use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project carbon-identity-framework by wso2.
the class ChallengeQuestionProcessor method verifyPrimaryChallengeQuestion.
/**
* @param userName
* @param tenantId
* @param userChallengesDTOs
* @return
* @throws UserStoreException
*/
public boolean verifyPrimaryChallengeQuestion(String userName, int tenantId, UserChallengesDTO[] userChallengesDTOs) {
boolean verification = false;
try {
if (log.isDebugEnabled()) {
log.debug("Challenge Question from the user profile for user " + userName);
}
String claimValue = Utils.getClaimFromUserStoreManager(userName, tenantId, "http://wso2.org/claims/primaryChallengeQuestion");
if (claimValue == null) {
log.debug("No associated challenge question found for the user " + userName);
return false;
}
String[] challenges = claimValue.split(IdentityMgtConfig.getInstance().getChallengeQuestionSeparator());
Map<String, String> challengeMap = new HashMap<String, String>();
for (int i = 0; i < challenges.length; i = i + 2) {
challengeMap.put(challenges[i], challenges[i + 1]);
}
for (UserChallengesDTO userChallengesDTO : userChallengesDTOs) {
for (Map.Entry<String, String> entry : challengeMap.entrySet()) {
String challengeQuestion = entry.getKey();
if (challengeQuestion.equals(userChallengesDTO.getQuestion().trim())) {
String challengeAnswer = entry.getValue();
if (challengeAnswer.equals(Utils.doHash(userChallengesDTO.getAnswer().trim().toLowerCase()))) {
verification = true;
} else {
return false;
}
}
}
}
} catch (Exception e) {
log.debug("No associated challenge question found for the user " + userName, e);
}
return verification;
}
use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.
the class ValidateAnswerApiServiceImpl method validateAnswerPost.
@Override
public Response validateAnswerPost(AnswerVerificationRequestDTO answerVerificationRequest) {
SecurityQuestionPasswordRecoveryManager securityQuestionBasedPwdRecoveryManager = RecoveryUtil.getSecurityQuestionBasedPwdRecoveryManager();
ChallengeQuestionResponse challengeQuestion = null;
try {
challengeQuestion = securityQuestionBasedPwdRecoveryManager.validateUserChallengeQuestions(RecoveryUtil.getUserChallengeAnswers(answerVerificationRequest.getAnswers()), answerVerificationRequest.getKey(), RecoveryUtil.getProperties(answerVerificationRequest.getProperties()));
} catch (IdentityRecoveryClientException e) {
if (LOG.isDebugEnabled()) {
LOG.debug("Client Error while verifying challenge answers in recovery flow", e);
}
if (IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_ANSWER_FOR_SECURITY_QUESTION.getCode().equals(e.getErrorCode())) {
RetryErrorDTO errorDTO = new RetryErrorDTO();
errorDTO.setCode(e.getErrorCode());
errorDTO.setMessage(e.getMessage());
errorDTO.setDescription(e.getMessage());
errorDTO.setKey(answerVerificationRequest.getKey());
return Response.status(Response.Status.PRECONDITION_FAILED).entity(errorDTO).build();
}
RecoveryUtil.handleBadRequest(e.getMessage(), e.getErrorCode());
} catch (IdentityRecoveryException e) {
RecoveryUtil.handleInternalServerError(Constants.SERVER_ERROR, e.getErrorCode(), LOG, e);
} catch (Throwable throwable) {
RecoveryUtil.handleInternalServerError(Constants.SERVER_ERROR, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED.getCode(), LOG, throwable);
}
return Response.ok(RecoveryUtil.getInitiateQuestionResponseDTO(challengeQuestion)).build();
}
use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.
the class PostAuthnMissingChallengeQuestionsHandler method getUrlEncodedChallengeQuestionsString.
/**
* Returns a URL-encoded string of challenge questions for the given user
*
* @param user Authenticated User.
* @return UTF-8 encoded URL with challenge questions.
*/
private String getUrlEncodedChallengeQuestionsString(AuthenticatedUser user) throws UnsupportedEncodingException {
StringBuilder challengeQuestionData = new StringBuilder();
List<ChallengeQuestion> challengeQuestionList = getChallengeQuestions(user);
if (CollectionUtils.isEmpty(challengeQuestionList)) {
if (log.isDebugEnabled()) {
log.debug("Challenge questions not found for the user: " + user.getUserName() + " in tenant domain: " + user.getTenantDomain());
}
return null;
} else {
for (ChallengeQuestion question : challengeQuestionList) {
String setId = question.getQuestionSetId();
String questionId = question.getQuestionId();
String questionString = question.getQuestion();
String questionLocale = question.getLocale();
challengeQuestionData.append(setId).append("|").append(questionId).append("|").append(questionString).append("|").append(questionLocale).append("&");
}
}
return java.net.URLEncoder.encode(challengeQuestionData.toString(), StandardCharsets.UTF_8.name());
}
use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.
the class PostAuthnMissingChallengeQuestionsHandler method retrieveChallengeQuestionAnswers.
/**
* Returns an array of UserChallengeAnswer from constructed from the servlet request parameters
*
* @param servletRequest HTTP Servlet Request.
* @return challengeQuestionList.
*/
private UserChallengeAnswer[] retrieveChallengeQuestionAnswers(HttpServletRequest servletRequest, List<ChallengeQuestion> challengeQuestionsList) {
Map<String, String> questionsMap = new HashMap<>();
Map<String, String> answersMap = new HashMap<>();
List<UserChallengeAnswer> questionsAndAnswers = new ArrayList<>();
Enumeration<String> paramNames = servletRequest.getParameterNames();
List<String> paramNamesList = Collections.list(paramNames);
for (String requestParam : paramNamesList) {
if (requestParam.contains(SELECTED_CHALLENGE_QUESTION_PREFIX)) {
String question = servletRequest.getParameter(requestParam);
String questionSetID = requestParam.replace(SELECTED_CHALLENGE_QUESTION_PREFIX, "");
questionsMap.put(questionSetID, question);
} else if (requestParam.contains(CHALLENGE_QUESTION_ANSWER_PREFIX)) {
String answer = servletRequest.getParameter(requestParam);
String answerSetID = requestParam.replace(CHALLENGE_QUESTION_ANSWER_PREFIX, "");
answersMap.put(answerSetID, answer);
}
}
for (String questionKey : questionsMap.keySet()) {
String challengeQuestion = questionsMap.get(questionKey);
for (ChallengeQuestion question : challengeQuestionsList) {
if (StringUtils.equals(question.getQuestionSetId(), questionKey) && StringUtils.equals(question.getQuestion(), challengeQuestion)) {
UserChallengeAnswer questionAndAnswer = new UserChallengeAnswer();
questionAndAnswer.setQuestion(question);
if (StringUtils.isEmpty(answersMap.get(questionKey))) {
if (log.isDebugEnabled()) {
log.debug("Answer not found for challenge question " + question + ", hence not adding " + "challenge question");
}
} else {
questionAndAnswer.setAnswer(answersMap.get(questionKey));
questionsAndAnswers.add(questionAndAnswer);
}
}
}
}
return questionsAndAnswers.toArray(new UserChallengeAnswer[questionsAndAnswers.size()]);
}
use of org.wso2.carbon.identity.recovery.model.ChallengeQuestion in project identity-governance by wso2-extensions.
the class ChallengeAnswerValidationHandler method validateChallengeAnswerUniqueness.
/**
* Validate the uniqueness of a given answer.
*
* @param newChallengeAnswers Newly added challenge question answers.
* @param existingChallengeAnswers Existing challenge question answers.
* @throws IdentityRecoveryServerException Error while hashing the newly added answers.
* @throws IdentityRecoveryClientException Error while validating the answer uniqueness.
*/
private void validateChallengeAnswerUniqueness(List<UserChallengeAnswer> newChallengeAnswers, List<UserChallengeAnswer> existingChallengeAnswers) throws IdentityRecoveryServerException, IdentityRecoveryClientException {
Set<String> uniqueChallengeAnswerHashSet = new HashSet<>();
for (UserChallengeAnswer existingChallengeAnswer : existingChallengeAnswers) {
uniqueChallengeAnswerHashSet.add(existingChallengeAnswer.getAnswer().trim());
}
String hashedNewChallengeAnswer;
for (UserChallengeAnswer userChallengeAnswer : newChallengeAnswers) {
String challengeQuestion = userChallengeAnswer.getQuestion().getQuestion();
try {
hashedNewChallengeAnswer = Utils.doHash(userChallengeAnswer.getAnswer().trim().toLowerCase());
} catch (UserStoreException e) {
throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO, null);
}
if (!uniqueChallengeAnswerHashSet.add(hashedNewChallengeAnswer)) {
if (log.isDebugEnabled()) {
log.debug(String.format("The challenge question answer is not unique. The given answer for " + "the challenge question '%s' has been used more than once.", challengeQuestion));
}
throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NOT_UNIQUE_ANSWER, challengeQuestion);
}
}
}
Aggregations