Examples with UserRecoveryDataStore org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore used on opensource projects

Example 6 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UserEmailVerificationHandler method invalidatePendingEmailVerification.

/**
 * Invalidate pending email verification.
 *
 * @param user              User.
 * @param userStoreManager  User store manager.
 * @param claims            User claims.
 * @throws IdentityEventException
 */
private void invalidatePendingEmailVerification(User user, UserStoreManager userStoreManager, Map<String, String> claims) throws IdentityEventException {
    if (StringUtils.isNotBlank(getPendingVerificationEmailValue(userStoreManager, user))) {
        claims.put(IdentityRecoveryConstants.EMAIL_ADDRESS_PENDING_VALUE_CLAIM, StringUtils.EMPTY);
        try {
            UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
            userRecoveryDataStore.invalidate(user, RecoveryScenarios.EMAIL_VERIFICATION_ON_UPDATE, RecoverySteps.VERIFY_EMAIL);
        } catch (IdentityRecoveryException e) {
            throw new IdentityEventException("Error while invalidating previous email verification data " + "from recovery store for user: " + user.toFullQualifiedUsername(), e);
        }
    }
}

Example 7 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UserEmailVerificationHandler method getRecoveryData.

protected UserRecoveryData getRecoveryData(User user) throws IdentityEventException {
    UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
    UserRecoveryData recoveryData;
    try {
        recoveryData = userRecoveryDataStore.loadWithoutCodeExpiryValidation(user);
    } catch (IdentityRecoveryException e) {
        throw new IdentityEventException("Error while loading recovery data for user ", e);
    }
    return recoveryData;
}

Example 8 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class ResendConfirmationManager method resendAccountRecoveryNotification.

/**
 * Resend account recovery information to the user.
 *
 * @param user             User object
 * @param code             Previous confirmation code
 * @param recoveryScenario Recovery scenario
 * @param recoveryStep     Recovery step
 * @param notificationType Notification type
 * @param properties       Event properties
 * @return NotificationResponseBean
 * @throws IdentityRecoveryException If an error occurred while sending notifications.
 */
private NotificationResponseBean resendAccountRecoveryNotification(User user, String code, String recoveryScenario, String recoveryStep, String notificationType, Property[] properties) throws IdentityRecoveryException {
    validateRequestParameters(user, recoveryScenario, recoveryStep, notificationType);
    // Resolve the tenant domain and the userstore domain name of the user.
    resolveUserAttributes(user);
    boolean notificationInternallyManage = isNotificationInternallyManage(user);
    NotificationResponseBean notificationResponseBean = new NotificationResponseBean(user);
    UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
    UserRecoveryData userRecoveryData = userRecoveryDataStore.loadWithoutCodeExpiryValidation(user, RecoveryScenarios.getRecoveryScenario(recoveryScenario));
    // Validate the previous confirmation code with the data retrieved by the user recovery information.
    validateWithOldConfirmationCode(code, recoveryScenario, recoveryStep, userRecoveryData);
    // Get the notification channel details stored in the remainingSetIds.
    String storedNotificationChannel = userRecoveryData.getRemainingSetIds();
    String preferredChannel = StringUtils.EMPTY;
    /* Having a not supported storedNotificationChannel implies that the particular recovery scenario does not store
        the notification channel in remainingSetIds column. In that case the notification channel should be EMAIL.*/
    if (isServerSupportedNotificationChannel(storedNotificationChannel)) {
        preferredChannel = storedNotificationChannel;
        if (!notificationInternallyManage) {
            preferredChannel = NotificationChannels.EXTERNAL_CHANNEL.getChannelType();
        }
    }
    if (RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString().equals(recoveryScenario)) {
        preferredChannel = NotificationChannels.SMS_CHANNEL.getChannelType();
    }
    String secretKey;
    if (Utils.reIssueExistingConfirmationCode(userRecoveryData, preferredChannel)) {
        secretKey = userRecoveryData.getSecret();
    } else {
        // Invalid previous confirmation code.
        userRecoveryDataStore.invalidate(userRecoveryData.getSecret());
        secretKey = Utils.generateSecretKey(preferredChannel, user.getTenantDomain(), recoveryScenario);
        UserRecoveryData recoveryDataDO = new UserRecoveryData(user, secretKey, RecoveryScenarios.getRecoveryScenario(recoveryScenario), RecoverySteps.getRecoveryStep(recoveryStep));
        /* Notified channel is stored in remaining setIds for recovery purposes. Having a EMPTY preferred channel
            states that the notification channel should not be stored. */
        if (StringUtils.isNotBlank(preferredChannel)) {
            recoveryDataDO.setRemainingSetIds(preferredChannel);
            notificationResponseBean.setNotificationChannel(preferredChannel);
        }
        if (RecoveryScenarios.EMAIL_VERIFICATION_ON_UPDATE.toString().equals(recoveryScenario) && RecoverySteps.VERIFY_EMAIL.toString().equals(recoveryStep)) {
            String verificationPendingEmailClaimValue = userRecoveryData.getRemainingSetIds();
            properties = new Property[] { new Property(IdentityRecoveryConstants.SEND_TO, verificationPendingEmailClaimValue) };
            recoveryDataDO.setRemainingSetIds(verificationPendingEmailClaimValue);
        } else if (RecoveryScenarios.MOBILE_VERIFICATION_ON_UPDATE.toString().equals(recoveryScenario) && RecoverySteps.VERIFY_MOBILE_NUMBER.toString().equals(recoveryStep)) {
            String verificationPendingMobileNumber = userRecoveryData.getRemainingSetIds();
            properties = new Property[] { new Property(IdentityRecoveryConstants.SEND_TO, verificationPendingMobileNumber) };
            recoveryDataDO.setRemainingSetIds(verificationPendingMobileNumber);
        }
        userRecoveryDataStore.store(recoveryDataDO);
    }
    if (notificationInternallyManage) {
        String eventName = resolveEventName(preferredChannel, user.getUserName(), user.getUserStoreDomain(), user.getTenantDomain());
        triggerNotification(user, preferredChannel, notificationType, secretKey, eventName, properties);
    } else {
        notificationResponseBean.setKey(secretKey);
    }
    return notificationResponseBean;
}

Example 9 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UserAccountRecoveryManager method addRecoveryDataObject.

/**
 * Add the notification channel recovery data to the store.
 *
 * @param username     Username
 * @param tenantDomain Tenant domain
 * @param secretKey    RecoveryId
 * @param scenario     RecoveryScenario
 * @param recoveryData Data to be stored as mata which are needed to evaluate the recovery data object
 * @throws IdentityRecoveryServerException If an error occurred while storing recovery data.
 */
private void addRecoveryDataObject(String username, String tenantDomain, String secretKey, RecoveryScenarios scenario, String recoveryData) throws IdentityRecoveryServerException {
    // Create a user object.
    User user = Utils.buildUser(username, tenantDomain);
    UserRecoveryData recoveryDataDO = new UserRecoveryData(user, secretKey, scenario, RecoverySteps.SEND_RECOVERY_INFORMATION);
    // Store available channels in remaining setIDs.
    recoveryDataDO.setRemainingSetIds(recoveryData);
    try {
        UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        userRecoveryDataStore.invalidate(user);
        userRecoveryDataStore.store(recoveryDataDO);
    } catch (IdentityRecoveryException e) {
        throw Utils.handleServerException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_ERROR_STORING_RECOVERY_DATA, "Error Storing Recovery Data", e);
    }
}

Example 10 with UserRecoveryDataStore

use of org.wso2.carbon.identity.recovery.store.UserRecoveryDataStore in project identity-governance by wso2-extensions.

the class UserAccountRecoveryManager method retrieveUserRecoveryInformation.

/**
 * Initiate the recovery flow for the user with matching claims.
 *
 * @param claims           User claims
 * @param tenantDomain     Tenant domain
 * @param recoveryScenario Recovery scenario
 * @param properties       Meta properties
 * @return RecoveryChannelInfoDTO object.
 */
public RecoveryChannelInfoDTO retrieveUserRecoveryInformation(Map<String, String> claims, String tenantDomain, RecoveryScenarios recoveryScenario, Map<String, String> properties) throws IdentityRecoveryException {
    // Retrieve the user who matches the given set of claims.
    String username = getUsernameByClaims(claims, tenantDomain);
    if (StringUtils.isNotEmpty(username)) {
        User user = Utils.buildUser(username, tenantDomain);
        // If the account is locked or disabled, do not let the user to recover the account.
        checkAccountLockedStatus(user);
        List<NotificationChannel> notificationChannels;
        // Get the notification management mechanism.
        boolean isNotificationsInternallyManaged = Utils.isNotificationsInternallyManaged(tenantDomain, properties);
        /* If the notification is internally managed, then notification channels available for the user needs to
            be retrieved. If external notifications are enabled, external channel list should be returned.*/
        if (isNotificationsInternallyManaged) {
            notificationChannels = getInternalNotificationChannelList(username, tenantDomain, recoveryScenario);
        } else {
            notificationChannels = getExternalNotificationChannelList();
        }
        // Validate whether the user account is eligible for account recovery.
        checkUserValidityForAccountRecovery(user, recoveryScenario, notificationChannels, properties);
        // This flow will be initiated only if the user has any verified channels.
        NotificationChannelDTO[] notificationChannelDTOS = getNotificationChannelsResponseDTOList(tenantDomain, notificationChannels);
        UserRecoveryDataStore userRecoveryDataStore = JDBCRecoveryDataStore.getInstance();
        // Get the existing RESEND_CONFIRMATION_CODE details if there is any.
        UserRecoveryData recoveryDataDO = userRecoveryDataStore.loadWithoutCodeExpiryValidation(user, recoveryScenario, RecoverySteps.RESEND_CONFIRMATION_CODE);
        String recoveryCode = UUIDGenerator.generateUUID();
        String notificationChannelList = getNotificationChannelListForRecovery(notificationChannels);
        /* Check whether the existing confirmation code can be used based on the email confirmation code tolerance
               with the extracted RESEND_CONFIRMATION_CODE details. */
        if (Utils.reIssueExistingConfirmationCode(recoveryDataDO, NotificationChannels.EMAIL_CHANNEL.getChannelType())) {
            /* Update the existing RESEND_CONFIRMATION_CODE details with new code details without changing the
                   time created of the RESEND_CONFIRMATION_CODE. */
            userRecoveryDataStore.invalidateWithoutChangeTimeCreated(recoveryDataDO.getSecret(), recoveryCode, RecoverySteps.SEND_RECOVERY_INFORMATION, notificationChannelList);
        } else {
            addRecoveryDataObject(username, tenantDomain, recoveryCode, recoveryScenario, notificationChannelList);
        }
        return buildUserRecoveryInformationResponseDTO(username, recoveryCode, notificationChannelDTOS);
    } else {
        if (log.isDebugEnabled()) {
            log.debug("No valid user found for the given claims");
        }
        throw Utils.handleClientException(IdentityRecoveryConstants.ErrorMessages.ERROR_CODE_NO_USER_FOUND, null);
    }
}