Examples with UserChallengeAnswer org.wso2.carbon.identity.recovery.model.UserChallengeAnswer used on opensource projects

Example 1 with UserChallengeAnswer

use of org.wso2.carbon.identity.recovery.model.UserChallengeAnswer in project identity-governance by wso2-extensions.

the class ValidateAnswerApiServiceImplTest method testIdentityRecoveryExceptionforValidateAnswerPost.

@Test
public void testIdentityRecoveryExceptionforValidateAnswerPost() throws IdentityRecoveryException {
    mockedRecoveryUtil.when(RecoveryUtil::getSecurityQuestionBasedPwdRecoveryManager).thenReturn(securityQuestionPasswordRecoveryManager);
    Mockito.when(securityQuestionPasswordRecoveryManager.validateUserChallengeQuestions(any(UserChallengeAnswer[].class), anyString(), any(Property[].class))).thenThrow(new IdentityRecoveryException(""));
    assertEquals(validateAnswerApiService.validateAnswerPost(buildAnswerVerificationRequestDTO()).getStatus(), 200);
}

Example 2 with UserChallengeAnswer

use of org.wso2.carbon.identity.recovery.model.UserChallengeAnswer in project identity-governance by wso2-extensions.

the class PostAuthnMissingChallengeQuestionsHandler method retrieveChallengeQuestionAnswers.

/**
 * Returns an array of UserChallengeAnswer from constructed from the servlet request parameters
 *
 * @param servletRequest HTTP Servlet Request.
 * @return challengeQuestionList.
 */
private UserChallengeAnswer[] retrieveChallengeQuestionAnswers(HttpServletRequest servletRequest, List<ChallengeQuestion> challengeQuestionsList) {
    Map<String, String> questionsMap = new HashMap<>();
    Map<String, String> answersMap = new HashMap<>();
    List<UserChallengeAnswer> questionsAndAnswers = new ArrayList<>();
    Enumeration<String> paramNames = servletRequest.getParameterNames();
    List<String> paramNamesList = Collections.list(paramNames);
    for (String requestParam : paramNamesList) {
        if (requestParam.contains(SELECTED_CHALLENGE_QUESTION_PREFIX)) {
            String question = servletRequest.getParameter(requestParam);
            String questionSetID = requestParam.replace(SELECTED_CHALLENGE_QUESTION_PREFIX, "");
            questionsMap.put(questionSetID, question);
        } else if (requestParam.contains(CHALLENGE_QUESTION_ANSWER_PREFIX)) {
            String answer = servletRequest.getParameter(requestParam);
            String answerSetID = requestParam.replace(CHALLENGE_QUESTION_ANSWER_PREFIX, "");
            answersMap.put(answerSetID, answer);
        }
    }
    for (String questionKey : questionsMap.keySet()) {
        String challengeQuestion = questionsMap.get(questionKey);
        for (ChallengeQuestion question : challengeQuestionsList) {
            if (StringUtils.equals(question.getQuestionSetId(), questionKey) && StringUtils.equals(question.getQuestion(), challengeQuestion)) {
                UserChallengeAnswer questionAndAnswer = new UserChallengeAnswer();
                questionAndAnswer.setQuestion(question);
                if (StringUtils.isEmpty(answersMap.get(questionKey))) {
                    if (log.isDebugEnabled()) {
                        log.debug("Answer not found for challenge question " + question + ", hence not adding " + "challenge question");
                    }
                } else {
                    questionAndAnswer.setAnswer(answersMap.get(questionKey));
                    questionsAndAnswers.add(questionAndAnswer);
                }
            }
        }
    }
    return questionsAndAnswers.toArray(new UserChallengeAnswer[questionsAndAnswers.size()]);
}

Example 3 with UserChallengeAnswer

use of org.wso2.carbon.identity.recovery.model.UserChallengeAnswer in project identity-governance by wso2-extensions.

the class ChallengeAnswerValidationHandler method validateChallengeAnswerUniqueness.

/**
 * Validate the uniqueness of a given answer.
 *
 * @param newChallengeAnswers      Newly added challenge question answers.
 * @param existingChallengeAnswers Existing challenge question answers.
 * @throws IdentityRecoveryServerException Error while hashing the newly added answers.
 * @throws IdentityRecoveryClientException Error while validating the answer uniqueness.
 */
private void validateChallengeAnswerUniqueness(List<UserChallengeAnswer> newChallengeAnswers, List<UserChallengeAnswer> existingChallengeAnswers) throws IdentityRecoveryServerException, IdentityRecoveryClientException {
    Set<String> uniqueChallengeAnswerHashSet = new HashSet<>();
    for (UserChallengeAnswer existingChallengeAnswer : existingChallengeAnswers) {
        uniqueChallengeAnswerHashSet.add(existingChallengeAnswer.getAnswer().trim());
    }
    String hashedNewChallengeAnswer;
    for (UserChallengeAnswer userChallengeAnswer : newChallengeAnswers) {
        String challengeQuestion = userChallengeAnswer.getQuestion().getQuestion();
        try {
            hashedNewChallengeAnswer = Utils.doHash(userChallengeAnswer.getAnswer().trim().toLowerCase());
        } catch (UserStoreException e) {
            throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_HASHING_ALGO, null);
        }
        if (!uniqueChallengeAnswerHashSet.add(hashedNewChallengeAnswer)) {
            if (log.isDebugEnabled()) {
                log.debug(String.format("The challenge question answer is not unique. The given answer for " + "the challenge question '%s' has been used more than once.", challengeQuestion));
            }
            throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NOT_UNIQUE_ANSWER, challengeQuestion);
        }
    }
}

Example 4 with UserChallengeAnswer

use of org.wso2.carbon.identity.recovery.model.UserChallengeAnswer in project identity-governance by wso2-extensions.

the class ChallengeAnswerValidationHandler method filterChallengeAnswers.

/**
 * Filter previously stored and newly added answers of the challenge questions.
 *
 * @param userChallengeAnswers       List of UserChallengeAnswer objects.
 * @param existingQuestionAndAnswers Map of existing challenge question and answers.
 * @return Map of existing and new challenge answers.
 */
private Map<String, List<UserChallengeAnswer>> filterChallengeAnswers(UserChallengeAnswer[] userChallengeAnswers, Map<String, String> existingQuestionAndAnswers) {
    Map<String, List<UserChallengeAnswer>> challengeAnswers = new HashMap<>();
    List<UserChallengeAnswer> existingChallengeAnswers = new ArrayList<>();
    List<UserChallengeAnswer> newChallengeAnswers = new ArrayList<>();
    String separator = IdentityUtil.getProperty(IdentityRecoveryConstants.ConnectorConfig.QUESTION_CHALLENGE_SEPARATOR);
    for (UserChallengeAnswer userChallengeAnswer : userChallengeAnswers) {
        ChallengeQuestion challengeQuestion = userChallengeAnswer.getQuestion();
        if (StringUtils.isNotBlank(challengeQuestion.getQuestionSetId()) && StringUtils.isNotBlank(challengeQuestion.getQuestion()) && StringUtils.isNotBlank(userChallengeAnswer.getAnswer())) {
            String oldValue = existingQuestionAndAnswers.get(challengeQuestion.getQuestionSetId().trim());
            if (StringUtils.isNotBlank(oldValue) && oldValue.contains(separator)) {
                String oldAnswer = oldValue.split(separator)[1];
                if (oldAnswer.trim().equals(userChallengeAnswer.getAnswer().trim())) {
                    existingChallengeAnswers.add(userChallengeAnswer);
                } else {
                    newChallengeAnswers.add(userChallengeAnswer);
                }
            } else {
                newChallengeAnswers.add(userChallengeAnswer);
            }
        }
    }
    challengeAnswers.put(IdentityRecoveryConstants.USER_OLD_CHALLENGE_ANSWERS, existingChallengeAnswers);
    challengeAnswers.put(IdentityRecoveryConstants.USER_NEW_CHALLENGE_ANSWERS, newChallengeAnswers);
    return challengeAnswers;
}

Example 5 with UserChallengeAnswer

use of org.wso2.carbon.identity.recovery.model.UserChallengeAnswer in project identity-governance by wso2-extensions.

the class ChallengeAnswerValidationHandler method handleEvent.

@Override
public void handleEvent(Event event) throws IdentityEventException {
    String eventName = event.getEventName();
    Map<String, Object> eventProperties = event.getEventProperties();
    UserStoreManager userStoreManager = (UserStoreManager) eventProperties.get(IdentityEventConstants.EventProperty.USER_STORE_MANAGER);
    User user = (User) eventProperties.get(IdentityEventConstants.EventProperty.USER);
    UserChallengeAnswer[] userChallengeAnswers = (UserChallengeAnswer[]) eventProperties.get(IdentityEventConstants.EventProperty.USER_CHALLENGE_ANSWERS);
    Map<String, String> existingQuestionAndAnswers = (Map<String, String>) eventProperties.get(IdentityEventConstants.EventProperty.USER_OLD_CHALLENGE_ANSWERS);
    user.setUserStoreDomain(userStoreManager.getRealmConfiguration().getUserStoreProperty(UserCoreConstants.RealmConfig.PROPERTY_DOMAIN_NAME));
    if (IdentityEventConstants.Event.PRE_SET_CHALLENGE_QUESTION_ANSWERS.equals(eventName)) {
        try {
            validateChallengeAnswers(user, userChallengeAnswers, existingQuestionAndAnswers);
        } catch (IdentityRecoveryClientException e) {
            throw new IdentityEventClientException(e.getErrorCode(), e.getMessage(), e);
        } catch (IdentityRecoveryServerException e) {
            throw new IdentityEventServerException(e.getErrorCode(), e.getMessage(), e);
        }
    }
}