Search in sources :

Example 1 with ChallengeQuestion

use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project carbon-identity-framework by wso2.

the class ChallengeQuestionProcessor method verifyPrimaryChallengeQuestion.

/**
 * @param userName
 * @param tenantId
 * @param userChallengesDTOs
 * @return
 * @throws UserStoreException
 */
public boolean verifyPrimaryChallengeQuestion(String userName, int tenantId, UserChallengesDTO[] userChallengesDTOs) {
    boolean verification = false;
    try {
        if (log.isDebugEnabled()) {
            log.debug("Challenge Question from the user profile for user " + userName);
        }
        String claimValue = Utils.getClaimFromUserStoreManager(userName, tenantId, "http://wso2.org/claims/primaryChallengeQuestion");
        if (claimValue == null) {
            log.debug("No associated challenge question found for the user " + userName);
            return false;
        }
        String[] challenges = claimValue.split(IdentityMgtConfig.getInstance().getChallengeQuestionSeparator());
        Map<String, String> challengeMap = new HashMap<String, String>();
        for (int i = 0; i < challenges.length; i = i + 2) {
            challengeMap.put(challenges[i], challenges[i + 1]);
        }
        for (UserChallengesDTO userChallengesDTO : userChallengesDTOs) {
            for (Map.Entry<String, String> entry : challengeMap.entrySet()) {
                String challengeQuestion = entry.getKey();
                if (challengeQuestion.equals(userChallengesDTO.getQuestion().trim())) {
                    String challengeAnswer = entry.getValue();
                    if (challengeAnswer.equals(Utils.doHash(userChallengesDTO.getAnswer().trim().toLowerCase()))) {
                        verification = true;
                    } else {
                        return false;
                    }
                }
            }
        }
    } catch (Exception e) {
        log.debug("No associated challenge question found for the user " + userName, e);
    }
    return verification;
}
Also used : UserChallengesDTO(org.wso2.carbon.identity.mgt.dto.UserChallengesDTO) HashMap(java.util.HashMap) HashMap(java.util.HashMap) Map(java.util.Map) UserStoreException(org.wso2.carbon.user.core.UserStoreException) RegistryException(org.wso2.carbon.registry.core.exceptions.RegistryException) IdentityException(org.wso2.carbon.identity.base.IdentityException)

Example 2 with ChallengeQuestion

use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.

the class ValidateAnswerApiServiceImpl method validateAnswerPost.

@Override
public Response validateAnswerPost(AnswerVerificationRequestDTO answerVerificationRequest) {
    SecurityQuestionPasswordRecoveryManager securityQuestionBasedPwdRecoveryManager = RecoveryUtil.getSecurityQuestionBasedPwdRecoveryManager();
    ChallengeQuestionResponse challengeQuestion = null;
    try {
        challengeQuestion = securityQuestionBasedPwdRecoveryManager.validateUserChallengeQuestions(RecoveryUtil.getUserChallengeAnswers(answerVerificationRequest.getAnswers()), answerVerificationRequest.getKey(), RecoveryUtil.getProperties(answerVerificationRequest.getProperties()));
    } catch (IdentityRecoveryClientException e) {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Client Error while verifying challenge answers in recovery flow", e);
        }
        if (IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_ANSWER_FOR_SECURITY_QUESTION.getCode().equals(e.getErrorCode())) {
            RetryErrorDTO errorDTO = new RetryErrorDTO();
            errorDTO.setCode(e.getErrorCode());
            errorDTO.setMessage(e.getMessage());
            errorDTO.setDescription(e.getMessage());
            errorDTO.setKey(answerVerificationRequest.getKey());
            return Response.status(Response.Status.PRECONDITION_FAILED).entity(errorDTO).build();
        }
        RecoveryUtil.handleBadRequest(e.getMessage(), e.getErrorCode());
    } catch (IdentityRecoveryException e) {
        RecoveryUtil.handleInternalServerError(Constants.SERVER_ERROR, e.getErrorCode(), LOG, e);
    } catch (Throwable throwable) {
        RecoveryUtil.handleInternalServerError(Constants.SERVER_ERROR, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED.getCode(), LOG, throwable);
    }
    return Response.ok(RecoveryUtil.getInitiateQuestionResponseDTO(challengeQuestion)).build();
}
Also used : RetryErrorDTO(org.wso2.carbon.identity.recovery.endpoint.dto.RetryErrorDTO) ChallengeQuestionResponse(org.wso2.carbon.identity.recovery.bean.ChallengeQuestionResponse) IdentityRecoveryException(org.wso2.carbon.identity.recovery.IdentityRecoveryException) SecurityQuestionPasswordRecoveryManager(org.wso2.carbon.identity.recovery.password.SecurityQuestionPasswordRecoveryManager) IdentityRecoveryClientException(org.wso2.carbon.identity.recovery.IdentityRecoveryClientException)

Example 3 with ChallengeQuestion

use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.

the class PostAuthnMissingChallengeQuestionsHandler method getUrlEncodedChallengeQuestionsString.

/**
 * Returns a URL-encoded string of challenge questions for the given user
 *
 * @param user Authenticated User.
 * @return UTF-8 encoded URL with challenge questions.
 */
private String getUrlEncodedChallengeQuestionsString(AuthenticatedUser user) throws UnsupportedEncodingException {
    StringBuilder challengeQuestionData = new StringBuilder();
    List<ChallengeQuestion> challengeQuestionList = getChallengeQuestions(user);
    if (CollectionUtils.isEmpty(challengeQuestionList)) {
        if (log.isDebugEnabled()) {
            log.debug("Challenge questions not found for the user: " + user.getUserName() + " in tenant domain: " + user.getTenantDomain());
        }
        return null;
    } else {
        for (ChallengeQuestion question : challengeQuestionList) {
            String setId = question.getQuestionSetId();
            String questionId = question.getQuestionId();
            String questionString = question.getQuestion();
            String questionLocale = question.getLocale();
            challengeQuestionData.append(setId).append("|").append(questionId).append("|").append(questionString).append("|").append(questionLocale).append("&");
        }
    }
    return java.net.URLEncoder.encode(challengeQuestionData.toString(), StandardCharsets.UTF_8.name());
}
Also used : ChallengeQuestion(org.wso2.carbon.identity.recovery.model.ChallengeQuestion)

Example 4 with ChallengeQuestion

use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.

the class PostAuthnMissingChallengeQuestionsHandler method retrieveChallengeQuestionAnswers.

/**
 * Returns an array of UserChallengeAnswer from constructed from the servlet request parameters
 *
 * @param servletRequest HTTP Servlet Request.
 * @return challengeQuestionList.
 */
private UserChallengeAnswer[] retrieveChallengeQuestionAnswers(HttpServletRequest servletRequest, List<ChallengeQuestion> challengeQuestionsList) {
    Map<String, String> questionsMap = new HashMap<>();
    Map<String, String> answersMap = new HashMap<>();
    List<UserChallengeAnswer> questionsAndAnswers = new ArrayList<>();
    Enumeration<String> paramNames = servletRequest.getParameterNames();
    List<String> paramNamesList = Collections.list(paramNames);
    for (String requestParam : paramNamesList) {
        if (requestParam.contains(SELECTED_CHALLENGE_QUESTION_PREFIX)) {
            String question = servletRequest.getParameter(requestParam);
            String questionSetID = requestParam.replace(SELECTED_CHALLENGE_QUESTION_PREFIX, "");
            questionsMap.put(questionSetID, question);
        } else if (requestParam.contains(CHALLENGE_QUESTION_ANSWER_PREFIX)) {
            String answer = servletRequest.getParameter(requestParam);
            String answerSetID = requestParam.replace(CHALLENGE_QUESTION_ANSWER_PREFIX, "");
            answersMap.put(answerSetID, answer);
        }
    }
    for (String questionKey : questionsMap.keySet()) {
        String challengeQuestion = questionsMap.get(questionKey);
        for (ChallengeQuestion question : challengeQuestionsList) {
            if (StringUtils.equals(question.getQuestionSetId(), questionKey) && StringUtils.equals(question.getQuestion(), challengeQuestion)) {
                UserChallengeAnswer questionAndAnswer = new UserChallengeAnswer();
                questionAndAnswer.setQuestion(question);
                if (StringUtils.isEmpty(answersMap.get(questionKey))) {
                    if (log.isDebugEnabled()) {
                        log.debug("Answer not found for challenge question " + question + ", hence not adding " + "challenge question");
                    }
                } else {
                    questionAndAnswer.setAnswer(answersMap.get(questionKey));
                    questionsAndAnswers.add(questionAndAnswer);
                }
            }
        }
    }
    return questionsAndAnswers.toArray(new UserChallengeAnswer[questionsAndAnswers.size()]);
}
Also used : HashMap(java.util.HashMap) ArrayList(java.util.ArrayList) UserChallengeAnswer(org.wso2.carbon.identity.recovery.model.UserChallengeAnswer) ChallengeQuestion(org.wso2.carbon.identity.recovery.model.ChallengeQuestion)

Example 5 with ChallengeQuestion

use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.

the class ChallengeAnswerValidationHandler method validateChallengeAnswerUniqueness.

/**
 * Validate the uniqueness of a given answer.
 *
 * @param newChallengeAnswers      Newly added challenge question answers.
 * @param existingChallengeAnswers Existing challenge question answers.
 * @throws IdentityRecoveryServerException Error while hashing the newly added answers.
 * @throws IdentityRecoveryClientException Error while validating the answer uniqueness.
 */
private void validateChallengeAnswerUniqueness(List<UserChallengeAnswer> newChallengeAnswers, List<UserChallengeAnswer> existingChallengeAnswers) throws IdentityRecoveryServerException, IdentityRecoveryClientException {
    Set<String> uniqueChallengeAnswerHashSet = new HashSet<>();
    for (UserChallengeAnswer existingChallengeAnswer : existingChallengeAnswers) {
        uniqueChallengeAnswerHashSet.add(existingChallengeAnswer.getAnswer().trim());
    }
    String hashedNewChallengeAnswer;
    for (UserChallengeAnswer userChallengeAnswer : newChallengeAnswers) {
        String challengeQuestion = userChallengeAnswer.getQuestion().getQuestion();
        try {
            hashedNewChallengeAnswer = Utils.doHash(userChallengeAnswer.getAnswer().trim().toLowerCase());
        } catch (UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO, null);
        }
        if (!uniqueChallengeAnswerHashSet.add(hashedNewChallengeAnswer)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("The challenge question answer is not unique. The given answer for " + "the challenge question '%s' has been used more than once.", challengeQuestion));
            }
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NOT_UNIQUE_ANSWER, challengeQuestion);
        }
    }
}
Also used : UserStoreException(org.wso2.carbon.user.api.UserStoreException) UserChallengeAnswer(org.wso2.carbon.identity.recovery.model.UserChallengeAnswer) HashSet(java.util.HashSet)

Aggregations

ChallengeQuestion (org.wso2.carbon.identity.recovery.model.ChallengeQuestion)26 ArrayList (java.util.ArrayList)14 Test (org.testng.annotations.Test)8 IdentityRecoveryException (org.wso2.carbon.identity.recovery.IdentityRecoveryException)8 UserChallengeAnswer (org.wso2.carbon.identity.recovery.model.UserChallengeAnswer)7 ChallengeQuestion (org.wso2.carbon.identity.recovery.stub.model.ChallengeQuestion)6 UserStoreException (org.wso2.carbon.user.api.UserStoreException)6 HashMap (java.util.HashMap)5 HashSet (java.util.HashSet)5 IdentityRecoveryClientException (org.wso2.carbon.identity.recovery.IdentityRecoveryClientException)5 IdentityException (org.wso2.carbon.identity.base.IdentityException)3 ChallengeQuestionManager (org.wso2.carbon.identity.recovery.ChallengeQuestionManager)3 ChallengeQuestionResponse (org.wso2.carbon.identity.recovery.bean.ChallengeQuestionResponse)3 UserRecoveryData (org.wso2.carbon.identity.recovery.model.UserRecoveryData)3 UserRecoveryDataStore (org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore)3 ChallengeQuestionDTO (org.wso2.carbon.identity.rest.api.server.challenge.v1.dto.ChallengeQuestionDTO)3 ISIntegrationTest (org.wso2.identity.integration.common.utils.ISIntegrationTest)3 Gson (com.google.gson.Gson)2 GsonBuilder (com.google.gson.GsonBuilder)2 Map (java.util.Map)2