use of org.wso2.carbon.identity.recovery.model.UserRecoveryData in project identity-governance by wso2-extensions.
the class PasswordRecoveryReCaptchaConnector method preValidate.
@Override
public CaptchaPreValidationResponse preValidate(ServletRequest servletRequest, ServletResponse servletResponse) throws CaptchaException {
CaptchaPreValidationResponse preValidationResponse = new CaptchaPreValidationResponse();
boolean forgotPasswordRecaptchaEnabled = checkReCaptchaEnabledForForgotPassoword(servletRequest, FORGOT_PASSWORD_RECAPTCHA_ENABLE);
String pathUrl = ((HttpServletRequest) servletRequest).getRequestURI();
if (forgotPasswordRecaptchaEnabled && (CaptchaUtil.isPathAvailable(pathUrl, ACCOUNT_SECURITY_QUESTION_URL) || CaptchaUtil.isPathAvailable(pathUrl, ACCOUNT_SECURITY_QUESTIONS_URL) || CaptchaUtil.isPathAvailable(pathUrl, RECOVER_PASSWORD_URL))) {
preValidationResponse.setCaptchaValidationRequired(true);
}
// Handle recover with Email option.
if (pathUrl.equals(RECOVER_PASSWORD_URL)) {
return preValidationResponse;
}
// Handle recover with security questions option.
HttpServletRequest httpServletRequestWrapper;
try {
httpServletRequestWrapper = new CaptchaHttpServletRequestWrapper((HttpServletRequest) servletRequest);
preValidationResponse.setWrappedHttpServletRequest(httpServletRequestWrapper);
} catch (IOException e) {
log.error("Error occurred while wrapping ServletRequest.", e);
return preValidationResponse;
}
String path = httpServletRequestWrapper.getRequestURI();
User user = new User();
boolean initializationFlow = false;
if (CaptchaUtil.isPathAvailable(path, ACCOUNT_SECURITY_QUESTION_URL) || CaptchaUtil.isPathAvailable(path, ACCOUNT_SECURITY_QUESTIONS_URL)) {
user.setUserName(servletRequest.getParameter("username"));
if (StringUtils.isNotBlank(servletRequest.getParameter("realm"))) {
user.setUserStoreDomain(servletRequest.getParameter("realm"));
} else {
user.setUserStoreDomain(IdentityUtil.getPrimaryDomainName());
}
user.setTenantDomain(servletRequest.getParameter("tenant-domain"));
initializationFlow = true;
} else {
JsonObject requestObject;
try {
try (InputStream in = httpServletRequestWrapper.getInputStream()) {
requestObject = new JsonParser().parse(IOUtils.toString(in)).getAsJsonObject();
}
} catch (IOException e) {
return preValidationResponse;
}
UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
try {
UserRecoveryData userRecoveryData = userRecoveryDataStore.load(requestObject.get("key").getAsString());
if (userRecoveryData != null) {
user = userRecoveryData.getUser();
}
} catch (IdentityRecoveryException e) {
return preValidationResponse;
}
}
if (StringUtils.isBlank(user.getUserName())) {
// Invalid Request
return preValidationResponse;
}
if (StringUtils.isBlank(user.getTenantDomain())) {
user.setTenantDomain(MultitenantConstants.SUPER_TENANT_DOMAIN_NAME);
}
Property[] connectorConfigs;
try {
connectorConfigs = identityGovernanceService.getConfiguration(new String[] { RECOVERY_QUESTION_PASSWORD_RECAPTCHA_ENABLE, RECOVERY_QUESTION_PASSWORD_RECAPTCHA_MAX_FAILED_ATTEMPTS }, user.getTenantDomain());
} catch (IdentityGovernanceException e) {
throw new CaptchaServerException("Unable to retrieve connector configs.", e);
}
String connectorEnabled = null;
String maxAttemptsStr = null;
for (Property connectorConfig : connectorConfigs) {
if ((RECOVERY_QUESTION_PASSWORD_RECAPTCHA_ENABLE).equals(connectorConfig.getName())) {
connectorEnabled = connectorConfig.getValue();
} else if ((RECOVERY_QUESTION_PASSWORD_RECAPTCHA_MAX_FAILED_ATTEMPTS).equals(connectorConfig.getName())) {
maxAttemptsStr = connectorConfig.getValue();
}
}
if (!Boolean.parseBoolean(connectorEnabled)) {
return preValidationResponse;
}
if (StringUtils.isBlank(maxAttemptsStr) || !NumberUtils.isNumber(maxAttemptsStr)) {
log.warn("Invalid configuration found in the PasswordRecoveryReCaptchaConnector for the tenant - " + user.getTenantDomain());
return preValidationResponse;
}
int maxFailedAttempts = Integer.parseInt(maxAttemptsStr);
int tenantId;
try {
tenantId = IdentityTenantUtil.getTenantId(user.getTenantDomain());
} catch (Exception e) {
// Invalid tenant
return preValidationResponse;
}
try {
if (CaptchaDataHolder.getInstance().getAccountLockService().isAccountLocked(user.getUserName(), user.getTenantDomain(), user.getUserStoreDomain())) {
return preValidationResponse;
}
} catch (AccountLockServiceException e) {
if (log.isDebugEnabled()) {
log.debug("Error while validating if account is locked for user: " + user.getUserName() + " of user " + "store domain: " + user.getUserStoreDomain() + " and tenant domain: " + user.getTenantDomain());
}
return preValidationResponse;
}
Map<String, String> claimValues = CaptchaUtil.getClaimValues(user, tenantId, new String[] { FAIL_ATTEMPTS_CLAIM });
if (claimValues == null || claimValues.isEmpty()) {
// Invalid user
return preValidationResponse;
}
int currentFailedAttempts = 0;
if (NumberUtils.isNumber(claimValues.get(FAIL_ATTEMPTS_CLAIM))) {
currentFailedAttempts = Integer.parseInt(claimValues.get(FAIL_ATTEMPTS_CLAIM));
}
HttpServletResponse httpServletResponse = ((HttpServletResponse) servletResponse);
if (currentFailedAttempts > maxFailedAttempts) {
if (initializationFlow) {
httpServletResponse.setHeader("reCaptcha", "true");
httpServletResponse.setHeader("reCaptchaKey", CaptchaDataHolder.getInstance().getReCaptchaSiteKey());
httpServletResponse.setHeader("reCaptchaAPI", CaptchaDataHolder.getInstance().getReCaptchaAPIUrl());
} else {
preValidationResponse.setCaptchaValidationRequired(true);
preValidationResponse.setMaxFailedLimitReached(true);
addPostValidationData(servletRequest);
}
} else if (currentFailedAttempts == maxFailedAttempts && !initializationFlow) {
addPostValidationData(servletRequest);
}
return preValidationResponse;
}
use of org.wso2.carbon.identity.recovery.model.UserRecoveryData in project identity-governance by wso2-extensions.
the class IntrospectCodeApiServiceImpl method introspectCodePost.
@Override
public Response introspectCodePost(CodeValidationRequestDTO codeValidationRequestDTO) {
UserSelfRegistrationManager userSelfRegistrationManager = Utils.getUserSelfRegistrationManager();
CodeValidateInfoResponseDTO codeDetails = null;
UserRecoveryData recoveryData = null;
try {
// Get the map of properties in the request.
HashMap<String, String> propertyMap = Utils.getPropertiesMap(codeValidationRequestDTO.getProperties());
// Get externally verified channel information.
VerifiedChannelDTO verifiedChannelDTO = codeValidationRequestDTO.getVerifiedChannel();
String verifiedChannelType = null;
String verifiedChannelClaim = null;
// Handling verified channel details not in the request.
if (verifiedChannelDTO != null) {
verifiedChannelClaim = verifiedChannelDTO.getClaim();
verifiedChannelType = verifiedChannelDTO.getType();
}
// Confirm code.
recoveryData = userSelfRegistrationManager.introspectUserSelfRegistration(true, codeValidationRequestDTO.getCode(), verifiedChannelType, verifiedChannelClaim, propertyMap);
if (recoveryData != null && recoveryData.getUser() != null && recoveryData.getUser().getUserName() != null) {
codeDetails = getCodeIntrospectResponse(recoveryData);
} else {
Utils.handleNotFound(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE.getMessage(), IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_INVALID_CODE.getCode());
}
} catch (IdentityRecoveryClientException e) {
if (LOG.isDebugEnabled()) {
LOG.debug("Client Error while confirming sent in code", e);
}
Utils.handleBadRequest(e.getMessage(), e.getErrorCode());
} catch (IdentityRecoveryException e) {
Utils.handleInternalServerError(Constants.SERVER_ERROR, e.getErrorCode(), LOG, e);
} catch (Throwable throwable) {
Utils.handleInternalServerError(Constants.SERVER_ERROR, IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_UNEXPECTED.getCode(), LOG, throwable);
}
return Response.accepted(codeDetails).build();
}
use of org.wso2.carbon.identity.recovery.model.UserRecoveryData in project identity-governance by wso2-extensions.
the class MeApiServiceImpl method doResendConfirmationCode.
private NotificationResponseBean doResendConfirmationCode(String recoveryScenario, NotificationResponseBean notificationResponseBean, ResendCodeRequestDTO resendCodeRequestDTO) {
UserRecoveryData userRecoveryData = null;
// Currently this me/resend-code API supports resend code during mobile verification scenario only.
if (RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString().equals(recoveryScenario)) {
userRecoveryData = Utils.getUserRecoveryData(resendCodeRequestDTO, recoveryScenario);
}
if (userRecoveryData == null) {
return notificationResponseBean;
}
ResendConfirmationManager resendConfirmationManager = Utils.getResendConfirmationManager();
if (RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString().equals(recoveryScenario) && RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.equals(userRecoveryData.getRecoveryScenario()) && RecoverySteps.VERIFY_MOBILE_NUMBER.equals(userRecoveryData.getRecoveryStep())) {
notificationResponseBean = setNotificationResponseBean(resendConfirmationManager, RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString(), RecoverySteps.VERIFY_MOBILE_NUMBER.toString(), IdentityRecoveryConstants.NOTIFICATION_TYPE_VERIFY_MOBILE_ON_UPDATE, resendCodeRequestDTO);
}
return notificationResponseBean;
}
use of org.wso2.carbon.identity.recovery.model.UserRecoveryData in project identity-governance by wso2-extensions.
the class Utils method getCodeIntrospectResponse.
public static CodeValidateInfoResponseDTO getCodeIntrospectResponse(UserRecoveryData userRecoveryData) {
CodeValidateInfoResponseDTO codeValidateInfoResponseDTO = new CodeValidateInfoResponseDTO();
codeValidateInfoResponseDTO.setUser(getRecoveryUser(userRecoveryData.getUser()));
codeValidateInfoResponseDTO.setRecoveryStep(userRecoveryData.getRecoveryStep().name());
codeValidateInfoResponseDTO.setRecoveryScenario(userRecoveryData.getRecoveryScenario().name());
codeValidateInfoResponseDTO.setIsExpired(userRecoveryData.isCodeExpired());
return codeValidateInfoResponseDTO;
}
use of org.wso2.carbon.identity.recovery.model.UserRecoveryData in project identity-governance by wso2-extensions.
the class MeApiServiceImplTest method testMeResendCodePost.
@Test
public void testMeResendCodePost() throws IdentityRecoveryException {
try {
String carbonHome = Paths.get(System.getProperty("user.dir"), "src", "test", "resources").toString();
System.setProperty(CarbonBaseConstants.CARBON_HOME, carbonHome);
PrivilegedCarbonContext.startTenantFlow();
PrivilegedCarbonContext.getThreadLocalCarbonContext().setUsername(USERNAME);
PrivilegedCarbonContext.getThreadLocalCarbonContext().setTenantId(-1234);
Mockito.when(resendConfirmationManager.resendConfirmationCode(isNull(), anyString(), anyString(), anyString(), isNull())).thenReturn(notificationResponseBean);
mockedUtils.when(() -> Utils.getUserRecoveryData(any(ResendCodeRequestDTO.class), anyString())).thenReturn(userRecoveryData);
mockedUtils.when(Utils::getResendConfirmationManager).thenReturn(resendConfirmationManager);
Mockito.when(userRecoveryData.getRecoveryScenario()).thenReturn(RecoveryScenarios.getRecoveryScenario("MOBILE_VERIFICATION_ON_UPDATE"));
Mockito.when(userRecoveryData.getRecoveryStep()).thenReturn(RecoverySteps.getRecoveryStep("VERIFY_MOBILE_NUMBER"));
assertEquals(meApiService.meResendCodePost(meResendCodeRequestDTO()).getStatus(), 201);
assertEquals(meApiService.meResendCodePost(meResendCodeRequestDTOWithInvalidScenarioProperty()).getStatus(), 400);
mockedUtils.when(() -> Utils.getUserRecoveryData(any(ResendCodeRequestDTO.class), anyString())).thenReturn(null);
assertEquals(meApiService.meResendCodePost(meResendCodeRequestDTO()).getStatus(), 400);
Mockito.when(userRecoveryData.getRecoveryScenario()).thenReturn(RecoveryScenarios.getRecoveryScenario("ASK_PASSWORD"));
assertEquals(meApiService.meResendCodePost(meResendCodeRequestDTO()).getStatus(), 400);
} finally {
PrivilegedCarbonContext.endTenantFlow();
}
}
Aggregations