUNCTIONALITY_SECURITY_QUESTION_PW_RECOVERY.getFunctionalityIdentifier()).getLockStatus();
        recoveryInformationDTO.setQuestionBasedRecoveryEnabled(!isQuestionBasedRecoveryLocked);
    } else {
        recoveryInformationDTO.setQuestionBasedRecoveryEnabled(isQuestionBasedRecoveryEnabled);
    }
    recoveryInformationDTO.setNotificationBasedRecoveryEnabled(isNotificationBasedRecoveryEnabled);
    return recoveryInformationDTO;
}

Example 4 with UserAccountRecoveryManager

use of org.wso2.carbon.identity.recovery.internal.service.impl.UserAccountRecoveryManager in project identity-governance by wso2-extensions.

the class PasswordRecoveryManagerImpl method confirm.

/**
 * Validate the confirmation code given for password recovery and return the password reset code.
 *
 * @param confirmationCode Confirmation code
 * @param tenantDomain     Tenant domain
 * @param properties       Meta properties in the confirmation request
 * @return PasswordResetCodeDTO {@link PasswordResetCodeDTO} object which contains password reset code
 * @throws IdentityRecoveryException Error while confirming password recovery
 */
@Override
public PasswordResetCodeDTO confirm(String confirmationCode, String tenantDomain, Map<String, String> properties) throws IdentityRecoveryException {
    validateTenantDomain(tenantDomain);
    UserAccountRecoveryManager userAccountRecoveryManager = UserAccountRecoveryManager.getInstance();
    // Get Recovery data.
    UserRecoveryData userRecoveryData = userAccountRecoveryManager.getUserRecoveryData(confirmationCode, RecoverySteps.UPDATE_PASSWORD);
    if (!tenantDomain.equals(userRecoveryData.getUser().getTenantDomain())) {
        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_USER_TENANT_DOMAIN_MISS_MATCH_WITH_CONTEXT, tenantDomain);
    }
    String domainQualifiedName = IdentityUtil.addDomainToName(userRecoveryData.getUser().getUserName(), userRecoveryData.getUser().getUserStoreDomain());
    if (log.isDebugEnabled()) {
        log.debug("Valid confirmation code for user: " + domainQualifiedName);
    }
    return buildPasswordResetCodeDTO(confirmationCode);
}

Example 5 with UserAccountRecoveryManager

use of org.wso2.carbon.identity.recovery.internal.service.impl.UserAccountRecoveryManager in project identity-governance by wso2-extensions.

the class UsernameRecoveryManagerImpl method initiate.

/**
 * Get the username recovery information with available verified channel details.
 *
 * @param claims       User Claims
 * @param tenantDomain Tenant domain
 * @param properties   Meta properties
 * @return RecoveryChannelInfoDTO {@link RecoveryInformationDTO} object that contains
 * recovery for a verified user
 * @throws IdentityRecoveryException Error while initiating username recovery
 */
@Override
public RecoveryInformationDTO initiate(Map<String, String> claims, String tenantDomain, Map<String, String> properties) throws IdentityRecoveryException {
    validateTenantDomain(tenantDomain);
    validateConfigurations(tenantDomain);
    UserAccountRecoveryManager userAccountRecoveryManager = UserAccountRecoveryManager.getInstance();
    RecoveryInformationDTO recoveryInformationDTO = new RecoveryInformationDTO();
    boolean useLegacyAPIApproach = useLegacyAPIApproach(properties);
    boolean manageNotificationsInternally = Utils.isNotificationsInternallyManaged(tenantDomain, properties);
    if (useLegacyAPIApproach) {
        // Use legacy API approach to support legacy username recovery.
        String username = userAccountRecoveryManager.getUsernameByClaims(claims, tenantDomain);
        if (StringUtils.isNotEmpty(username)) {
            if (manageNotificationsInternally) {
                User user = createUser(username, tenantDomain);
                triggerNotification(user, NotificationChannels.EMAIL_CHANNEL.getChannelType(), IdentityEventConstants.Event.TRIGGER_NOTIFICATION, null);
                if (log.isDebugEnabled()) {
                    log.debug("Successful username recovery for user: " + username + ". " + "User notified Internally");
                }
                auditUserNameRecovery(AuditConstants.ACTION_USERNAME_RECOVERY, claims, NOTIFICATION_TYPE_INTERNAL, username, null, FrameworkConstants.AUDIT_SUCCESS);
                return null;
            }
            if (log.isDebugEnabled()) {
                log.debug("Successful username recovery for user: " + username + ". User notified Externally");
            }
            auditUserNameRecovery(AuditConstants.ACTION_USERNAME_RECOVERY, claims, NOTIFICATION_TYPE_EXTERNAL, username, null, FrameworkConstants.AUDIT_SUCCESS);
            recoveryInformationDTO.setUsername(username);
        } else {
            String errorMsg = String.format("No user found for the given claims in tenant domain : %s", tenantDomain);
            if (log.isDebugEnabled()) {
                log.debug(errorMsg);
            }
            auditUserNameRecovery(AuditConstants.ACTION_USERNAME_RECOVERY, claims, "N/A", username, errorMsg, FrameworkConstants.AUDIT_FAILED);
            if (Boolean.parseBoolean(IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.NOTIFY_USER_EXISTENCE))) {
                throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_USER_FOUND, null);
            }
            return null;
        }
        return recoveryInformationDTO;
    }
    // Add notification method in a meta property list.
    Map<String, String> metaProperties = new HashMap<>();
    metaProperties.put(IdentityRecoveryConstants.MANAGE_NOTIFICATIONS_INTERNALLY_PROPERTY_KEY, Boolean.toString(manageNotificationsInternally));
    recoveryInformationDTO.setRecoveryChannelInfoDTO(userAccountRecoveryManager.retrieveUserRecoveryInformation(claims, tenantDomain, RecoveryScenarios.USERNAME_RECOVERY, metaProperties));
    return recoveryInformationDTO;
}